KAPERSKY ANTI-VIRUS 5.0 - FOR SAMBA SERVERS Administrator's Manual

Page of 79

Download

Print this page

Bookmark us

K A S P E R S K Y L A B

Kaspersky Anti-Virus

5.0

for Samba Servers

ADMINISTRATOR'S MANUAL

1 2 3 4 5 6 7 Next › »

Summary of ANTI-VIRUS 5.0 - FOR SAMBA SERVERS

Page 1
K a s p e r s k y l a b kaspersky anti-virus ® 5.0 for samba servers administrator's manual.
Page 2
K a s p e r s k y a n t i - v i r u s ® 5 . 0 f o r s a m b a s e r v e r s administrator's manual © kaspersky lab ltd. Http://www.Kaspersky.Com revision date: october 2004.
Page 3
Contents chapter 1. Kaspersky anti-virus ® for samba servers.......................... 6 1.1. Hardware and software system requirements ..................................................... 7 1.2. Distribution kit .........................................................................................
Page 4
4 kaspersky anti-virus ® for samba servers 5.1.1. Scheduling updates of anti-virus databases using cron.............................. 27 5.1.2. One-time update of the anti-virus databases............................................... 28 5.1.3. Creation of a network directory for storage and downloa...
Page 5
Contents 5 7.1.1. Viewing license key information ................................................................... 52 7.1.2. License extension......................................................................................... 54 7.1.3. License key removal.......................................
Page 6
Chapter 1. Kaspersky anti- virus ® for samba servers kaspersky anti-virus ® for samba servers software application (hereinafter also called kaspersky anti-virus ® ) is designed to perform anti-virus scanning of objects for samba servers running linux, freebsd or openbsd operating systems. The applic...
Page 7
Kaspersky anti-virus ® for samba servers 7 • preserving the original infected object prior to its disinfection (backup) with an opportunity to restore it if an off-normal situation happens. • saving information about already scanned files in an operational cache, which allows a considerable increase...
Page 8
8 kaspersky anti-virus ® for samba servers o freebsd, versions 4.7 or 5.0 o openbsd, version 3.3 • installed samba server 2.2.6 or newer. • installed perl, version 5.0 or newer. 1.2. Distribution kit you can purchase kaspersky anti-virus ® either from our distributors (retail box) or in our internet...
Page 9
Kaspersky anti-virus ® for samba servers 9 1.3. Help desk for registered users kaspersky lab offers a large service package enabling legal users to efficiently employ kaspersky anti-virus ® . If you register and purchase a subscription you will be provided with the following services for the period ...
Page 10
10 kaspersky anti-virus ® for samba servers style purpose task, example statement of problem, example for using the software features. Solution solution to a defined problem. [key] – key purpose. Command line keys. Text of information mes- sages and the command line text of configuration files, info...
Page 11
Chapter 2. Internal architecture of kaspersky anti-virus ® for samba servers before we describe the features of kaspersky anti-virus ® for samba servers let us discuss its internal architecture in detail. That will allow better understanding of the anti-virus operation algorithm. 2.1. Component stru...
Page 12
12 kaspersky anti-virus ® for samba servers so the used algorithm of operation is as follows: 1. If a user attempts to access a file through samba server the request is intercepted by the server itself and transferred to the kavsamba.So module. 2. The kavsamba.So module sends the data pertaining to ...
Page 13
Chapter 3. Installation of kaspersky anti-virus ® for samba servers prior to beginning the installation of kaspersky anti-virus ® for samba servers we recommend the following preparations for your system: • make sure that your system conforms to the hardware and software re- quirements for installat...
Page 14
14 kaspersky anti-virus ® for samba servers in order to start installation of kaspersky anti-virus ® to a server perform the following procedure: 1. Copy the archived installation package to a directory in the server file system and unpack it. 2. Launch the installation script: install.Sh . 3.2. Sof...
Page 15
Installation of kaspersky anti-virus ® for samba servers 15 please note also that automatic configuration of the application will not be performed if the anti-virus databases are not installed. 4. License key installation. If a license key is not installed configuration will not be performed and it ...
Page 16
