Malicious content introduced to the corporate network through SharePoint document libraries can be devastating and costly. As a collaboration tool, SharePoint products and technologies increase the interaction between colleagues and become a potential propagation point for
viruses and worms.
Saving infected files to the document library. A document author or reviewer could intentionally or inadvertently upload/edit a document from his/her desktop that contains an embedded virus, infectious macro, hot button, or Trojan.
Downloading/saving HTML Web pages to the document library. Team members collaborating on a project can save research-related HTML Web pages or documents directly to the SharePoint document library. These documents could contain embedded viruses, infectious macros, hot buttons, and/or Trojans that would infect the SharePoint document library.
Infection through mapping a network drive. Windows XP users can map a network drive to a team site. When a client computer is infected by a virus that attempts to propagate to network shares, the virus can propagate to SharePoint sites, as these sites are not detected by file server antivirus tools. Once the virus is within the SharePoint document library, only a SharePoint-specific antivirus solution can detect and clean it.
Why would I need to protect SharePoint? Wouldn’t my desktop and file server antivirus catch any threats before they could be posted or downloaded?
File server antivirus is not adequate to secure SharePoint document libraries, since backup and restoration of documents from the SharePoint document library can fail when a file server product detects and cleans viruses. This happens when documents are cleaned locally on the file server by the file server antivirus, while the backed-up copy remains infected. During data restore, infected documents could be reinstated, or those that were successfully deleted could leave broken links that could cause restore failures.
At the same time, desktop software cannot be relied on to prevent sharing infected documents in document libraries. When a user opens a document from a mapped folder on the desktop, the document is copied to the cache on the server and client. The desktop antivirus technology may detect an infection within the cached copy but cannot clean the stored copy in the SharePoint document library. Similarly, readers who have the latest desktop signatures can detect viruses when downloading documents from a SharePoint document library. However, depending on their access privileges, these users may be unable to clean the copies stored within SharePoint document libraries.
How can I help protect my Intranet SharePoint deployment from malicious code and inappropriate content?
Forefront Security for SharePoint includes multiple engines from industry-leading security firms, integrated into a single solution to protect your business’ Microsoft Office SharePoint 2007 and Windows SharePoint Services 3.0 environments from viruses, worms, and inappropriate content.
Forefront Security for SharePoint:
Integrates multiple scan engines for comprehensive protection against malware
Filters out inappropriate keywords and file types
Simplifies management of SharePoint security
Do you want to control what types of files users can share in document libraries? Are you concerned about confidential information, inappropriate language or libelous material being posted?
Forefront Security for SharePoint:
Helps protect against inappropriate content by scanning for administrator-defined keywords within most Office documents including Open XML documents and IRM-protected documents, helping to enforce compliance with corporate policy for language usage and confidentiality.
Filters out dangerous documents by including configurable file filtering rules that help customers eliminate file types known for carrying viruses (for example, .exe) or opening organizations to legal exposure (for example, .mp3). Forefront Security for SharePoint can also unpack and selectively repack compressed files, such as .zip, after removing an infected or unwanted item
For more information, see this Forefront Security for SharePoint White Paper