KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER User Manual
Summary of ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER
Page 1: –Da[0
Kaspersky lab kaspersky anti-virus for freebsd, openbsd and bsdi mail server user guide.
Page 2: Http://www.Kaspersky.Com
K a s p e r s k y a n t i - v i r u s f o r f r e e b s d , o p e n b s d a n d b s d i m a i l s e r v e r user guide kaspersky lab ltd. Http://www.Kaspersky.Com revision date: june 2002 1.
Page 3: Kaspersky
Contents 1. Kaspersky tm anti-virus for freebsd, openbsd and bsdi mail server .......................................................................... 11 1.1. Introduction ............................................................................... 11 1.2. Distribution kit.........................
Page 4
C o n t e n t s 3.2. Starting to check ....................................................................... 26 3.3. Starting to update virus-definition databases.......................... 28 4. Anti-virus scanner: scanning and disinfecting......... 29 4.1. Starting scanner...........................
Page 5
C o n t e n t s 5.4.1. Cumulative settings............................................................. 54 5.4.2. Defining scanning and performance settings: scanner and daemon............................................................................... 55 5.4.3. Defining actions on infected and s...
Page 6: 10.
C o n t e n t s 7.6.3. Defining attributes of the notification .................................. 96 7.6.4. Log....................................................................................... 97 7.6.5. Communication between keeper and the daemon process ..........................................
Page 7: 11.
C o n t e n t s 10.5.2.1. The directory property window: selecting the required directory ......................................................... 123 10.5.2.2. The directory property window: objects to be checked ......................................................................... 124 10.5.2....
Page 8
C o n t e n t s 11.7.1. Daemon settings...............................................................159 11.7.2. Remote configuration of the daemon program...............161 11.7.2.1. The profile tuning window ......................................... 161 11.7.2.2. The objects page: location to be ...
Page 9: 12.
C o n t e n t s 11.10.3.5. The group: window sender page: notifications for the sender ............................................................................ 198 11.10.3.6. The group: window recipient page: messages to group recipients .............................................................
Page 10: 14.
C o n t e n t s 14. Control centre: scheduling the anti-virus performance ..............................................................................227 14.1. Function and features ...........................................................227 14.2. Running control centre ...........................
Page 11: 19.
C o n t e n t s 18.2. Other kaspersky lab antiviral products...............................289 18.3. Kaspersky lab contact information ......................................292 19. Index ................................................................................................293 10
Page 12: Attention!!!
11 chapter 1 attention!!! New viruses arise every day and if you want to keep your anti-virus fresh and capable, we strongly recom- mend you to update anti-virus databases at least every day (for more details see below). Moreover, make sure to update them right after you install the product on your ...
Page 13: Appendix C
I n t r o d u c t i o n allows detection and deletion of all currently known types of viruses and mailware codes including: • polymorphic or self-encoding viruses; • stealth or invisible viruses; • viruses for windows 9x, windows nt, unix, os/2; • new viruses for java applets; • macroviruses infecti...
Page 14: Server
I n t r o d u c t i o n when checking for viruses kaspersky anti-virus for xbsd mail server uses virus-definition databases that contain information al- lowing detection and deletion of many viruses. Kaspersky lab re- leases virus-definition database updates containing information about new viruses ...
Page 15
I n t r o d u c t i o n 1.2. Distribution kit what is in the distribution kit. License agreement. Reg- istration card. 1.2.1. What is in the distribution kit the distribution kit includes: • a sealed envelope with installation cd (or diskettes) with files of the software product; • user guide; • key...
Page 16
I n t r o d u c t i o n product to your kaspersky anti-virus dealer for a full refund, making sure the envelope with cd (or diskettes) is sealed. If you unsealed the envelope, you have agreed to all the terms of the la. 1.2.3. Registration card to register please fill the detachable coupon of your r...
Page 17: Convention Meaning
I n t r o d u c t i o n • phone and e-mail advice on matters related to your software in- stallation, configuration and performance; • information about new kaspersky lab products and new com- puter viruses (for those who subscribe to our newsletter http://www.Kaspersky.Com/subscribenow.Asp ). Kaspe...
Page 18: Convention Meaning
I n t r o d u c t i o n convention meaning note. Additional information, notes attention! Very important information to do this: … 1. Step 1. 2. … actions that must be taken • function of the con- trol —function of the control. Description of the settings tree [switch] —function of the switch. Comma...
Page 19
Chapter 2 2. Installing anti-virus 2.1. Software and hardware requirements what hardware and software do you need to run kaspersky anti-virus for xbsd mail server? In order to run kaspersky anti-virus for xbsd mail server you need a system that meets the following requirements: • a pc-compatible com...
Page 20: Tar Zxvf Archive_Name
I n s t a l l a t i o n 2.2. Backing up your installation diskettes if you purchased the kaspersky anti-virus for xbsd mail server package on installation diskettes (but not the cd) before installing the program on your computer, it is recommended that you back up those diskettes. Then, if during th...
Page 21: Pkg_Add Archive_Name
I n s t a l l a t i o n 3. Run installation of the kaspersky anti-virus workstation package by using the string pkg_add archive_name in the command line. For example, your command line may look like the following: pkg_add kav-workstationsuit-4.0.0.0- freebsd-4.X.Tgz the workstation for freebsd softw...
Page 22: /usr/local/etc/rc.D
I n s t a l l a t i o n 10. Move to the directory /usr/local/etc/rc.D and edit as required the following auto-start parameters for the kaspersky anti-virus for freebsd components in the file kavd.Sh : run_daemon="y" – launches the daemon program. Run_monitor="y" – launches the monitor program. Run_k...
Page 23: Keyspath
I n s t a l l a t i o n 4. Copy the .Key file from the installation cd (installation disk- ette) to the directory defined in the keyspath line of the file avpunix.Ini . The default .Key file directory is /etc . 5. Edit the basepath value defining the path to the virus-definition databases in the fil...
Page 24: Basepath
I n s t a l l a t i o n when started, the program searches for the file avpunix.Ini in the directories listed above one after another. If the file is not detected there, the program begins to look for it in the current directory! If required, you may edit the file (for details of the ini file see ap...
Page 25: /tmp
I n s t a l l a t i o n 2.4.2. Editing the path to temporary files if you want your anti-virus scanner and the daemon process while checking for viruses to place temporary in a directory that is different from /tmp (the default directory for temporary files), define the desired directory by follow- ...
Page 26: Defaultprofile
Chapter 3 3. Running anti-virus 3.1. Changing scanning settings how to change scanning settings. Using command line switches and profiles. To use various features of kaspersky anti-virus for xbsd mail server, you must define: • objects to be checked; • how to handle those objects; • advanced scannin...
Page 27: /root
R u n n i n g • first—by means of the configuration program called tuner (see chapter 10) or the remote configuration program called webtuner (see chapter 11). • second—by opening and editing a profile in any text editor (see subchapter 5.2). For various situations, you may define different settings...
Page 28: ./kavscanner
R u n n i n g ./kavscanner when started, the scanner automatically loads settings from the file de- fined by the defaultprofile parameter in avpunix.Ini . The default file name is defunix.Prf , a sample of which is supplied with kaspersky anti-virus for xbsd mail server . If your package doesn’t con...
Page 29: Www.Kaspersky.Com
R u n n i n g 3.3. Starting to update virus- definition databases sources of updates for your virus-definition databases. An example of how to use updater. You may acquire updates for your virus-definition databases via the inter- net or from kaspersky lab dealers. The main address for updates is ht...
Page 30
Chapter 4 4. Anti-virus scanner: scanning and disinfecting 4.1. Starting scanner starting the scanner from the command line or from a script file. Using exit codes. To periodically check for viruses in your computer you must start scanner. This program may be started from the command line or from th...
Page 31: Switchn]
S c a n n e r ./kavscanner [switch1] [switch2] [...] [switchn] [path] [filemasks] where: [ switchn] is the optional switch in the scanner command line, [path] is the optional xbsd path that defines the location to be checked [filemasks] are the optional xbsd file masks that define the files to be ch...
Page 32: Yes
S c a n n e r when you create a profile for your scanner on the boot diskettes, make sure to define yes for the usememoryfiles parameter (for details of this parameter see subchapter 5.4.2). 4.2. Searching for viruses and deleting them actions to be taken regarding infected objects. Recom- mendation...
Page 33: Desinfect
S c a n n e r puter hard disk. If there is no way to do so, select to desinfect the file. After the file is disinfected, your anti-virus scanner will suggest restart- ing the program and will shutdown. If your anti-virus scanner is not infected, after the self-check, it will begin checking for virus...
Page 34: Report Only
S c a n n e r if your anti-virus scanner was preset to ask for instructions on how to handle infected objects, after detection of such an object it will display the object’s name, the vi- rus name and will ask you to choose the method to handle this object. For example, the inquiry string may look s...
Page 35: Disinfect
S c a n n e r to select the default method you may press the key with its capital let- ter or the key (that means ok). To select one of the other methods press the key with its capital letter. For example, to disinfect the object you must press the i key. If your system sector is infected (boot, mbr...
Page 36: The Following Query:
S c a n n e r 4.2.3. Handling corrupted objects as we mentioned already, infected objects sometimes cannot be disin- fected because some viruses change the data irreversibly. Objects that were infected in such a way must be deleted. If the program is not able to desinfect an object, it will display ...
Page 37: Newvirus@kaspersky.Com
S c a n n e r the anti-virus scanner does not disinfect mail databases and plain mail files, but you may use keeper to delete viruses from mail mes- sages (see chapter 7). The scanner does not disinfect and delete in- fected objects, if they are archived, but you may try the following method to disi...
Page 38: Known Viruses
S c a n n e r when the check is finished, the program displays statistics about objects that have been checked and viruses that have been detected and deleted. The statistics table is divided into two columns: • its left column displays values for objects that have been checked: sectors, files, dire...