16 kaspersky anti-virus ® for samba servers please keep in mind that you have to restart the samba server before you can proceed to further work. 3.5. Distribution of files within directories after kaspersky anti-virus ® installation the files from its installation package will have the following lo...
Page 17
Installation of kaspersky anti-virus ® for samba servers 17 keepup2date– is the executable file of the keepup2date component up- dating the anti-virus databases. /man/ – directory with man files. /setup/ – directory for storage of service scripts and webmin module. 3.6. Uninstalling kaspersky anti- ...
Page 18
18 kaspersky anti-virus ® for samba servers if you installed kaspersky anti-virus ® for samba servers using its .Tar.Gz package enter the following in the command line to begin unin- stalling: install.Pl uninstall if you installed kaspersky anti-virus ® for samba servers using its .Pkg package enter...
Page 19
Chapter 4. Post-install setup the installation routine performs analysis of the system, where kaspersky anti- virus ® is being installed to and defines some parameters of its configuration automatically. Several parameters of the product configuration file are defined by default as most convenient f...
Page 20
20 kaspersky anti-virus ® for samba servers please note that discovered infected files are not cured by default! 4.2. Installing/updating anti-virus databases we recommend installing/updating anti-virus databases immediately after installation of the product to a server. In order to accomplish that ...
Page 21
Post-install setup 21 if you wish to create an alternative configuration file using webmin, you’ll have to perform the following actions: 1. Copy the data from the existing configuration file to a new one saving it under a different name. Then modify the new (alternative) configuration file in accor...
Page 22
22 kaspersky anti-virus ® for samba servers selfextarchives=yes mailbases=yes mailplain=yes heuristic=yes cure=yes ichecker=yes checkfileslimit=20 bgcheckfileslimit=5 bgsheduletime=10 hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/db/kav/5.0/kavsamba/i...
Page 23
Post-install setup 23 in order to set the mode up you should enter the following modifications to the configuration file: • set the following parameter values in the [samba.Options] section: ichecker=no filecachesize=15000 checkfileslimit=0 bgcheckfileslimit=3 bgsheduletime=5 hashtype=crc32 • set th...
Page 24
24 kaspersky anti-virus ® for samba servers bgcheckfileslimit=0 bgsheduletime=0 hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/db/kav/5.0/kavsamba/infected • set the following parameter values in the [samba.Actions] section: oninfected=remove onsuspici...
Page 25
Post-install setup 25 archives=yes selfextarchives=yes mailbases=yes mailplain=yes heuristic=yes cure=yes ichecker=yes filecachesize=20000 checkfileslimit=20 bgcheckfileslimit=5 bgsheduletime=10 hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/db/kav/5.0...
Page 26
Chapter 5. Using kaspersky anti-virus ® for samba servers anti-virus security is accomplished both in real time and in on-access mode. Let us review those opportunities in detail. Real-time protection is realized by means of the kavsamba component that intercepts attempts to access files for opening...
Page 27
Using kaspersky anti-virus ® for samba servers 27 during the updating procedure the keepup2date component accesses the list, picks up an address and attempts to download the anti-virus databases or other updates (e.G. Application patches) from the server. If the update cannot be obtained from the se...
Page 28
28 kaspersky anti-virus ® for samba servers [updater.Options] keepsilent=yes [updater.Report] append=yes reportlevel=1 2. Edit the file containing the rules for the cron process ( crontab –e ) by adding the following line into it: 0 7 * * * /opt/kav/bin/keepup2date 5.1.2. One-time update of the anti...
Page 29
Using kaspersky anti-virus ® for samba servers 29 keepup2date –l /tmp/report.Txt task: review the list of all kaspersky lab applications available for up- dating. Solution: in order to accomplish the task you should enter the following in the command line: keepup2date –i the command will output to s...
Page 30
30 kaspersky anti-virus ® for samba servers kavsamba starts as an operating system daemon. After the built-in anti-virus core of the component analyses a requested file, kavsamba makes a decision on further work with such file (whether access should be granted). Disinfection of infected objects is o...
Page 32
32 kaspersky anti-virus ® for samba servers console, administrator notification), or force object modification (disinfection, transfer to a separate directory, removal). All settings of the kavscanner component are grouped in the [scan- ner.*] section of the kav4sambaservers.Conf configuration file....
