- DL manuals
- KAPERSKY
- Server
- ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS
- Administrator's Manual
KAPERSKY ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS Administrator's Manual
Summary of ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS
Page 1
Kaspersky lab kaspersky anti-virus ® 5.5 for samba servers administrator's manual.
Page 2
K a s p e r s k y a n t i - v i r u s ® 5 . 5 f o r s a m b a s e r v e r s administrator's manual © kaspersky lab ltd. Http://www.Kaspersky.Com revision date: november 2006.
Page 3
Contents chapter 1. Introduction ...................................................................................... 5 1.1. Computer viruses and malware............................................................................ 5 1.2. The purpose and main features of kaspersky anti-virus ..........
Page 4
Contents 3 chapter 5. Using kaspersky anti-virus for samba servers............. 28 5.1. Anti-virus database updating............................................................................. 28 5.1.1. Automatic updating of the anti-virus databases........................................... 30 5.1...
Page 5
4 introduction 7.1.3. License key removal..................................................................................... 54 chapter 8. Checking correct operation of the anti-virus ............. 56 chapter 9. Frequently asked questions................................................... 58 appen...
Page 6
Chapter 1.Introduction the constant growth in the number of computer users and new the possibilities of data exchange between them via e-mail or internet result in the increased threat of virus infections and data corruption or theft by malicious computer programs. Among the sources of malware penet...
Page 7
6 introduction and other channels. Due to this ability, worms can proliferate extremely fast. Worms penetrate a computer, determine ip addresses of other com- puters, and send copies of themselves to these computers. Apart from the network addresses, worms often use data contained in the address boo...
Page 8
Introduction 7 the application also employs ichecker™ – an intellectual technology, which allows considerable increase of file scanning speed. Kaspersky anti-virus for samba servers is a package of anti-virus components performing the following functions: • real-time protection of samba file server ...
Page 9
8 introduction • the least loaded updates’ server of kaspersky lab is detected dur- ing the updating of the anti-virus databases. Besides, in cases of line disconnection the updating process after reconnection resumes its work from the place where it left off. • an opportunity to roll back both the ...
Page 10
Introduction 9 • perl language interpreter, version 5.0 or newer ( www.Perl.Org ). • installed samba server 2.2.7 and newer or 3.0.0-3.0.23c. 1.4. Distribution kit you can purchase kaspersky anti-virus either from our distributors (retail box) or in our internet-shop ( www.Kaspersky.Com , buy online...
Page 11
10 introduction if you unsealed the envelope, you have agreed to all the terms of the la. 1.5. Help desk for registered users kaspersky lab offers a large service package enabling legal users to efficiently employ kaspersky anti-virus. If you register and purchase a subscription you will be provided...
Page 12
Introduction 11 style purpose task, example statement of problem, example for using the software features. Solution solution to a defined problem. [key] – key purpose. Command line keys. Text of informa- tion messages and the command line text of configuration files, information messages and the com...
Page 13
Chapter 2.Internal architecture of kaspersky anti-virus for samba servers before we describe the features of kaspersky anti-virus for samba servers let us discuss its internal architecture in detail. That will allow better understanding of the anti-virus operation algorithm. 2.1. Component structure...
Page 14
Internal architecture of kaspersky anti-virus for samba servers 13 1. If a user attempts to access a file through samba server the request is intercepted by the server itself and transferred to the kavsamba.So module. 2. The kavsamba.So module sends the data pertaining to the request (file name, its...
Page 15
Chapter 3.Installation of kaspersky anti-virus prior to beginning the installation of kaspersky anti-virus we recommend the following preparations for your system: • make sure that your system conforms to the hardware and software re- quirements for installation of the kaspersky anti-virus (please s...
Page 16
Installation of kaspersky anti-virus 15 pkg_add 3.3. Installation process for several reasons the process of installation may terminate with an error code. In such cases make sure that your computer conforms to the hardware and software requirements (please see section 1.3 on p. 7) and that you have...
Page 17
16 introduction actions on the user’s part. A respective message will appear on-screen in that case. The process of configuring the application consists of the following stages: • search for an installed samba server and checking its version for confor- mity with the software requirements. • search ...
Page 18
Installation of kaspersky anti-virus 17 / var/opt/kaspersky/kav4samba/bases and /var/opt/kaspersky/kav4samba/licenses – the directories containing the anti- virus databases and license keys respectively. /opt/kaspersky/kav4samba – the main directory of the anti-virus containing: /bin/ – the director...
