Oracle® Beehive Integration Guide Release 2 (2.0.1.8) Part Number E16650-06 |
|
|
PDF · Mobi · ePub |
This module describes how to integrate Symantec Scan Engine with Oracle Beehive.
This module contains the following topics:
Prerequisites for Integrating Symantec Scan Engine with Oracle Beehive
Procedure for Integrating Symantec Scan Engine with Oracle Beehive
You can integrate Symantec Scan Engine version 5.1.2 or later with Oracle Beehive. This integration enables your organization to use existing Symantec Scan Engine instances for anti-virus features beyond those that Oracle Beehive provides. After you complete the integration, your Oracle Beehive system can use the Symantec Scan Engine scan types, modes, artifact, and filtering capabilities.
The integration automatically includes Device Management Service (DMS), which which uses Symantec Scan Engine to scan uploaded client application zip files or downloaded client application binary files. During the upload of a client application zip file, if a virus is found, then DMS cancels the upload operation. During the download of a client application binary file, if a virus is found, then DMS performs one of the following actions:
If the scan policy is set to scan and repair, then DMS attempts to remove the virus from the downloaded file. If it cannot repair the file, then DMS cancels the download operation.
If the scan policy is set to scan only, then DMS cancels the download operation.
To manage the Oracle Beehive Virus Scanner, you use the beectl
utility and Oracle Beekeeper. (For detailed information about using the beectl
utility, see in Oracle Beehive Administrator's Guide.) To manage Symantec Scan Engine, use the Symantec Scan Engine tools.
The procedure for integrating Symantec Scan Engine with Oracle Beehive is to first add Symantec Scan Engine to Oracle Beehive, and then to enable the virus scanning functionality. You can perform the integration while Symantec Scan Engine is running virus scans, but be aware that the configuration process will add to the load of the scan engine, and may affect performance.
Before you integrate Symantec Scan Engine with Oracle Beehive, ensure that the Oracle Beehive Server can communicate with the Symantec Scan Engine server, through the ICAP listening port of the scan engine. The Symantec Scan Engine administrative ports (typically 8004 and 8005) must be open on the scan engine server in order to allow access to the Symantec administrative console, which is used for configuring, administering, and running reports on the scan engine. This enables the Scan server to communicate with the Symantec Scan Engine site so that it can download the definitions.
To add Symantec Scan Engine to Oracle Beehive:
Ensure that Symantec Scan Engine version 5.1.2 or later is installed.
You can find the version from the Symantec Scan Engine administrative console. Alternatively, run the following command:
<SYMANTEC_INSTALL_LOCATION>/bin/symcscan.sh version
Add the first Symantec Scan Engine instance to Oracle Beehive.
For example:
beectl> add_virus_scan_engine --hostname my_symantec_server.example.com --port 6002 --validate_connection true
Enter the arguments all on one line. The examples in this guide are formatted as shown here for easier readability.
In this example:
hostname
: Name of the host computer where Symantec Scan Engine is installed. Enter the fully qualified name (for example, my_symantec_server.example.com
).
port
: Port number of the ICAP port used by the Symantec Scan Engine host computer.
validate_connection
: Checks the ICAP port to ensure that the connection is valid. The addition of the scan engine object to the configuration system will succeed even if the validation for connectivity fails. If you have validated the connectivity earlier or through other means, if you are doing an Oracle Beehive configuration before the Symantec Scan Engine is installed or running, or if you plan to validate at a later date, then you can omit this option.
Enter true
to validate the connection; otherwise, enter false
.
Repeat Step 2 for each Symantec Scan Engine instance that you want to configure with Oracle Beehive.
Specify a virus scan policy for Oracle Beehive.
For example:
beectl> modify_virus_scan_policy --scanpolicy scan_and_repair
The following are valid values for the scanpolicy
setting:
NO_SCAN_OR_REPAIR
. Disables virus scanning. This setting is the default.
SCAN_ONLY
: Oracle Beehive e-mail uses the SCAN_ONLY
setting, regardless of the setting you enter here. Beehive e-mail has a built-in repair function that removes the infected portions and attachments from e-mail messages.
SCAN_AND_REPAIR
: This setting has a larger performance impact than the SCAN
setting. However, of the two Oracle Beehive services that currently use Symantec scanning, only DeviceManagementService uses the full repair feature for downloaded or uploaded client application modules that have been infected with viruses.