Page 33
Using kaspersky anti-virus ® for samba servers 33 5.3.2. Daily scheduled scanning of a directory (cron) the cron utility for scheduled programs launching can be used for automatic performance of any tasks by the kaspersky anti-virus ® for samba servers, including scheduled scanning of a defined dire...
Page 34
34 kaspersky anti-virus ® for samba servers task: scan all tar and zip archives accessible on a server and attempt disinfection of all discovered objects inside compressed files using the vox.Sh script. Use /etc/kav/kavscanner.Conf.In as a configuration file, where script application for disinfectio...
Page 36
Chapter 6. Additional setup this section describes in detail additional setup of kaspersky anti-virus ® functionality. Unlike the required settings made during the installation process (please see section 3.3 on p.14), and essential for product functioning, additional setup is performed at the admin...
Page 37
Additional setup 37 monitoring objects (types of files to be scanned for virus presence) are also defined only by the parameters in the configuration file (/etc/kav/5.0/kav4sambaservers.Confor its alternative). You cannot define or restrict the monitoring area from the command line at the start of t...
Page 38
38 kaspersky anti-virus ® for samba servers please note that in order to speed up scanning of container objects (archives) the kavsamba component stops its work assigning the in- fected status to a whole archive immediately when the first virus is dis- covered inside. It means also that even if the ...
Page 39
Additional setup 39 task: scan for virus presence all files requested through a samba server and cure them, if they are infected. If the disinfection procedure fails, infected objects must be transferred with their full paths to the /tmp/infected directory. Solution: in order to accomplish the task ...
Page 40
40 kaspersky anti-virus ® for samba servers application configuration file ([scanner] section); they are set for maximum scanning of file systems accessible from a workstation, where the product is installed. All available files are scanned for virus presence, including: • packed files. • archives. ...
Page 41
Additional setup 41 if the command line contains both a scanning path and a text file with a list of objects for scanning, first the objects listed in the command line will be scanned, and then the objects from the file will be processed. • restriction of default paths (all beginning with the curren...
Page 42
42 kaspersky anti-virus ® for samba servers however, you can set up certain actions to be performed over files with infected, suspiсious, warning and corrupted status, similar to the kavsamba component: • transfer to a certain directory – transfer of files with a defined status to a certain director...
Page 43
Additional setup 43 solution: in order to accomplish the task you should perform the follow- ing actions: 1. Create scan_sample.Conf alternative configuration file. 2. Make sure that disinfection of infected objects is on (cure=yes in the [scanner.Options] section). 3. Set up the rules for processin...
Page 44
44 kaspersky anti-virus ® for samba servers scanned by the kavsamba component; it exists in ram and is not saved after kavsamba completes its work. If during the scanning procedure information about a file is not added to the ichecker database (the file is not clear or has an unsupported format), it...
Page 45
Additional setup 45 • a "warm" restart is recommended after updating of the anti-virus data- bases. In that case just the anti-virus databases are reloaded, and all connections are preserved. The kavsamba component is not restarted, so its file cache, etc. Remains intact. A “warm” reboot is accompli...
Page 46
46 kaspersky anti-virus ® for samba servers /usr/local/share/kav/5.0/kavsamba/setup/kavsamba.Sh/ stop for free bsd distributions: /usr/local/etc/rc.D/kavsamba.Sh/stop the command will send to the kavsamba process a sigterm signal terminating kavsamba operation and closing all its branched copies, an...
Page 47
Additional setup 47 6.6. Reporting parameters in kaspersky anti-virus ® results of operations performed by all components of the kaspersky anti-virus ® are summarized in a report output to a log file. Results of anti-virus processing of server file systems are also output to console. By default the ...
Page 48
48 kaspersky anti-virus ® for samba servers levels level descrip- tion meaning 10 debug all debug messages, for example, configuration file contents. Information about fatal errors in component operation is output always despite the defined level of details. Level 3 set by default is optimal for com...
