Integrating Another AV Tool

FlexNet Manager Suite 2023 R1 (On-Premises)
You may prefer to use an anti-virus tool of your own choice for scanning documents that operators upload to FlexNet Manager Suite. A suitable tool meets these requirements:
  • It can be triggered at any time, for a specific file, to support on-demand scanning
  • A document scan is efficiently fast, so that uploads to FlexNet Manager Suite do not become unusably delayed by the process
  • Its output of results can be trapped by the calling PowerShell integration script, where the values can be converted to those expected by the web application server.

Clearly, with the variety of anti-virus tools and the variability of your environment, it is not possible here to give detailed configuration instructions. This task requires a good understanding of your preferred anti-virus tool (command line, outputs, and file location) and skills in PowerShell scripting, and so may require a specialist from your IT team to assist. The following is a high-level summary of the main points to attend to.

To integrate your chosen anti-virus tool with FlexNet Manager Suite:

  1. In the downloaded installation/upgrade media for FlexNet Manager Suite, locate and install the sample PowerShell integration script for customization.
    This is available as <installationMedia>/Support/Filescanner_Sample.ps1. The file includes some comments to guide your editing. For example, the ScanFile function must be customized to identify your anti-virus tool in the $exePath variable, and you may need to update the resulting output when malicious content is found. You will notice that the integration script is capable of outputting the following values, each of which results in the associated text being displayed in the web interface of FlexNet Manager Suite for the operator attempting the document upload:
    PowerShell exit code UI text displayed
    0

    The following file(s) have been uploaded: filename

    102

    Antivirus scanning has quarantined this file as malicious. If you think this is a mistake, please contact your IT department for analysis, or contact Flexera Support.

    This text is displayed in a large red block.

    103

    File upload is blocked. Security file scanning is turned on, but the antivirus software is not found. Please contact your IT department.

    This text indicates that there is an error in your configuration, such as a mismatch between the PowerShell script name/location and the registry key to identify it; or a failure of the PowerShell script to find your anti-virus tool.

    104

    Security scanning of this file timed out. Please try to upload the file again later or contact your IT department.

    The PowerShell script sets a default timeout of 60 seconds. You may need to adjust this value. A timeout prevents the web interface becoming unresponsive if the system is busy, or multiple security scans are queued up.

  2. Save your edited PowerShell integration script in the file location of your choice, and optionally sign the file to prevent unauthorized changes.
    The ideal location for this file has permissions tightly restricted to reduce access to the file. In addition, it is recommended best practice to sign the file (with either a certificate from a certification authority, or a self-signed certificate with a strong private key password), and to ensure that the appropriate execution policy has been set for PowerShell on the web application server.
When this customization is complete, there are two registry settings required on the web application server to enable the connection between FlexNet Manager Suite and the PowerShell integration script, and to change the default (no file scanning) to enable scanning of uploaded files. For details of these settings, see Turning on Document Scanning.

FlexNet Manager Suite (On-Premises)

2023 R1