1. Manuals
  2. Brands
  3. F-SECURE Manuals
  4. Software
  5. INTERNET GATEKEEPER FOR LINUX 4.01 -
  6. Administrator's manual

F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01 Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
F-Secure Internet Gatekeeper
for Linux
― A Comprehensive Internet and Anti-Virus Solution ―
Version 4
Rev. 20100125
Administrator's Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the INTERNET GATEKEEPER FOR LINUX 4.01 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01

Summary of Contents for F-SECURE INTERNET GATEKEEPER FOR LINUX 4.01

  • Page 1 F-Secure Internet Gatekeeper for Linux ― A Comprehensive Internet and Anti-Virus Solution ― Version 4 Rev. 20100125 Administrator’s Guide...
  • Page 2 About this Guide This guide describes the installation and uninstallation, usage, and settings for F-Secure Internet Gatekeeper for Linux. Please note that “F-Secure Internet Gatekeeper for Linux” is also referred to as “the product” and “Internet Gatekeeper" in this guide. Symbols...

  • Page 3: Table Of Contents

    3. System Requirements ................11 3.1 Hardware Requirements ......................11 3.2 Software Requirements ......................12 4. Installing F-Secure Internet Gatekeeper for Linux ......... 13 4.1 Installing an rpm Package ......................13 4.2 Installing a deb Package ......................14 4.3 Installing a tar.gz Package ....................... 15 4.4 Using the Installation Command ....................
  • Page 4 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7.1 Web Console Settings ......................28 7.1.1 Proxy Settings ......................28 7.1.1.1 HTTP Proxy ....................28 7.1.1.2 SMTP Proxy ....................35 7.1.1.3 POP Proxy ....................45 7.1.1.4 FTP Proxy ....................52 7.1.1.5 Common Settings ..................56 7.1.2 Virus Definition Database ..................
  • Page 5 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10.3.3 Changing the IP Address ..................121 10.3.4 Changing IP Addresses with iptables ..............123 10.4 Scanning Viruses Before Saving Mail to the Mail Server ............ 125 10.5 Reverse Proxy Settings ......................128 10.5.1 Reverse Proxy – Typical Settings ................128 10.5.2 Coexisting with Web Servers .................

  • Page 6: Introduction

    With F-Secure Internet Gatekeeper for Linux, you can scan for viruses centrally. You can monitor web site connections, and the sending and receiving of e-mails from all computers in a LAN (Local Area Network).
  • Page 7 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Web Server Internet Mail Server Mail Server F-Secure Internet Gatekeeper...

  • Page 8: Features

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 2. Features 2.1 Overview F-Secure Internet Gatekeeper for Linux: • Protects a range of different networks against viruses: - Internal company networks - ISP networks - Home networks • Uses a single computer to monitor the network access by all computers on the company, ISP, or home network.
  • Page 9 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Simple Installation • Runs in almost all Linux environments • Combines all functions in a single computer • Can be installed as an rpm or deb package. The rpm package complies with Linux Standard Base, which is used in Red Hat Linux and some other distributions.
  • Page 10 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Anti-Virus • Uses the award-winning and proven F-Secure engine • Can handle practically all existing viruses • Can handle viruses for Windows, DOS, Microsoft Office, VBS, Linux, and other environments • Combined use of multiple engines (FS-Engine (Hydra) and Aquarius) allows for a quick response to new types of virus •...

  • Page 11: System Requirements

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 3. System Requirements F-Secure Internet Gatekeeper for Linux has the following system requirements. 3.1 Hardware Requirements Minimum Hardware Requirements Intel Pentium compatible CPU MEMORY 512 MB RAM or more DISK 5 GB or more free space (adequate space for temporary file storage)

  • Page 12: Software Requirements

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 3.2 Software Requirements Required Components • Linux kernel 2.4/2.6 • glibc 2.3.2 or later • perl 5.8 or later Supported Distributions 32-bit: • Asianux Server 3 • Asianux 2.0 (MIRACLE LINUX 4.0) • Asianux 1.0 (MIRACLE LINUX 3.0) •...

  • Page 13: Installing F-Secure Internet Gatekeeper For Linux

    4.1 Installing an rpm Package This section explains how to install F-Secure Internet Gatekeeper for Linux on a server, which runs one of the Red Hat family of Linux distributions. In a Red Hat distribution, you can easily install the software by using the rpm package. The Red Hat family of distributions include the following: ■...

  • Page 14: Installing A Deb Package

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 4.2 Installing a deb Package This section explains how to install F-Secure Internet Gatekeeper for Linux on a server, which runs one of the Debian or Ubuntu based Linux distributions. In a Debian or Ubuntu distribution, you can easily install the software by using the deb package.

  • Page 15: Installing A Tar.gz Package

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 4.3 Installing a tar.gz Package If you cannot use the rpm or deb package to install F-Secure Internet Gatekeeper for Linux, you can install it by using a tar.gz package. Execute the following command with root privileges: # tar -zxvf fsigk-XXX.tar.gz...

  • Page 16: Uninstalling F-Secure Internet Gatekeeper For Linux

    # dpkg –r fsigk 4.6 Backup and Restore Follow these steps to back up and restore F-Secure Internet Gatekeeper for Linux. To back up the product, save the contents of the following directories as needed: /opt/f-secure/fsigk : Entire system state...