Page 39: Location To Be Checked
Chapter 5 5. Anti-virus scanner and daemon process: using switches and profiles 5.1. Scanning settings what to check? Where to check? How to handle in- fected objects?… prior to checking for viruses in your computer you must define: • location to be checked : system sectors including: boot sector, m...
Page 40: Objects to Be Checked:
D e f i n i n g s e t t i n g s • objects to be checked: packed files, archives, mail databases, local mail boxes of the most commonly used messaging sys- tems, files of various types. • actions to be taken on infected objects: they may be disin- fected or deleted, or copied to another directories. ...
Page 41: Regular Check.
D e f i n i n g s e t t i n g s when setting your scanner for different purposes you may use various configuration methods: • regular check. You may preset scanner for some regular checks; e.G. For daily preventative checks, for an extremely thor- ough check of a diskette etc. For these purposes you...
Page 42: Names
D e f i n i n g s e t t i n g s the location to be checked must be defined in the names line of the [object] section of a profile. A profile may have more then one [object] section for several different locations to be checked. In addition, for every loca- tion you can define different check setting...
Page 43: Yes
D e f i n i n g s e t t i n g s for the program to cross filesystem borders, type yes in the crossfs line of the [object] section. Otherwise, type no . The crossfs parameter corresponds to the command line switch -c[-] . The switch -c disables and the switch -c- enables your anti-virus scanner to cr...
Page 44: [Ob-
D e f i n i n g s e t t i n g s objects to be checked must be defined in the appropriate lines of the [ob- ject] section of a profile. 5.3.2.2. Sectors the sector check function under your operating system may be not available. To scan (ignore) sectors within the selected location, type yes ( no ) f...
Page 45: Filemask
D e f i n i n g s e t t i n g s .Exe, .Fpm, .Hlp, .Hta,.Htm, .Htt, .Ini, .Js, .Jse, .Lnk, .Mbx, .Md*, .Msg, .Msi, .Ocx, .Otm, .Ov*, .Php, .Pht, .Pif, .Plg, .Pp*, .Prg, .Rtf, .Scr, .Shs, .Sys, .Tsp, .Vbe, .Vbs, .Vxd, .Xl*. • 2 — scans every file of every type (this value is equal to the mask *.*) . T...
Page 46: Xf=Filemasks
D e f i n i n g s e t t i n g s this parameter corresponds to the command line switch - xf=filemasks , where filemasks must be substituted with the file masks to be excluded from the check. 3. In the excludedir line define directories to be excluded from the check and separate them by commas or spac...
Page 47: Temppath
D e f i n i n g s e t t i n g s the unpacking engine unpacks files that have been packed by various ver- sions of the most popular utilities: diet, pklite, lzexe, exepack etc., to temporary files so the anti-virus scanner can check them. When the check is completed the temporary files are deleted. T...
Page 48: To Enable
D e f i n i n g s e t t i n g s will be inactive and therefore invisible to you, but some day the virus may break loose and ruin your system. To enable the extracting engine : 1. Type yes in the archives line of the profile. Otherwise, type no . 2. Type yes in the selfextarchives line of the profile...
Page 49: Yes
D e f i n i n g s e t t i n g s kaspersky anti-virus for xbsd mail server checks mail databases of the following formats: • microsoft outlook, microsoft outlook express (*.Pst and *.Pab files, a type of ms mail archive); • microsoft internet mail (*.Mbx files, a type of ms internet mail ar- chive); ...
Page 50: Server
D e f i n i n g s e t t i n g s while scanning plain mail files kaspersky anti-virus for xbsd mail server searches in every file for the message header, and then checks for viruses in the attached data (uuencode, xxencode etc.). 5.3.2.7. Embedded ole objects to check for viruses in ole objects embed...
Page 51: Infectedaction
D e f i n i n g s e t t i n g s 0 in the infectedaction line of the profile corresponds to the com- mand line switch -i0 . • 1 — displays the inquiry about how to handle the infected object (see subchapter 4.2.2). This value is advisable since for scanner program in this case, when an infected objec...
Page 52: Ifdisinfimpossible
D e f i n i n g s e t t i n g s 0 in the ifdisinfimpossible line corresponds to the command line switch –i2s . • 1 — deletes unrecoverable objects. 1 in the ifdisinfimpossible line corresponds to the command line switch –i2d . You can preset the program to copy infected and suspicious objects to sep...
Page 53: Or Modified Viruses,
D e f i n i n g s e t t i n g s • redundant scanning tool checks not just the entry points into a file that are used by the system when processing, but the entire contents of the examined files. In most cases a virus registers it- self in the entry point of a file with a reference to its body that i...
Page 54: Com
D e f i n i n g s e t t i n g s where is replaced by one of the following strings: • com —the file seems to be infected by a virus that infects .Com files; • exe —the file seems to be infected by a virus that infects .Exe files; • comexe —the file seems to be infected by a virus that infects both .C...
Page 55: Yes
D e f i n i n g s e t t i n g s that aren’t yet in the database will be detected with the same degree of probability. To enable the redundant scanning tool, type yes in the redundantscan line of the profile. This parameter corresponds to the command line switch -v[-] . The switch -v enables and the ...
Page 56: [Cus-
D e f i n i n g s e t t i n g s you can define the following general settings: • general parameters of scanning and performance of the anti- virus scanner (see subchapter 5.4.2). • methods to handle infected, suspicious and corrupted objects (see subchapter 5.4.3). • generation of the check report a...
Page 57: Yes
D e f i n i n g s e t t i n g s 1. Type yes in the updatecheck line of the [customize] section of a profile. 2. Decide how often do you want to see a message reminding you to update your virus-definition databases. Type the inter- val (in days) between two displays of the message in the up- datesint...
Page 58: Tended Exit Codes,
D e f i n i n g s e t t i n g s to be reported about the performance results using the ex- tended exit codes, type yes in the useextendedexitcode line of the [customize] section of a profile. Otherwise, type no . Defining general settings for the scanning operations to skip data on the removable dis...
Page 59: Symlinks
D e f i n i n g s e t t i n g s 1 in the symlinks line corresponds to the command line switch -lh . • 2 — check files and directories available via the symbolic links. 2 in the symlinks line corresponds to the command line switch -ll . The four [options] section's parameters below are for the scanne...
Page 60: Yes
D e f i n i n g s e t t i n g s this setting will be used only if you entered a positive value ( yes ) in the usememoryfiles line of the [tempfiles] section. 3. To limit the size of files to be extracted in the memory (see subchapter 5.3.2.5), define the maximum size (in kb) for this type of tempora...
Page 61: [Actionwithinfected]
D e f i n i n g s e t t i n g s to copy infected files to a separate folder, in the [actionwithinfected] section of a profile: • type yes in the infectedcopy line. • define a path to the folder for infected files in the infectedfolder line. The default folder is /infected . To copy suspicious files ...
Page 62: Files,
D e f i n i n g s e t t i n g s to change extensions of infected, suspicious and corrupted files, in the sections listed above: • type yes in the changeext lines. • define the target extension for the files in the newextension line. For example, you may type vir for infected files, susp for suspi- c...
Page 63: Yes
D e f i n i n g s e t t i n g s to create a log file for the program reports: 1. Type yes in the report line. 2. Define the name of your log file in the reportfilename line. The default value is report.Txt . If you prefix the file name with the character " ~ ", the file will be cre- ated in your hom...
Page 64: Yes
D e f i n i n g s e t t i n g s your text editor, type yes for the above parameter and the program will use both separators (carriage return and linefeed) in your log file. To define the file for storing check-reports, you may use the com- mand line switch -w[t][a][+][=filename] , where filename is ...
Page 65: Yes
D e f i n i n g s e t t i n g s to add more details to the report, type yes in the extreport line. Use the below parameters to define optional information that will be added to the report: • writetime – reports the date and the time when the program messages were displayed. Type yes to enable these ...
Page 66: Kavdaemon
Chapter 6 6. Daemon process: integrating anti-virus protection in clients 6.1. Features of the daemon program describing functions and features of the program. The daemon anti-virus process, kavdaemon , is designed to integrate anti- virus protection (search and deletion of viruses) in client softwa...
Page 67
D a e m o n tems must be promptly checked for viruses, and this is the task that can be accomplished with the daemon process. Daemon has all the features of anti-virus programs designed for other plat- forms, and allows checking for viruses in all file types (including archives, packed and plain mai...
Page 68: [Switch…]
D a e m o n ./kavdaemon [switch1] [switch2] [...] [switchn] [path] where [switch…] is the optional command line switch of the daemon program; [path] is the optional xbsd path that defines the location to be checked. The meaning of path in the daemon command line differs from that of the scanner prog...
Page 69: -F=Directoryname
D a e m o n -o{the list of files, directories or symbolic links separated by colons} checks the defined files, directories and links. If the objects are not lo- cated in the check-permitted area, they will be ignored. -f=directoryname creates and stores the files avpctl and avppid in the defined dir...
Page 70: Kavdaemon
D a e m o n for the daemon program to be started correctly the initialization file, avpunix.Ini (see appendix b), must be located in a directory together with the daemon module. If you decide to move the executable file, kavdaemon , to some other directory, avpunix.Ini must be copied there as well a...
Page 72
D a e m o n 4 bytes read containing a size of the shared memory with the disinfected object. This value may be present only if during the transfer the flag was switched to the value 3 (or 1) and the exit code is 5. In this case you must open the shared memory and rewrite the examined object from it....
Page 73
Chapter 7 7. Keeper: scanning smtp traffic in mail systems: sendmail, qmail, postfix and exim 7.1. Features of the keeper program describing functions and features of the program. Keeper is designed to handle viruses in incoming and outgoing smtp traf- fic. The program is built into the mail server ...
