- DL manuals
- KAPERSKY
- Server
- ANTI-VIRUS 5.0 - FOR LINUX FREEBSD-OPENBSD FILE SERVER
- Administrator's Manual
KAPERSKY ANTI-VIRUS 5.0 - FOR LINUX FREEBSD-OPENBSD FILE SERVER Administrator's Manual
Summary of ANTI-VIRUS 5.0 - FOR LINUX FREEBSD-OPENBSD FILE SERVER
Page 1
K a s p e r s k y l a b s kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server administrator’s guide.
Page 2
K a s p e r s k y a n t i - v i r u s ® 5 . 0 f o r l i n u x , f r e e b s d a n d o p e n b s d f i l e s e r v e r administrator's guide kaspersky labs, ltd. Http://www.Kaspersky.Com revision date: november 2003.
Page 3
Contents chapter 1. Kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server........................................................................................... 6 1.1. What’s new in version 5.0 ..................................................................................... ...
Page 4
4 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 4.2.2. Scheduled daily directory scan .................................................................... 29 4.2.3. Moving objects to a separate directory (quarantine) ................................... 29 4.2.4. Advanced opti...
Page 5
Contents 5 a.9. The aveclient component return codes.............................................................. 69 a.10. A sample script file (vox.Sh) for disinfecting tar- and zip-archives................... 70 appendix b. Malicious programs in the unix environment................ 73 b.1. Viruse...
Page 6
Chapter 1. Kaspersky anti- virus ® 5.0 for linux, freebsd and openbsd file server kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server (hereinafter also referred to as kaspersky anti-virus ® ) is designed for anti-virus file scanning in file systems of servers. This software product...
Page 7
Kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 7 1.1. What’s new in version 5.0 version 5.0 of kaspersky anti-virus ® has the following changes compared to version 4.0: • all the product components have been transferred to the new antiviral engine, which reduces the load on wo...
Page 8
8 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server • the executable file of the kavdaemon component has been renamed to aveserver and updated. • the product has been supplemented with the aveserver component including the aveclient client software, which allows the creation of c...
Page 9
Kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 9 • perl version 5.0 or higher ( www.Perl.Org ) for kaspersky anti- virus ® installation using install.Pl. 1.4. Distribution kit you can purchase kaspersky anti-virus ® either from our distributors (retail box) or in our internet-...
Page 10
10 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 1.6. Conventions in this book we use various conventions to emphasize different meaningful parts of the documentation. Convention meaning bold font menu titles, commands, window titles, dialog elements, etc. Note. Additional in...
Page 11
Chapter 2. Installing kaspersky anti-virus ® before you begin to install kaspersky anti-virus ® for unix, please prepare your system as follows: • make sure your system meets the hardware and software requirements of kaspersky anti-virus ® (see section 1.3 on page 8). If some of the applications, su...
Page 12
12 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server o installation of version 5.0 of the product without removing the earlier version. The stages of creating backup, updating to version 5.0, and concurrent installation are independent. 2. Copying of the distribution package file...
Page 13
Installing kaspersky anti-virus 13 if no earlier version is installed on the server, then the process of copying distribution files to the server starts (see section 2.1.3 on page 15). If an earlier version of the product is found, the following message is output to the console: previously installed...
Page 14
14 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 2.1.2.2. Updating to version 5.0 the update procedure consists of converting the former profile of the anti-virus (file defunix.Prf) to the configuration file for version 5.0: do you want to convert old settings to new config f...
Page 15
Installing kaspersky anti-virus 15 2.1.3. Copying the distribution files in this stage, an interactive installation process starts that will copy the distribution files of kaspersky anti-virus ® to your server. The package files are divided into several groups according to their purpose, for example...
Page 16
16 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server if the license key is detected, the installer outputs an appropriate message to the console and proceeds to the next stage – installation of the anti-virus database (see section 3.2 on page 20). If the license key is not detect...