  • Page 17: Typical Configurations

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5. Typical Configurations Once the installation has completed, locate the appropriate Internet Gatekeeper server and modify the settings as required. The next step is to configure client computers. 5.1 Configuration Overview The following section describes how HTTP, SMTP, POP, and FTP connections operate in these cases: •...

  • Page 18: Smtp Connection

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.1.2 SMTP Connection • Without virus scanning The e-mail client sends e-mail to mail servers on the Internet through an SMTP server for outbound e-mail. • With virus scanning When virus scanning is used, Internet Gatekeeper stands between the client and mail server and operates as the SMTP server for the e-mail client.

  • Page 19: Pop Connection

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.1.3 POP Connection • Without virus scanning To retrieve e-mail, the e-mail client connects to the mail server directly by using the POP protocol. • With virus scanning When virus scanning is used, Internet Gatekeeper stands between the client and mail server and operates as the POP server for the e-mail client.

  • Page 20: Ftp Connection

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.1.4 FTP Connection • Without virus scanning To send and receive files, the FTP client connects to an FTP server directly by using the FTP protocol. • With virus scanning When virus scanning is used, Internet Gatekeeper stands between the client and server and operates as a proxy server for the FTP client.

  • Page 21: Network Configuration Examples

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.2 Network Configuration Examples F-Secure Internet Gatekeeper for Linux operates as a proxy server, which is located between the client and the web and mail servers. The scenarios described here assume that Internet Gatekeeper is installed in a typical network configuration like the one shown below.

  • Page 22: Internet Gatekeeper Server Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.3 Internet Gatekeeper Server Settings To use F-Secure Internet Gatekeeper for Linux for virus scanning, configure the Internet Gatekeeper server in which the product is installed as follows. Always specify the following settings: Service On/Off ■...

  • Page 23: Web Console Layout

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide If you cannot connect to the web console, view the error log (/opt/f-secure/fsigk/log/admin/error.log) from the command line. 5.3.1.2 Web Console Layout The web console consists of a menu on the left of the screen and a work area on the right.

  • Page 24: Typical Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.3.2 Typical Settings In a typical product setup, the following settings are specified in the web console. Proxy Settings After editing the settings, click the button. The enabled services are started and the Save and Restart changed settings are applied.

  • Page 25: Client Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5.4 Client Settings To use F-Secure Internet Gatekeeper for Linux for virus scanning, you need to change the proxy server setting in your web browser and the mail server setting in your e-mail client.

  • Page 26: Checking The Proxy Setup

    (/opt/f-secure/fsigk/log/{http,smtp,pop,ftp}/error.log). If you cannot connect to the Internet, run the “make eicar” command from the “/opt/f-secure/fsigk” directory to create a test virus file (eicar.com). 6.1 Checking the HTTP Proxy Do the following and confirm that a virus detection warning appears: Start your web browser and download the test virus (eicar) from the following location: http://www.eicar.org/anti_virus_test_file.htm...

  • Page 27: Checking The Pop Proxy

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 6.3 Checking the POP Proxy Do the following and confirm that the virus is detected: 1 Start your web browser and download the test virus (eicar) from the following location: http://www.eicar.org/anti_virus_test_file.htm Clear the proxy setting in the browser. This prevents the test virus from being detected and deleted when it is downloaded.

  • Page 28: Advanced Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7. Advanced Settings 7.1 Web Console Settings You can use the web console to change the settings as required. The settings are described below. For information on the web console, see “Web Console”, 20.
  • Page 29 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide iptables on your system. Parent server Parent Server (self_proxy / parent_server_host / parent_server_port) All connections are forwarded to the specified server. If you use more than one level of proxies, specify the parent proxy.
  • Page 30 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide following file is updated: /opt/f-secure/fsigk/conf/template_http.html. HTTP proxy authentication Proxy authentication (proxyauth_pam_auth) Authenticates the proxy by using PAMs (Pluggable Authentication Modules). You can change the authentication method in the /etc/pam.d/fsigk_http file. For more information, see "...
  • Page 31 - “Office Update” (update program for Microsoft Office) - “Symantec LiveUpdate” (update program for Symantec definition files) - “TMhtload” (update program for TrendMicro definition files) - “BW-C” (update program for F-Secure definition files (AUA)) - “GETDBHTP” (update program for F-Secure definition files (getdbhtp)) - “RealPlayer” (Real Player) - “RMA”...
  • Page 32 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Skips virus scanning for file data beyond the specified size. Usually, all data is saved and transmitted to the client only after the virus scanning has completed. This setting specifies that the data beyond the specified length in a file is forwarded as soon as it is received.
  • Page 33 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Enables riskware scanning. This detects riskware as well as known viruses. For more information about riskware, see “Riskware”, 119. Skip these targets Skip scanning for riskware: (pass_riskware) Excludes the specified riskware from detection. Specify the riskware by using the format "Category.Platform.Family". You can use wildcards (*) in the Category, Platform, and Family names.
  • Page 34 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide • Use the iptables command from the command line to specify the setting as follows. (The example shows the port number being set to 9800.) # iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 ¥...