Page 74
K e e p e r this book does not describe the sendmail, qmail, postfix and exim mail systems and their performance concept . If you have any ques- tions related to these programs, refer to the corresponding documen- tation . Right after you install the program on a server (see chapter 2) you must inte...
Page 75: These Steps:
K e e p e r • the program logs the performance report to the predefined file (see subchapter 7.6.4). Its is strongly unadvisable to perform integration of kaspersky anti- virus for xbsd mail server with your mail system (one of the above listed) via keeper while the system is up and running. It may ...
Page 76: /etc/mail
K e e p e r • create the sendmail.Cf file by entering the following string: m4 kaspersky-av.M4 > sendmail.Cf • copy the sendmail.Listen.Cf and sendmail.Cf files to the directory /etc/mail . 2. Use the webtuner program to redefine the keeper configura- tion: • on the main page (see subchapter 11.10.2...
Page 77: /usr/local/share/avp
K e e p e r • /usr/local/share/avp is the directory for the kaspersky anti- virus for xbsd mail server distributive package files. • /usr/local/share/avp/kavkeeper is the directory for the keeper files. • /usr/local/share/avp/kavkeeper/sendmail-cf is the directory for the advanced setting files and ...
Page 78: These Steps:
K e e p e r to integrate keeper into the qmail system manually, follow these steps: 1. Rename the qmail-queue file located in the directory /var/qmail/bin/ into qmail-que . 2. Copy the qmail-queue from the directory /usr/local/share/avp/kavkeeper/ to the directory /var/qmail/bin , or create the corr...
Page 79: Low These Steps:
K e e p e r 7.4. Integrating anti-virus with postfix step-by-step integration. Integration of kaspersky anti-virus for xbsd mail server with the postfix mail system can be implemented by starting the install-postfix script-file or manually. To integrate the program manually you must first start the ...
Page 80: Filter
K e e p e r 4. Create the filter user by entering the following string: adduser filter 5. Create a home directory for this user by entering the following strings: mkdir /var/spool/filter chown filter.Filter /var/spool/filter for a sample of a postfix configuration file refer to subchapter 16.14 of a...
Page 81: These Steps:
K e e p e r 7.5. Integrating anti-virus with exim step-by-step integration. Integration of kaspersky anti-virus for xbsd mail server with the exim mail system can be implemented by starting the install-exim script-file or manu- ally. To integrate the program manually you must first start the webtune...
Page 82: Main
K e e p e r 3. Use the webtuner program to redefine the keeper configura- tion: • on the main page (see subchapter 11.6.2): ° specify the following working path for the sender mailer, recipient mailer and admin mailer pa- rameters: smtp: (/usr/sbin/exim –bs –c /etc/exim/exim.Conf) ° enter the host n...
Page 83: Default Config
K e e p e r 7.6. Customizing keeper changing configuration of the keeper program. 7.6.1. General concept keeper loads settings from the initialization file . The file may be edited from the webtuner program (for details refer to subchapter 11.10 ). To do this: 1. Launch the webtuner program (for det...
Page 84: Example 1
K e e p e r • deliver a disinfected message to the recipient’s mailbox (see subchapter 7.6.2.4.3); • pass an infected message without disinfecting to the re- cipient’s mailbox (see subchapter 7.6.2.7). • filtering mail messages according to their attachments (see subchapter 7.6.2.5). • forwarding in...
Page 85
K e e p e r • communication between keeper and the daemon process (see subchapter 7.6.5). Keeper operates with the rights of the user running the mail system (sendmail, qmail, postfix or exim). If this user is authorized to ac- cess os files and you failed to define the correct path to the log file ...
Page 86: еð³
K e e p e r group and define the appropriate processing rules for this group (for exam- ple, if you need to apply a certain processing rule exactly for the messages delivered from ег @localhost.Ru  to 123@localhost2.Ru ). the default  address group is mandatory for the keeper address g...
Page 87
K e e p e r figure 1. Keeper: processing a mail message 7.6.2.2. The address group and the to/from addresses in order for the keeper program to process incoming and/or outgoing mes- sages belonging to a certain user’s address list, you must use the web- tuner program to create an address group, add ...
Page 88: Group
K e e p e r to create an address group, follow these steps: 1. On the group page (see subchapter 11.10.3.1), press the add button. 2. Enter the group name in the name text field of the add new group dialog box on your screen. 3. Press the add button. The group name will be added to the group list. 4...
Page 89: Groups
K e e p e r 1. On the groups page (see subchapter 11.10.3.1), select the required group name and press the properties button. 2. On the masks page of the dialog window on your screen (see subchapter 11.10.3.2), check the check this group check box and press the accept button in the right upper corne...
Page 90: Add Report
K e e p e r figure 2. The notification as it looks in the recipient mailbox • notification of an infected message with the message attached to it (see figure 3 and figure 4); • notification of an infected message and the message disinfected (if possible) and attached to it (see figure 5 and figure 6...
Page 91: Recipient
K e e p e r figure 3.The notification as it looks in the recipient mailbox to send notification of an infected message and the message disinfected (if possible) and attached to it, follow these steps: 1. On the recipient page, check the add report check box for the infected object type, and select r...
Page 92
K e e p e r the program will send notification to the recipient with the disinfected mes- sage attached to it. If the object could not be disinfected, it will be deleted. Figure 5.The notification as it looks in the recipient mailbox figure 6. The message disinfected and attached to the notification...
Page 93: Follow The Steps:
K e e p e r to set the program to block all incoming infected messages, follow the steps: 1. On the masks page (see subchapter 11.10.3.2), check the check this group check box for the selected address group. 2. On the administrator page (see subchapter 11.10.3.4), check the isolator and the send not...
Page 94: Recipient
K e e p e r 3. On the recipient page: • check the block mail check box for the infected ob- ject type and select unchanged from the corresponding object action drop-down list; • check the add report check box for the cured ob- ject type and select cured from the corresponding ob- ject action drop-do...
Page 95: Attach File
K e e p e r you specify objects to be processed using rules that are de- fined for the filtered files. 2. In the attach file and attach mime-type text fields, define the file type and the mime type (respectively) to be ex- cluded from the check. To enable filtering by attachment size, enter the maxi...
Page 96: Group Administrator Address
K e e p e r • enter the administrator email address or the alias in the group administrator address text field; • define the full path to the quarantine directory in the iso- lator path text field and press the accept button in the right upper corner. The administrator will be notified of all infect...
Page 97: Sender
K e e p e r 2. On the sender page, check the send notify check box for the infected object type and select none from the cor- responding object action drop-down list. Senders of infected messages will be notified of viruses that were detected in their messages without reference to whether the messag...
Page 98: Log
K e e p e r 7.6.4. Log keeper might be set to log all the actions applied to the mail messages. Use options on the webtuner log page to define the keeper reporting set- tings (for details refer to subchapter 11.10.5). Keeper does not log information about viruses detected and the check statistics. F...
Page 99: –
K e e p e r edit the settings, use the webtuner program (for details refer to subchapter 11.10). The following command line switches are available: – с database_name sets keeper to use the defined settings base. –h displays the list of command line switches. –v displays the program version number. 9...
Page 100
Chapter 8 8. Anti-virus monitor: monitoring the system for viruses 8.1. Features and functions function and features of the program. Monitor is used under freebsd operating system only! Monitor has been developed to check for viruses in files every time they are opened, saved or executed. The progra...
Page 101: Kavmon
M o n i t o r • log the performance results to a log file. Monitor is a client program of the daemon process. Therefore, in order to run monitor you must also install and customize daemon. 8.2. Assembling and configuring discussing the file monitoring technology. Editing the monitor configuration fi...
Page 102: /usr/local/sbin
M o n i t o r right before a file within the freebsd filesystem is opened, recorded or executed it is intercepted by the anti-virus module and transferred to moni- tor. The monitor processes the file and transfers its name to the daemon process, which checks for viruses in the file. If the file is n...
Page 103: Report File
M o n i t o r the program configuration file contains two sections: the report file section allowing you to define the program reporting mode and options section with parameters defining the program performance. When a file is processed and saved to the hard disk, monitor returns the appropriate exi...
Page 104: Writeexcludemask
M o n i t o r • writeexcludemask —the full path to the directory with files to be ig- nored when saved. You can enter more than one path in this line, but make sure to separate them by colons. For example: writeexcludemask /etc:/var/log • execexcludemask —the full path to the directory with files to...
Page 105: Opencachesize
M o n i t o r size where monitor will store these file names. It must be done by using the opencachesize parameter. Your cache size depends on your computer ca- pacity. Select the size that will allow your monitor cache to store names of all files that are opened for writing in your system at any ti...
Page 106: Append
M o n i t o r • append —type yes to append a new report to the contents of the log file. To overwrite the report with the new one, type no . Right after launched the monitor program runs in the interactive mode with the performance results displayed on your screen. If you do not want to view the mon...
Page 107: Report File
M o n i t o r 3. Edit as required the monitor configuration file monitor.Conf (for details refer to subchapter ), if it was not done before. 4. Launch the monitor program with a path to the program con- figuration file in the command line. For example, enter: ./usr/local/sbin/kavmonitor /etc/avp/mon...
Page 108: Error…
M o n i t o r if you cannot load the kavmon kernel anti-virus module and see a message similar to the following on your screen: exec format error… check the module version number. The module version must corre- spond to the version of your freebsd kernel, otherwise you will not be able to start the ...
Page 109: Directory",
M o n i t o r if when launching the monitor you see the following message on your screen: "error opening daemon socket: no such file or directory", this means that the daemon process is not running or is set to use the wrong socket. In the daemon program configuration file, define the path to the so...