Page 17
Installing kaspersky anti-virus 17 [size] where: • file or dir is the file or the directory id • path – full name of the file or the directory • size – file size (this parameter is not used for directories). • actions dealing with user’s answers to the installer questions are described by lines like...
Page 18
18 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server a special deb-package is included for linux debian distribution package. To start the installation of kaspersky anti-virus ® from the deb-package, type the following in the command line: dpkg –i the procedure is similar to that...
Page 19
Chapter 3. Post-installation settings during installation, the system on to which you install kaspersky anti-virus ® is analyzed and some of its configuration parameters are set automatically. A number of parameters of the configuration file are set by default as the most suitable for the operation ...
Page 20
20 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server if any infected, suspicious or corrupted files are found, appropriate messages will be output to the console and the report file. Please note that by default any infected files the anti-virus program detects are not cleaned! 3....
Page 21
Post-installation settings 21 if you want to create an alternative configuration file using the webmin program, you need to do the following: 1. Specify the name of the alternative file on the configuration tab (see figure 1) in the field full path to kav config. 2. Set the required parameters for f...
Page 22
Chapter 4. Working with kaspersky anti-virus ® the product’s functionality lies in the tasks that the administrator can perform with its help. The tasks implemented by kaspersky anti-virus ® can be divided into three groups: 1. Update of the anti-virus database used to scan for viruses and to clean ...
Page 23
Working with kaspersky anti-virus 23 another or at random), and attempts to download the anti-virus database. If the update from the selected address fails, the program tries the next address and makes another attempt to update the database. You can adjust the update servers list. For example, you m...
Page 24
24 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server report level – level of detail of the component work results report. Select errors in the drop-down list. Append – append the results of program operation to the end of the existing report file (system log in this case), if no ...
Page 25
Working with kaspersky anti-virus 25 other ! Kav for unix ! Keepup2date figure 2. Kaspersky anti-virus ® keepup2date tab 2. Edit the file that sets the rules of the cron process operation ( crontab –e ). 3. Input the following line: 0 7 * * * /opt/kav/bin/kavupdater 4.1.2. One-time update of the ant...
Page 26
26 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the solution: in order to accomplish the above objective, input the following in the command line: kavupdater –l /tmp/updatesreport.Log if you need to update the anti-virus database on more than one computer, it may be more con...
Page 27
Working with kaspersky anti-virus 27 other ! Kav for unix ! Av run figure 3. Run kaspersky anti-virus ® component tab or, 1. Edit the file /etc/kav/5.0/servers.Lst, which contains the list of update servers, place the network directory /home/bases (where the database is stored) in the first position...
Page 28
28 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server infected and suspicious files according to the settings. Object processing can be of an exceptionally informational nature (outputting the information to the log and to the server’s console, plus administrator notification) or ...
Page 29
Working with kaspersky anti-virus 29 "%y-%m-%d-$$"`.Log -i3 -epasbme –j3 -mcn /tmp 4.2.2. Scheduled daily directory scan in the unix family of operating systems, scheduled program start, including that of kaspersky anti-virus ® tasks, is carried out using the cron utility. The object: every night at...
Page 30
30 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the object: scan for viruses all the objects listed in the file /tmp/download.Lst, move any infected objects that are detected with their full paths to the directory /tmp/infected. Use heuristic checker. Disable recursive scann...
Page 31
Working with kaspersky anti-virus 31 scanner tab of the webmin program (see figure 4) enter the following line: exec mv %fullpath%/%filename% /tmp/infected/%filename%; chmod –x /tmp/infected/%filename% or, 1. In the sections [object] and [container] of the configuration file /etc/kav/kavscanner.Conf...
Page 32
32 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the solution: in order to accomplish the above objective do the following: 1. Set the actions to be applied to infected compound objects. To do so, enter the line provided below in the on infected parameter input field in the s...
