AnsweredAssumed Answered

Antivirus scanning with HCP Anywhere

Question asked by Rajiv Garg Employee on Jun 19, 2017

Here are some guidelines on AV setup with HCP Anywhere:

  1. Do not configure filename filtering on the ICAP server; this should be done on the AW server instead. 
  2. Because of how aggressively we dedupe, it is possible for viruses to bypass ICAP scan in some cases.  If you're only sending specific files to ICAP server, e.g. *.xlsx, which contains a virus, but the file is renamed to something that's not configured to be scanned, e.g. *.txt, this will of course bypass the scan.  But the customer should be aware that the same exact file (matching the size and hash), will now bypass the scan regardless of the extension.
  3. If you are using McAfee VirusScan Enterprise for Storage (VSE), there may be some hotfixes you need to apply depending on your setup.  McAfee has a list of hotfixes and which need to be applied, so communicating with them is recommended. 


Details on the AV Scanning with HCP Anywhere:

  1. The AV scan happens before the file is written or saved. 
  2. The timeout period is 1 minute for AV ICAP server to respond to HCP Anywhere request for scanning.
  3. Reporting of AV ICAP server unavailability happens at the HCP Anywhere node level.  Each AW node maintains its own view of the ICAP servers.  The assumption here was that most customers will be balancing requests between both nodes, so if one node sees an ICAP server is down, the other node should shortly after report the same thing unless they are using different ICAP servers.
  4. An error will be reported if the following happens:
    • There is a connection issue between HCP Anywhere and ICAP servers
    • ICAP server reports an issue, e.g. the file failed the scan
  5. If the ICAP server is unavailable and HCP Anywhere is configured to send all files to be scanned by ICAP, this effectively means that no new files can be uploaded into AW.  Files are NOT resent to the ICAP server for scanning and an error is reported to the user.   


How many concurrent AV scanning connections can be established between HCP Anywhere to ICAP servers?

This is configurable by the AW administrator in the MUI.  Number of concurrent connections to all ICAP servers is dynamic, but is capped at 200 per node, which cannot be changed.  So if requests are properly balanced between the nodes, you should be able to have 400 connections to the ICAP servers.


What are the sizing guidelines and how many AV Servers are needed with HCP Anywhere? 

You should contact the vendor for their specific AV sizing guidelines.