K a s p e r s k y l a b kaspersky anti-virus ® 5.0 for samba servers administrator's manual.
K a s p e r s k y a n t i - v i r u s ® 5 . 0 f o r s a m b a s e r v e r s administrator's manual © kaspersky lab ltd. Http://www.Kaspersky.Com revision date: october 2004.
Contents chapter 1. Kaspersky anti-virus ® for samba servers.......................... 6 1.1. Hardware and software system requirements ..................................................... 7 1.2. Distribution kit .........................................................................................
4 kaspersky anti-virus ® for samba servers 5.1.1. Scheduling updates of anti-virus databases using cron.............................. 27 5.1.2. One-time update of the anti-virus databases............................................... 28 5.1.3. Creation of a network directory for storage and downloa...
Contents 5 7.1.1. Viewing license key information ................................................................... 52 7.1.2. License extension......................................................................................... 54 7.1.3. License key removal.......................................
Chapter 1. Kaspersky anti- virus ® for samba servers kaspersky anti-virus ® for samba servers software application (hereinafter also called kaspersky anti-virus ® ) is designed to perform anti-virus scanning of objects for samba servers running linux, freebsd or openbsd operating systems. The applic...
Kaspersky anti-virus ® for samba servers 7 • preserving the original infected object prior to its disinfection (backup) with an opportunity to restore it if an off-normal situation happens. • saving information about already scanned files in an operational cache, which allows a considerable increase...
8 kaspersky anti-virus ® for samba servers o freebsd, versions 4.7 or 5.0 o openbsd, version 3.3 • installed samba server 2.2.6 or newer. • installed perl, version 5.0 or newer. 1.2. Distribution kit you can purchase kaspersky anti-virus ® either from our distributors (retail box) or in our internet...
Kaspersky anti-virus ® for samba servers 9 1.3. Help desk for registered users kaspersky lab offers a large service package enabling legal users to efficiently employ kaspersky anti-virus ® . If you register and purchase a subscription you will be provided with the following services for the period ...
10 kaspersky anti-virus ® for samba servers style purpose task, example statement of problem, example for using the software features. Solution solution to a defined problem. [key] – key purpose. Command line keys. Text of information mes- sages and the command line text of configuration files, info...
Chapter 2. Internal architecture of kaspersky anti-virus ® for samba servers before we describe the features of kaspersky anti-virus ® for samba servers let us discuss its internal architecture in detail. That will allow better understanding of the anti-virus operation algorithm. 2.1. Component stru...
12 kaspersky anti-virus ® for samba servers so the used algorithm of operation is as follows: 1. If a user attempts to access a file through samba server the request is intercepted by the server itself and transferred to the kavsamba.So module. 2. The kavsamba.So module sends the data pertaining to ...
Chapter 3. Installation of kaspersky anti-virus ® for samba servers prior to beginning the installation of kaspersky anti-virus ® for samba servers we recommend the following preparations for your system: • make sure that your system conforms to the hardware and software re- quirements for installat...
14 kaspersky anti-virus ® for samba servers in order to start installation of kaspersky anti-virus ® to a server perform the following procedure: 1. Copy the archived installation package to a directory in the server file system and unpack it. 2. Launch the installation script: install.Sh . 3.2. Sof...
Installation of kaspersky anti-virus ® for samba servers 15 please note also that automatic configuration of the application will not be performed if the anti-virus databases are not installed. 4. License key installation. If a license key is not installed configuration will not be performed and it ...
16 kaspersky anti-virus ® for samba servers please keep in mind that you have to restart the samba server before you can proceed to further work. 3.5. Distribution of files within directories after kaspersky anti-virus ® installation the files from its installation package will have the following lo...
Installation of kaspersky anti-virus ® for samba servers 17 keepup2date– is the executable file of the keepup2date component up- dating the anti-virus databases. /man/ – directory with man files. /setup/ – directory for storage of service scripts and webmin module. 3.6. Uninstalling kaspersky anti- ...
18 kaspersky anti-virus ® for samba servers if you installed kaspersky anti-virus ® for samba servers using its .Tar.Gz package enter the following in the command line to begin unin- stalling: install.Pl uninstall if you installed kaspersky anti-virus ® for samba servers using its .Pkg package enter...
Chapter 4. Post-install setup the installation routine performs analysis of the system, where kaspersky anti- virus ® is being installed to and defines some parameters of its configuration automatically. Several parameters of the product configuration file are defined by default as most convenient f...
20 kaspersky anti-virus ® for samba servers please note that discovered infected files are not cured by default! 4.2. Installing/updating anti-virus databases we recommend installing/updating anti-virus databases immediately after installation of the product to a server. In order to accomplish that ...