Page 110
Chapter 9 9. Slogan: processing and summarizing the performance reports 9.1. Features and functions function and features of the program. The slogan program is developed to process and summarize data within the performance reports of the scanner and the daemon programs. Slogan performs the following...
Page 111: [Switchn]
S l o g a n 9.2. Launching slogan starting the program from the command line. To launch slogan, the log processing and summarizing program, enter its name and the required switches in the command line: ./slogan [switch1] [switch2] […] [switchn] where [switchn] is the slogan optional command line swi...
Page 112: -Ds Dd.Mm.Yyyy
S l o g a n the program includes several templates *.Tm , to be used by slogan when summarizing logs data (for details of the templates see subchapter 16.7 appendix b). By default the program generates the summary report using template.Tm (see figure 10) and this report is similar to the one describ...
Page 113: -Tt Filename
S l o g a n -e this switch allows use of the english language in the summary reports. By default , the slogan report language is defined by the appropriate settings of your operating system. -tt filename this switch enables the program monitoring/real time mode (for details refer to subchapter 9.3)....
Page 114: -R Sec
S l o g a n -r sec the required refresh rate of the slogan real-time statistics screen. For example, for the screen to be updated every thirty seconds you must enter the command line switch -r 30 . By default the screen is updated every second . -fast this switch allows you to display only the end o...
Page 115: Disinfections Failed
S l o g a n • disinfections failed —unrecoverable objects detected. • deleted —objects deleted. • warnings —modified and corrupted viruses detected. • the end of the monitored log file. The key combination trl +c> allows to exit the real time monitoring mode. Figure 11. Slogan in the real time monit...
Page 116
Chapter 10 10. Tuner: customizing scanner and daemon 10.1. Features and functions function and features of the program. Tuner, the customization program, allows you to create and edit profiles, i.E. Files containing a certain set of predefined settings of the anti-virus scanner and the daemon proces...
Page 117: [Switch1]
T u n e r 10.2. Launching tuner starting the program from the command line. Available command line switches. The general format of the tuner command line is: ./kavtuner [switch1] […] [switchn], where [switch1] is the optional command line switch (see below) . When starting tuner you can use the foll...
Page 118: File
T u n e r -e this switch enables the program to generate reports, text messages etc. In english. 10.3. Interface discussing the interface. The page functions. When you start the program its main window appears on your screen. The main window is divided into the following two panes: menu bar and work...
Page 119: To Switch to Another Page,
T u n e r to switch to another page, select its name in the settings menu or press the lt > key and a key with the letter that is highlighted in the name of the page. To switch to the next page, select next page in the settings menu. To switch to the previous page, select previous page in the settin...
Page 120: Save Profile As…
T u n e r 10.4. Creating, editing and saving a profile creating, editing and saving a profile using the customi- zation program. For your anti-virus scanner to use values that you defined in the working area of the customization program, you must save them to a profile. To create a new profile, foll...
Page 121: Cancel
T u n e r when started the program loads the default profile (its name is specified in the .Ini file) or the file defined in the command line (see subchapter 10.2). 2. Select load profile... In the file menu. The load profile... Dia- log will appear on your screen. 3. In the files list select the di...
Page 122: Location
T u n e r 10.5. The location page defining the location to be checked. The settings defined for a separate directory to be checked for viruses. 10.5.1. Defining the location to be scanned for viruses in the location page (see figure 12) you can define the list of directories to be scanned for viruse...
Page 123: Add
T u n e r to define the location to be checked, create the list of directories to be checked for viruses. This is a general list of directories to be checked. The directories that should be checked are prefixed with " + ", and the directories that should be skipped are prefixed with " - ". To edit a...
Page 124: Property
T u n e r you do not have to remove a directory from the list. Just use the pace > key to disable its prefix (" + " or " - "). This is very useful if you have saved your settings to a profile (see subchapter 10.4). In this case you do not need to remove directories from the list and add them again. ...
Page 125: Property For…
T u n e r 3. Buttons at the bottom of the property for… window allow you to do the following: • accept — applies the defined settings to the directory selected on the location page. • accept to all — applies the defined settings to the loca- tion to be checked (the entire list of directories defined...
Page 126: Objects
T u n e r figure 13. The objects page files — check this box to scan for viruses in files. If you checked this box, you must select the file types to be checked. For details of how to do this see below. Packed files — check this box to scan for viruses in packed ex- ecutable modules (for details see...
Page 127: Embedded
T u n e r scanning rate. Therefore, we do not recommend their use in a regu- lar check for viruses. Kaspersky anti-virus for xbsd mail server does not delete vi- ruses from archives, mail databases and plain mail files. Embedded — check this box to check for viruses in ole objects embedded in the ex...
Page 128: All Files
T u n e r to make sure there is not virus in the location to be checked, it is advisable to scan all the files (the all files option). Exclude directories — check this box to enable the program to ignore the files defined in the below text field. Enter the corre- sponding directories in the below te...
Page 129: Display Disinfect Dialog
T u n e r display disinfect dialog — displays the inquiry about how to handle the infected object. The program will suggest to disinfect the object (for recoverable objects) or to delete it (for unrecover- able objects). Disinfect automatically — disinfects infected objects without asking first. For...
Page 130: Code Analyzer
T u n e r code analyzer — check this box to enable the heuristic detect- ing tool searching for unknown viruses. Figure 15. The options page sometimes a file may be infected in the so called "incorrect" way and turns out to be "under-treated", what means that it’s recovered but the virus isn't cut o...
Page 131: Options
T u n e r 10.6. The options page options located on the options page. Options on the options page of the tuner main window (see figure 16) allow you to define the scanning settings applied to the entire list of directo- ries to be checked (the cumulative location to be checked). The options page cor...
Page 132: Scan Subdir At End
T u n e r define the following settings: scan subdir at end — check this box to scan subdirectories in the last place (after all the other predefined objects have been scanned). Scan removable — check this box to scan for viruses on the removable disks. The following option is not displayed when you...
Page 133: Scan Delay
T u n e r scan delay – enter the interval between two loops (in seconds). This parameter is used only if you checked endlessly scan check box. If the scan delay value is equal to 0 , there will be no interval between the loops! 10.7. The report page options located on the report page. Options on the...
Page 134: Use Syslog
T u n e r check-results to a file. In the below text field define the file name. By default the log file name is report.Txt . Use syslog — check the box to log the performance reports in the system log. The checked use syslog box automatically suppresses the following parameters: reportfilename , ap...
Page 135: Report Create Flag
T u n e r to define access attributes of the log file to be created, report create flag — define the target attribute mask in this text field. For example, the value 600 assigns the following attributes to the file: read by owner and write by owner ). The showing button on the report page allows you...
Page 136: Show Pack Info In The Log
T u n e r use the below check boxes to define optional information that will be included in the report: show clean object in the log — check this box to be reported about the examined virus-free objects. Show pack info in the log — check this box to be reported about the examined packed executable f...
Page 137: Handle Infected Files:
T u n e r use the below check boxes to define how the program must handle infected files: copy to infected folder — check this box to copy infected files to a separate folder. In the below text field define a path to the folder for infected files. The default folder is infected (it is located in the...
Page 138: Files:
T u n e r use the below text fields to define access attributes of infected files: 1. Chown to — to change the name of the owner of infected files that the program failed to disinfect, enter the target name in this text field. The default value is none meaning that the pro- gram does not change the ...
Page 139: Redundant Message
T u n e r redundant message — check this box to be asked for confir- mation when enabling the redundant scanning tool. Figure 20. The customize page this setting will be used only for the directory to be checked with enabled redundant scanning tool (see subchapter 10.5.2.4). "delete all…" message — ...
Page 140
Chapter 11 11. Webtuner: remote administration program 11.1. Functions and features discussing the program features. Webtuner is developed to administrate kaspersky anti-virus for xbsd mail server, i.E. To change settings and launch the package components locally or from a remote location. Managemen...
Page 141
W e b t u n e r • keeper (see subchapter 11.10). • webtuner (see subchapter 11.6). Keeper and webtuner cannot be started using webtuner. 11.2. General concept of the program performance features and the operation sequence of the program performance. Webtuner is developed to remotely administrate kas...
Page 142
W e b t u n e r after you installed the web server and webtuner and defined correspond- ing access-rights you can use the webtuner program to administrate kaspersky anti-virus for xbsd mail server. To do this, start your web- tuner using your web browser. The flowchart below illustrates the chain of...
Page 143: /usr/local/share/avp/httpd
W e b t u n e r the web server that is supplied together with the program distribu- tive supports ssl. 2. The web server prompts for the webtuner user login and the password. 3. The system verifies your login and password against the list of authorized users. If these are detected in the list, you a...
Page 144: Settings/
W e b t u n e r settings/ — the subdirectory containing the webtuner configuration files. Tmp/ — the subdirectory for temporary files generated by web- tuner. Log/ — the directory containing the web server reports. 11.3.2. Setting up the web server and webtuner web server and webtuner, the remote ad...
Page 145: Charset
W e b t u n e r • charset —the table of symbols to be used in the mime text. • pid_file —path to the web server .Pid file. For example, pid_file = /var/run/_httpd.Pid • log_file —path to the web server log file. For example, log_file=/usr/local/share/avp/httpd/log/_httpd • use_ssl — yes in this line...
Page 146: Filename
W e b t u n e r htpasswd [-c] filename username , where: • filename is a name of the .Htpasswd file; • username is the user password for the web server ; • [-c] is the optional switch enabling creation of the new access file. If the switch is missing, the new file will not be created and the data wi...
Page 147: /etc/init.D
W e b t u n e r 1. To enable the web server to start automatically when you started the xbsd operating system, place the script _http.Init into the directory /etc/init.D , and then add the corresponding symbolic link to the required start level using the ntsysv and chkconfig utilities or by the comm...
