SharePoint and the Crypto Locker Virus


By Terry Engelstad

AIS Network VP, Network Operations


Last month, a client emailed with the following question, “We have had reports of one of our external SharePoint users that ended up with a crypto locker virus.  It is possible that documents from this infected computer got uploaded into SharePoint.  In cases like this what is your recommendation for virus scanning of the SharePoint servers/SharePoint databases?  What preventive/corrective action needs to occur?”

That’s a great question!

At the time, the servers in question had Trend Micro AntiVirus running on them.  The virus patterns were being maintained current every day.

When I got this question, I reviewed the server logs, which indicated no viruses found.  It is unlikely that the servers would be infected by a virus.

SharePoint does not treat uploaded/downloaded files as active files.  It treats them as a binary stream which gets stored/retrieved as a BLOB (Binary Large OBject) object type in SQL Server.  Therefore, SharePoint itself won’t become infected.  But, as this client hinted, uploaded documents could be infected outside of the SharePoint server.

There are third party products which could be installed on the server and those would scan uploaded/downloaded documents.  If a client is interested, why not explore the options?

Just remember:  Preventative action should include a mandate of properly installed anti-virus software on every client to whom you give out credentials.


Leave a Comment