Skip to main content

HealthShare Personal Community Virus Scanner Setup Guide



1. Introduction

Personal Community provides patients with the ability to upload documentation from their personal devices.  In order to enable these features, it is required that the Personal Community virus scanner is properly configured and enabled.  Configuration of the Personal Community virus scanner depends on the anti-virus software installed on site.  Sites may use the provided ClamAV® virus scanner implementation class, or extend the virus scanner framework to integrate with other anti-virus software.

The virus scanner is designed to be run on a distinct instance where appropriate antivirus software is installed and where the operating system and network have been configured to isolate the machine appropriately. The service is called by remote clients wishing to scan files.  

2. Extending the Virus Scanner Framework (Optional)

Personal Community provides a virus scanning framework built to work with ClamAV®. This implementation can be reviewed at HS.Util.VirusScanner.Implementations.ClamAV .

Sites may decide to extend the framework to use any preferred virus scanning software.  The specific implementation class should be written to use the HealthShare Configuration Registry for any configuration settings, and should use the following naming conventions for setting names:  \VirusScanner\{keyname}\{HSNetworkName} . Note that configuration settings are only editable on the actual Unified Care Record Registry instance. Available Configuration Registry entries are defined in chapter 3.

To create a virus scanning implementation class specific to your anti-virus software, perform the following steps:

  1. Create a new class that extends the HS.Util.VirusScanner.Implementation class
  2. Override the PerformScan () method to communicate with the anti-virus software and scan the file specified in the pTempFileName argument

PerformScan() must handle the following:

  1. Calling the virus scanner.  Your anti-virus software may support interactions via SOAP or some other protocol but it is likely that you will need to interact via command line instructions using the $ZF callouts. More information on this can be found at Using the $ZF Callout Interface .
  2. Analyzing the result.  The implementation class must populate the following properties of the scan response:
    1. ScanWasPerformed
    2. FileIsClean
    3. ScanMessage


IMPORTANT

InterSystems strongly suggests testing the implementation of the virus scanner before enabling the service for general use. Testing is documented in the class documentation and looking at  HS.Util.VirusScanner.HSWS.WebServicesClient.TestScan()  .


3. Enabling and Configuring the Virus Scanner

3.1. Creating the Virus Scanner Namespace

The Personal Community Virus Scanner is desinged to be installed in a standalone instance.

To create a virus scanner namespace, use the Personal Community Installer Wizard:

  1. Log in to the Management Portal.
  2. Run the HealthShare   Installer Wizard :

    1. On the Management Portal home page, select   HealthShare . This displays the   HealthShare Management Portal .

    2. In the banner of the   HealthShare Management Portal , select   Installer Wizard .

  3. In the   Installer Wizard , select   Configure Personal Community . This displays the   Configuration   page for Personal Community.

  4. On this page, specify values for the following fields:

    • Local name   — Required. The name of the virus scanning namespace for Personal Community. (Subsequent examples in this documentation refer to the VirusScanner namespace.)

    • Network Name   — Required. The unique identifier for Personal Community on the network. The Installer Wizard populates this field with a string that is the network hostname, a colon, and the value of   Local name , such as VirusScanner ; you can, but are not required to, use this string.

    • Description   — Optional. Any additional information about the local copy of the virus scanner.

    • Disabled   — Whether or not the local copy of the virus scanner is available for use. This is enabled by default.

    • Production   — Required. The name of the business production for Personal Community. The Installer Wizard populates this field with a string that combines the value of   Local name   and the string   PKG:HSCOMMProduction , such as   VirusScannerPKG:HSCOMMProduction ; you are not required to use this string.

    • Template   — Required. The template for the Personal Community production. Select the   HSPortal.Production.SampleProduction.VirusScannerProduction   template.

    • Alternate Database Location   — Optional. The default location for the production database,   IRIS.DAT , is   installDir /mgr/ localName . To specify a location for the database other than the default, enter the alternate location in the   Alternate Database Location   field. If you specify an absolute location, then that location will be created if it does not exist. Your database will be in   alternateDatabaseLocation / localName . If you specify a relative location then the database will be created in   installDir /mgr/hslib/ alternateDatabaseLocation / localName .

    • Registration ID   – Optional. A unique value that identifies this configuration. It will be generated automatically if you leave this field blank. If you wish to enter a specific value, you may enter it here. Once a configuration has been saved, this value cannot be changed.
    • Enter a Hub Host   — Required. The name of the machine where the Unified Care Record Registry is located.

    • Enter a Hub Port   — Required. The web server port number on which the Unified Care Record Registry accepts connections.

    • Enter a Hub Name   — Required. The namespace of the Unified Care Record Registry, such as   HSRegistry .

    • Connect to Hub Securely   — Required if this is a production system. Optionally select it for a development or test system.

      • The web server on your Registry instance should be configured to only allow secure connections to the Registry.

      • You should have an SSL/TLS configuration on this instance that can communicate with the Unified Care Record Registry (see “ Using SSL/TLS ” in the “Setting Up Secure Communication in Unified Care Record” chapter of   Securing Unified Care Record Instances ). This SSL/TLS configuration should have the same name as the SSL/TLS configuration on the Unified Care Record Registry, as all instances in a federation share a single service registry, and the HSRegistry service registry identifies which SSL/TLS configuration to use.

