K a s p e r s k y l a b s kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server administrator’s guide.
K a s p e r s k y a n t i - v i r u s ® 5 . 0 f o r l i n u x , f r e e b s d a n d o p e n b s d f i l e s e r v e r administrator's guide kaspersky labs, ltd. Http://www.Kaspersky.Com revision date: november 2003.
Contents chapter 1. Kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server........................................................................................... 6 1.1. What’s new in version 5.0 ..................................................................................... ...
4 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 4.2.2. Scheduled daily directory scan .................................................................... 29 4.2.3. Moving objects to a separate directory (quarantine) ................................... 29 4.2.4. Advanced opti...
Contents 5 a.9. The aveclient component return codes.............................................................. 69 a.10. A sample script file (vox.Sh) for disinfecting tar- and zip-archives................... 70 appendix b. Malicious programs in the unix environment................ 73 b.1. Viruse...
Chapter 1. Kaspersky anti- virus ® 5.0 for linux, freebsd and openbsd file server kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server (hereinafter also referred to as kaspersky anti-virus ® ) is designed for anti-virus file scanning in file systems of servers. This software product...
Kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 7 1.1. What’s new in version 5.0 version 5.0 of kaspersky anti-virus ® has the following changes compared to version 4.0: • all the product components have been transferred to the new antiviral engine, which reduces the load on wo...
8 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server • the executable file of the kavdaemon component has been renamed to aveserver and updated. • the product has been supplemented with the aveserver component including the aveclient client software, which allows the creation of c...
Kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 9 • perl version 5.0 or higher ( www.Perl.Org ) for kaspersky anti- virus ® installation using install.Pl. 1.4. Distribution kit you can purchase kaspersky anti-virus ® either from our distributors (retail box) or in our internet-...
10 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 1.6. Conventions in this book we use various conventions to emphasize different meaningful parts of the documentation. Convention meaning bold font menu titles, commands, window titles, dialog elements, etc. Note. Additional in...
Chapter 2. Installing kaspersky anti-virus ® before you begin to install kaspersky anti-virus ® for unix, please prepare your system as follows: • make sure your system meets the hardware and software requirements of kaspersky anti-virus ® (see section 1.3 on page 8). If some of the applications, su...
12 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server o installation of version 5.0 of the product without removing the earlier version. The stages of creating backup, updating to version 5.0, and concurrent installation are independent. 2. Copying of the distribution package file...
Installing kaspersky anti-virus 13 if no earlier version is installed on the server, then the process of copying distribution files to the server starts (see section 2.1.3 on page 15). If an earlier version of the product is found, the following message is output to the console: previously installed...
14 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 2.1.2.2. Updating to version 5.0 the update procedure consists of converting the former profile of the anti-virus (file defunix.Prf) to the configuration file for version 5.0: do you want to convert old settings to new config f...
Installing kaspersky anti-virus 15 2.1.3. Copying the distribution files in this stage, an interactive installation process starts that will copy the distribution files of kaspersky anti-virus ® to your server. The package files are divided into several groups according to their purpose, for example...
16 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server if the license key is detected, the installer outputs an appropriate message to the console and proceeds to the next stage – installation of the anti-virus database (see section 3.2 on page 20). If the license key is not detect...
Installing kaspersky anti-virus 17 [size] where: • file or dir is the file or the directory id • path – full name of the file or the directory • size – file size (this parameter is not used for directories). • actions dealing with user’s answers to the installer questions are described by lines like...
18 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server a special deb-package is included for linux debian distribution package. To start the installation of kaspersky anti-virus ® from the deb-package, type the following in the command line: dpkg –i the procedure is similar to that...
Chapter 3. Post-installation settings during installation, the system on to which you install kaspersky anti-virus ® is analyzed and some of its configuration parameters are set automatically. A number of parameters of the configuration file are set by default as the most suitable for the operation ...
20 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server if any infected, suspicious or corrupted files are found, appropriate messages will be output to the console and the report file. Please note that by default any infected files the anti-virus program detects are not cleaned! 3....
Post-installation settings 21 if you want to create an alternative configuration file using the webmin program, you need to do the following: 1. Specify the name of the alternative file on the configuration tab (see figure 1) in the field full path to kav config. 2. Set the required parameters for f...
Chapter 4. Working with kaspersky anti-virus ® the product’s functionality lies in the tasks that the administrator can perform with its help. The tasks implemented by kaspersky anti-virus ® can be divided into three groups: 1. Update of the anti-virus database used to scan for viruses and to clean ...