Validate and activate the configuration.
beectl> activate_configuration
Enable the virus scanning and/or attachment blocking for the Symantec Scan Engine-Oracle Beehive configuration.
See "Step 2: Enabling the Symantec Scan Engine Virus Scanning or Attachment Blocking", next.
This section contains:
After you have added Symantec Scan Engine to Oracle Beehive, then you are ready to perform one or both of the following tasks:
Enable virus scanning, which makes the message body and attachments of your Oracle Beehive e-mail system available for virus scans.
Enable attachment blocking, which prevents certain types of files, such as those with the extension.zip
or.exe
, from being attached to e-mails.
If you have enabled virus scanning, attachment blocking, or both, then you can customize the notification that is sent to e-mail recipients when a virus scan is performed. The procedures in this section describe how to perform this customization.
Ensure that you have added Symantec Scan Engine to Oracle Beehive, as described in "Step 1: Adding a Symantec Scan Engine to Oracle Beehive".
If you enable virus scanning but do not have Symantec Scan Engine configured, then Oracle Beehive may prevent delivery of e-mail messages while it stores them in a queue and waits for Symantec Scan Engine to respond. This behavior is intended to prevent delivery of unscanned messages in the event an external virus scan engine becomes nonresponsive.
Log in to Oracle Beekeeper.
In the Services box, select Email.
In the Email pane, select the Configuration tab, and then click the Edit button.
A separate edit window appears.
In the edit window, select the Transport Properties tab.
Under Post Resolution Rules, expand the Virus Scanning section.
Select the Activate virus scanning checkbox.
After the Virus Scanning region expands to include the following options, make the appropriate selections, as follows:
Notify local senders about virus check box
Notify remote senders about virus check box
Notified administrators check box
Notifier Email field, in which you enter the e-mail address of the person sending the e-mail notification
Subject field, in which you enter a subject header
Message, in which you enter a message letting users know that Oracle Beehive detected a virus in their e-mails
Click Apply to apply the proposed configuration without closing the configuration window, or click Save & Close to apply the proposed configuration and close the window.
To activate the configuration, in the System box, select Configuration Control, and then click Activate.
This section contains:
At any time, you can validate the Symantec Scan Engine connectivity by using the beectl validate_virus_scan_engine_connectivity
command. The syntax is as follows:
beectl> validate_virus_scan_engine_connectivity [ --hostname <scanengine_hostname>] [ --port <scanengine_port> ]
For example:
beectl> validate_virus_scan_engine_connectivity --hostname my_symantec_server.example.com --port 6002
If you omit the hostname
and port
arguments, then the validate_virus_scan_engine_connectivity
command restricts the search to the local computer, with the assumption that hostname
is localhost
and port
is 1344
.
A cluster configuration is a set of Symantec Scan Engine engines of the same type, that is, Symantec, that run on different server:port
combinations. Oracle Beehive can connect to any of these engines, with preference given to the one running on the local computer. Virus scanning policies are defined at the cluster level. When you add the first Symantec Scan Engine, Oracle Beehive creates the cluster. A Site can have only one cluster.
To create a Symantec Scan Engine cluster configuration:
Ensure that you have completed the virus scanning configuration as described in "Step 2: Enabling the Symantec Scan Engine Virus Scanning or Attachment Blocking".
Log in to Oracle Beekeeper.
In the System box, select Topology.
By default, the Topology tab is displayed. If you want a more granular selection, then select the By Service tab.
In the Topology pane, expand the target hierarchy until all of the Oracle Beehive instances appear.
Select the Site level node, and then from the list of target hierarchies, select the site that you want.
From the View menu, select Configuration.
The Topology pane changes to indicate the root hierarchy item you selected.
Select the Virus Scan Engine Cluster tab, and then select the Edit button.
An edit window appears.
In the edit window, select the Virus Scan Engine Cluster tab, and then click the Create Virus Scan Engine Cluster button.
Enter the following settings:
Alias: Enter an alias for this group of scan engines.
Virus Scan Policy: Select from the following options:
NO_SCAN_OR_REPAIR (default)
SCAN_ONLY
SCAN_AND_REPAIR
To access additional advanced parameters, click the Advanced link.
In the ScanEngines section, click the plus icon to add one or more scan engines. For each scan engine, enter the Scan Engine Host Name and Scan Engine Client Comm Port, and optionally, enter an Alias.