      Once you select   Connect to Hub Securely , enter the SSL/TLS configuration in the   SSL Configuration   field that appears. Now, the Hub endpoint URL will be created using “https” rather than “http”, and the identified SSL/TLS configuration will allow the Gateway to connect to the Unified Care Record Registry securely at initial startup.

    • Initial Hub End Point   — Required. The web address for the HealthShare Registry. The Installer Wizard populates this field; you can, but are not required to, use the auto-populated string. The string is of the form:

      protocol :// registry-host : registry-port /csp/healthshare/ registry-name /services /HS.Hub.HSWS.WebServices.cls

      where the portions of the address in italics are:

      • protocol     https   or   http , depending on whether you selected the   Connect to Hub Securely   option.

      • registry-host   — The name of the machine where the Unified Care Record Registry is located.

      • registry-port   — The port number on which the Unified Care Record Registry accepts connections.

      • registry-name   — The namespace of the Unified Care Record Registry.

      For example, a Registry has an address such as:

      http://RegistryHost:57772/csp/healthshare/HSREGISTRY/services/HS.Hub.HSWS.WebServices.cls
      

  5. Select   Save   at the bottom of the page. Your configurations should now appear in the   Defined Configurations   table.

  6. In your configuration’s row of the   Defined Configurations   table, select   Activate . This displays the   Activate Configuration   dialog.

  7. In the   Activate Configuration   dialog, select   Start . This sets up the Personal Community namespaces, databases, and production mappings.

  8. When activation is completed, the dialog displays an   Activation Done   message. Select   Close   to dismiss the dialog.

This will create the virus scanner namespace, two SOAP services in the Unified Care Record Service Registry, and will also create certain necessary entries in the Unified Care Record Configuration Registry.

3.2. Configuring a Virus Scanner

3.2.1. Review the Unified Care Record Configuration Registry

Once you have set up your virus scanner namespace, there are a few additional settings that you may need to configure manually. All settings for the virus scanner are stored in the Unified Care Record Configuration Registry.

To access the Unified Care Record Configuration Registry:

  1. Logon to the Management Portal as a user with the  %HS_Administrator  role.
  2. Select  HealthShare   from the main menu.
  3. Select the Unified Care Record Registry.
  4. Navigate to  Registry Management > Configuration Registry

The following Configuration Registry entries will have been created and should not need to be modified:

  • \VirusScanner\ImplementationClass\ { HSNetworkName } — Name of the class that implements the OS call out to the virus scanner. 

  • \VirusScanner\TempFileFolder\ { HSNetworkName } — Path for where files are temporarily stored until they are scanned. This is a relative path from the installation directory and should not begin with a leading slash or backslash. 

  • \VirusScanner\ScanExe\ { HSNetworkName } — The shell command for running the anti-virus executable. 

    • It is important to note that ScanExe may only be needed for an implementation of ClamAV®.

  • \VirusScanner\ServiceComponent   — A comma-separated list of namespaces (specified by Network Name) in which virus scanners are permitted to run. The network name needs to be in this list before the namespace can be tested. 

3.2.2. Configure the Service Registry Entry for the Virus Scanner Web Service

To communicate with the Virus Scanner Web Service, as Service Registry entry must be defined.  

To access the Unified Care Record Service Registry:

  1. Navigate to  Registry Management > Service Registry
  2. Restrict the available services to  SOAP   endpoints by select   SOAP   from the  Service Type   drop down menu.
  3. Create a Service Registry entry for the virus scanner, as follows:

    1. Click the   Add Service   button.

    2. Enter the following values for the fields:
      • Name  - Enter a name of your choice.
      • Service Type  - Select   SOAP .
      • Host  - Enter the host name for the virus scanner web service.
      • Port  - Enter the HTTP port for the virus scanner web service.
      • URL  - Enter the full path to the virus scanner web service.
      • HTTPCredentialsConfig  - Enter the name of the credentials object you created for this entry.

3.2.3. Create a Configuration Registry entry that points to the service:

This setting should only be specified after testing the virus scanner

  1. Navigate to  Registry Management > Configuration Registry
  2. Click the  Add Value button
    1. Key -  \VirusScanner\ServiceName
    2. Value - the name of the service registry entry from the previous step.
    3. Click Save. 

3.2.4. Synchronize the Unified Care Record Registry to the Virus Scanner Instance

For these settings to be available on the virus scanner instance, they must be synchronized from the Unified Care Record Registry.

To synchronize the Unified Care Record Registry:

  1. Access the Terminal for the virus scanner instance
  2. Switch to the virus scanner namespace
  3. Run the following command

    set tSC=##class(%ZHSLIB.Services.Client).SyncConfiguration(,,,0)
    

Any time a change is made to the Unified Care Record Registry, the above method needs to be run again to sync it to the virus scanner namespace.



3.3. Enabling Virus Scanning in the Workbench

To enable the   Virus Scanner in the Workbench:
  1. Log into the Workbench as a user with the  Configuration Manager  role.
  2. Go to the  Configuration Application   page ( Setup  Configuration Application ) and select the  Feature Control  tab. 
  3. Select  Edit Mode  to make edits to the fields described in the following steps.
  4. In the Patient Document Uploads box, select the  Enable Virus Scanner checkbox.
  5. After you have finished, select  Submit  at the bottom of the page to save your changes.