Exploring Antivirus Scanning

Use Antivirus Scanning to help protect your instance against virus infections that can be introduced by file attachments to your system records, such as incidents, problems, and stories.

Antivirus Scanning scans file attachments stored in your attachment [sys_attachment] table to help protect users from uploading and downloading infected files. All the document types supported by the Platform are scanned by Antivirus Scanning.

If Antivirus Scanning is enabled, all file attachments in the Attachments table [sys_attachment.do] are scanned by default.

The Antivirus Protection plugin (com.glide.snap) is activated and enabled by default on your instance. As an administrator, you can deactivate and reactivate the Antivirus Scanning feature across your instance at the switch of a toggle, set configuration options, and review antivirus activity on the instance.

Note: Antivirus Scanning is also available for customers in the Government Community Cloud (GCC) and commercial environment. GCC Users must set the (com.glide.snap.fed_enable_scan) property to true to start using the feature.

Commercial users must set com.glide.snap.enable_scan to true.

HTTP and HTTPS communication protocols are supported. Edge-encrypted files are excluded from this scan. Antivirus definitions are updated everyday. Any file above 100-MB file size isn’t scanned.

Email scanning Inbound emails are scanned for viruses by the system email filters , not by Antivirus Scanning .

File Attachment field in a table The addition of a File Attachment field in a table generates zz_yy tables. These tables are dynamic and virtual. They are automatically generated when the column type file_attachment is added to parent tables.

Consider adding a user photo to the Users table and incorporating it into the form view. When a photo is uploaded to a record, it automatically uploads the attachment to the sys_attachment table. The sys_attachment table maps the photo to the zz_yyUsers table.

By default only attachments attached to zz_yylive_profile tables are scanned. To scan other tables that have column type file_attachment create the system property com.glide.snap.scan.zz_yytables and insert the table name.

Example

The "zz_yyincident" and "zz_yycase" tables are dynamic tables created when the column is added to the parent tables: Incident and Case, then the property value should be zz_yyincident,zz_yycase .

After this property is set, attachments for the zz_yyincident and zz_yycase tables are scanned.

Scanning scenarios Review these upload and download scenarios to understand how the system identifies potential security threats from files attached to your records.

Scenario 1 - Upload a file

The user unknowingly uploads an infected file to a record. The system scans the file and moves it to quarantine. The file appears in the Attachments window, where it’s marked as unavailable. The user selects the file and this error message appears: The file Infected_testing.txt did not pass the security scan. Please remove the file from record INC0000059 and try again. The system sends an email notification to the user and the antivirus administrator. The user closes the Attachments window and is returned to the record. The infected file is displays in the header as unavailable. Example, infected_testing123.txtZ [unavailable] .

Scenario 2 - Download a file

The user opens a record to download a file that is attached to it. Unaware that the file is infected, the user selects it for download. The system scans the file, moves it to quarantine, and displays a message similar to The file infected_testing123.txt did not pass security scan and cannot be downloaded. The user closes the message and the screen refreshes showing that the file is unavailable. The system sends an email notification to the user and the antivirus administrator.

Scenario 3 - Download a ZIP file

A user opens a record and downloads a ZIP file that is attached to it. The system scans the ZIP files individually. One file doesn’t pass the security scan and is marked as unavailable. The remaining files are zipped and downloaded successfully. The user opens the ZIP file and sees an “error.txt” file in addition to the successfully downloaded file. This file contains an error message specifying which file didn’t pass scanning and was therefore not included in the ZIP. The user opens the record again, and sees that the unavailable file has been moved into the Potential security risks section in the Attachments window and can’t be downloaded.