Edit configuration property settings to force the applications that handle uploaded files to scan all files for viruses.
Before you begin
IBM® Lotus® Connections does not provide virus scanning software, but it does enable you to use existing virus scanning services implemented within your corporate infrastructure. Before you begin this procedure, find out the location of the virus scanning service.
Lotus Connections supports the Internet Content Adaptation Protocol (ICAP) and its applications use this protocol to communicate with virus detection products. Ensure that the virus detection product used in your enterprise supports the ICAP 1.0 protocol. Lotus Connections is certified to work with Symantec AntiVirus Scan Engine 5.1 and McAfee web Security Appliance (3400) and (3300).
Disable any file cleaning services that are provided by the virus scanning product you are using. Cleaning must be disabled for the virus scanner to interact properly with Lotus Connections. See the documentation for the virus scanner to determine how to disable file cleaning.
To edit configuration files, you must use the wsadmin client. See Starting the wsadmin client
About this task
The Bookmarks and Home page applications do not implement virus scanning because no files or images are uploaded to those application databases.
To enable virus scanning for Activities, Blogs, Communities, Files, Forums, Profiles, and Wikis, complete the following steps:
- Use the wsadmin client to access and check out the Lotus Connections configuration files.
- Enter the following command to access the IBM Lotus Connections configuration file: execfile("connectionsConfig.py")
If you are prompted to specify which server to connect to, type 1.
Note: This information is not used by the wsadmin client when you are making configuration changes.
- Enter the following command to check out the Lotus Connections configuration files:
- <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you make changes to them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft® Windows® operating system.
AIX and Linux only: The directory must grant write permissions or the command does not run successfully.
- <cell_name> is the name of the WebSphere® Application Server cell hosting the Lotus Connections application. This argument is case-sensitive, so type it with care. If you do not know the cell name, type the following command while in the wsadmin command processor:print AdminControl.getCell()
- AIX or Linux:LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")
- Microsoft Windows:LCConfigService.checkOutConfig("c:/temp","foo01Cell01")
- From the temporary directory to which you just checked out the Lotus Connections configuration files, open the LotusConnections-config.xml file in a text editor.
- Uncomment the following block of XML, which can be found in the avFilter section:
- Replace references to <scanner.service> with the name of the ICAP response modification service on the ICAP-enabled scanner. Select one of the following options:
Represents McAfee virus scanning softwareAVSCAN
Represents Symantec virus scanning software
Or add the ICAP response modification service for the virus scanning software that you want to support.
- Replace references to <myscanner.host.com> with the server name or IP address of the system hosting the virus scanner. To specify more than one server, separate multiple server names or IP addresses with commas.
- To support scanning large files, specify values for the av.chunk.size and first.read.timeout properties:
If the scanner is not available, uploads are rejected to prevent someone from executing a denial of service attack against the scanner, intending to then upload an infected file. In the first.read.timeout property, you can set the number of milliseconds to allow a service to attempt to reach the scanner before rejecting the request.
- Save your changes to the LotusConnections-config.xml file.
- After making changes, you must check the configuration files back in and you must do so during the same wsadmin session in which you checked them out for the changes to take effect. See Applying common configuration property changes for information about how to save and apply your changes.
What to do next
Once virus scanning is running in your environment, any scanning-related errors are written to the SystemOut.log file. See Troubleshooting virus scanning
for information about possible errors and their causes.
Parent topic: Security
Changing common configuration property values
Applying common configuration property changes
Troubleshooting virus scanning