Page 33
Working with kaspersky anti-virus 33 other ! Kav for unix ! Av file check figure 4. Kaspersky anti-virus ® on-demand scanner other ! Kav for unix ! Av run+start figure 5. Scan area definition tab or,.
Page 34
34 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 1. Create an alternative file kavscanner.Conf.In. 2. In the [container] section of this file set the following line as the infected objects processing rule: oninfected=exec /tmp/kavscanner/test/vox.Sh %fullpath%/%filename% 3. I...
Page 36
36 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 4.3.1. Viewing the license key information you can view the information about the installed license keys in the work reports of kavscanner, and kavupdater components. Starting each of these components loads the key information....
Page 37
Working with kaspersky anti-virus 37 other ! Kav for unix ! Keys info figure 6. License information in order to view key information, do the following: in the command line type, for example: licenseviewer –k 0003d3ea.Key the following information will be output to the console: kaspersky license view...
Page 38
38 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server contact the company you purchased the product from and pay for kaspersky anti-virus ® license renewal, or, renew the license directly with kaspersky labs. To do so please write to our sales department ( sales@kaspersky.Com ) or...
Page 39
Chapter 5. Advanced settings in this section we shall consider advanced settings of kaspersky anti-virus ® functions. Unlike the required settings (see chapter 3 on page 19), without which the product cannot be used, advanced settings are made as administrator’s options. They can help to extend the ...
Page 40
40 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server • when launching the component, list directories and files with absolute or relative (to the current directory) paths to them directly in the command line, separating them by spaces. • set scan paths in a text file and specify ...
Page 41
Advanced settings 41 • clear – no viruses were detected in the file. • infected – the file is infected. • warning – the code of the file is similar to that of a known virus. • suspicious – the code of the file is similar to that of an unknown virus. • corrupted – the file is corrupted. • protected –...
Page 42
42 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server actions taken with these two kinds of object are different too; they are separated in different sections in the configuration file. For simple objects – [scanner.Object] section, for compound ones – [scanner.Container]. Actions...
Page 43
Advanced settings 43 the aveclient component receives a request for file scanning from the command line, transfers it to the daemon and then outputs a report on scanning results in the form most suitable for its further processing by various scripts. Such application architecture allows a considerab...
Page 44
44 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server section). Therefore proper functioning of the aveclient component requires mandatory indication of the socket path using the -p command line option. The component can accomplish the following tasks: • it can detect whether aves...
Page 45
Advanced settings 45 represents the name of the file being scanned represents the file status if viruses have been detected in a file ( warnings or suspicions status) or successfully removed from it, a corresponding list will be output to screen. The list will consist of one of the words: linfected,...
Page 46
46 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server %h:%m:%s – displayed time format. %d/%m/%y – displayed date format. The administrator is provided with the option of changing the format of time and date representation. The formats can be localized in the section [locale] of t...
Page 47
Advanced settings 47 levels level name in webmin value 1 errors information regarding other errors, including those not causing components to terminate, e.G. Information regarding a file scanning failure. 2 info important information messages e.G. Whether the component is running or not, the path to...
Page 48
48 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server below is a detailed explanation of each message type and format. 5.4.1. Format of scanning messages output by kavscanner messages about scanning are only generated for the components and kavscanner. The format of the report reg...
Page 49
Advanced settings 49 event/result value cured (only with disinfection mode enabled) the file was infected and was successfully cleaned. Infected the file is infected by one or more viruses. No request for disinfection. Curefailed (only with disinfection mode enabled) the file is infected by one or m...
Page 50
50 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server scan summary: files=num folders=num archives=num packed=num infected=num warnings=num suspicious=num cured=num curefailed=num corrupted=num protected=num error=num scantime=hh:mm:ss scanspeed=speed kb/s • messages about actions...
Page 51
Advanced settings 51 the scanning report detail level is adjusted by the key –x in the command line on condition that the [display] section is present..