Post-install setup 21 if you wish to create an alternative configuration file using webmin, you’ll have to perform the following actions: 1. Copy the data from the existing configuration file to a new one saving it under a different name. Then modify the new (alternative) configuration file in accor...
22 kaspersky anti-virus ® for samba servers selfextarchives=yes mailbases=yes mailplain=yes heuristic=yes cure=yes ichecker=yes checkfileslimit=20 bgcheckfileslimit=5 bgsheduletime=10 hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/db/kav/5.0/kavsamba/i...
Post-install setup 23 in order to set the mode up you should enter the following modifications to the configuration file: • set the following parameter values in the [samba.Options] section: ichecker=no filecachesize=15000 checkfileslimit=0 bgcheckfileslimit=3 bgsheduletime=5 hashtype=crc32 • set th...
24 kaspersky anti-virus ® for samba servers bgcheckfileslimit=0 bgsheduletime=0 hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/db/kav/5.0/kavsamba/infected • set the following parameter values in the [samba.Actions] section: oninfected=remove onsuspici...
Post-install setup 25 archives=yes selfextarchives=yes mailbases=yes mailplain=yes heuristic=yes cure=yes ichecker=yes filecachesize=20000 checkfileslimit=20 bgcheckfileslimit=5 bgsheduletime=10 hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/db/kav/5.0...
Chapter 5. Using kaspersky anti-virus ® for samba servers anti-virus security is accomplished both in real time and in on-access mode. Let us review those opportunities in detail. Real-time protection is realized by means of the kavsamba component that intercepts attempts to access files for opening...
Using kaspersky anti-virus ® for samba servers 27 during the updating procedure the keepup2date component accesses the list, picks up an address and attempts to download the anti-virus databases or other updates (e.G. Application patches) from the server. If the update cannot be obtained from the se...
28 kaspersky anti-virus ® for samba servers [updater.Options] keepsilent=yes [updater.Report] append=yes reportlevel=1 2. Edit the file containing the rules for the cron process ( crontab –e ) by adding the following line into it: 0 7 * * * /opt/kav/bin/keepup2date 5.1.2. One-time update of the anti...
Using kaspersky anti-virus ® for samba servers 29 keepup2date –l /tmp/report.Txt task: review the list of all kaspersky lab applications available for up- dating. Solution: in order to accomplish the task you should enter the following in the command line: keepup2date –i the command will output to s...
30 kaspersky anti-virus ® for samba servers kavsamba starts as an operating system daemon. After the built-in anti-virus core of the component analyses a requested file, kavsamba makes a decision on further work with such file (whether access should be granted). Disinfection of infected objects is o...
32 kaspersky anti-virus ® for samba servers console, administrator notification), or force object modification (disinfection, transfer to a separate directory, removal). All settings of the kavscanner component are grouped in the [scan- ner.*] section of the kav4sambaservers.Conf configuration file....
Using kaspersky anti-virus ® for samba servers 33 5.3.2. Daily scheduled scanning of a directory (cron) the cron utility for scheduled programs launching can be used for automatic performance of any tasks by the kaspersky anti-virus ® for samba servers, including scheduled scanning of a defined dire...
34 kaspersky anti-virus ® for samba servers task: scan all tar and zip archives accessible on a server and attempt disinfection of all discovered objects inside compressed files using the vox.Sh script. Use /etc/kav/kavscanner.Conf.In as a configuration file, where script application for disinfectio...
Chapter 6. Additional setup this section describes in detail additional setup of kaspersky anti-virus ® functionality. Unlike the required settings made during the installation process (please see section 3.3 on p.14), and essential for product functioning, additional setup is performed at the admin...
Additional setup 37 monitoring objects (types of files to be scanned for virus presence) are also defined only by the parameters in the configuration file (/etc/kav/5.0/kav4sambaservers.Confor its alternative). You cannot define or restrict the monitoring area from the command line at the start of t...
38 kaspersky anti-virus ® for samba servers please note that in order to speed up scanning of container objects (archives) the kavsamba component stops its work assigning the in- fected status to a whole archive immediately when the first virus is dis- covered inside. It means also that even if the ...
Additional setup 39 task: scan for virus presence all files requested through a samba server and cure them, if they are infected. If the disinfection procedure fails, infected objects must be transferred with their full paths to the /tmp/infected directory. Solution: in order to accomplish the task ...
40 kaspersky anti-virus ® for samba servers application configuration file ([scanner] section); they are set for maximum scanning of file systems accessible from a workstation, where the product is installed. All available files are scanned for virus presence, including: • packed files. • archives. ...