Page 49
Additional setup 49 • brief messages format (parameter showobjectresultonly=yes, [scan- ner.Report] section): "file_name" result where: virus_name – is the name of a virus for the cured, infected, curefailed, warning, and suspicion events. The field re- mains empty for other events. Result means the...
Page 50
50 kaspersky anti-virus ® for samba servers event/result meaning suspicion the file is suspected for infection with an unknown virus. Error the file cannot be scanned because of a recurring error (for example, when a damaged archive is being processed). Protected the file cannot be scanned because o...
Page 51
Additional setup 51 here you can define, whether information about scanning of archived objects (showarchivecontent, showcontainerresultonly), about clear files (showok) and the progress of current component operation (showprogress) should be displayed on-screen. If the [scanner.Display] section is ...
Page 52
Chapter 7. Using licenses the right to use kaspersky anti-virus ® for samba servers is restricted in terms of duration (as a rule, the period of license validity lasts for one year from the date of product purchase). When the license to use kaspersky anti-virus ® expires, the application will contin...
Page 53
Using licenses 53 moreover, kaspersky anti-virus ® contains a special licensemanager component, which allows not only reviewing more detailed information about the keys but also retrieving some analytical data. All the information may be output to a server console or viewed remotely from any compute...
Page 54
54 kaspersky anti-virus ® for samba servers product name: kaspersky anti-virus 5 business optimal 1 month (samba servers) creation date: 23-07-2003 expiration date: 21-11-2003 serial 02b1-000454-00053e3 type: commercial lifespan: 30 7.1.2. License extension extension of your license to use kaspersky...
Page 55
Using licenses 55 copyright (c) kaspersky lab. 1998-2003. Key file 00053e3d.Key is successfully registered we recommend updating your anti-virus databases after the procedure. If you wish to install a new license key before the current one expires you can install it as an additional key. An addition...
Page 56
Chapter 8. Checking correct operation of the anti-virus when the installation and setup of kaspersky anti-virus ® are complete we recommend checking the settings and correct operation of the program using a test “virus” and modifications thereof. The test "virus" has been specifically developed by (...
Page 57
Checking correct operation of the anti-virus 57 table 1. Test “virus” modifications prefix object type no prefix, standard test “virus" infected. The object is not cured. Corp– corrupted. Susp– suspicious (unknown virus code). Warn– warning (modified code of a known virus). Erro– error. Cure– cured....
Page 58
Chapter 9. Likely questions pertaining to product use this chapter is devoted to the most frequently asked users’ questions pertaining to installation, setup and operation of the kaspersky anti-virus ® ; here we shall try to answer them in detail. Question: why does kaspersky anti-virus ® cause a ce...
Page 59
Likely questions pertaining to product use 59 ruses daily) as well as the ever increasing number of recognized file formats, each subsequent version of our product functions faster than the previous one. That is achieved through the use of new unique tech- nologies, such as ichecker, developed at ka...
Page 60
60 kaspersky anti-virus ® for samba servers 1. Please indicate in the subject of your message the operating system of your server, the name of the component, which you cannot setup and the problem. For example: linux, webmin, no access to settings of the licensed users’ list . 2. Please use plain te...
Page 61
Likely questions pertaining to product use 61 question: are the Х architecture processors supported (powerpc, sparc, alpha, pa-risc etc.)? The current version of the product does not support processors of those types. Question: will the kaspersky anti-virus ® for unix work with my linux dis- tributi...
Page 62
62 kaspersky anti-virus ® for samba servers enter the following in the command line: $ some_app > ./text_file 2>&1 where: some_app means the software, the standard output and error mes- sages of which you would like to have saved to a file; text_file – full path to the file, where the information wi...
Page 63
Appendix a. Malware in unix environment viruses are much less frequent in unix systems than, for example, under windows due to some peculiarities of those platforms. Trojan horses and network worms are less rare. Malicious programs spread through networks using various ways including software “holes...