Page 148: /usr/local/share/avp/httpd,
W e b t u n e r 7. To be able to review anti-virus performance reports from webtuner, copy slogan (if not installed), supplied in the kaspersky anti-virus for xbsd mail server package, and the files web_new_template.Tm and web_template.Tm, located in the directory /usr/local/share/avp/httpd, to the ...
Page 149: Conf/
W e b t u n e r • read and execute files within the directory containing the web server configuration file ( conf/ ); • execute files within the directory bin/ . 2. Define the new user name in the user line of the file _httpd.Conf located in the directory conf/ . Note, that if the server is started ...
Page 150: These Steps:
W e b t u n e r server. In this connection, you are able to call up webtuner from a com- puter with a preinstalled web browser. To launch webtuner, the remote administration program, follow these steps: 1. Start your web browser. 2. Enter the string https://your_server_name:port (where your_server_n...
Page 151
W e b t u n e r if you succeed the program main window will appear on your screen. This window allows remote administration of the kaspersky anti-virus for xbsd mail server components. 11.5. Interface discussing the interface. When you start the program the main window appears on your screen (see fi...
Page 152: Select
W e b t u n e r to select a program from the list, 1. Highlight it with your left mouse button. 2. Press the select button, if your browser does not support java script or the java script support is disabled. For web browsers supporting java script you do need to use this button. When you selected t...
Page 153: Webtuner Configure
W e b t u n e r 11.6. Defining the configuration of webtuner defining the configuration of the webtuner program. Defining remote management settings. 11.6.1. Webtuner settings attention! If you enter incorrect values for any parameter using webtuner, it may result in the abnormal performance of the ...
Page 154: Webtuner Configure
W e b t u n e r figure 24. The webtuner main window with webtuner selected in the list the webtuner configure window (see figure 25) will appear on your screen. The window contains hyperlinks allowing you to display the follow- ing pages: • the main page items allow you to define the contents of the...
Page 155: Main
W e b t u n e r 11.6.2. The main page: webtuner performance settings for your webtuner to operate correctly, you must define its main perform- ance settings located on the main page (see figure 25) of the webtuner configure window. Figure 25. The main page to insure correct performance of the webtun...
Page 156: Browse
W e b t u n e r 2. Enter the full path to the kaspersky anti-virus for xbsd mail server directory in the kaspersky anti-virus directory text field. You can do this manually or by using the browse button. The default path is: /usr/local/share/avp/ 3. Enter the name of the kaspersky anti-virus for xbs...
Page 157: Add
W e b t u n e r figure 26. The modules page to add an item to the list, follow these steps: 1. Press the add button. 2. Enter the new module name in the name text field of the add new module window on your screen. 3. Press the add button. The new module will appear in the list. To remove an item fro...
Page 158: Properties
W e b t u n e r by removing an item from the list you disable the remote administra- tion of the corresponding kaspersky anti-virus for xbsd mail server software package component from webtuner! To define the properties of a module, follow these steps: 1. Select the required module from the list wit...
Page 159: Report Exec Str
W e b t u n e r tuner main window with the corresponding program se- lected from the programs list. • report exec str – the string defining availability and the address of the view report hyperlink that appears in the webtuner main window with the corresponding pro- gram selected from the programs l...
Page 160: Run
W e b t u n e r 11.7. Webtuner: administering daemon webtuner for the daemon process. Editing the profile, launching the program and reviewing the log. 11.7.1. Daemon settings webtuner allows you to remotely administrate the daemon program, i.E. To edit the program profile, to launch it and to revie...
Page 161: Config
W e b t u n e r figure 28. The webtuner main window: daemon is selected to edit another profile, follow these steps: 1. Click the config hyperlink. 2. Select the required profile from the drop down list in the win- dow on your screen and press the open button. 3. Edit the daemon settings using appro...
Page 162: View Log
W e b t u n e r to display the performance report, click the view log hyperlink (for details refer to subchapter ). Functions of the select , show all and hide buttons are similar to those described in subchapter 11.5. 11.7.2. Remote configuration of the daemon program 11.7.2.1. The profile tuning w...
Page 163: Customs
W e b t u n e r • the customs page items allow you to define the ad- vanced scanning settings (for details refer to subchap- ter 11.7.2.6). • buttons (apply to all the pages): • save – saves the defined settings to the default profile. • save as… – saves the defined settings to a profile dif- ferent...
Page 164: These Steps:
W e b t u n e r to define scanning settings for the selected directory, follow these steps: 1. Press the properties button. 2. Edit settings for the selected directory in the window on your screen. The window contains tabs allowing you to switch to the following pages: • the objects page allows you ...
Page 165: Checked,
W e b t u n e r to change an item’s status within the list of directories to be checked, you must use the change stat button. You may select one of the fol- lowing options for the item: • item must be skipped during the check (prefixed with " – "). • item must be checked for viruses (prefixed with "...
Page 166: Options
W e b t u n e r 11.7.2.3. The options page: scanning set- tings the options page items allow you to define the scanning settings to be applied to the entire list of directories to be checked (for details see sub- chapter 11.7.2.2. The page options and their functions are similar to those described i...
Page 167: Report
W e b t u n e r to move between the subpages use the arrow buttons and lo- cated in the upper right corner of the page. Figure 30. The actions page 11.7.2.5. The report page: reporting set- tings the report page allows you to define the format of the daemon program reports. The page options and thei...
Page 168: Customs
W e b t u n e r 11.7.2.6. The customs page: advanced scanning settings the customs page items allow you to define advanced program perform- ance settings for the entire list on the objects page. The page options and their functions are similar to those described in sub- chapter 10.9. 11.7.3. Launchi...
Page 169: Run
W e b t u n e r figure 31. Daemon is starting for the first time to start the daemon process, follow these steps: 1. Press the run button. 2. The daemon starter (see figure 32) will appear on your screen. In this window, enter the path to the directory with the socket file (supporting communication ...
Page 170
W e b t u n e r figure 32. Daemon start parameters figure 33. Daemon starting log 169.
Page 171: Daemon Starter
W e b t u n e r starting the daemon process for the second (third, fourth…) time in this case the daemon starter window (see figure 34) on your screen contains information about the existing daemon process: • pid – the daemon process identification number. • socket directory name – path to the direc...
Page 172: Kill
W e b t u n e r to start a new daemon process: 1. Kill the existing daemon process using the kill button. The window displaying the process-killed results will appear on your screen (see figure 35). Figure 35. The process-killed report the existing process must be killed to avoid conflicts that may ...
Page 173: View Log
W e b t u n e r steps 2-3 described for the daemon process started for the first time. 11.7.4. Reviewing the log file webtuner allows you to review performance reports of the existing dae- mon process and of the processes run previously. To review the log of the existing daemon process, press the vi...
Page 174: List of All Warnings
W e b t u n e r • list of all found virus types — a list of virus types detected and the amount for each of the types . • list of all found suspicion viruses — a list of virus types that seem to be present within the location checked (but the process is not sure) and the amount for each of the types...
Page 175: Select
W e b t u n e r and by pressing the select button (for browsers not support- ing java script ). 3. Press the open button. To review the log in html, press the full view button. You may change the log display. It may be displayed in the text format or in html. The display depends on the templates use...
Page 176: Defaultprofile
W e b t u n e r ure 37). These are the links allowing you to display windows with scanner- related options and commands. Scanner parameters and values are located within a profile defined in the defaultprofile line of avpunix.Ini (the default profile is defunix.Prf ) to edit the profile defined in t...
Page 177: Config
W e b t u n e r to edit another profile, follow these steps: 1. Click the config hyperlink. 2. Select the required profile from the drop-down list in the win- dow on your screen. Edit the scanner settings using appropri- ate pages in the window on your screen. To launch scanner, click the run hyperl...
Page 178: Scan
W e b t u n e r objects defined in the text field that follows the word scan . Endlessly scan – check this box to implement loop-scanning for viruses. Scan delay – enter the interval between two loops (in seconds). This parameter is used only if you checked endlessly scan check box. If the scan dela...
Page 179: Scan Input Path
W e b t u n e r 2. Select the scan input path option button to scan the de- fined location. To scan the location defined in the default profile, select the scan default path option button. To launch scanner, press the run button, the scanner status window that may display messages listed in the subc...
Page 180: Run
W e b t u n e r 11.8.4. Reviewing the log file webtuner allows to review reports about the current scanning operation and about the operations performed previously. To review the required scanning report, follow these steps: 1. Click the run hyperlink in the webtuner main window with the scanner ite...
Page 181: Run
W e b t u n e r • virus-definition database updating parameters (for details see below). • buttons: • run – launches the updating utility. • view log – displays the updater performance report. • exit – allows you to exit the updater window. Figure 39. The webtuner main window: updater is selected th...
Page 182: From Web
W e b t u n e r select one of the following options: from web – updating via the internet. This is the default option. The update path text field above contains the following path: ftp://ftp.Kasperskylab.Com/updates . The web location of the database updates may be manually edited. From folder – upd...
Page 183: Run
W e b t u n e r to launch the updating operation, press the run button. The updating will be started and the window dis- playing information about the updating progress will appear on your screen (see figure 41). Figure 41. The updating operation is in progress to review the status of the last updat...
Page 184: Steps:
W e b t u n e r 11.10. Webtuner: administering keeper changing keeper settings. 11.10.1. Keeper settings keeper is designed to process and transfer mail messages to the daemon program that subsequently checks for viruses and disinfects them. Web- tuner allows you to remotely define the keeper settin...
Page 185: Users
W e b t u n e r for a separate address group (for details refer to sub- chapter 11.10.3.1). Figure 42. The webtuner main window: keeper is selected • the users page contains a list of legal users (for details refer to subchapter 11.10.4). • the log page items allow you to define the reporting settin...