  • Page 35: Smtp Proxy

    ■ 465) are encrypted, communications cannot be received directly regardless of whether iptables redirection is enabled or not. If necessary, install F-Secure Internet Gatekeeper for Linux so that communications are first decrypted by an SSL proxy, SSL accelerator, or similar. After this, the communications pass through Internet Gateway.
  • Page 36 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide The standard port number is 25. This setting is ignored in transparent mode. What to do when a virus is detected Action on Viruses (action) Pass Pass (action=pass) Allows e-mail to pass even if a virus is detected.
  • Page 37 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Quarantine Quarantine(keep) (quarantine) Quarantines viruses. The viruses are quarantined in the directory that you can set in under “Common settings”. The viruses are stored in mailbox Quarantine directory format. Specify this setting only if sufficient disk space is available.
  • Page 38 For examples, see “Access Control”, 65. If you edit the [Restrict e-mail recipients] setting by using the web console, the smtp rcpt setting is updated in /opt/f-secure/fsigk/conf/hosts.allow. SMTP authentication SMTP authentication (proxyauth_pam_auth) Performs proxy authentication independently for each user. If you have enabled also the...
  • Page 39 If you edit the setting by using the web Hosts and networks within LAN console, the smtp lan field is updated in /opt/f-secure/fsigk/conf/hosts.allow. Parent server Parent Server (lan_parent_server, lan_parent_server_host, lan_parent_server_port) Specifies another SMTP server. Specify this setting if you want to use a different SMTP server than the one you specified in “Parent server”.
  • Page 40 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 554 Infected by [virus name] Delete Delete (action=blackhole) Deletes infected e-mails. Does not send a detection message. Delete and notify recipients Delete and send to receiver (action=delete) Deletes the virus and sends a virus detection message to the recipient by e-mail.
  • Page 41 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide If you edit the Detection message setting by using the web console, ■ the following file is updated: /opt/f-secure/fsigk/conf/template_smtp_lan.txt. Maximum number of simultaneous connections Maximum connections (pre_spawn) Specifies the maximum number of simultaneous connections from clients. The specified number of processes listen for connections from clients.
  • Page 42 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide The detection name is "FSIGK/POLICY_BLOCK_ACTIVEX". When ActiveX content is detected, it is handled in the same way as viruses. For more information, see the setting. If you disabe virus scanning, What to do when a virus is detected ActiveX content scanning is also disabled.
  • Page 43 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Separate each name with a comma (",") by using backward matching (a file is skipped if the trailing characters of the file name match the specified file name or extension). The setting is not case sensitive.
  • Page 44 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Transparent proxy Transparent Proxy mode (transparent) Enables transparent proxy mode. A NAT redirection setting is required when the proxy operates as a transparent proxy. Use one of the following methods to specify the NAT redirection setting: •...

  • Page 45: Pop Proxy

    ■ Because SSL communications for protocols such as POPs (TCP/port number 995) are encrypted, communications cannot be received directly regardless of whether iptables redirection is enabled or not. If necessary, install F-Secure Internet Gatekeeper for Linux so that communications are first decrypted by an SSL proxy, SSL accelerator, or similar.
  • Page 46 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Delete (action={pass,delete}) Deletes viruses. The e-mail that contains the virus is replaced with the information specified in the virus detection message. The detection event is recorded in the log, a notification is sent to the administrator, and X-Virus-Status: is added to the header even if the virus is not deleted.
  • Page 47 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Allows the spam to pass. "X-Spam-Status:" is added to the header of e-mail that is classified as spam. You can use the sorting function on the client to classify e-mail in which the value of "X-Spam-Status:"...
  • Page 48 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Maximum number of simultaneous connections Maximum connections (pre_spawn) Specifies the maximum number of simultaneous connections from clients. The specified number of processes listen for connections from clients. You can check the number of connections used in “Internal process ID” in the access log (access.log).
  • Page 49 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide When ActiveX content is detected, it is handled in the same way as viruses. For more information, see the setting. If you disable virus What to do when a virus is detected scanning, ActiveX content scanning is also disabled.
  • Page 50 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Separate each name with a comma (",") by using backward matching (a file is skipped if the trailing characters of the file name match the specified file name or extension). The setting is not case sensitive.
  • Page 51 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide • Use the " Edit NAT (iptables) redirect settings". To do this, click Edit NAT (iptables) redirect settings. • Use the iptables command from the command line to specify the setting as follows. (The example shows the port number being set to 9110.)

  • Page 52: Ftp Proxy

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7.1.1.4 FTP Proxy FTP proxy FTP Proxy (ftp_service) Click the buttons to start or stop the FTP proxy service. Proxy port Proxy Port (svcport) Specifies the port number which the proxy service uses. The standard port number is 21.
  • Page 53 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Quarantine Quarantine(keep) (quarantine) Quarantines viruses. The viruses are quarantined in the directory that you can set in under “Common settings”. Quarantine directory Specify this setting only if sufficient disk space is available. Defining parent server by user User Selective Parent (self_proxy) Allows the client to select the FTP server.
  • Page 54 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide To: (acl_to) Only accepts connections to the designated list of hosts. For examples, see “Access Control”, 65. If you edit the setting by using the web console, the ftp to field is updated To these hosts in /opt/f-secure/fsigk/conf/hosts.allow.
  • Page 55 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide If scanning takes a long time, this setting terminates scanning after the specified time. Note, however, that if you set a shorter scanning time, it limits the extent to which archived and other large files can be scanned.

