Automating FTP Virus Scans with Kaspersky Antivirus - Part 3

Demonstrates how to be notified when a file uploaded via JSCAPE MFT Server is found to be infected and subsequently quarantined.
  1. Blog

In Part 1 of this article, you learned how to perform a basic automatic Kaspersky scan on a newly uploaded file. In that post, we only specified one argument for the kav4fs-control command, and that was the path of the file to scan.

Read Part 1

Read Part 2

In most instances, however, you may also want to specify a specific action for Kaspersky to take in the event that the uploaded file is found or suspected to be infected by malware. For example, you might want to quarantine the file in question. For our final installment of this article, we'll not only show you how to send an infected file to quarantine, we'll also show you how to configure your managed file transfer server to email you a notification whenever such an event happens.

How to receive notification when an infected file is quarantined

First, you need to modify the Kaspersky Virus Scan Trigger you created in Part 1. Launch your JSCAPE MFT Server Manager, open your domain, and click the Triggers node. Next, select the Kaspersky Virus Scan trigger (or whatever name you assigned to that trigger) and click the Edit button.

mft server   edit trigger resized 600

When the Edit [name of trigger] Trigger(Step 1 of 3) screen appears, click Next.

mft server   edit trigger step 1 resized 600

Click the Next button again in the succeeding screen.

mft server   edit trigger step 2 resized 600

In Step 3 of the Wizard (the Trigger Actions screen), select the Run Process action and then click the Edit button.

mft server   edit trigger step 3 resized 600

In the Edit Action screen, go to the Arguments field and insert the following argument:

--action Quarantine

So the contents of the Arguments field will now look like this:

mft server   change trigger action argument resized 600

Click OK. And then click OK again when you're back in the Trigger Actions screen (window step 3 of 3).

Once you're back at the main screen, click the Apply button.

mft server   apply changes to trigger resized 600

So now, every time a newly uploaded file is found to be infected with malware, the file will be sent to Quarantine. By default, the designated quarantine folder of Kaspersky Antivirus 8 for Linux File Server is:


To receive an email from JSCAPE MFT Server notifying you of a recently quarantined file, which would of course mean an infected file has been recently uploaded to your server, you first create a Directory Monitor for that quarantine folder. This can then be used in conjunction with a trigger whose corresponding Trigger Action would be to send you an email.

Let's proceed by creating that Directory Monitor. Go to the Directory Monitor node and click the Add button.

mft server directory monitors node resized 600

Give your directory monitor a name (e.g. Kaspersky Infected File).

Next, click the Browse button and navigate to the Kaspersky quarantine folder (/var/opt/kaspersky/kav4fs/quarantine). Make sure the Monitor file add checkbox is checked. You may uncheck the succeeding checkboxes for now. When you're done, click OK.

mft server add directory monitor resized 600

You should then see you're newly created directory monitor among the list of directory monitors.

mft server newly added directory monitor resized 600

Now for the last step. We need to add a trigger that would send an email each time a new file is added to the quarantine folder. Go to the Triggers node and add a new trigger now.

add new trigger resized 600

Give the trigger a name (e.g. File Quarantined by Kaspersky). From the Event Type drop-down list, select Directory Monitor File Added. When you're done, click Next.

mft server add trigger step 1 resized 600

In the Expression box, enter:

MonitorName = "Kaspersky Infected Files"

wherein "Kaspersky Infected Files" is assumed to be the name you assigned to the directory monitor. If you assigned a different name, use that. Click Next.

trigger conditions expression

Click the Add button to add a new trigger action.

add new trigger action

From the Action drop-down list, select Send Email and then click OK.

mft server add action send email resized 600

Enter information pertinent to the sender's email account like the Hostname, Port, Connection Type, username, password, subject, body. The values you enter into the Hostname, Port, and Connection Type will depend on the email hosting service. What you see here is for Gmail. Enter the sender's email into the Fromfield and the recipient's email into theTofield.

mft server send email action parameters resized 600

Once you see the newly created trigger action in the list of trigger actions, click OK.

newly added send email trigger action resized 600

You should then see your newly created trigger inside your list of triggers. Click Apply.

mft server apply kaspersky quarantine trigger resized 600

To see how our system would react if an actual infected file would be uploaded, we tried a test virus file provided by Kaspersky named Note, this file is not an actual virus but will be treated by Kaspersky as if it were. Here's how our JSCAPE MFT Server Manager Logging screen looked like right after these three events:

1. The file was uploaded;

2. The trigger action for scanning a newly uploaded file was executed; and

3. The trigger action for sending a notification email, following a quarantine process, was executed.

actual scan quarantine and email notification resized 600

And here's the corresponding screenshot of the actual email, viewed from the recepient's screen.

email notification received

That wraps up our 3-part article on an automated FTP virus scan using Kaspersky and JSCAPE MFT Server. I hope you learned a lot. See you again next time.

Read Part 1

Read Part 2


In this post, you learned how to enhance your secure file tansfers by configuring JSCAPE MFT Server to: perform automatic Kaspersky-powered virus scanning on uploaded files, auto-update the Kaspersky database, and send email notifications as soon as an infected file is quarantined.


Download JSCAPE MFT Server