Page 52
Chapter 6. Questions and answers this chapter contains faqs about installation, setting up, and use of kaspersky anti-virus ® . Question: does the program support x architecture processors (powerpc, sparc, alpha, pa-risc etc.)? These processors are not supported in the current version of the softwar...
Page 53
Questions and answers 53 question: why do i need the key file? Will my copy of the anti-virus program work without it? No, kaspersky anti-virus ® does not work without a license key. If you are still deciding whether or not to purchase kaspersky anti- virus ® , we can provide you with a temporary ke...
Page 54
54 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server question: my anti-virus program does not work. What should i do? First, check if a solution for your problem is provided in this document, in particular, in this section or on our website (services ! For customers ! Technical s...
Page 55
Questions and answers 55 • less than 64 mb or more than 2 gb of ram. 7. Specify the approximate amount of daily traffic and whether or not the server has peak loads. Question: how can i save the program’s console output to a file? In order to save the information output to the console by kaspersky a...
Page 56
Chapter 7. Uninstalling kaspersky anti-virus ® to uninstall kaspersky anti-virus ® for unix the following is required: • superuser rights (root or any other user with uid=0). If you do not have such rights when you wish to uninstall the program, you will have to log on as the root user. • installati...
Page 57
Appendix a. Supplementary information about the product these supplementary notes include a description of the directory tree of kaspersky anti-virus ® distribution after installation, a description of the configuration file, and a description of command line keys for every component and their retur...
Page 58
58 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server /var/db/kav/5.0/kav4unix/bases.Backup – the directory where the anti-virus database is stored that was current before the last update. /var/db/kav/5.0/kav4unix/keys – the directory where the license keys are stored. /var/run/av...
Page 59
Appendix a 59 dateformat=%d/%m/%y – the format of date representation according to strftime. You can change the format of date representation to the following: %y/%m/%d or %m/%d/%y. The [scanner.Options] section contains the server’s file system scanning parameters: excludemask=mask1:mask2:...:maskn...
Page 60
60 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server onwarning=action – actions to be taken in the event of detection of a file with a code similar to that of a known virus. Oncorrupted=action – actions to be taken in the event of corrupted file detection. Syntactically, the acti...
Page 61
Appendix a 61 • %list% – file name or the list of infected, suspicious, and corrupted files detected in the container. The file has the following format: \t. • %fullpath% – full path to the container. • %filename% – the file name without the path. • %containertype% – container type as a string. The ...
Page 62
62 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the [updater.Options] section contains parameters of the kavupdater component work: extrawgetoptions – advanced options of the wget package. Keepsilent=no – the mode in which information regarding the kavupdater component opera...
Page 63
Appendix a 63 reportfilename=/tmp/aveserver.Log – the name for the report file in which the results of component actions are to be recorded. Append=yes – the append mode for new messages added to the report file. Use the no value to disable the mode. Reportlevel=10 – the level of report detail. Scan...
Page 64
64 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server m/m enable/disable scanning of plain text messages. E/e enable/disable heuristic code analyzer. –r/r enable/disable recursive scanning. –l only scan local file systems. Report generation options: –q do not output messages to th...
Page 65
Appendix a 65 –m sets the level of detail of the scanning report output to the report file. The following modes can be used as the option>: o/o short/extended format of messages regarding scanning of a simple object. C/c short/extended format of messages regarding scanning of an archive. N/n enable/...
Page 66
66 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server whole container. –i4 delete infected objects and containers. A.4. The kavscanner component return codes during its work, the kavscanner component can return the following codes: 0 no viruses were detected. 5 all the infected ob...
Page 67
Appendix a 67 75 the kavscanner component is corrupted and cannot be recovered. A.5. Command line keys for the licenseviewer component help options: –h output help on the licenseviewer component to the console. Options used during work with the license keys: –s output information regarding all the i...