  • Page 56: Common Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7.1.1.5 Common Settings Common settings Common Settings Admin notification settings Admin notification settings E-mail address E-mail address (admin_mailaddr) Specifies the administrator’s e-mail address. If you have enabled the option in the Notify the administrator by e-mail What to do when setting for a service, virus detection notifications are sent to this address.
  • Page 57 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Spam filtering method SPAM detection method Specifies the spam filtering method. The line "X-Spam-Status: Yes(<product name>) with [<detection name>]" is added to the e-mail header if the mail is classified as spam. If an e-mail matches multiple conditions, scanning is performed in the sequence: custom rules, spam detection engine, RBL, SURBL.
  • Page 58 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide • Always Always treat as spam or not spam. Search string Scanning searches for the specified character string in the part specified by the field name. You can specify multiple character strings to scan for, separated by commas (",").
  • Page 59 Specifies the judgment result if the specified rule is satisfied. Select one of "spam", "not spam", or "no action". The specified list of conditions is saved in /opt/f-secure/fsigk/conf/spam/custom.txt. The file lists one condition per line. The “Judgment”, “Field name”, “Compare method”, and “Text to scan for”...
  • Page 60 • Database updating proxy settings is also used for the spam detection engine proxy. • The spam detection engine connects to the following server: Host: ct-cache%d.f-secure.com (%d can be digit from 1 to 9) Port: TCP/80 Protocol: HTTP • The spam detection engine increases the memory consumption for SMTP and POP services.
  • Page 61 “Access Control”, 65. If you edit the [Addresses to be excluded] setting by using the web console, the spam rbl pass field is updated in /opt/f-secure/fsigk/conf/hosts.allow. SURBL SURBL (spam_surbl) These settings enable or disable the use of SURBLs (SPAM URL Realtime Black Lists) for spam checking and specify the SURBL servers which are used when checking for spam.

  • Page 62: Virus Definition Database

    To download definition files from Policy Manager, specify UPDATEURL=http://<host name>:<port number>/ in /opt/f-secure/fsigk/conf/dbupdate.conf. - You can check the version number of virus definition files with “cd /opt/f-secure/fsigk; make show-dbversion” . You can obtain the version of the definition file for each engine (Aquarius, Hydra (FS-Engine)) from "[Version]...

  • Page 63: Logs

    To download definition files from Policy Manager, specify UPDATEURL=http://<host name>:<port number>/ in /opt/f-secure/fsigk/conf/dbupdate.conf. - You can check the version number of virus definition files with “cd /opt/f-secure/fsigk; make show-dbversion” . You can obtain the version of the definition file for each engine (Aquarius, Hydra (FS-Engine)) from "[Version]...

  • Page 64: Top Menu

    Downloads the diagnostic information file (diag.tar.gz). The diagnostic information file contains information for troubleshooting, including product settings, system settings, and log information. Download the /opt/f-secure/fsigk/diag.tar.gz file created by the "cd /opt/f-secure/fsigk; make diag" command. When contacting support, please send the diagnostic information file ( diag.tar.gz ) if possible.

  • Page 65: Access Control

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7.2 Access Control You can use the proxy and other settings to control access based on the host and network. Specify the settings as described below. Access control uses tcpwrapper. For more information about tcpwrapper, run "man 5 hosts access"...
  • Page 66 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide What to do if a line contains more than 2047 bytes The access control setting file (/opt/f-secure/fsigk/conf/hosts.allow) permits a maximum of 2047 bytes per line. Use the following methods if you want to specify lines longer than 2047 bytes.

  • Page 67: Detection Notification Templates

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7.3 Detection Notification Templates You can specify a header in the top line of the detection notification template. When sending a notification e-mail to the sender or administrator from the SMTP service, you can specify "From: name@domain"...
  • Page 68 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Access time in text format (Example: 'Tue May 7 16:16:17 2002') ${HEADER} Content of the header ${TEXT} Content of the text message ${MAILFROM} SMTP sender address (the address passed to the "MAIL FROM:" command) ${RCPTTO} SMTP recipient addresses (the addresses passed to the "RCPT TO:"...

  • Page 69: Expert Options

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 7.4 Expert Options Reference Information for Expert Options Usually, you do not need to specify any other settings than those available through the web console and described in this manual. However, a number of expert options are available for handling special cases or requirements.

  • Page 70: Command-Line Tools

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 8. Command-line Tools You do not need to use command-line operations daily. Please refer to this chapter if command-line operations are required. The proxy function of Internet Gatekeeper is automatically started when changes are made to its settings in the Web Console, or during system start-up via /etc/rc.d/init.d/.

  • Page 71: Proxy Execution

    Usually, you need to specify /opt/f-secure/fsigk/conf/fsigk.ini as the configuration file. Command names: cd /opt/f-secure/fsigk; ./fsigk Move the fsigk command to the /opt/f-secure/fsigk/ directory before using it. Options: If you specify multiple options, the last option is prioritized: Uses the http protocol (default when started with “fsigk_http”) --http Uses the smtp protocol (default when started with “fsigk_smtp”)

  • Page 72: Virus Definition Updates

    /opt/f-secure/fsigk/conf/dbupdate.conf with the host name and port number used by Policy Manager. - You can check the version number of virus definition database files with “cd /opt/f-secure/fsigk; make show-dbversion”. The version number of database files for each engine (Aquarius,Hydra(FS-Engine)) corresponds to "[Version]...

  • Page 73: Restarting All Services

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Definition files are not downloaded from the Internet. Instead, they are carried on by using specified databases (fsdbupdate9.run). (databases are imported) Configuration file: /opt/f-secure/fsigk/conf/dbupdate.conf use_proxy=[yes|no] Specifies whether a proxy is used or not http_proxy_host=...