Working with kaspersky anti-virus 23 another or at random), and attempts to download the anti-virus database. If the update from the selected address fails, the program tries the next address and makes another attempt to update the database. You can adjust the update servers list. For example, you m...
24 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server report level – level of detail of the component work results report. Select errors in the drop-down list. Append – append the results of program operation to the end of the existing report file (system log in this case), if no ...
Working with kaspersky anti-virus 25 other ! Kav for unix ! Keepup2date figure 2. Kaspersky anti-virus ® keepup2date tab 2. Edit the file that sets the rules of the cron process operation ( crontab –e ). 3. Input the following line: 0 7 * * * /opt/kav/bin/kavupdater 4.1.2. One-time update of the ant...
26 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the solution: in order to accomplish the above objective, input the following in the command line: kavupdater –l /tmp/updatesreport.Log if you need to update the anti-virus database on more than one computer, it may be more con...
Working with kaspersky anti-virus 27 other ! Kav for unix ! Av run figure 3. Run kaspersky anti-virus ® component tab or, 1. Edit the file /etc/kav/5.0/servers.Lst, which contains the list of update servers, place the network directory /home/bases (where the database is stored) in the first position...
28 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server infected and suspicious files according to the settings. Object processing can be of an exceptionally informational nature (outputting the information to the log and to the server’s console, plus administrator notification) or ...
Working with kaspersky anti-virus 29 "%y-%m-%d-$$"`.Log -i3 -epasbme –j3 -mcn /tmp 4.2.2. Scheduled daily directory scan in the unix family of operating systems, scheduled program start, including that of kaspersky anti-virus ® tasks, is carried out using the cron utility. The object: every night at...
30 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the object: scan for viruses all the objects listed in the file /tmp/download.Lst, move any infected objects that are detected with their full paths to the directory /tmp/infected. Use heuristic checker. Disable recursive scann...
Working with kaspersky anti-virus 31 scanner tab of the webmin program (see figure 4) enter the following line: exec mv %fullpath%/%filename% /tmp/infected/%filename%; chmod –x /tmp/infected/%filename% or, 1. In the sections [object] and [container] of the configuration file /etc/kav/kavscanner.Conf...
32 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the solution: in order to accomplish the above objective do the following: 1. Set the actions to be applied to infected compound objects. To do so, enter the line provided below in the on infected parameter input field in the s...
Working with kaspersky anti-virus 33 other ! Kav for unix ! Av file check figure 4. Kaspersky anti-virus ® on-demand scanner other ! Kav for unix ! Av run+start figure 5. Scan area definition tab or,.
34 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 1. Create an alternative file kavscanner.Conf.In. 2. In the [container] section of this file set the following line as the infected objects processing rule: oninfected=exec /tmp/kavscanner/test/vox.Sh %fullpath%/%filename% 3. I...
36 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 4.3.1. Viewing the license key information you can view the information about the installed license keys in the work reports of kavscanner, and kavupdater components. Starting each of these components loads the key information....
Working with kaspersky anti-virus 37 other ! Kav for unix ! Keys info figure 6. License information in order to view key information, do the following: in the command line type, for example: licenseviewer –k 0003d3ea.Key the following information will be output to the console: kaspersky license view...
38 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server contact the company you purchased the product from and pay for kaspersky anti-virus ® license renewal, or, renew the license directly with kaspersky labs. To do so please write to our sales department ( sales@kaspersky.Com ) or...
Chapter 5. Advanced settings in this section we shall consider advanced settings of kaspersky anti-virus ® functions. Unlike the required settings (see chapter 3 on page 19), without which the product cannot be used, advanced settings are made as administrator’s options. They can help to extend the ...
40 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server • when launching the component, list directories and files with absolute or relative (to the current directory) paths to them directly in the command line, separating them by spaces. • set scan paths in a text file and specify ...
Advanced settings 41 • clear – no viruses were detected in the file. • infected – the file is infected. • warning – the code of the file is similar to that of a known virus. • suspicious – the code of the file is similar to that of an unknown virus. • corrupted – the file is corrupted. • protected –...
42 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server actions taken with these two kinds of object are different too; they are separated in different sections in the configuration file. For simple objects – [scanner.Object] section, for compound ones – [scanner.Container]. Actions...
Advanced settings 43 the aveclient component receives a request for file scanning from the command line, transfers it to the daemon and then outputs a report on scanning results in the form most suitable for its further processing by various scripts. Such application architecture allows a considerab...
