How to leverage the virus scanning feature in the document management system to enhance the security of your bussiness data
Today we want to talk to you about a feature unknown to most but nevertheless present in LogicalDOC since version 7.1
This is the Antivirus scan function. This function adds a substantial level of security to your document archive and allows you to limit the spread of viruses within your company.
How does AV security work in a document system?
By performing a scan during the initial phase of document creation, LogicalDOC prevents an infected file from being inserted into the system, and therefore that the same document can then be spread within your company network, possibly propagating an undetected infection. Or simply avoiding that the document is added to the document base, no user of that document will have to suffer any relapses from possible infection.
It seems little to you, just think that according to Verizon's 2022 - Data Breach Investigations Report (Dbir), ransomware attacks (with data seizure and encryption) have increased by 13% in just one year.
Data breaches cost organizations millions of dollars - the average cost has increased 10% from 2020 to $ 4.24 million across industries and 29.5% to $ 9.23 million in healthcare, and the fallout is even more damaging than the initial losses. Repair costs triple the initial damage, and legal repercussions can add millions to the total bill.
Protect your documents and information with AV scanning
Now, as we said, LogicalDOC has been integrating a document scanning system for several years, but have any of you ever used it?
Very few of you have done so; however, you should be educated on how to get the most out of this feature and limit the risks to your documents and your business.
The virus check in LogicalDOC is entrusted to an external tool: ClamAV, an open-source antivirus package created by none other than Cisco System Inc.
In LogicalDOC the function is accessible from the Administration, Security, Antivirus menu.
From this screen you can enable the Antivirus feature, set the command path (ClamAV could be installed on a different location), and configure on which file extensions the AV scan should be launched. LogicalDOC promptly invokes the clamscan.exe command on each new file added to the system (even for new versions).
However, few people know that it is advisable to update the database with the virus definitions for the antivirus to catch the virus's trace. This is a fundamental aspect because we cannot think that an AV scanner with a database never updated or updated years ago can effectively counter the threats of a virus in 2022.
The update can be launched manually using the freshclam.exe executable from the command prompt.
The freshclam.exe command, which downloads the DB with the virus definitions, can be configured via the freshclam.conf file
Optimize AV scan execution
Now another virtually unknown aspect is that running a scan with the clamscan.exe command is a lengthy process that takes many seconds, even 15/20 seconds per file, depending on your system's performance. Most of this time is spent by the command loading the definition of the viruses to be scanned into memory.
Few people know, however, that a cost-free and incredibly performing alternative is already available. In fact, ClamAV in version 0.105 provides another command called clamdscan, which invokes a resident service/daemon to perform the scan. Since the service running on the system has already loaded the virus definition, scanning the document will be enormously faster and practically immediate. The time required will only be equivalent to the actual scan time since the service has already loaded the virus definition into memory.
So, for the same document that previously took 15 seconds to scan, now the time needed will be only a fraction of a second.
To configure AV document scanning using the clamdscan executable, you need to follow these steps:
1) Open an elevated Windows DOS (Command Prompt in Administrator Mode) and navigate to the install directory.
2) Run the following command:
3) Start the ClamAV ClamD system service and set it to start automatically
net start clamd
sc config clamd start=auto
At this point, it is advisable to check from the prompt that the clamdscan.exe command is running correctly by scanning a file.
If the scan is successful, change the path of the Antivirus command in LogicalDOC by entering the complete path of the clamdscan.exe command.
Save by pressing the "Save" button and that's it.
Notes and tips
We recommend setting up a scheduled/planned activity that runs the freshclam.exe command daily to update the virus definition.
Obviously, this aspect has many facets; just look at the freshclam.conf and clamd.conf configuration files to realize this. However, one thing worth stressing is the ability to configure a log file that contains information about running the scan. Also, carefully consider the many options available for scanning Doc, executable, archive and Html files.
For more information on these aspects, see the documentation offered on the website https://docs.clamav.net/manual/Usage/Configuration.html