Page 19
18 introduction in freebsd: /usr/local/etc/kaspersky/ – the directory containing the configuration file of kaspersky anti-virus and other files with various settings: kav4samba.Conf – configuration file. Kav4samba.Conf.Default – configuration file containing the default set- tings. /var/db/kaspersky...
Page 20
Installation of kaspersky anti-virus 19 3.6. Upgrading your samba server the distribution package of kaspersky anti-virus contains binary vfs modules for supported samba versions. If you have a new samba server version unsupported by kaspersky anti-virus, you can rebuild the vfs module of the applic...
Page 21
20 introduction kaspersky anti-virus removal will be performed automatically. The uninstall procedure uses different methods depending upon the distribution package type. If you installed kaspersky anti-virus for samba servers using its .Rpm package enter the following in the command line to begin u...
Page 22
Chapter 4.Post-install configuration the installation routine performs analysis of the system, where kaspersky anti- virus is being installed to and defines some parameters of its configuration automatically. Several parameters of the product configuration file are defined by default as most conveni...
Page 23
22 introduction 4.2. Installing the anti-virus databases kaspersky anti-virus detects viruses and cures infected objects using the records in its anti-virus databases. These databases contain descriptions of all currently known malicious programs and methods of their disinfection. Therefore maintain...
Page 24
Post-install configuration 23 please refer to webmindocumentationfor details about different set- tings of that program. In addition, you can use webmin help to resolve questions about the plug-in module for remote product administration. Configuration and start of various tasks discussed further do...
Page 25
24 introduction hashtype=md5 • set the following parameter values in the [samba.Path] section: backuppath=/var/opt/kaspersky/kav4samba/infected sambaconfigfile=/etc/samba/smb.Conf • set the following parameter values in the [samba.Actions] section: oninfected=movepath /tmp/infected onsuspicion=movep...
Page 26
Post-install configuration 25 checkonopen=yes checkonclose=no 4.4.3. Top reliability mode this variant of program settings accomplishes maximum reliability of server protection since files are scanned during reading and writing, however, the application performance will be slightly lower. In order t...
Page 27
26 introduction sections). 4.4.4. Scanning mode for frequently modified files this mode is recommended for setting up anti-virus protection of shared directories, where files are frequently updated. The difference between the mode for checking frequently modified files and the recommended mode (plea...
Page 28
Post-install configuration 27 • set the following parameter value in the [samba.Path] section: backuppath=/var/opt/kaspersky/kav4samba/infected sambaconfigfile=/etc/samba/smb.Conf • set the following parameter values in the [samba.Actions] section: oninfected=remove onsuspicion=remove onwarning=remo...
Page 29
Chapter 5.Using kaspersky anti-virus for samba servers anti-virus security is accomplished both in real time and in on-access mode. Let us review those opportunities in detail. Real-time protection is accomplished by means of the kavsamba component that intercepts attempts to access files for openin...
Page 30
Using kaspersky anti-virus for samba servers 29 during the updating procedure the keepup2date component accesses the list, picks up an address and attempts to download the anti-virus databases from the server. If the update cannot be obtained from the selected address, the component will switch to t...
Page 31
30 introduction adware programs are installed together with third party software and start displaying advertisements in additional windows or forcing the user to visit the advertiser's web site. Besides unsolicited advertisement information, such programs also increase considerably the load on commu...
Page 32
Using kaspersky anti-virus for samba servers 31 solution: in order to accomplish the task you should perform the follow- ing actions: assign the no value to the useupdateserverurl parameter in the [up- dater.Options] section. Task: configure downloading of updates for the anti-virus databases from a...
Page 33
32 introduction if you need to update anti-virus databases on several computers it should be more convenient to download the databases from the updates’ servers once, save them to a certain directory and then update all computers using that directory as source instead of downloading the files over a...
Page 34
Using kaspersky anti-virus for samba servers 33 # kav4samba-keepup2date –u where 3. Provide network reading access to the directory for lan computers. Task: configure updating of the anti-virus databases through a proxy server. Solution: in order to accomplish the task you should perform the follow-...
Page 35
34 introduction disinfection of infected objects is off by default, i.E. If infected, suspicious or corrupted objects are discovered they will be blocked and relevant information will be included into anti-virus report. All settings of the kavsamba component are grouped in the [samba.*] sections of ...
Page 36
Using kaspersky anti-virus for samba servers 35 2. Restart kaspersky anti-virus. 5.2.1.2. Monitoring with e-mail notifications in case of monitoring with e-mail notifications attempts of accessing an infected or suspicious file are reported in an e-mail message sent to a specified address. Task: not...
