ActiveTransfer Server 10.7 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Gateway | Configuring ActiveTransfer Gateway | Supporting Virus Scanning with Internet Content Adaptation Protocol | How Does Virus Scan Work?
 
How Does Virus Scan Work?
Once you have configured your ICAP server, configured ActiveTransfer Gateway to connect to the ICAP server, and activated virus scanning in ActiveTransfer Gateway, all files uploaded to ActiveTransfer Gateway are scanned for viruses.
The configured Scan Buffer Size Per Upload determines the exact process used to handle files of varying sizes for the antivirus scan.ActiveTransfer Gateway handles the virus scan process differently for files and files that exceed the Scan Buffer Size Per Upload limit.
Antivirus Scan Process for Small or Medium-Sized Files
The following diagram illustrates the antivirus scan process for files that are within the Scan Buffer Size Per Upload limit—that is, small or medium-sized files.
ActiveTransfer Gateway holds the file data in-memory, and forwards the file data to the ICAP server for virus scanning. The ICAP server scans the file data for malicious content and sends the scan result to ActiveTransfer Gateway. If the ICAP server detects a virus, ActiveTransfer Gateway discards the data and does not send the file to ActiveTransfer Server. The corresponding file transaction in ActiveTransfer Server is marked as failed. If the file is virus-free, ActiveTransfer Gateway forwards the file to ActiveTransfer Server for further processing. The corresponding file transaction is marked as successful.
Antivirus Scan Process for Files Exceeding the Scan Buffer Size Per Upload
When a file exceeds the Scan Buffer Size Per Upload, ActiveTransfer Gateway accepts and forwards the configured scan buffer file data successively and simultaneously to the ICAP server for scanning and ActiveTransfer Server as illustrated in the following diagram:
The following diagram illustrates what occurs when the ICAP server reports the virus scan result:
If the ICAP server If the ICAP server detects any virus in the file data sent for scanning, the ICAP server reports it to ActiveTransfer Gateway. ActiveTransfer Gateway then stops the file upload, deletes the file data from in-memory, and triggers deletion of the partial file data in ActiveTransfer Server. If the virtual folder for the file upload points to a remote server, the user that ActiveTransfer uses to access the remote server must have delete permissions to remove the partially infected file. The corresponding file transaction in ActiveTransfer Server is marked as failed. If the file is virus-free, ActiveTransfer Gateway forwards the file to ActiveTransfer Server for further processing. The corresponding file transaction is marked as successful.
Important:
If the virtual folder users access the partial file before the virus scan is complete, they run the risk of infecting their network or internal file system.