Antivirus for SharePoint 2013

The aim of this post is to shed light on why you need an antivirus for SharePoint. This post could be served as you ‘business case’ for an antivirus to pass on to your Security team / management.

Here are some of my notes gathered from various blogs that I have read, discussions and presentations that I have had:

  1. ForeFront antivirus for SharePoint 2010 wont work for SharePoint 2013 (not supported by Microsoft)
  2. Microsoft is discontinuing support for ForeFront antivirus for SharePoint 2010 31st December 2015 – there are no replacement products except third part vendors. Lots of backlash from MS customers.
  3. We can apply the extension period so that we have additional time to migrate to an alternative solution for SharePoint 2010 protection but its important to note there is no protection from Microsoft for SharePoint 2013.
  4. Documents uploaded into SharePoint can of course contain malware
  5. Once documents are in a SharePoint database, file system antivirus engines cannot understand / detect malware, infected files found in SharePoint content databases
  6. Antivirus for SharePoint prevents SharePoint from becoming a repository of infected files by scanning and cleaning files stored in SharePoint which are not accessible to endpoint AV solutions
  7. Antivirus for SharePoint detects, removes viruses, spyware, malware and other threats in files uploaded to and downloaded from SharePoint servers
  8. While your own organisations workstations and antivirus are properly implemented and maintained, there is a risk that your customers/suppliers/federated partners files & content may contain threats. The risk is your own organisation has no control over what content is uploaded into and downloaded from your SharePoint farms, depending on how your SharePoint sites are consumed. You might not have the opportunity to clean files being uploaded to a SharePoint site if the end users (in federated partner scenario) has an out-dated laptop containing malware.
  9. Antivirus for SharePoint is the only defense we have against this risk of malware in SharePoint content databases.
  10. It is advisable to install the file system Antivirus in addition to a SharePoint antivirus. Note you must exclude certain folders from being scanned by the file system antivirus. http://support.microsoft.com/kb/952167

 

Notes:

SharePoint 2013 introduces NO CHANGES to the SharePoint Antivirus API (a.k.a SharePoint Portal Server Virus Scanning Application Programming Interface (VS API)). Source: http://www.harbar.net/archive/2013/02/22/Antivirus-and-SharePoint-2013.aspx

 

Documents can of course contain malware but it’s just not the most common vector. Source: http://www.harbar.net/archive/2013/02/22/Antivirus-and-SharePoint-2013.aspx

 

Prevents your SharePoint server from becoming a repository of infected files by scanning and cleaning files stored in SharePoint which are not accessible to endpoint AV solutions. Source: http://www.symantec.com/protection-for-sharepoint-servers/

 

Symantec Protection for SharePoint Servers detects and removes viruses, spyware, and other threats in files uploaded to and downloaded from your SharePoint server(s). Source:  http://www.symantec.com/protection-for-sharepoint-servers/data-sheets-white-papers/

 

MSMS interfaces with SharePoint using the recommended security architecture via the SharePoint VirusScan API and SharePoint Object Model. Source: http://www.mcafee.com/us/products/security-for-microsoft-sharepoint.aspx

 

What are the options for SharePoint 2013 Antivirus?

 

Symantec Protection for SharePoint Servers

http://www.symantec.com/protection-for-sharepoint-servers/

  • Familiar vendor to a lot of environements
  • Can be used with Symantec Enterprise Vault for SharePoint and Symantec Backup Exec for SharePoint to deliver a comprehensive security, archiving, and data recovery solution.

 

 

ESET® Security for Microsoft SharePoint Server

http://www.eset.com/int/business/products/collaboration-sharepoint/

  • First engine for SharePoint 2013 – very customisable / powerful.
  • Very light and efficient antivirus

 

 

Kaspersky Security for Collaboration (SharePoint)

http://www.buykaspersky.com.au/kaspersky-security-for-collaboration-sharepoint

  • Light and well known vendor, well trusted security solution

 

 

McAfee Security for Microsoft SharePoint

http://www.mcafee.com/us/products/security-for-microsoft-sharepoint.aspx

  • No comment at this time.

 

 

Sophos SharePoint Security

http://www.sophos.com/en-us/products/sharepoint-security.aspx

  • No comment at this time.

 

 

TrendMicro PortalProtect SharePoint Security

http://www.trendmicro.com/us/enterprise/network-web-messaging-security/portalprotect-microsoft-sharepoint/index.html

  • No comment at this time.

 

If you have experience in any of the above, I’ll be happy to hear from you.

Thanks! Jeremy


Why enabling in-browser viewing of PDFs is risky in SharePoint

I was at a session by Maurice Prather on Secure Coding for the Administrator at the Australian SharePoint Conference 2011. It was a good session and there was a mention of the risks of PDF handling in the browser.

I did some more reading and found that Maurice had written an article which explains the risks of PDF (Pretty Dangerous Files) well.
In short.. you can embed javascript in a PDF document. Java script can be used to also delete/modify a wide variety of things in a SharePoint side through the client object model.

I thought this will be useful to make note of it in my blog. Here is a link to Maurice Prathers article on PDF (Pretty Dangerous Files):
http://www.bluedoglimited.com/SharePointThoughts/ViewPost.aspx?ID=328

You enjoy..