Using the FSSP for SharePoint WebParts
One of the most significant pieces of functionality that can be implemented within a corporate antivirus policy is the display and archiving of virus infected notifications, their origin, and how those files are handled within a communications and collaborations environment. Within the FSSP framework, these events are called event notifications or events, basically anything which trips a routine which has to intervene and handle. These types of routed messages are probably already defined within your corporate Antivirus policy as to how to handle and route the messages, therefore it is advised to configure FSSP to handle them accordingly. Collaboration environments are especially prone to virus infections since they are the result of numerous parties putting efforts into a singular entity, the data is tossed back and forth very frequently, and therefore is more prone to malware infestation.
For a network and SharePoint administrator, these notifications are exceptionally critical, for both real time protection patching and quarterly auditing reports (these reports are necessary for a company to make any decision as to how to handle AV software implementations and upgrades). The advantage of using is there is a built-in functionality to expose these events to an arbitrary administrator in a convenient method using your SharePoint portal or through well-planned email routing (which is in turn quite flexible), which can either then be brought up through an Outlook client or by using the Outlook Web Access WebParts on your administrative SharePoint My Site.
Implementing the FSSP WebParts
Implementing the FSSP SharePoint WebParts is a very quick and easy task; it is exactly the same as adding any other custom WebPart to you’re a WebPart page that you expose through your virtual server WebPart gallery. When FSSP installed, it should have dropped the appropriate WebPart assembly files into the bin directory, and made the relevant safe controls entry into the SharePoint WebPart config so that the WebParts may run appropriately. The .dwp files should have already been placed into your web part gallery, so there is no importation necessary in order to run the WebParts. The two WebParts that are packaged with the FSSP installation are:
- Detailed Notifications
(you can expose other FSSP functionality through additional programmatic efforts, or by implementing the FSSP ActiveX control on an arbitrary SharePoint page using Microsoft Office Frontpage or Microsoft Office SharePoint Designer 2007)
Firstly, switch your page to the WebPart addition page by selecting modify shared page in your WSS or SharePoint site. Once you have this open, invoke the virtual server WebPart gallery by making the appropriate selection in the WebPart gallery task pane. Under this selection, you should see the above two WebParts. Simply drag the WebPart onto your page and the notifications installation should be complete. Besides the notifications being sent to these alert type WebParts, they can also be routed to any number of email addresses of your choosing. If you are a document heavy company relying greatly on SharePoint content repositories, it is advised that you created a firstname.lastname@example.org address, since one hit of malware within your environment can cause a considerable quantity of messages if it propagates to numerous locations.
Using the FSSP Notifications
There are default notifications that are set, however in FSSP there are a sundry amount configurations that are accessible and configurable depending on what your corporate antivirus policy mandates. In order to shape FSSP notification options, you must launch the FSSP client and invoke the Reports task pane. There are several other options that are available under the reports task pane as well, outside of FSSP notification management and implementation. You can query into metrics involving incident management and reports so that you can build reportable metrics accounts for quarterly or monthly audit reports. You can also build reports related to malware currently housed within your quarantine, which is helpful to dig into what viruses may be affecting you in the majority of caught instance. There are several options available from this FSSP notifications dialog, however drilling down into the Notification portion allows us to tackle the specific configuration options relating to notifications and how these notifications are sent to both the administrator and to the SharePoint WebParts.
Configuring FSSP Notifications to Your Environment
Once the FSSP notifications dialog appears, you will see the names of all notification roles and whether they are enabled or disabled. From this dialog, you can see the split between the web and email notifications, which will allow you granular management of those events which are crucial to normal business operations so can be routed through email, and those which mandate just review through a web interface. The web notifications are obviously those which are sent to the SharePoint interface through the FSSP SharePoint WebParts described above.
Enabling and disabling notifications is as simple as clicking a buttons (the green go arrow and the red stop square), the same for configuring a certain notification if you would like to tailor how what information the notification displays and who the specific notification is sent to. When you select a certain notification, it will show the relevant information in the task pane below. This is also the configuration screen, where you can insert FSSP macros, sort of similar to threading tags in the SharePoint page that are replaced at runtime with relevant information regarding the specific incident. There are quite a few that you can leverage to make rather detailed messages, making it fairly simple to conform to your corporate antivirus policy.
An important part of customizing these messages is to use the substitution macros that are included with the FSSP framework. There are variety of these substitutions macros that are available for your to configure with your notification system:
- %% – includes the % in the relevant files
- %Company% – Name of AV vendor that picked up the infected file
- %File% – Name of the infected file
- %Filter% – Name of filter that detected infected file
- %Folder% – Where the virus was found
- %ScanJob% – Name of Scanjob that performed the routines
- %Server% – Name of FSSP server that detected infected file %State% – Was the file detected, skipped, or cleaned
- %Virus% – Name of virus that infected the arbitrary file
- %Virus Engines% – Relevant engine that detected the infected file
Once you implement a substitution macro(s) within your custom notification event, you will begin to get relevant information with your routed event information with even more detailed data regarding infected files within your SharePoint environment. You can archive these messages if you need to maintain a log for quarterly audits or if that activity is relevant to your corporate antivirus policy. These are powerful mechanisms if you need more relevant detailed information about your SharePoint environment threat levels. This can offer you immense insight into what engines are offering benefits, and those which are not having much beneficial impact and therefore should be disposed of.