  • Page 74: Creating Diagnostic Information

    # cd /opt/f-secure/fsigk; make restart 8.5 Creating Diagnostic Information Overview of operations: Creates a diagnostic information file (diag.tar.gz) in the /opt/f-secure/fsigk directory. The diagnostic information file contains configuration information aboutthe product, system, and log files. The information is needed for troubleshooting.

  • Page 75: Logs

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 9. Logs F-Secure Internet Gatekeeper for Linux records access status, virus detection status, and error occurrences to log files. The log files are saved in /opt/f-secure/fsigk/log/ and a directory is created for each service. 9.1 Log Files 9.1.1 Access Logs...
  • Page 76 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide When pop is used, the URL is “pop://POP user name@POP server name:port number”. When smtp is used, the URL is “mail:destination”. • User name Displays the user name when proxy authentication is used. “-“ is recorded if authentication is not used.
  • Page 77 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide generated) Detection time The time (milliseconds) spent on virus checks executed in one connection (the time applies to the time elapsed since the last time an access log was generated) Detection details Displays the detection details with the following strings separated by a comma: VSD_ENCRYPTED Encrypted file ・...

  • Page 78: Virus And Spam Detection Logs

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide ” ( 151) appears. SMTP SERVER/ERROR Reply(MAIL): buf=[XXX] ・ Error response when the "MAIL FROM" command to the SMTP server is sent SERVER/ERROR Reply(RCPT): buf=[XXX] ・ Error response when the " RCPT TO " command to the SMTP server is sent ・...

  • Page 79: Error Logs

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 9.1.3 Error Logs Logs are recorded when an error occurs. Refer to the error logs if the program is not working properly. Error logs are formatted in the following manner. The format and text of the messages may change in the future if necessary.
  • Page 80 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message ###ERROR### Maximum connections: warning: Client connections reached maximum connections(maximum connections). More request will be blocked/rejected. If there is many warnings, please increase 'Maximum Connections' settings(pre_spawn value of fsigk.ini) of this service. (provisional value will be good value as start line).
  • Page 81 Description Connection to the SMTP server (“admin_mx_host”, “admin_mx_port” in /opt/f-secure/fsigk/conf/fsigk.ini), which is configured to send notifications to the administrator after a virus or spam detection, was successful. However, an error occurred. Solution Check if the host name and port number of the configured SMTP server can be accessed.
  • Page 82 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message ###ERROR### semget failure. Childnum(pre_spawn=[Maximum connections]) may be large. If needed, maximum semaphore number(SEMMNI) can increase by adding like 'kernel.sem=250 128000 32 512' on '/etc/sysctl.conf' and running 'sysctl -p'./strerror(28)=No space left on device Description The service could not be started because the semaphore could not be secured.
  • Page 83 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message ###ERROR### get_response_header: Too Large Header Description Is displayed when a HTTP response header is too large (over 10 KB). The service is working without any problems. Solution Check if the problem occurs for a specific URL or browser.
  • Page 84 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message ###ERROR### smtp_data_cmd_itr:AUTH buf=[Response line] /strerror(xxx)=xxx Description Is displayed when a response code during SMTP authentication with the SMTP server returns an irregular code (besides 334, 5xx, 235). The [Response line] represents the response message from the SMTP server.
  • Page 85 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 1. Add the following line to sysctl.conf (the maximum number of file handles is changed to 65535): fs.file-max = 65535 2. Run the following command to apply the changes: sysctl -p Message ###ERROR### XXX cannot open [/var/tmp/fsigk/proxytmp-xxx]/strerror(2)=No...
  • Page 86 If this message appears, there is a good chance that a problem exists in the product. In order to have F-Secure take a look at the problem, please send all of the files which begin with “core” in the installation directory (/opt/f-secure/fsigk/) to F-Secure.
  • Page 87 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message ###ERROR### main/accept_loop/accept(s=x):/strerror(104)=Connection reset by peer Description This message can appear if you use kernel 2.2 and if you disconnect immediately after the connection is established. The product can work properly even if this message appears.
  • Page 88 Description The problem is in resolving the address of servers for the spam detection engine (ct-cache%d.f-secure.com, where “%d” can be 1 to 9). Solution Make sure that the name resolver of the machine (gethostbyname()) can resolve the hosts.

  • Page 89: Information Logs

    (Other messages) Description An unusual error may have occurred. Solution Please send the error log files and diagnostic information to F-Secure for inspection. 9.1.4 Information Logs The information log (info.log) records any other general information. Message format: Time (seconds) [Date Time Port Internal process ID Client IP address:Client host Client...
  • Page 90 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message main: accept_loop(sock=Socket number,pid=Process number). Starting to accept connection on each proxy process. Description A message which indicates the start of a proxy process. The message is displayed when a service is started. Messages at service stoppage Message main: ### STOP ### (ver=[Version number], pid=プロセス...
  • Page 91 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message is_server_alivesocket: select(s=AAA):ret=BBB,cur_pid=CCC: Server closed connection while transaction. There may be timeout on the server because of no traffic. (elasped=TTTms) Description Is displayed when a server closes a connection before the normal protocol process finishes. This message may appear when a session timeout occurs on the server side.
  • Page 92 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message From: %s:%d(%s) To: %s:%d(%s) Message-Id: %s Infected: %d VirusName: %s Description Using the SMTP service, a mail that contains “From: Client address: From Client port (sender address)”, “To: Server address: To server port (Recipient address), “Message-Id: Message ID” is sent.
  • Page 93 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Message ERROR Reply(DATA) url=[%s] buf=[%s] ERROR Reply(DATAEND): url=[%s] buf=[%s] ERROR Reply(MAIL): buf=[%s] ERROR Reply(RCPT): buf=[%s] ERROR Reply(AUTH): buf=[%s] ERROR Reply(QUIT): buf=[%s] ERROR Reply(NOOP): buf=[NULL], error=...(...) ERROR Reply(NOOP): buf=[%s] Description Is displayed when an error response is returned against the command sent to the SMTP server using the SMTP service.