Page 186: Exit
W e b t u n e r • exit – allows you to exit the keeper tunning window without saving the changes made. Figure 43. The main page 11.10.2. The main page: identification settings and communication with daemon the main page items (see figure 43) allow you to define the keeper identi- fication settings, ...
Page 187: Hostname
W e b t u n e r to define the keeper identification settings, follow these steps: 1. Enter the host name where the keeper will be running in the hostname text field. For example, localhost.Ru . If you do not define the host name, it will be identified automatically. 2. In the keeper e-mail text fiel...
Page 188: –F,
W e b t u n e r the path to the avpctl file is defined by the switch –f, when you launch the daemon process from the command line (see subchapter 6.2). • name or ip address of the corresponding server , if the communication is to be performed via inet connect . 3. In the connect timeout text field, ...
Page 189: Recipient Mailer
W e b t u n e r 2. In the recipient mailer text field, enter the required mailer identifier for the recipient. The general format of this string is similar to the one described for the sender mailer parameter. 3. In the admin mailer text field, enter the required mailer identi- fier for the administ...
Page 190: Properties
W e b t u n e r the location of a group within the group list is very important, since a mail message is processed according to the rules of the first group to which it belongs, i.E. The first group that includes both the message addresses (from and to) (for details refer to subchap- ter 7.6.2.1). F...
Page 191: Add
W e b t u n e r to add a group to the list, follow these steps: 1. Press the add button. 2. Enter the address group name in the text field of the add new group window on your screen. 3. Press the add button. The group name will be added to the list of address groups. To remove a group from the list,...
Page 192: Administrator
W e b t u n e r • the group window administrator page allows you to define rules for handling messages to be delivered to the group administrator (for details refer to subchap- ter 11.10.3.4). • the group window sender page allows you to define rules for handling messages to be sent by the group sen...
Page 193: Sender Mask
W e b t u n e r figure 45. The masks page to define the list of addresses for the message senders and recipients, follow these steps: 1. Define the required address mask (mask list) for the message from addresses in the sender mask text field. 2. Define the required mask (mask list) for the message ...
Page 194: Recipient Mask
W e b t u n e r if both the fields ( recipient mask and sender mask ) are blank, no mes- sages will be processed according to the processing rules of this group. You may do this to disable the processing rules of the address group without removing it from the group list. In any case, you will be abl...
Page 195: Attach File Mask
W e b t u n e r figure 46. The filters page to define masks of the attachments to be processed following the processing rules for filtered files, enter the required masks in the attach file mask text field (the filters frame). For example, . *\.Bmp .*\.Txt each mask must be placed on a new line! To ...
Page 196: Image/.*
W e b t u n e r image/.* text/richtext to limit the size of attachments to be processed, enter the maximum and the minimum attachment sizes in the min at- tach size(kb) and max attach size(kb) text fields respectively (the filters frame). If the attachment size is less than the min attach size (kb) ...
Page 197: Corrupted
W e b t u n e r • corrupted – corrupted objects. • filtered – objects meeting the filtering conditions defined on the filters page. On this page you may define the following settings: • what object types and in what form objects must be delivered to the administrator; • what object types must be cop...
Page 198: Object Action
W e b t u n e r to define what object types and in what form objects must be delivered to the administrator, for every object type in the list select one of the following values from the object action drop down list: • unchanged – deliver the object unchanged. If you select unchanged for the cured t...
Page 199: Example
W e b t u n e r let's review the following example for training purposes: ? Example : if the keeper program fails to disinfect a message that belongs to this address group, you want it to send the appropriate notification to the administrator with the original message attached to it and copy the mes...
Page 200: The Message,
W e b t u n e r to notify the sender about the required object type detected in the message, check the send notify check box for the corresponding object type. When sending notifications to the senders, the keeper program does not attach the original messages to them. If you want a sender of the req...
Page 201: Example
W e b t u n e r ? Example : if the keeper program fails to disinfect a message that belongs to this address group, you want it to notify the sender and the administrator, copy the message to the isolation directory, and add the sender’s address to the list of suspicious addresses. Solution: to set y...
Page 202: Object Type
W e b t u n e r on this page, you may define the following settings: • messages with object types that must be prohibited from delivery to the recipient mailbox (the object type list on this page is simi- lar to the one located on the administrator page); • what object types must be reported to the ...
Page 203: Example
W e b t u n e r figure 49. The recipient page let's review the following example for training purposes: ? Example : if the keeper program detects an infected object in a message that belongs to this address group, you want it to disinfect it and deliver to the recipient mailbox together with the app...
Page 204: Add Report
W e b t u n e r • check the add report check box for the cured ob- ject type; • select cured from the object action drop-down list for the cured object type; • select unchanged from the object action drop-down list for the infected object type. 2. Switch to the administrator page and • check the iso...
Page 205: Add
W e b t u n e r figure 50. The users page to add a user to the list, follow these steps: 1. Press the add button; 2. Enter the required user name in the text field of the add new user dialog box on your screen. 3. Press the add button. The user name will appear in the list of legal users on your scr...
Page 206: Log
W e b t u n e r 11.10.5. The log page: data to be logged the log page (see figure 51) allows you to define the reporting settings. Figure 51. The log page define the keeper log file: log file – path to the log file. You may enter the required path manually or by using the browse button. In the text ...
Page 207: Use Sys Log
W e b t u n e r this setting is in use only if you haven’t checked the use sys log check box (see below). To add the program performance results to the system log, check the use sys log check box. To define the detail level for the log data, select one of the following values from the log level drop...
Page 208: Group:
W e b t u n e r figure 52. The report page to enable the program to broadcast notifications you must also define the appropriate settings for the following group: window pages: the adminis- trator , the sender (the send notify check box) and recipient (the add report check box) pages. To define the ...
Page 209: Send Notify
W e b t u n e r 11.10.6.2. Notifications for administra- tors the administrator can be notified about all infected messages from/to ad- dresses that are included in the address group. To do this you must check the send notify check box on the administrator page (for details refer to subchapter 11.10...
Page 210: Content-Type –
W e b t u n e r • content-type – the type of insertion to be used when adding text to the notification. Enter the value in the corresponding text field (for example, mime). • file with report content – the path to the file containing the text to be inserted into the notification. Enter the required ...
Page 211: Restricts
W e b t u n e r 11.10.6.3. Notifications for senders you can define attributes of the notifications to be sent to senders of the infected and suspicious messages. Options for these notifications are similar to those described for the admin- istrator notifications in subchapter 11.10.6.2. 11.10.6.4. ...
Page 212: Max Hopes=12
W e b t u n e r if the defined value is exceeded the message will not be accepted for processing. For example, max hopes=12 • enter the maximum number of recipients for a single message in the max recipients text field. The above settings are used by the program to protect you from un- wanted e-mail...
Page 213: Output Protocol Timeout
W e b t u n e r since the keeper program is the sender of the notifications, make sure to add the address defined in the main page keeper e-mail text field to the above list of addresses not to be notified (see subchap- ter 11.10.2). 2. In the output protocol timeout frame: • enter the maximum perio...
Page 214: Wget
Chapter 12 12. Updater: updating virus- definition databases 12.1. Function and features updater updates virus-definition databases, which are used in the process of checking for viruses. The program allows you to update virus-definition databases via the internet, from an archive, or from a network...
Page 215: Update_Switch
U p d a t e r 12.2. Starting the updater starting updater. Command line switches. Optimizing the .Set file. The general format of the updater command line is: ./kavupdater update_switch [switch1] [switch2]... Where update_switch is a mandatory switch reflecting the way the update will be performed (...
Page 216: Server,
U p d a t e r 12.3. How to update virus- definition databases updating via the internet. Updating from a network directory. Updating from an archive. Examples. 12.3.1. Updating via the internet to retrieve new virus-definition databases from an ftp or a web server, launch the program with the comman...
Page 217: Quent Auto-Upgrading,
U p d a t e r to retrieve new kaspersky anti-virus for xbsd mail server components from an ftp or a web server without the subse- quent auto-upgrading, launch the program with the command line switch –uipd : ./kavupdater -uipd=server_and_path 12.3.2. Updating from a network directory if you need to ...
Page 218: Zip Or A Rar Archive,
U p d a t e r 12.3.3. Updating from an archive to install new virus-definition databases that are located in a zip or a rar archive, launch the program with the command line switch –ua : ./kavupdater –ua=archive the program will extract databases from the archive and copy them to the virus-definitio...
Page 219: –Ws
U p d a t e r to append reports to the defined file, enter a string similar to the following in the command line: ./kavupdater -uip=server_and_path -wa=myreport.Rep the program will append reports to myreport.Rep . To save reports to your system log, use the command line switch –ws : ./kavupdater -u...
Page 220
Chapter 13 13. Inspector: monitoring filesystem integrity 13.1. Function and features the inspector program is an integrity checker running under the xbsd op- erating system. Inspector performs the following functions: • monitors the defined location for changes. • checks for viruses in the defined ...
Page 221: [Switchn]
I n s p e c t o r against the database. If it detects new or modified files with a structure that is identified as suspicious or unknown, the program tries to cure them (to restore the originals). For details about handling new or modified files see subchapter 13.2.3. If inspector fails to disinfect...
Page 222: –Dc
I n s p e c t o r copy and later all newly collected data will be compared against this copy. When starting inspector you must also make sure that the location to be checked does not contain viruses. By using the switch –dc in the inspector command line you set the program to transfer all the new fi...
Page 223: File, Follow These Steps:
I n s p e c t o r 13.2.2. Defining the location to be checked when starting inspector, you must define the location to be checked. You may do this one of the following ways: • by creating a text file listing all the required directories and defin- ing its name in the inspector command line. • by ent...