Page 37
36 introduction console, administrator notification), or force object modification (disinfection, transfer to a separate directory, removal). All settings of the kavscanner component are grouped in the [scan- ner.*] section of the applicationconfiguration file. By default kavscanner only notifies us...
Page 38
Using kaspersky anti-virus for samba servers 37 5.3.2. Scheduled scanning of a directory (cron) the cron utility for scheduled programs' launch can be used for automatic performance of any tasks by the kaspersky anti-virus for samba servers, including scheduled scanning of a specified directory. Tas...
Page 40
Chapter 6.Additional setup this section describes in detail additional setup of kaspersky anti-virus functionality. Unlike the required settings made during the installation process (please see section 3.3 on p.15), and essential for product functioning, additional setup is performed at the administ...
Page 41
40 introduction 6.1.2. File scanning and disinfection mode kavsamba supports the following file access operations: open and close. On opening all non-empty files are scanned; a file being closed is scanned if any modifications have been made to it. By default disinfection of intercepted infected fil...
Page 42
Additional setup 41 6.1.3. File operations performance of some actions can be defined for files with infected, suspicious, warning, cured, protected, corrupted or error status, here belong such actions as: • transfer to a certain directory – transfer of files with a specified status to a certain dir...
Page 43
42 introduction if it is planned to preserve and keep such directory, we recommend that you exclude it from the scanning area using the excludedirs parameter ([samba.Options] section) in the configuration file. Task: scan for virus presence all files requested through a samba server and cure them, i...
Page 44
Additional setup 43 6.2. Setup of anti-virus protection for server file systems anti-virus protection of server file systems is performed by the kavscanner component. Default parameters of kavscanner operation are stored in the application configuration file ([scanner] section); they are set for the...
Page 45
44 introduction • definition of scanning paths in a text file with a subsequent command to use the file with the -@ key . Each object in such file is speci- fied in a new line with its absolute path. If the command line contains both a scanning path and a text file with a list of objects for scannin...
Page 46
Additional setup 45 6.2.3. File operations depending upon file status different operations may be applicable to it. By default discovery of files with a certain status results only in notifications output to console and added to logs. However, you can set up certain actions to be performed over file...
Page 47
46 introduction ure discovered infected objects must be transferred with their full paths to the /tmp/infected directory, suspicious objects – to the /tmp/suspicious directory, warnings – to the /tmp/warning directory. Solution: in order to accomplish the task you should perform the follow- ing acti...
Page 48
Additional setup 47 • scanned files' cache is a database containing information on all the checked files. The database contains information only on components scanned by the kavsamba component; it exists in ram and is not saved after kavsamba completes its work. If during the scanning procedure info...
Page 49
48 introduction as the time interval after which the anti-virus requests a new file for scanning (bgsheduletime parameter in the [samba.Options] section). If the number of files to be scanned exceeds the allowed maximum newly arriving files are added into a queue for scanning later, when the load fa...
Page 50
Additional setup 49 in that case the program reads again its configuration file and databases terminating all user connections since the application actually first stops its operation and then restarts. Restarting is accomplished by entering the following in the command line: for linux distributions...
Page 51
50 introduction the administrator may change the date and time format. Localization of formats is performed in the [locale] section of the application configuration file. For example, you can define the following formats: %i:%m:%s %p – for time output in twelve-hour format (timeformat pa- rameter). ...
Page 52
Additional setup 51 levels level descrip- tion meaning insufficient available disk space. 3 info, notice important informational messages; for example: information telling whether a component is started, path to the configuration file, scanning area, information about anti-virus databases, license k...
Page 53
Chapter 7.License keys management the right to use kaspersky anti-virus for samba servers is restricted in terms of duration (as a rule, the period of license validity lasts for one year from the date of product purchase). When the license to use kaspersky anti-virus expires, the application will co...
Page 54
License keys management 53 in order to review the information about all installed license keys enter the following in the command line: #./kav4samba-licensemanager –s the following information will be output to server console: kaspersky license manager version 5.5 copyright (c) kaspersky lab. 1997-2...
Page 55
54 introduction or: extend the license duration directly through kaspersky lab having sent a message to the sales department ( sales@kaspersky.Com ) or fill a re- spective form in the estore Ærenew or upgrade your license sec- tion of our website ( www.Kaspersky.Com ) . After payment you will re- ce...
Page 56
License keys management 55 the following information will be output to server console: kaspersky license manager. Version 5.5.0.0/release copyright (c) kaspersky lab. 1998-2006. Active key was successfully removed in order to remove your additional key, enter, for example, the following in the comma...