  • Page 94: Splitting/Rotating Log Files

    Log files are saved as a single file by default and not split into multiple files. To split log files, use the logrotate command. To set up a split rotation for log files by using the sample configuration file: 1 Set the configuration file Copy the Sample configuration file (/opt/f-secure/fsigk/misc/logrotate.fsigk) to /etc/logrotate.d/virusg. # cp /opt/f-secure/fsigk/misc/logrotate.fsigk /etc/logrotate.d/fsigk 2 Edit the configuration file Specify the rotation interval as needed.

  • Page 95: Time Display Conversion Tool

    You can run the logconv tool with the following command. The options may be omitted. # /opt/f-secure/fsigk/misc/logconv <Log file name> (From Windows, you can run it from “/opt/f-secure/fsigk/misc/logconv.exe”.) Options Outputs the log entries corresponding to the last [num] lines from the end of --tail [num] the log.

  • Page 96: Log Analysis Tools

    0 1 * * * cd /opt/f-secure/fsigk/log/http/logtool/; /usr/bin/webalizer ../access.log -F squid -o . Log results are saved to the /opt/f-secure/fsigk /log/http/logtool/ directory. You can view the analysis results at “http://xxx:xx/log/http/logtool/” after logging into the web console. A source patch ( misc/webalizer-xxx.detect-stat.patch-xxx ) that additionally displays virus information can be used if needed.

  • Page 97: External Output Of Logs

    Logs are saved as files by default. However, they can be output to other formats such as syslog. Use pipes in the external command to redirect the output. To set the external output, specify the configuration file (/opt/f-secure/fsigk/conf/fsigk.ini) in the following way: access_log=|<External command> (For access logs) detect_log=|<External command>...

  • Page 98: Other Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10. Other Settings This chapter describes additional settings, which you can configure for the product. For most users, the settings described in “Typical Configurations” (15) provide enough security. However, some users may require additional security. In this case, the examples in this chapter may be useful.
  • Page 99 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Proxy Access Control You can configure access control by using the options. To apply restrictions which Access control are based on host names, you must first enable “DNS Reverse Lookup”. For more information, see “Access...

  • Page 100: Authentication Using Virtual Networks

    The client connects to Internet Gatekeeper through the authenticated path. In addition, only authenticated client is able to connect to the gateway. This section describes settings, which apply if you use SSH (F-Secure SSH, openssh, TTSSH, etc.). For example, the following software use SSH: ■...
  • Page 101 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Settings 1 Install an SSH server to the same server (or a computer on the network) as F-Secure Linux Internet Gatekeeper. For certain Linux distributions (such as Red Hat 7 and later versions), openssh is installed by default.

  • Page 102: Proxy Authentication Using Internet Gatekeeper

    ” from the corresponding service page. POP, FTP Service For POP and FTP services, F-Secure Internet Gatekeeper for Linux checks whether a user name exists in the user database. If multiple servers are used, specify “user name@server name” or “user name@server name”. To allow all users for a specific server, specify “@server name".
  • Page 103 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide To prevent the files from being overwritten during updates, remove the symbolic links and create copies before editing the configuration files. Proxy Settings Proxy settings HTTP proxy HTTP proxy authentication: On Add or remove users: Add, delete, or edit users on the “Add or remove users” page.

  • Page 104: Authentication By Mail Servers

    User A User B F-Secure Internet Gatekeeper uses POP and SMTP authentication on the server side. The product works as a proxy to enable access from clients to the mail server. Therefore, user authenticating functions based on POP and SMTP authentication by mail servers can be used as is.

  • Page 105: Authentication Using Pop-Before-Smtp

    SMTP service is limited to IP addresses that have passed POP authentication within a specified time. In addition, POP-before-SMTP authentication is performed in F-Secure Internet Gatekeeper for Linux. This is because the IP address of the product is always assigned to the IP address of the sender’s mail server.
  • Page 106 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Because e-mails from the Internet are delivered to mail servers through the product, the corresponding mail servers must be allowed to deliver without authentication. The following describes how you can configure this: Proxy settings...

  • Page 107: Transparent Proxy

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10.2 Transparent Proxy F-Secure Internet Gatekeeper for Linux can work as a transparent proxy for each service (HTTP, FTP, SMTP, POP). In this way, you can perform virus scans for services without having to change settings for each user.

  • Page 108: Transparent Proxy Details

    10.2.1 Transparent Proxy Details Normally, clients access web servers and mail servers directly. To use F-Secure Internet Gatekeeper for Linux as a transparent proxy, you must install it on the IP routing between clients and servers. The product relays the access and performs a virus scan during the relay by capturing connections from clients to servers and by creating another connection to servers.

