Jive Antivirus Extension Administrator's Guide for 6.0 and 7.0

Version 6

    The Jive Antivirus Extension is a plugin that allows a Jive instance to integrate with a virus scan server so that binary content uploaded to the Jive instance can be checked for violations and prevent users from downloading the content if a violation is found.  The intended audience for this document is System Administrators and Community Managers.  A separate User's Guide is also available.  For versions earlier than 6.0, see Jive Antivirus Extension User's Guide for 5.0 and earlier.

     

     

    Installation

    Artifacts

    The Jive Antivirus Extension  is delivered in a .jar file that is installed on an existing Jive instance.  The name of the file will depend on the version of the plugin (e.g. antivirus-6.0.1-0.jar).  The version number of will generally correspond to the version of Jive for which it was intended, with the -X suffix indicating the release number (0-based) for that version.  For example, 6.0.1.0-0 indicates the first release of the extension for Jive 6.0.1.0.  To be sure you have the most recent release of the extension for your version of Jive, consult the Jive Antivirus Extension Compatibility Matrix, which will contain the recommended releases for each Jive version.

     

    Virus Scan Server

    The Antivirus Extension requires a virus scan server to perform the actual virus scanning.  The Antivirus Extension supports ClamAV, which is freely available, and McAfee products with ICAP support such as McAfee Web Gateway.  For hosted customers, Jive Hosting provides a ClamAV server.  On-premise customers must provide their own virus scan server.  Installation and configuration of the virus scan server is outside of the scope of this document.  Please refer to the ClamAV documentation or McAfee Product Support.

    McAfee Configuration

    A security policy may need to be created to add the X-Infection-Found header to the ICAP response.

     

    Licensing

    Screen+Shot+2012-06-11+at+7.59.21+PM.png

    While the Antivirus Extension is available for anyone to download, you must have a valid license to run it on your instance.  You can check your license in your Jive instance's Admin Console, under the System > Management > License Information section.

     

    If you see the Antivirus Module entry listed in the License Components and Allotments section, you are all set to install the Antivirus Extension.  The extension itself may still be installed if it has not been licensed on your instance, but no Antivirus functionality will be enabled.  If the module is not listed, but you have purchased the Antivirus Extension, file a case requesting Jive Account Support to update your license.  If you have not purchased the Antivirus Extension yet, please contact Jive Sales.

     

    For Hosted Customers

    To install the Antivirus Extension, hosted customers can file a case and request that the extension be installed.  Jive Account Support will install the extension for you.  Installation only takes a few minutes, but will require a server restart.  Jive Account Support will configure the extension for the appropriate Virus Scan server based on the data center in which your instance resides.  Additional configuration options are available and are described later in this document.

     

    For On-Prem CustomersScreen Shot 2013-02-08 at 12.11.38 PM.png

    Customers hosting their own Jive instance can install the Antivirus Extension, like any other Jive Plugin, via the Admin Console.  Once the file is uploaded, and the plugin is installed, the server will need to be restarted.

     

    After restarting, the Antivirus Extension will show up in the Admin Console's Plugins tab.  The Antivirus Extension is not enabled by default and needs some additional configuration before it can be enabled.

     

    Post Installation Configuration

    On-prem installations are responsible for the required configuration and enabling virus scanning.  Post installation, a System Property specifying the virus scanner URI must be set.  An explanation for each of the settings is provided later in this document.

     

    Uninstalling the Antivirus Extension, which also requires a restart, will remove the extension from the system, but not its data.  However once the Extension is removed, files that have previously been blocked will be linked for download; an attempt to download a blocked file will result in an error since the blocked file has been removed.

     

    Configuration

    The Antivirus Extension can be configured by users who are members of the Antivirus Management security group.  Users in this security group will have an "Antivirus" menu item under the "Manage" sub-heading of the user menu drop down in the Jive header. Configuration changes take effect immediately and do not require a server restart.  In addition to the configuration screen, the following system properties are available:

     

    Property KeyDescriptionDefault Value
    antivirus.scan.timeoutThe number of milliseconds the Antivirus Extension will wait for a scan to complete300000
    antivirus.managementGroup.nameThe name of the security group used to grant access to Antivirus ManagementAntivirus Management
    antivirus.maxScanChecksMaximum number of times scan record will be checked for completion when creating a scan request.5
    antivirus.scanCheckDelayNumber of milliseconds of delay between checking a scan record for completion when creating a scan request.3000

     

    Testing

    Virus scanning can be tested using the test files provided at Download ° EICAR - European Expert Group for IT-Security.

     

    Monitoring and Management

    Violation Notifications

    When a violation is detected, a notification will appear in the Actions stream of all users who are members of the Antivirus Management security group.  If the Extension is configured to notify the author, the creator of the content will receive the same notification.  E-mails will only be sent to users if e-mail is enabled for Actions in their Jive E-mail Preferences.

    Screen Shot 2013-02-08 at 12.36.04 PM.png

     

    Scan Records

    Scan Records are stored in the database and can be queried if information is needed for a specific file.

    jiveavscanrecord

    ColumnDescription
    antivirusidPrimary Key for the table, not visible in the UI.
    objectidThe ID of the Jive object scanned.
    objecttype

    The objectType of the Jive object scanned.  Currently only two types are supported:

    • 13 - Attachment
    • 110 - Document Body (uploaded documents)
    statusidThe status of the scan:
    • 0 - Not yet scanned
    • 1 - Blocked
    • 2 - Unmodified (safe for download)
    • 3 - Modified (safe for download)
    • 4 - Error
    • 5 - Rescan
    • 6 - Disabled
    violationsViolation(s) reported from the scan server.
    scancountNumber of times this object has been scanned.
    scanrequestdateThe date of the initial scan request, in milliseconds
    lastscandateThe date of the last scan, in milliseconds
    lastsuccessdateThe date of the last successful scan, in milliseconds

     

    Useful Queries

    Retrieve all Scan Records

    select *
    from jiveavscanrecord;
    
    
    
    
    
    

     

    Retrieve Scan Information for an Attachment to a Message

    select *
    from jiveavscanrecord, jiveattachment, jivemessage
    where jiveavscanrecord.objectid = jiveattachment.attachmentid and
          jiveattachment.objectid = jivemessage.messageid and
          jiveavscanrecord.objecttype = 13 and
          jiveattachment.objecttype = 2 and
          jivemessage.messageid = [messageid];                   
    
    
    
    
    
    

     

    Retrieve Scan Information for an Uploaded Document

    select *
    from jiveavscanrecord, jivedocbodyversion, jivedocversion, jivedocument
    where jiveavscanrecord.objectid = jivedocbodyversion.bodyid and
          jivedocbodyversion.internaldocid = jivedocversion.internaldocid and
          jivedocbodyversion.versionid = jivedocversion.versionid and
          jivedocversion.internaldocid = jivedocument.internaldocid and
          jiveavscanrecord.objecttype = 110 and
          jivedocument.documentid = '[docid]';