Page 57
Chapter 8.Checking correct operation of the anti-virus when the installation and setup of kaspersky anti-virus are complete we recommend checking the settings and correct operation of the program using a test “virus” and modifications thereof. The test "virus" has been specifically developed by (the...
Page 58
Checking correct operation of the anti-virus 57 prefix object type “virus" corr– corrupted. The object is damaged. Susp– suspicious (unknown virus code). Warn– warning (modified code of a known virus). Erro– error. The object caused an error during scanning. Cure– cured. The object is cured; at that...
Page 59
Chapter 9. Frequently asked questions this chapter is devoted to the most frequently asked users’ questions pertaining to installation, setup and operation of the kaspersky anti-virus; here we shall try to answer them in detail. Question: is it possible to use kaspersky anti-virus with anti-virus pr...
Page 60
Error! Reference source not found. 59 kaspersky anti-virus makes its users feel maximum protection. Of course, kaspersky anti-virus software package allows experienced us- ers to accelerate anti-virus scanning to the detriment of overall security by disabling scanning of various file types, but we d...
Page 61
60 introduction question: the license key to kaspersky anti-virus is recorded on a floppy disk. What should i do if my computer has no floppy disk drive? This problem has several solutions. You can write an e-mail with a description of your problem to the sales department of kaspersky lab ( sales@ka...
Page 62
Error! Reference source not found. 61 after the date of license expiry, kaspersky anti-virus will not use such databases. Question: are the Х architecture processors supported (powerpc, sparc, alpha, pa-risc etc.)? The current version of the product does not support processors of those types. Questi...
Page 63
62 introduction question: how do i save software console output to a file? One of possible solutions is described below: enter the following in the command line: $ some_app > ./text_file 2>&1 where: some_app means the software, the standard output and error mes- sages of which you would like to have...
Page 64
Appendix a.Additional information about the application this appendix contains a description of the folder tree of the kaspersky anti- virus after installation, its configuration file and command line options of applications components and their return codes. A script file for disinfection of archiv...
Page 65
64 introduction excludedirs=mask1:mask2:...:maskn – masks of folders that are ex- cluded from the scan; by default all folders will be scanned. Excludemask=mask1:mask2:...:maskn – file masks that will be excluded from the scan; by default all files will be scanned. Packed=yes – scanning mode for pac...
Page 66
Appendix a 65 scanning in public folders: checkonopen –anti-virus file scan upon a request to open it. Checkonclose – anti-virus file scan at saving. Sections of the [samba.Shares:sharename] type can be created in the configuration file; they must contain the parameters that define the settings of a...
Page 67
66 introduction o exec – apply to the object an action defined by the value. The following macros can be used as an additional action parameter: o %virusname% – name of the detected virus. O %fullpath% – full directory path. O %filename% – file name without path. The [samba.Notify] section contains ...
Page 68
Appendix a 67 reportfilename – name of the report file where the component logs the re- sults of its activity. Reportmaxsize – report file size (bytes). Reportlevel – level of details in the report. Append=yes – mode for appending new messages to the report file. In or- der to disable the mode, set ...
Page 69
68 introduction will resume as soon as the server load returns to the level defined by the parameter. The [scanner.Path] section contains parameters that define the paths to essential files of the kavscanner component: backuppath=path – full path to the folder containing backup copies of the objects...
Page 70
Appendix a 69 • %list% – filename or the list of infected, suspicious and cor- rupted files found in a container. The file format is as follows: \t. • %fullpath% – full path to the container. • %filename% – filename without path. • %containertype% – container type as a line. The [scanner.Container] ...
Page 71
70 introduction the [updater.Path] section includes settings that define paths to the files required for the operation of the anti-virus database updating component: avbasestestpath – full path to the directory where the anti-virus data- bases are stored. Backuppath – full path to an existing direct...
Page 72
Appendix a 71 the address is not specified, its value will be taken from the environment variable http_proxy. The [updater.Report] section contains report generation parameters for the keepup2date component: append=yes – mode for appending new messages to the report file. In or- der to disable the m...
Page 73
72 introduction a.4. Command line options for the kavscanner component the configuration file parameters can be redefined using command line options, when you are launching the application from the command line. Let us examine them closely. Help options: –h display on the console help information ab...
Page 74
Appendix a 73 –r/r enable/disable recursive scanning. -s/s enable/disable symlink opening mode. –l scan local file systems only. Report generation options: –q do not print messages to the screen. –o specify the filename for the file into which the report on component activity will be logged. If the ...
