Antivirus API Overview

---

The Antivirus API enables software vendors to develop applications that scan Microsoft® Office 2000 documents before opening them. The API also supports scanning Microsoft® Internet Explorer 5 code downloads, such as ActiveX® Controls or installs. However, be aware that the Internet Explorer scanning support applies only to automatic code downloads and not to file downloads or HTML documents. The primary purpose of this API is to give independent software vendors (ISVs) the ability to design and implement scanning software that can be used by all applications.

The following topics are discussed in this article.

• Internet Explorer 5 and Office 2000 Implementation
• Antivirus Scanner Implementation Considerations

Internet Explorer 5 and Office 2000 Implementation

The antivirus component is a standard ActiveX component you register as an in-process server that supports the MSOfficeAntiVirus component category. A component category is a group of logically related COM classes that share a common category ID or CATID. The antivirus software does not provide a user interface but does scan Office 2000 files before opening them and Internet Explorer code files before downloading them. Internet Explorer 5 and Office 2000 implement the antivirus component as follows:

1. Obtain the list of all the installed antivirus components registered as supporting the MSOfficeAntiVirus component category.
2. Launch the installed components.
3. Query for the IOfficeAntiVirus interface.
4. Call the Scan method of the IOfficeAntiVirus interface to obtain all the installed components.
5. Continue to open the file after the virus scan, regardless of the HRESULT value. The antivirus software warns a user if a file has a known virus but opens the file after the warning. It is up to the user to take action concerning the warning.

Antivirus Scanner Implementation Considerations

Office 2000 and Internet Explorer 5 do not provide a user interface (UI) for the antivirus component. However, a virus scanner software vendor may provide the user with options and settings, a splash screen, or a progress indicator. Developers who want to implement UI features for the antivirus scanner should keep the following programming considerations in mind.

• Opening a file through OLE Automation

  When you use OLE Automation to open a file programmatically, be aware that the open operation never returns a run-time error and macros receive no result of the virus scan.

• Uninstalling

  Virus scanners must support an uninstall program that removes the MSOfficeAntiVirus CATID registry key. If a virus scanner is reinstalled in a new directory, the registry must be updated. Note that neither Internet Explorer nor Office warns the user that a virus scanner is not found.

• Scanning digitally signed files

  The Antivirus API is called before the host application verifies the digital signature of the document. If an antivirus scanner removes a virus from a signed document, it must remove the signature as well.

• Scanning downloaded code files

  When code is downloaded from a Web site, the virus scanner opens a temporary file. The virus scanner should inform the user that removing a virus from a temporary file does not clean the file on the HTTP server.

Related Information

The following link provides more information about the Antivirus API.

• Antivirus Reference