Click Apply to apply the proposed configuration without closing the configuration window, or click Save & Close to apply the proposed configuration and close the window.
To activate the configuration, in the System box, select Configuration Control, and then click Activate.
Click Apply. Alternatively, click Save & Close.
To enable attachment blocking:
Log in to Oracle Beekeeper.
In the Services box, select Email.
In the Email pane, select the Configuration tab, and then click the Edit button.
A separate edit window appears.
In the edit window, select the Transport Properties tab.
Under Post Resolution Rules, expand the Attachment Blocking section.
Select the Activate attachment blocking checkbox.
After the Attachment Blocking region expands to include the following options, make the appropriate selections, as follows:
Process only emails from, from which you select from the Origin list
Remove attachments of Type, from which you select from the Extension list
Notify local senders about bad attachments check box
Notify remote senders about bad attachments check box
Notifier Email field, in which you enter the e-mail address of the person sending the e-mail notification
Subject field, in which you enter a subject header
Message, in which you enter a message letting users know that Oracle Beehive detected a virus in their e-mails
Click Apply to apply the proposed configuration without closing the configuration window, or click Save & Close to apply the proposed configuration and close the window.
To activate the configuration, in the System box, select Configuration Control, and then click Activate.
To customize the notification to addressees (intended recipients) of messages with blocked attachments or viruses:
Log in to Oracle Beekeeper.
In the Services box, select Email.
In the Email pane, select the Configuration tab.
Click the Edit button.
An edit window appears.
In the edit window, select the Transport Properties tab.
Under Post Resolution Rules, expand the Virus & Bad Attachment Notification section.
Under Notification Message, complete the Subject and Notification fields.
Click Apply to apply the proposed configuration without closing the configuration window, or click Save & Close to apply the proposed configuration and close the window.
To activate the configuration, in the System box, select Configuration Control, and then click Activate.
The virus scan captures the following types of infection details:
Virus name
Virus ID
Entity Identifier (Entity ID, Entity Type, CollabID)
Date of the scan
Status of whether the virus was removed or not
Number of attempts to repair the scanned entity
Component within a container (if the scanned entity was a container or multi-part mime message)
You can use the beectl list_virus_scan_results
command to review the results of virus scans.
The syntax is as follows:
beectl> list_virus_scan_results [ --scandate <scandate> ] [ --scandate_from <scandate_from> ] [ --scandate_to <scandate_to> ] [ --virus_name <virus_name> ] [ --virus_id <virus_id> ] [ --obsolete_only <true/false> ] [ --entity_type <entity_type> ] [ --maximum_results <max_results> ] [ --display_columns <display_colummns> ] [ --count_only <true/false> ]
If you omit the arguments, then Oracle Beehive lists up to 2000 of the scan results available in the Beehive database.
In this specification:
--scandate
: Specifies an exact date-time for the scan. Optional. For example, the following setting specifies one second before midnight on December 12, 2009:
--scandate "2009-12-10T23:59:59"
Enclose the date in double quotation marks. Permitted formats are as follows:
YYYY-MM-dd'T'HH:MM:SS.SS'Z'
YYYY-MM-dd'T'HH:MM:SS.SS
YYYY-MM-dd'T'HH:MM:SS'Z'
YYYY-MM-dd'T'HH:MM:SS
YYYY-MM-dd'Z', YYYY-MM-DD
If you want the scan to cover a period of time, then use the scandate_from
and scandate_to
arguments instead of scandate
.
--scandate_from
and --scandate_to
: Specify a time range for the results set, using the same formats that the scandate
argument uses. Only the results of scans conducted on the specified dates will be shown. For example, to scan the entire day of December 12, 2009, enter the following settings:
--scandate_from "2009-12-02T00:00:00" --scandate_to "2009-12-02T23:59:59"
Use the same time formats as the scandate
option.
--virus_name
, --virus_id
: Return the results for the exact specified virus name or ID. Enclose these settings in double quotation marks. For the virus_name
setting, the name typically ends in a semi-colon (;
).
--entity_type
: Returns the results for the given type of entity scanned. Enter one of the following values:
emsg
: E-mail messages
capm
: Client application module
--obsolete_only
. Specifies whether to return the results where the entity scanned (for example, an e-mail message) has been removed from the system (deleted). Enter true
or false
.