Page 75
74 introduction o/o short/extended format for messages about simple object scanning. С/с short/extended format for messages about archive scan- ning. N/n enable/disable output of messages about clean files to the report file. File options: –p save the list of objects into the specified file; save ea...
Page 76
Appendix a 75 –i4 delete infected objects and containers. A.5. Kavscanner return codes the kavscanner component may return any of the following codes while running: 0 no viruses found. 5 all infected objects have been cured. 10 password-protected archives have been detected. 15 corrupted files have ...
Page 77
76 introduction a.6. Command line options for the licensemanager component help options: –h display on the console help information about the licensemanager component. -v display program version. Command line options for managing license keys: –s output information about all installed license keys t...
Page 78
Appendix a 77 66 invalid configuration file option. A.8. Command line options for the keepup2date component help options: –v output the version to the console and exit the component. –h output to the console help information about the command line options supported by the component and exit. –s outp...
Page 79
78 introduction –l log work results in the file. A.9. Keepup2date return codes the keepup2date component may return any of the following codes while running: 0 the anti-virus database does not need to be updated. 1 the anti-virus database has been updated successfully. 10 critical error occurred; th...
Page 80
Appendix b.Kaspersky lab founded in 1997, kaspersky lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious prog...
Page 81
80 introduction b.1. Other kaspersky lab products kaspersky lab news agent the news agent is intended for timely delivery of news published by kaspersky lab, for notifications about the current status of virus activity and fresh news. The program reads the list of available news channels and their c...
Page 82
Appendix b 81 • save a report on the scanning results in txt or html formats. Kaspersky anti-virus ® 6.0 kaspersky anti-virus 6.0 is designed to safeguard personal computers against malicious software as an optimal combination of conventional methods of anti- virus protection and new proactive techn...
Page 83
82 introduction • anti-virus scanning of e-mail traffic on the level of data transmission protocol (pop3, imap and nntp for incoming mail and smtp for outgoing messages) irrespectively of the mail client being used. The program includes plug-ins for popular e-mail clients (microsoft office outlook, ...
Page 84
Appendix b 83 kaspersky ® security for pda kaspersky ® security for pda provides reliable anti-virus protection for data saved on various types of hand-held computers and smartphones.The program includes an optimal set of anti-virus defense tools: • anti-virus scanner that scans information (saved b...
Page 85
84 introduction • e-mail systems including microsoft exchange 2000/2003, lotus notes/domino, postfix, exim, sendmail, and qmail. • internet gateways: checkpoint firewall –1; microsoft isa server 2000 standard edition, and microsoft isa server 2004 standard edition. The kaspersky anti-virus ® busines...
Page 86
Appendix b 85 technology of linguistic analysis with modern methods of e-mail filtration, including rbl lists and formal letter features. Its unique combination of services allows users to identify and wipe out up to 95% of unwanted traffic. Installed at the entrance to a network, where it monitors ...
Page 87
86 introduction kaspersky anti-virus ® for proxy server kaspersky anti-virus ® for proxy server is an anti-virus solution for protection of http web traffic passing proxy servers. The application scans in real time internet traffic protecting computers from penetration of malicious software during w...
Page 88
Appendix c.License agreement end user license agreement notice to all users: carefully read the following legal agreement ("agreement") for the license of specified software ("software") produced by kaspersky lab ("kaspersky lab"). If you have purchased this software via the internet by clicking the...
Page 89
88 introduction product. In this case, kaspersky lab will not be held by the partner's clauses. The right to return and refund extends only to the original purchaser. All references to "software" herein shall be deemed to include the software activation key ("key identification file") with which you...
Page 90
Appendix c 89 steps to achieve interoperability, provided that you only reverse engineer or decompile the software to the extent permitted by law. 1.1.4 you shall not make error corrections to, or otherwise modify, adapt, or translate the software, nor create derivative works of the software, nor pe...
Page 91
90 introduction described herein. Upon any termination or expiration of this agreement, you must immediately destroy all copies of the software and the documentation. You may terminate this agreement at any point by destroying all copies of the software and the documentation. 3. Support. (i) kaspers...
Page 92
Appendix c 91 you shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the key identification file. 6. Limited warranty. (i) kaspersky lab warrants that for six (6) months ...
Page 93
92 introduction (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) loss of revenue; (b) loss of actual or anticipated profits (including for loss of profits on contracts); (c) loss of the use of money; (d) loss of anticipated savings; (e) loss of business; (f) loss o...