Page 224: ./kavinspector /tmp /var
I n s p e c t o r by space characters. For example, the inspector command line may look like the following: ./kavinspector /tmp /var if you know for sure that some directories or files included in the defined location do not contain a virus, you may exclude them from the check. To do this use the fo...
Page 225: Disinfection
I n s p e c t o r 13.2.3. Handling modified and new files when it detects modified or new files inspector may perform one of the fol- lowing actions: • prompt for disinfection of infected objects; • display a report about the modified and new files detected; • automatically handle all the modified a...
Page 226: –Da1
I n s p e c t o r to set the program to transfer all the infected files detected to daemon where they will be processed, use the switches –da1 and –a[=socket_directory] in the inspector com- mand line. The switch –a[=socket_directory] must define the path to the directory containing the daemon socke...
Page 227: -W[T][A][-][+][=Filename]
I n s p e c t o r 13.2.4. Saving the performance report inspector can save the performance report to the system log or a separate file. You can define the reporting settings by using the following switches in the inspector command line: -w[t][a][-][+][=filename] this switch logs the performance repo...
Page 228: Control Centre
227 chapter 14 14. Control centre: scheduling the anti-virus performance 14.1. Function and features the control centre program has been developed to schedule perform- ance of all the kaspersky anti-virus for xbsd mail server components. This program allows you to • create, change and schedule perfo...
Page 229: Switchn
C o n t r o l c e n t r e where : switchn – is the optional command line switch of control centre . You can use more than one switch in the control centre command line. For the complete list of available command line switches refer to subchapter 16.8 appendix b. 14.3. Scheduling performance of packa...
Page 230: Prgname
C o n t r o l c e n t r e where: prgname is the name of the prgname program executable file ; –a:arg[:arg1[…]] are the prgname performance parameters ; program performance parameters must be separated by colons . –u=username is the user name under which the prgname program will be started ; -e=hour:...
Page 231: –Cal="task_Parameters"
C o n t r o l c e n t r e –cal="task_parameters" – for a task to be performed every time the control centre is started. To schedule a task to be performed daily , enter the following strings in the command line: ./kavucc -cad="prgname -a:arg[:arg1[...]] -u=username -st=hour:min -fs=day.Month.Year -l...
Page 233: To Schedule A Task To Be
C o n t r o l c e n t r e to schedule a task to be performed once, enter the following strings in the command line: ./kavucc -cao="prgname -a:arg[:arg1[...]] -u=username -st=hour:min -sd=day.Month.Year -e=hour:min" parameters in this command line are similar to the ones described for a task to be pe...
Page 234: –Ct
C o n t r o l c e n t r e to review the task schedule that you created using the control centre pro- gram, enter the switch –ct in the control centre command line. The com- plete list of created tasks with their descriptions will be displayed on your screen. Every task in the list is assigned an id....
Page 235
15. Appendix a. Principal files files that are principal for kaspersky anti-virus for xbsd mail server and their functions. The following files are vital for the kaspersky anti-virus for xbsd mail server performance: • avpunix.Ini contains information critical for the correct operation of the kasper...
Page 236
A p p e n d i x a • contact information of the entity that sold this program copy to you (company name, address, phone numbers ); • the name of the person or entity that the product is regis- tered under . 235.
Page 237
16. Appendix b. Supplementary details of anti- virus 16.1. Files with the program settings you may edit a file with parameters ( .Prf , .Ini , .Conf ) in any text editor. The file contains several sections with parameters and their values. The general format of a section is: [section_name] parameter...
Page 238: [Avp32]
A p p e n d i x b [avp32] defaultprofile=defunix.Prf [configuration] keyfile=avplinux.Key keyspath=. Setfile=avp.Set basepath=. You may edit any section of the file ( [avp32] and [configuration] ). The [avp32] section contains the parameter: defaultprofile – the profile to be loaded by the program w...
Page 239
A p p e n d i x b for your kaspersky anti-virus for xbsd mail server to operate cor- rectly, make sure to place the initialization file avpunix.Ini in the di- rectory where the scanner and the daemon are located. For exam- ple, if you move your scanner to a separate directory, avpunix.Ini must be co...
Page 240
A p p e n d i x b [report] report=yes usesyslog=no reportfilename=~report.Txt append=yes reportfilelimit=yes reportfilesize=10 extreport=yes repcreateflag=600 usecr=no repforeachdisk=no writetime=1 writetimeinfo=1 longstrings=no userreport=no userreport- name=userreport.Log showok=yes showpack=yes s...
Page 241: [Object]
A p p e n d i x b [customize] updatecheck=yes updateinterval=90 othermessages=yes redundantmessage=yes deleteallmessage=yes exitonbadbases=yes useextendedexitcode=yes you can edit all the sections in this file. The [object] section contains parameters defining the location and the ob- jects to be ch...
Page 242: *.*
A p p e n d i x b dows and os/2 (.Exe, *.Dll), linux (in the format elf); files with the format of microsoft office documents and spreadsheets (ole2 and access) and java applets. Thereby, this value scans all the files that are capable of carrying virus code. 1 – scans all the files with extensions:...
Page 243: Corrupt-
A p p e n d i x b directories defined by the infectedfolder, suspiciousfolder and corrupt- edfolder parameters (see subchapter 5.4.3) will be automatically ig- nored by the program. Packed – yes in this line enables the unpacking engine and checks packed files. No disables the engine. Archives – yes...
Page 244: Warnings
A p p e n d i x b warnings – yes in this line enables the advanced checking tool to search for corrupted or modified viruses . No disables this feature. Codeanalyser – yes in this line enables the heuristic detecting tool to search for unknown viruses. No disables the tool. Redundantscan – yes in th...
Page 245: Limitforprocesses
A p p e n d i x b limitforprocesses line. Limitforprocesses – the maximum number of simultaneously scanned files (valid only if parallelscan=yes ). Endlesslyscan – yes in this line enables the program to implement loop-scanning for viruses . No disables this feature. Scandelay – the interval between...
Page 246: Repcreateflag
A p p e n d i x b repcreateflag – the log file attributes mask. Usecr – yes in this line enables the program to use both the carriage return and the linefeed characters to separate records in a log file. Otherwise, type no. By default records in a log file are sepa- rated with the linefeed character...
Page 247: Showpassworded
A p p e n d i x b showpassworded – yes in this line enables the program to report password-protected archives. No disables this feature. Showsuspicion – yes in this line enables the program to report suspi- cious objects. No disables this feature. Showwarning – yes in this line enables the program t...
Page 248: 640
A p p e n d i x b fected files when they are copied to the infected folder. If you type no the access attributes will not be changed . For example, the value 640 assigns the following attributes to the file: read by owner , write by owner , read by group . The [actionwithsuspicion] section parameter...
Page 249: Copywithpaths
A p p e n d i x b if you prefix the name with the character " ~ ", the directory will be created in your home directory. The copywithpaths , changeext , newextension , chownto and chmodto lines in the [actionwithsuspicion] section and their features are similar to those (with the same names) describ...
Page 250: Updateinterval
A p p e n d i x b updateinterval – the interval (in days) between the two reminders (valid only if updatecheck=yes ). Othermessages – yes in this line enables error reporting at the program start. No disables this feature. Redundantmessage – yes in this line enables the program to ask for confirmati...
Page 251: [Switchn]
A p p e n d i x b where: [switchn] is the optional command line switch; [path] is the optional xbsd path; [filemasks] are the optional file masks defining xbsd files to be checked for viruses. By default, the program checks all the executable files. The following command switches are available (the ...
Page 252: -V[-]
A p p e n d i x b -v[-] enables the redundant scanning tool . -r[-] skips the scanning into subdirectories. If you define this switch, the scanner will check only files of the predefined directories and ignore the subdirectory files. -* checks all files. In some distributives the switch -* is not va...
Page 253: -Ll
A p p e n d i x b -ll checks the files and directories available via symbolic links. -lp skips the files and directories available via symbolic links. -y[-] skips all dialogs (to be used in script files) -d runs check once per day (to be used in script files). -z[-] prohibits the check from being in...
Page 254: -I1
A p p e n d i x b -i1 prompts for disinfecting infected objects. -- or -i2 disinfects infected objects automatically if possible. When running in this mode the program checks for viruses and tries to recover infected files and boot sectors to exactly (if possible) or mostly match the origi- nals. -i...
Page 255: -Ws
A p p e n d i x b port heading. The character - disables the extra information in the re- port heading. -ws logs check results in the system log . -vl[=filename] logs the list of viruses into filename . If the file is not defined, the list of vi- ruses will be screened. -h or -? Displays the list of...
Page 256: -Ka
A p p e n d i x b -o{ the list of files, directories or symbolic links} checks the defined files, directories and links. If the objects are not lo- cated in the check-permitted area, they will be ignored. -q terminates the performance right after the check and disinfecting is completed without start...
Page 257: Infected:
A p p e n d i x b 16.5. Scanner and daemon: report messages the list of report messages. During the check the program displays report messages (these messages can also be saved to the log file, if predefined). Object names are displayed on the left-hand side of your screen. To the right of each obje...
Page 258: Corrupted
A p p e n d i x b corrupted – the file contents don’t correspond to the file format. I/o error – the file or sector is located on a write-protected disk or a system error has occurred. This message is also displayed if the program tried to open a file that is write-protected by the system. Packed: –...
Page 259
A p p e n d i x b 5 – all infected objects were disinfected; 6 – infected objects were deleted; 7 – the kavscanner or kavdaemon file is corrupted; 8 – files are corrupted or an i/o error has occurred . In the high half-byte, the program returns the following advanced codes: 8 – virus-definition data...
Page 260: $Datelo
A p p e n d i x b 0) echo internal error: integrity failed ;; 4) echo internal error: bases not found ;; esac exit 0 16.7. Slogan: report templates details of the templates that are used when displaying performance reports of scanner and daemon. The kaspersky anti-virus for xbsd mail server distribu...