44 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server section). Therefore proper functioning of the aveclient component requires mandatory indication of the socket path using the -p command line option. The component can accomplish the following tasks: • it can detect whether aves...
Advanced settings 45 represents the name of the file being scanned represents the file status if viruses have been detected in a file ( warnings or suspicions status) or successfully removed from it, a corresponding list will be output to screen. The list will consist of one of the words: linfected,...
46 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server %h:%m:%s – displayed time format. %d/%m/%y – displayed date format. The administrator is provided with the option of changing the format of time and date representation. The formats can be localized in the section [locale] of t...
Advanced settings 47 levels level name in webmin value 1 errors information regarding other errors, including those not causing components to terminate, e.G. Information regarding a file scanning failure. 2 info important information messages e.G. Whether the component is running or not, the path to...
48 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server below is a detailed explanation of each message type and format. 5.4.1. Format of scanning messages output by kavscanner messages about scanning are only generated for the components and kavscanner. The format of the report reg...
Advanced settings 49 event/result value cured (only with disinfection mode enabled) the file was infected and was successfully cleaned. Infected the file is infected by one or more viruses. No request for disinfection. Curefailed (only with disinfection mode enabled) the file is infected by one or m...
50 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server scan summary: files=num folders=num archives=num packed=num infected=num warnings=num suspicious=num cured=num curefailed=num corrupted=num protected=num error=num scantime=hh:mm:ss scanspeed=speed kb/s • messages about actions...
Advanced settings 51 the scanning report detail level is adjusted by the key –x in the command line on condition that the [display] section is present..
Chapter 6. Questions and answers this chapter contains faqs about installation, setting up, and use of kaspersky anti-virus ® . Question: does the program support x architecture processors (powerpc, sparc, alpha, pa-risc etc.)? These processors are not supported in the current version of the softwar...
Questions and answers 53 question: why do i need the key file? Will my copy of the anti-virus program work without it? No, kaspersky anti-virus ® does not work without a license key. If you are still deciding whether or not to purchase kaspersky anti- virus ® , we can provide you with a temporary ke...
54 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server question: my anti-virus program does not work. What should i do? First, check if a solution for your problem is provided in this document, in particular, in this section or on our website (services ! For customers ! Technical s...
Questions and answers 55 • less than 64 mb or more than 2 gb of ram. 7. Specify the approximate amount of daily traffic and whether or not the server has peak loads. Question: how can i save the program’s console output to a file? In order to save the information output to the console by kaspersky a...
Chapter 7. Uninstalling kaspersky anti-virus ® to uninstall kaspersky anti-virus ® for unix the following is required: • superuser rights (root or any other user with uid=0). If you do not have such rights when you wish to uninstall the program, you will have to log on as the root user. • installati...
Appendix a. Supplementary information about the product these supplementary notes include a description of the directory tree of kaspersky anti-virus ® distribution after installation, a description of the configuration file, and a description of command line keys for every component and their retur...
58 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server /var/db/kav/5.0/kav4unix/bases.Backup – the directory where the anti-virus database is stored that was current before the last update. /var/db/kav/5.0/kav4unix/keys – the directory where the license keys are stored. /var/run/av...
Appendix a 59 dateformat=%d/%m/%y – the format of date representation according to strftime. You can change the format of date representation to the following: %y/%m/%d or %m/%d/%y. The [scanner.Options] section contains the server’s file system scanning parameters: excludemask=mask1:mask2:...:maskn...
60 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server onwarning=action – actions to be taken in the event of detection of a file with a code similar to that of a known virus. Oncorrupted=action – actions to be taken in the event of corrupted file detection. Syntactically, the acti...
Appendix a 61 • %list% – file name or the list of infected, suspicious, and corrupted files detected in the container. The file has the following format: \t. • %fullpath% – full path to the container. • %filename% – the file name without the path. • %containertype% – container type as a string. The ...
62 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server the [updater.Options] section contains parameters of the kavupdater component work: extrawgetoptions – advanced options of the wget package. Keepsilent=no – the mode in which information regarding the kavupdater component opera...
Appendix a 63 reportfilename=/tmp/aveserver.Log – the name for the report file in which the results of component actions are to be recorded. Append=yes – the append mode for new messages added to the report file. Use the no value to disable the mode. Reportlevel=10 – the level of report detail. Scan...
64 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server m/m enable/disable scanning of plain text messages. E/e enable/disable heuristic code analyzer. –r/r enable/disable recursive scanning. –l only scan local file systems. Report generation options: –q do not output messages to th...