  • Page 109: Transparent Proxy - Router Mode

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10.2.2 Transparent Proxy – Router Mode To function as a transparent proxy in router mode, you must install Internet Gatekeeper on a computer, which acts as a router between the clients and the servers.
  • Page 110 (SERVER:110). Settings To use a transparent proxy in proxy mode, configure the network and server associated with F-Secure Internet Gatekeeper for Linux in the following way: 1 Open the web console. Select...
  • Page 111 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 2 Change the access destination of the client to FSIGK:9110 by changing iptables on Internet Gatekeeper. • Configuring the web console: From the web console, select “HTTP”, “SMTP”, “POP”, or “FTP” from the “Proxy settings” menu.
  • Page 112 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 3 Change the default route of the NAT (lower-level) router to FSIGK to let all data communication pass through FSIGK. If the router is running Linux, run the following commands: NAT-router# route del -net default NAT-router# route add -net default gw 192.168.0.99...

  • Page 113: Transparent Proxy - Bridge Mode

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10.2.3 Transparent Proxy – Bridge Mode F-Secure Internet Gatekeeper for Linux can also operate as a bridge while acting as a transparent proxy. If you configure the product in bridge mode, virus scanning functions can be provided to clients without having to change any settings on clients and networks.
  • Page 114 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Overview of operations: The following describes how clients connect to servers when F-Secure Internet Gatekeeper for Linux is set up as a transparent proxy: 1 The client starts a connection to a service port (example 110) of a server (SERVER).
  • Page 115 3 To set the bridge, change the IP address, netmask, default root, and interface name in /opt/f-secure/fsigk/misc/rc.bridge and launch the bridge as a startup script. You need the brctl command to set the bridge. If it is not available, install a package which includes the brctl command (for example, the “bridge-utils”...
  • Page 116 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 5 Check that virus scans can be performed when a client accesses a server. When a service accesses a server from Internet Gatekeeper, the IP address of the product is normally assigned as the IP address of the service source. For this reason, the IP address and routing settings must be applied to the Internet Gatekeeper server.

  • Page 117: Coexisting With Mail Servers

    10.3 Coexisting with mail servers F-Secure Internet Gatekeeper for Linux can operate in the same computer as the mail server. If the product is implemented in the same computer as a mail server, you must change the IP address or the normal port number (25 or 110) of either the mail server or the product.

  • Page 118: Changing The Port Number Of The Mail Server

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10.3.2 Changing the Port Number of the Mail Server Internet Gatekeeper server Internet FSIGK(SMTP) 9025 SMTP M ail box 9110 FSIGK(POP) If you specify a different port number for the mail server, it is possible to use the product and a mail server in the same computer.
  • Page 119 9025 inet n - n - - smtpd 2 Restart postfix. # postfix reload Settings for F-Secure Internet Gatekeeper for Linux Set the port numbers of the parent server to 9025 and 9110 at the web console: Proxy settings SMTP proxy: On...
  • Page 120 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide As outbound access is denied by restricting recipient domains, allow access from clients within the LAN. The following example enables IP addresses specified in 192.168.1.xxx and 192.168.2.xxx. Proxy settings SMTP proxy LAN access settings: On Hosts and networks within LAN: 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0...

  • Page 121: Changing The Ip Address

    FSIGK(POP) 192.168.2.1:110 If F-Secure Internet Gatekeeper for Linux and a mail server use a different interface (IP address), it is possible to use the product and a mail server in the same computer with the same port number. In the following example, the mail server listens to eth0 (192.168.1.1) and Internet Gatekeeper listens to...
  • Page 122 2 Restart postfix. # postfix reload Settings for F-Secure Internet Gatekeeper for Linux Set the port numbers of the parent server to 192.168.2.1.25 and 192.168.2.1.110. Specify the parent server to be the mail server (192.168.1.1:25, 192.168.1.1:110) at the web console.

  • Page 123: Changing Ip Addresses With Iptables

    110(eth1 ? ? ) FSIGK(POP) If F-Secure Internet Gatekeeper for Linux and a mail server use a different interface, it is possible to use the product and a mail server in the same computer with the same port number. You can redirect the access to default ports (25, 100) in specific interfaces to Anti-Virus (9025, 9110).
  • Page 124 # iptables -t nat -A PREROUTING -d 192.168.2.1 -p tcp --dport 110 -j REDIRECT --to-port 9110 # /etc/rc.d/init.d/iptables save Settings for F-Secure Internet Gatekeeper for Linux Set the port numbers of the parent server to 9025 and 9110, and the parent server to be the mail server (localhost:25, localhost:110)) at the web console.

  • Page 125: Scanning Viruses Before Saving Mail To The Mail Server

    POP protocol. For this reason, you do not need to make any changes to the mail server. It is also possible to check inbound e-mails in SMTP before they are saved to the mail server. The following example uses a single F-Secure Internet Gatekeeper for Linux server to check both outbound and inbound e-mails for viruses.
  • Page 126 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Settings 1 Set up F-Secure Internet Gatekeeper for Linux under a temporary host name (virus-gw) and apply the following proxy settings: Proxy settings SMTP proxy: On Proxy port: 25 Global settings Parent server: Host name: <IP address of internal mail server>...
  • Page 127 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide • Using postfix: ① Add the following line to /etc/postfix/main.cf: mynetworks=<IP address of virus-gw (Example: 192.168.0.99)>,<Network within LAN (Example: 192.168.1.0/24.)> ② Restart postfix. # postfix reload 3 Check that e-mails can be sent from the internal network to an external mail server by using virus-gw.