Additional setup 41 if the command line contains both a scanning path and a text file with a list of objects for scanning, first the objects listed in the command line will be scanned, and then the objects from the file will be processed. • restriction of default paths (all beginning with the curren...
42 kaspersky anti-virus ® for samba servers however, you can set up certain actions to be performed over files with infected, suspiсious, warning and corrupted status, similar to the kavsamba component: • transfer to a certain directory – transfer of files with a defined status to a certain director...
Additional setup 43 solution: in order to accomplish the task you should perform the follow- ing actions: 1. Create scan_sample.Conf alternative configuration file. 2. Make sure that disinfection of infected objects is on (cure=yes in the [scanner.Options] section). 3. Set up the rules for processin...
44 kaspersky anti-virus ® for samba servers scanned by the kavsamba component; it exists in ram and is not saved after kavsamba completes its work. If during the scanning procedure information about a file is not added to the ichecker database (the file is not clear or has an unsupported format), it...
Additional setup 45 • a "warm" restart is recommended after updating of the anti-virus data- bases. In that case just the anti-virus databases are reloaded, and all connections are preserved. The kavsamba component is not restarted, so its file cache, etc. Remains intact. A “warm” reboot is accompli...
46 kaspersky anti-virus ® for samba servers /usr/local/share/kav/5.0/kavsamba/setup/kavsamba.Sh/ stop for free bsd distributions: /usr/local/etc/rc.D/kavsamba.Sh/stop the command will send to the kavsamba process a sigterm signal terminating kavsamba operation and closing all its branched copies, an...
Additional setup 47 6.6. Reporting parameters in kaspersky anti-virus ® results of operations performed by all components of the kaspersky anti-virus ® are summarized in a report output to a log file. Results of anti-virus processing of server file systems are also output to console. By default the ...
48 kaspersky anti-virus ® for samba servers levels level descrip- tion meaning 10 debug all debug messages, for example, configuration file contents. Information about fatal errors in component operation is output always despite the defined level of details. Level 3 set by default is optimal for com...
Additional setup 49 • brief messages format (parameter showobjectresultonly=yes, [scan- ner.Report] section): "file_name" result where: virus_name – is the name of a virus for the cured, infected, curefailed, warning, and suspicion events. The field re- mains empty for other events. Result means the...
50 kaspersky anti-virus ® for samba servers event/result meaning suspicion the file is suspected for infection with an unknown virus. Error the file cannot be scanned because of a recurring error (for example, when a damaged archive is being processed). Protected the file cannot be scanned because o...
Additional setup 51 here you can define, whether information about scanning of archived objects (showarchivecontent, showcontainerresultonly), about clear files (showok) and the progress of current component operation (showprogress) should be displayed on-screen. If the [scanner.Display] section is ...
Chapter 7. Using licenses the right to use kaspersky anti-virus ® for samba servers is restricted in terms of duration (as a rule, the period of license validity lasts for one year from the date of product purchase). When the license to use kaspersky anti-virus ® expires, the application will contin...
Using licenses 53 moreover, kaspersky anti-virus ® contains a special licensemanager component, which allows not only reviewing more detailed information about the keys but also retrieving some analytical data. All the information may be output to a server console or viewed remotely from any compute...
54 kaspersky anti-virus ® for samba servers product name: kaspersky anti-virus 5 business optimal 1 month (samba servers) creation date: 23-07-2003 expiration date: 21-11-2003 serial 02b1-000454-00053e3 type: commercial lifespan: 30 7.1.2. License extension extension of your license to use kaspersky...
Using licenses 55 copyright (c) kaspersky lab. 1998-2003. Key file 00053e3d.Key is successfully registered we recommend updating your anti-virus databases after the procedure. If you wish to install a new license key before the current one expires you can install it as an additional key. An addition...
Chapter 8. Checking correct operation of the anti-virus when the installation and setup of kaspersky anti-virus ® are complete we recommend checking the settings and correct operation of the program using a test “virus” and modifications thereof. The test "virus" has been specifically developed by (...
Checking correct operation of the anti-virus 57 table 1. Test “virus” modifications prefix object type no prefix, standard test “virus" infected. The object is not cured. Corp– corrupted. Susp– suspicious (unknown virus code). Warn– warning (modified code of a known virus). Erro– error. Cure– cured....
Chapter 9. Likely questions pertaining to product use this chapter is devoted to the most frequently asked users’ questions pertaining to installation, setup and operation of the kaspersky anti-virus ® ; here we shall try to answer them in detail. Question: why does kaspersky anti-virus ® cause a ce...