Appendix a 65 –m sets the level of detail of the scanning report output to the report file. The following modes can be used as the option>: o/o short/extended format of messages regarding scanning of a simple object. C/c short/extended format of messages regarding scanning of an archive. N/n enable/...
66 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server whole container. –i4 delete infected objects and containers. A.4. The kavscanner component return codes during its work, the kavscanner component can return the following codes: 0 no viruses were detected. 5 all the infected ob...
Appendix a 67 75 the kavscanner component is corrupted and cannot be recovered. A.5. Command line keys for the licenseviewer component help options: –h output help on the licenseviewer component to the console. Options used during work with the license keys: –s output information regarding all the i...
68 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server –s use the update servers list specified in the file file_path>. –b prior to updating, copy the existing anti-virus database to the directory path>. –t use the path> directory to store temporary files. Report generation options...
Appendix a 69 a.8. Command line keys for the aveclient component help options: –h output help on the component to the console. –v display program version and terminate. Report generation options: –q do not display any messages (except for error messages). File processing options: –с run the query ta...
70 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server 0 no viruses were detected. 1 connection with aveserver could not be established. 2 files with code similar to that of known viruses were detected. 3 objects suspected for virus infection were discovered 4 an infected object wa...
Appendix a 71 sname=${bname%%.*} if [ ! -d $temp ]; then mkdir -p $temp fi ## tar if [ $suf == gz -o $suf == tgz ] ; then list=`tar -ztf $name` tar -c $temp -zxf $name $kavkavscanner -c $conf -i3 $temp cd $temp tar -czf $sname.Tgz * for i in $list do j=${i##/*/} rm $j done mv $temp/$sname.Tgz $spwd/...
72 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server elif [ $suf == rar ] ; then list=`rar l $name` rar x $name $temp $kavkavscanner -c $conf -i3 $temp cd $temp zip $sname.Zip -r . Echo $spwd mv $temp/$sname.Zip $spwd/$sname.Zip.Cure rm -rf $temp fi.
Appendix b. Malicious programs in the unix environment viruses are much less common in unix-system environments than, for example, in the windows environment because of the features of these platforms. However, trojan horses and internet worms are more widespread. Malicious programs spread themselve...
74 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server elf_snoopy – a virus that infects executable unix files. The virus operation algorithm: this finds all the executables on the workstation, renames them changing their extension to .X23 and places them into the directory /e it c...
Appendix b 75 a typical specimen of unix-oriented trojans is troj_irckill – a trojan that consists of a set of software tools used to disconnect users from irc channels. This set includes four utilities used for attacks: flood, mcb (multiple collide bots), sumo bots, and flash – a special type of “f...
76 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server source of spreading: via the network as a tgz archive. Operation algorithm: the worm sends a short piece of its code to remote computers using the problem of buffer overflow. After startup of the worm’s main component (the file...
Appendix b 77 worm.Linux.Adm– an internet worm that infects linux systems. The worm sends a short piece of its code to remote computers, executes it, then downloads the rest of its code and runs it. Source of spreading: via the network. It spreads its copies (infects remote linux systems) exploiting...
Appendix c. Kaspersky labs ltd. Founded in 1997, kaspersky labs has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malici...
Appendix c 79 customer with 24-hour technical support service, which is available in several languages to accommodate its international clientele. C.1. Other kaspersky labs products kaspersky anti-virus ® lite this is an optimal choice for even an unskilled user who wants to protect his/her home com...
80 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server xp as well as ms office 2000 applications. Kaspersky anti-virus ® personal pro includes an easy-to-use application for automatic retrieval of daily updates to the anti-virus database and the program modules. A second-generation...
Appendix c 81 • anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using the hotsync™ technology. Kaspersky ® security for pda protects your handheld (pda) from unauthorized intrusion by encrypting both access to the device and data stored...
82 kaspersky anti-virus ® 5.0 for linux, freebsd and openbsd file server • file and application servers running windows nt 4.0 server, windows 2000, 2003 server/advanced server, novell netware, freebsd, openbsd and linux; • e-mail systems, including microsoft exchange server 5.5/2000/2003, lotus not...
Appendix c 83 general information www: http://www.Kaspersky.Com http://www.Viruslist.Com e-mail: sales@kaspersky.Com.
Appendix d. Index anti-virus database updating..6, 20, 22, 53, 62 distribution kit buy offline ..................................... 9 buy online ...................................... 9 file system scanning .................... 6, 27 administrator notification ............ 34 scripts use .............