Page 261: $Request
A p p e n d i x b $request – the number of objects checked. $archive – the number of archives checked. $packed – the number of packed executable files checked. $infected – the number of infected objects detected. $desinfected – the number of objects disinfected. $desfailed – the number of unrecovera...
Page 262: $Virus
A p p e n d i x b $virus – name of the virus detected. $count – total number of the virus pieces detected. For example, the file template.Tm2 may look similar to the following: start date: $datelo end date: $datehi total statistic --------------- request : $request archives : $archive packed : $pack...
Page 263: [Switchn]
A p p e n d i x b virus name: $virus total found: $count %% ------------------------------------------------- list of all warnings: ------------------------------------------------- %w virus name: $virus total found: $count %% ------------------------------------------------ generated by kav daemon ...
Page 264: –G[=Database_Name]
A p p e n d i x b –g[=database_name] loads details of the location to be checked from the defined database file. –s[=database_name] saves details of the location to be checked to the defined database file. If you do not specify any database name in the above command line switches, the program will u...
Page 265: -Xf=File_Mask
A p p e n d i x b -xf=file_mask excludes the files matching the defined mask from the check. You may specify more than one mask, but make sure to separate them by co- lons. -c[-] disables the program from crossing filesystem borders. -lh checks only the files and directories available via the symbol...
Page 267: [Switchn]
A p p e n d i x b -h or -? Displays the list of command line switches. -e defines english as the default language for reports and messages. -v displays the inspector version number. 16.9. Control centre: command line switches the list of control centre command line switches and their functions. The ...
Page 268: -P=Path
A p p e n d i x b -p=path defines the path to the directory with the files avpctl and avppid . -g=base defines the path the master database containing performance parame- ters to be used by control centre. -gu=base path to the database containing details of the legal users. -u cancels the task plann...
Page 269: –
A p p e n d i x b included in the report heading. The character – disables the extra in- formation in the report heading. -ws[-] logs the performance report in the system log. The following command line instructions are available: -cl displays information about the licensed traffic and the kaspersky...
Page 270: -Fs=Day.Month.Year
A p p e n d i x b if you do not enter values for the parameters -fs=day.Month.Year and - st=hour:min , they will be automatically defined as the task creation date and time. -ls=day.Month. Year is the date when the task must be started for the last time ; -re=delay is the interval between two starts...
Page 271: -Ct
A p p e n d i x b schedules a task to be performed every time the control centre is started. -ct displays the task list. -cd=idn deletes the task with the defined id . 16.10. Monitor: configuration file ( monitor.Conf) parameters in the monitor configuration file. Let's review an example of monitor....
Page 272: Report File Section
A p p e n d i x b maxconcurrentchecks 10 maxtimeout 0 runasdaemon yes opencachesize 500 you may edit any section of monitor.Conf . Report file section defines the reporting settings: logfile – the path to the log file. Append – yes in this line enables the program to append new reports to the conten...
Page 273: Warnings
A p p e n d i x b but make sure to separate them by colons. Warnings – yes in this line enables the program to report errors . No disables this feature. Showok – yes in this line enables the program to report virus-free ob- jects. No disables this feature. It is not advisable to enable this feature,...
Page 274: Update_Switch
A p p e n d i x b 16.11. Updater: command line switches the list of command line switches available for up- dater. The general format of the updating utility command line is: ./kavupdater update_switch [switch1] [switch2] [...] [switchn] where: update_switch is the way to update virus-definition dat...
Page 275: –A=Path
A p p e n d i x b the switch –a=path cannot be used together with the switch –kb ! -p[=num] defines the maximum number of simultaneously downloaded files. The default value is num=16 . -udp=directory upgrades the installed kaspersky anti-virus for xbsd mail server components from the defined directo...
Page 276: -S[=Filename]
A p p e n d i x b -s[=filename] enables the program to use the defined file as a .Set file (the default file is defined in the setfile line in avpunix.Ini ). For example, ./kavupdater -s=avp.Set . -t[=directory] enables the program to use the defined directory for intermediate op- erations. For exam...
Page 277: -W[T][A][-][+][=Filename]
A p p e n d i x b -w[t][a][-][+][=filename] logs performance results in the defined file (the default file is report.Txt ). If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one. If the character + i...
Page 278: -Dp [Software]
A p p e n d i x b -l displays the list of kaspersky anti-virus family products installed on this computer. -r displays details during the installation. -dp [software] uninstalls the defined kaspersky anti-virus family software product from this computer. -da uninstalls all kaspersky anti-virus softw...
Page 279
A p p e n d i x b dnl preprocessor: dnl dnl m4 /etc/sendmail.Mc > /etc/sendmail.Cf dnl dnl you will need to have the sendmail-cf package installed for this to dnl work. Include(`../m4/cf.M4') define(`confdef_user_id',``8:12'') ostype(`linux') define(`confauto_rebuild') define(`confto_connect', `1m')...
Page 280
A p p e n d i x b # service type pri- vate upriv (yes) chroo t(yes) wakeup (yes) maxproc (50) command + args # smtp inet n - y - - smtpd pickup fifo n n y 60 1 pickup cleanup unix - y y - 0 cleanup qmgr fifo n - y 300 1 qmgr #qmgr fifo n - n 300 1 nqmgr rewrite unix - - y - - trivial- rewrite bounce...
Page 281
A p p e n d i x b 16.15. Webtuner: the configuration file ( loader.Cfg ) let's review an example of loader.Cfg, the webtuner configuration file. [main] modules=daemon;updater;scanner;keeper;webtuner cgidir=/usr/local/share/avp/httpd/html/cgi-bin/ avpdir=/usr/local/share/avp/ avpini=avpunix.Ini [daem...
Page 282: [Main]
A p p e n d i x b [scanner] exec=kavscanner maincgi=scanner_prf.Cgi config- ure=./scanner_prf.Cgi?Avp_d=%avp_dir%&avp_prf=%av p_prf%&start_dir=%avp_dir% configurede- fault=./scanner_prf.Cgi?Avp_d=%avp_dir%&avp_prf=% avp_prf%&op=v&sec=ob&prf=%default_kav_profile% run=scanner_exec.Cgi?Avp_d=%avp_dir%&...
Page 283: Avp-
A p p e n d i x b anti-virus for xbsd mail server files. The default value is avp- dir=/usr/local/share/avp/ avpini – the name of the kaspersky anti-virus for xbsd mail server initialization file. The default value is avpini=avpunix.Ini the [the_package_component_name] section parameters define the ...
Page 284: Configuredefault
A p p e n d i x b the configuredefault parameter insures availability of the default config hyperlink on the webtuner main window with the package component selected in the programs list. Run – defines launching of the package component from a remote lo- cation by using webtuner. Where: %exec% – the...
Page 285: Computer Virus
17. Appendix c. Classifying computer viruses discussing various virus types. The computer virus is a computer program (that is, executable code and/or a collection of instructions) that can replicate itself (though the copy may not necessarily exactly match the original) and penetrate files and othe...
Page 286: Network-Macro-Virus
A p p e n d i x c of infection, use stealth and polymorphic features, etc. Another example of the combination virus is the network-macro-virus that infects edited docu- ments and broadcast its copies with e-mail messages. We can differentiate viruses by the operating system they infect. Every file o...
Page 287: Destructive Capabilities
A p p e n d i x c ruses temporarily disinfect the infected file or substitute themselves for “healthy” data blocks. In case of macro-viruses, the most popular feature used is the prohibition to activate the menu list of macros. One of the first file-stealth-viruses is frodo and the first boot-stealt...
Page 288
A p p e n d i x c com or exe files only by their extension but not by the inner file format. Naturally, if the format of a file does not correspond to its extension these viruses corrupt the file. The "jam" of a resident virus and the system, when using the new versions of dos, or windows, or other ...
Page 289
18. Appendix d. Kaspersky labs ltd. About kaspersky labs. Kaspersky labs is a privately-owned, international, anti-virus software- development group of companies headquartered in moscow (russia), and representative offices in the united kingdom, united states of america, china, france and poland. Fo...
Page 290
A p p e n d i x d defense for e-mail gateways (ms exchange server, lotus notes/ domino, sendmail, qmail, postfix, and exim), firewalls and web servers. All kaspersky labs products rely on kaspersky's own database of over 60,000 known viruses and all other types of malicious code. The product is also...
Page 291: Kaspersky® Anti-Hacker
A p p e n d i x d tic-analysis system effectively neutralizes unknown viruses. The simple and easy-to-use interface allows you to quickly change the program settings and makes you feel maximum comfort while working with the program. Kaspersky® anti-virus personal includes: • anti-virus scanner provi...
Page 292: Anti-Virus
A p p e n d i x d influence of this mode while working on the web: the program provides conventional transparency and accessibility of the data. Kaspersky® anti-hacker blocks the most common hacker network at- tacks, monitors for attempts to scan computer ports. Software supports simplified manageme...
Page 293: Kaspersky® Anti-Spam
A p p e n d i x d you are free to choose any of the anti-virus programs according to the op- eration systems and applications you use. Kaspersky® corporate suite the package has been developed to provide the full-scale data-protection for corporate networks of any size and complexity. The package co...
Page 294: Http://www.Viruslist.Com
A p p e n d i x d kaspersky® anti-spam acts as a filter installed at a network’s entrance where it verifies incoming e-mail traffic streams for objects identified as spam. Software is compatible with any mail system, already used in the customer company, and can be installed both on existing mail se...
Page 295
A p p e n d i x d 19. Index advanced checking tool ......51, 52, 131, 247 advanced scanning tools......................... 131 daemon ............................................... 12, 66 extracting engine....................................... 47 heuristic analyzer......................39, 254, 26...