Likely questions pertaining to product use 59 ruses daily) as well as the ever increasing number of recognized file formats, each subsequent version of our product functions faster than the previous one. That is achieved through the use of new unique tech- nologies, such as ichecker, developed at ka...
60 kaspersky anti-virus ® for samba servers 1. Please indicate in the subject of your message the operating system of your server, the name of the component, which you cannot setup and the problem. For example: linux, webmin, no access to settings of the licensed users’ list . 2. Please use plain te...
Likely questions pertaining to product use 61 question: are the Х architecture processors supported (powerpc, sparc, alpha, pa-risc etc.)? The current version of the product does not support processors of those types. Question: will the kaspersky anti-virus ® for unix work with my linux dis- tributi...
62 kaspersky anti-virus ® for samba servers enter the following in the command line: $ some_app > ./text_file 2>&1 where: some_app means the software, the standard output and error mes- sages of which you would like to have saved to a file; text_file – full path to the file, where the information wi...
Appendix a. Malware in unix environment viruses are much less frequent in unix systems than, for example, under windows due to some peculiarities of those platforms. Trojan horses and network worms are less rare. Malicious programs spread through networks using various ways including software “holes...
64 kaspersky anti-virus ® for samba servers files and changes their attributes to 777. At the same time it creates user snoopy with the rights 777 as well in the main password list of the infected workstation. Linux.Bliss is a group of non-resident viruses infecting linux executables; those viruses ...
Appendix a 65 the flash attack type is used for direct modem disconnection by sending a ping command with "incorrect" data in a certain sequence to a certain ip address. The user’s modem will interpret the data as a command to disconnect and the user will be disconnected from the internet. However, ...
66 kaspersky anti-virus ® for samba servers loader, which in its turn completes loading and starts the main portion of the worm code. The main page of a server is replaced with an html file containing the following text: "ramen crew – hackers looooooooooooove noodles". At last the worm sends an e-ma...
Appendix a 67 (the so-called "buffer overrun" breach). The hole allows sending execu- table code to a remote computer and its execution there – unnoticed by an administrator (user)..
Appendix b. Kaspersky lab founded in 1997, kaspersky lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious pro...
Appendix b 69 b.1. Other kaspersky lab products kaspersky anti-virus ® personal kaspersky anti-virus personal protects home computers running windows 98/me/2000/nt/xp from all types of known viruses, including riskware. The application constantly monitors all possible sources of virus penetration, s...
70 kaspersky anti-virus ® for samba servers unique second-generation heuristic analyzer effectively detects unknown viruses. The user can easily adjust settings through an easy-to-use, simple interface. Kaspersky anti-virus ® personal pro has the following features: • on-demand scan of local disks; ...
Appendix b 71 from any corrupted files transferred from a pc or an extension card, from rom files, and from databases. This software package includes an optimal combination of the following anti-virus tools: • anti-virus scanner to scan the data stored on both the pda and exten- sion card on demand;...
72 kaspersky anti-virus ® for samba servers components are managed from one console and have a unified user interface. Kaspersky corporate suite delivers a reliable, high-performance protection system that is fully compatible with the specific needs of your network configuration. Kaspersky corporate...
Appendix b 73 kaspersky anti-spam personal software package is a powerful tool that ensures detection of spam in the flow of e-mail messages incoming via pop3 and imap4 protocol (only for microsoft outlook). The filtering process involves the analysis of all attributes of the message (sender's and r...
Appendix c. License agreement standard end user licence agreement notice to all users: carefully read the following legal agreement ("agreement") for the licence of specified software ("software") produced by kaspersky labs. ("kaspersky labs"). If you have purchased this software via the internet by...
Appendix c 75 usage terms specified on the applicable price list or product packaging that apply to any such software products individually. 1.1 use. The software is licensed as a single product; it may not be used on more than one client device or by more than one user at a time, except as set fort...
76 kaspersky anti-virus ® for samba servers "multiplexing" or "pooling" software or hardware) does not reduce the number of licences required (i.E., the required number of licences would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the numb...
Appendix c 77 and you explicitly consent to the transfer of data to other countries outside your own as set out in the privacy policy. (iv) "support services" means (a) daily updates of the anti-virus database; (b) free software updates, including version upgrades; (c) extended technical support via...
78 kaspersky anti-virus ® for samba servers warranty period. You shall provide all information as may be reasonably necessary to assist the supplier in resolving the defective item; (v) the warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this software without...
Appendix c 79 (iii) subject to paragraph (i), the liability of kaspersky lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the software shall in no circumstances exceed a sum equal to the amount equally paid by you for the software. 8. The c...