--maximum_results
: Specifies a maximum number of results to be returned by the query.
--display_columns
: Limits the information to be displayed about each result. Enter a comma-delimited list of values, and enclose the group in a set of double quotation marks. Valid choices are as follows:
virus_id
virus_name
component_name
scan_date
repair_attempts
entity_id
entity_type
repaired
aux_data
collab_id
--count_only
: A setting of true
returns a count of the results that match; otherwise, enter false
. If you set count_only
to true
, then do not use the maximum_results
and display_columns
arguments.
For example:
beectl> list_virus_scan_results --scandate_from "2009-12-02T00:00:00" --scandate_to "2009-12-02T23:59:59" --virus_name "Encrypted container deleted;" --virus_id "\-9" --obsolete_only true --entity_type capm --maximum_results 100 --display_columns "virus_id, virus_name,component_name, repaired" --count_only false
To delete a Symantic Scan Engine configuration:
If Oracle Beehive e-mail is configured to have the virus scan rule enabled, then de-activate this virus scan rule.
If you delete a scan engine configuration when the virus scan rule and e-mail service configuration settings are enabled, then e-mail deliveries can fail.
Run the following command to de-activate the virus scan rule:
beectl> modify_scan_policy --scanpolicy NO_SCAN_OR_REPAIR
Disable virus scanning in the e-mail service configuration.
Log in to Oracle Beekeeper.
In the Services box, select Email.
The Email window appears.
Select the Configuration tab.
Select the Transport Properties tab.
Expand the Post Resolution Rules list. (It should be expanded by default.)
Expand the Virus Scanning list.
Under the Configuration tab, click the Edit button.
A secondary window appears, showing the Transport Properties tab.
Clear the Activate virus scanning checkbox.
Click Apply. Alternatively, click Save & Close.
From the beectl
utility, delete the scan engine configuration.
For example:
beectl> delete_virus_scan_engine --hostname my_symantec_server.example.com --port 6002
From Oracle Beekeeper, delete the cluster that was associated with the scan engine configuration:
In the System box, select Topology.
In the Topology pane, expand the target hierarchy until all of the Oracle Beehive instances appear.
Select the Site level node, and then from the list of target hierarchies, select the site that you want.
From the View menu, select Configuration.
Select the Virus Scan Engine Cluster tab, and then select the Edit button.
Click the Remove Virus Scan Engine cluster button.
Click the Apply button to save the configuration, or click Save & Apply to save the configuration and close the window.
From the System box, select Configuration Control.
Click the Activate button.
You can delete stored results from a virus scan. You should periodically delete results to avoid consuming an inordinate amount of space in the Oracle Beehive data store, which could affect performance. To delete virus scan results, use the beectl delete_virus_scan_results
command.
Use the following syntax:
beectl> delete_virus_scan_results [ --scandate <scandate> ] [ --scandate_from <scandate_from> ] [ --scandate_to <scandate_to> ] [ --virus_name <virus_name> ] [ --virus_id <virus_id> ] [ --entity_type <entity_type> ] [ --obsolete_only <true/false> ]
In this example:
--scandate
: Specifies an exact date-time for the scan to be deleted. Optional. For example, the following setting specifies one second before midnight on December 12, 2009:
--scandate 2009-12-10T23:59:59
Permitted formats are as follows:
YYYY-MM-dd'T'HH:MM:SS.SS'Z'
YYYY-MM-dd'T'HH:MM:SS.SS
YYYY-MM-dd'T'HH:MM:SS'Z'
YYYY-MM-dd'T'HH:MM:SS
YYYY-MM-dd'Z', YYYY-MM-DD
--scandate_from
and --scandate_to
: Specify a time range for the scans to be deleted, using the same formats that the scandate
argument uses. Only the results of scans conducted on the specified dates will be shown. For example, to scan the entire day of December 12, 2009, enter the following settings:
--scandate_from 2009-12-02T00:00:00 --scandate_to 2009-12-02T23:59:59
Use the same formats as the scandate
option.
--virus_name
, --virus_id
: Delete the results for the exact specified virus name or ID.
--entity_type
: Deletes the results for the given type of entity scanned. For e-mail messages, the entity type is emsg
.
--obsolete_only
: Specifies whether to delete the results where the entity scanned (for example, an e-mail message) has been removed from the system (deleted).