Page 64
64 kaspersky anti-virus ® for samba servers files and changes their attributes to 777. At the same time it creates user snoopy with the rights 777 as well in the main password list of the infected workstation. Linux.Bliss is a group of non-resident viruses infecting linux executables; those viruses ...
Page 65
Appendix a 65 the flash attack type is used for direct modem disconnection by sending a ping command with "incorrect" data in a certain sequence to a certain ip address. The user’s modem will interpret the data as a command to disconnect and the user will be disconnected from the internet. However, ...
Page 66
66 kaspersky anti-virus ® for samba servers loader, which in its turn completes loading and starts the main portion of the worm code. The main page of a server is replaced with an html file containing the following text: "ramen crew – hackers looooooooooooove noodles". At last the worm sends an e-ma...
Page 67
Appendix a 67 (the so-called "buffer overrun" breach). The hole allows sending execu- table code to a remote computer and its execution there – unnoticed by an administrator (user)..
Page 68
Appendix b. Kaspersky lab founded in 1997, kaspersky lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious pro...
Page 69
Appendix b 69 b.1. Other kaspersky lab products kaspersky anti-virus ® personal kaspersky anti-virus personal protects home computers running windows 98/me/2000/nt/xp from all types of known viruses, including riskware. The application constantly monitors all possible sources of virus penetration, s...
Page 70
70 kaspersky anti-virus ® for samba servers unique second-generation heuristic analyzer effectively detects unknown viruses. The user can easily adjust settings through an easy-to-use, simple interface. Kaspersky anti-virus ® personal pro has the following features: • on-demand scan of local disks; ...
Page 71
Appendix b 71 from any corrupted files transferred from a pc or an extension card, from rom files, and from databases. This software package includes an optimal combination of the following anti-virus tools: • anti-virus scanner to scan the data stored on both the pda and exten- sion card on demand;...
Page 72
72 kaspersky anti-virus ® for samba servers components are managed from one console and have a unified user interface. Kaspersky corporate suite delivers a reliable, high-performance protection system that is fully compatible with the specific needs of your network configuration. Kaspersky corporate...
Page 73
Appendix b 73 kaspersky anti-spam personal software package is a powerful tool that ensures detection of spam in the flow of e-mail messages incoming via pop3 and imap4 protocol (only for microsoft outlook). The filtering process involves the analysis of all attributes of the message (sender's and r...
Page 74
Appendix c. License agreement standard end user licence agreement notice to all users: carefully read the following legal agreement ("agreement") for the licence of specified software ("software") produced by kaspersky labs. ("kaspersky labs"). If you have purchased this software via the internet by...
Page 75
Appendix c 75 usage terms specified on the applicable price list or product packaging that apply to any such software products individually. 1.1 use. The software is licensed as a single product; it may not be used on more than one client device or by more than one user at a time, except as set fort...
Page 76
76 kaspersky anti-virus ® for samba servers "multiplexing" or "pooling" software or hardware) does not reduce the number of licences required (i.E., the required number of licences would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the numb...
Page 77
Appendix c 77 and you explicitly consent to the transfer of data to other countries outside your own as set out in the privacy policy. (iv) "support services" means (a) daily updates of the anti-virus database; (b) free software updates, including version upgrades; (c) extended technical support via...
Page 78
78 kaspersky anti-virus ® for samba servers warranty period. You shall provide all information as may be reasonably necessary to assist the supplier in resolving the defective item; (v) the warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this software without...
Page 79
Appendix c 79 (iii) subject to paragraph (i), the liability of kaspersky lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the software shall in no circumstances exceed a sum equal to the amount equally paid by you for the software. 8. The c...