Page 68
68 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server –s use the update servers list specified in the file file_path>. –b prior to updating, copy the existing anti-virus database to the directory path>. –t use the path> directory to store temporary files. Report generation options...
Page 69
Appendix a 69 a.8. Command line keys for the aveclient component help options: –h output help on the component to the console. –v display program version and terminate. Report generation options: –q do not display any messages (except for error messages). File processing options: –с run the query ta...
Page 70
70 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 0 no viruses were detected. 1 connection with aveserver could not be established. 2 files with code similar to that of known viruses were detected. 3 objects suspected for virus infection were discovered 4 an infected object wa...
Page 71
Appendix a 71 sname=${bname%%.*} if [ ! -d $temp ]; then mkdir -p $temp fi ## tar if [ $suf == gz -o $suf == tgz ] ; then list=`tar -ztf $name` tar -c $temp -zxf $name $kavkavscanner -c $conf -i3 $temp cd $temp tar -czf $sname.Tgz * for i in $list do j=${i##/*/} rm $j done mv $temp/$sname.Tgz $spwd/...
Page 72
72 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server elif [ $suf == rar ] ; then list=`rar l $name` rar x $name $temp $kavkavscanner -c $conf -i3 $temp cd $temp zip $sname.Zip -r . Echo $spwd mv $temp/$sname.Zip $spwd/$sname.Zip.Cure rm -rf $temp fi.
Page 73
Appendix b. Malicious programs in the unix environment viruses are much less common in unix-system environments than, for example, in the windows environment because of the features of these platforms. However, trojan horses and internet worms are more widespread. Malicious programs spread themselve...
Page 74
74 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server elf_snoopy – a virus that infects executable unix files. The virus operation algorithm: this finds all the executables on the workstation, renames them changing their extension to .X23 and places them into the directory /e it c...
Page 75
Appendix b 75 a typical specimen of unix-oriented trojans is troj_irckill – a trojan that consists of a set of software tools used to disconnect users from irc channels. This set includes four utilities used for attacks: flood, mcb (multiple collide bots), sumo bots, and flash – a special type of “f...
Page 76
76 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server source of spreading: via the network as a tgz archive. Operation algorithm: the worm sends a short piece of its code to remote computers using the problem of buffer overflow. After startup of the worm’s main component (the file...
Page 77
Appendix b 77 worm.Linux.Adm– an internet worm that infects linux systems. The worm sends a short piece of its code to remote computers, executes it, then downloads the rest of its code and runs it. Source of spreading: via the network. It spreads its copies (infects remote linux systems) exploiting...
Page 78
Appendix c. Kaspersky labs ltd. Founded in 1997, kaspersky labs has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malici...
Page 79
Appendix c 79 customer with 24-hour technical support service, which is available in several languages to accommodate its international clientele. C.1. Other kaspersky labs products kaspersky anti-virus ® lite this is an optimal choice for even an unskilled user who wants to protect his/her home com...
Page 80
80 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server xp as well as ms office 2000 applications. Kaspersky anti-virus ® personal pro includes an easy-to-use application for automatic retrieval of daily updates to the anti-virus database and the program modules. A second-generation...
Page 81
Appendix c 81 • anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using the hotsync™ technology. Kaspersky ® security for pda protects your handheld (pda) from unauthorized intrusion by encrypting both access to the device and data stored...
Page 82
82 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server • file and application servers running windows nt 4.0 server, windows 2000, 2003 server/advanced server, novell netware, freebsd, openbsd and linux; • e-mail systems, including microsoft exchange server 5.5/2000/2003, lotus not...
Page 83
Appendix c 83 general information www: http://www.Kaspersky.Com http://www.Viruslist.Com e-mail: sales@kaspersky.Com.
Page 84
Appendix d. Index anti-virus database updating..6, 20, 22, 53, 62 distribution kit buy offline ..................................... 9 buy online ...................................... 9 file system scanning .................... 6, 27 administrator notification ............ 34 scripts use .............