  • Page 128: Reverse Proxy Settings

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 10.5 Reverse Proxy Settings F-Secure Internet Gatekeeper for Linux can be set up as a reverse proxy to scan connections from a client to a specific web server. It is also possible to implement the product as a transparent proxy, which makes it possible for a single Internet Gatekeeper to scan multiple web servers.

  • Page 129: Coexisting With Web Servers

    10.5.2 Coexisting with Web Servers F-Secure Internet Gatekeeper for Linux can operate in the same computer as a web server. By specifying a different port number for the web server, it is possible to use the product and a web server in the same computer.

  • Page 130: Implementing A Https (Ssl) Server

    To scan a connection from a specific HTTP (SSL) server, decrypt the data with a SSL proxy or SSL accelerator first, and then scan the data with the product. For example, if you use Apache, set Apache to function as a SSL proxy and place F-Secure Internet Gatekeeper for Linux in the HTTP communication section.
  • Page 131 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Internet Gatekeeper settings At the web console, configure the proxy port to 9080 and the parent server port to 80. Proxy settings HTTP proxy: On Proxy port: 9080 Parent server: Host name: localhost Port number: 80 Web Server settings The web server uses port 80.

  • Page 132: Product Specifications

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11. Product Specifications 11.1 Product Specifications The following describes the specifications for F-Secure Internet Gatekeeper for Linux. Web console - Supported English/Japanese languages Web console - Authentication 300 seconds timeout Installer rpm, deb,tar.gz Supported network protocols...
  • Page 133 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide scanned POP commands that can be used USER/PASS/APOP/UIDL/TOP/STAT/LIST/RETR/DELE/NOOP/RSET/QUI AUTH, and other similar response commands APOP cannot be used if “Defining parent server by user” is enabled and the product is running as a proxy...

  • Page 134: Http Proxy Process

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.2 HTTP Proxy Process This section describes how common protocols are processed with the HTTP proxy. Proxy mode, GET method Client Internet Gatekeeper (0.0.0.1) HTTP Server (httpserver,0.0.0.2) TCP connect(to: 0.0.0.1:9080) -----------------------------> GET http://httpserver/index.html HTTP/1.0...
  • Page 135 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Transparent Proxy mode (Router or Bridge), GET method Client Internet Gatekeeper (0.0.0.1) HTTP Server (httpserver,0.0.0.2) TCP connect(to: 0.0.0.2:80) -----------------------------> GET /index.html HTTP/1.0... TCP connect(to: 0.0.0.2:80) -----------------------------> -----------------------------> GET /index.html HTTP/1.0... -----------------------------> HTTP/1.0 200 OK...

  • Page 136: Smtp Proxy Process

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.3 SMTP Proxy Process This section describes how common protocols are processed with the SMTP proxy. Proxy mode Client Internet Gatekeeper (fsigk, 0.0.0.1) SMTP server (smtpserver, 0.0.0.2) TCP connect(to: 0.0.0.1:9025) TCP connect(to: 0.0.0.2:25) ----------------------------->...
  • Page 137 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Transparent Proxy mode (Router or Bridge) Client Internet Gatekeeper (fsigk, 0.0.0.1) SMTP server (smtpserver, 0.0.0.2) TCP connect(to: 0.0.0.2:25) TCP connect(to: 0.0.0.2:25) -----------------------------> -----------------------------> 220 smtpserver ... 220 fsigk ... <----------------------------- <----------------------------- EHLO client EHLO fsigk ----------------------------->...

  • Page 138: Pop Proxy Process

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.4 POP Proxy Process This section describes how common protocols are processed with the POP proxy. Proxy mode Client Internet Gatekeeper (fsigk,0.0.0.1) POP server (popserver, 0.0.0.2) TCP connect(to: 0.0.0.1:9110) -----------------------------> +OK ... fsigk starting <-----------------------------...
  • Page 139 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Transparent mode (Router or Bridge) Client Internet Gatekeeper (fsigk,0.0.0.1) POP server (popserver, 0.0.0.2) TCP connect(to: 0.0.0.2:110) TCP connect(to: 0.0.0.2:110) -----------------------------> -----------------------------> +OK ... popserver +OK ... popserver <----------------------------- <----------------------------- USER user USER user ----------------------------->...

  • Page 140: Ftp Proxy Process

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.5 FTP Proxy Process The FTP service relays both the control session and data session. This section describes how common protocols are processed with the FTP proxy. Proxy mode, Passive FTP Client Internet Gatekeeper (fsigk, 0.0.0.1) FTP server (ftpserver, 0.0.0.2)
  • Page 141 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 221 Goodbye. <----------------------------- <----------------------------- Proxy mode, Active FTP Client (0.0.0.3) Internet Gatekeeper (fsigk,0.0.0.1) FTP server (ftpserver, 0.0.0.2) TCP connect(to: 0.0.0.1:9021) -----------------------------> 220 fsigk at fsigk <----------------------------- USER user@ftpserver TCP connect(to: 0.0.0.2:21) -----------------------------> -----------------------------> 220 ftpserver <-----------------------------...
  • Page 142 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Transparent mode (Router or Bridge), Passive FTP Client Internet Gatekeeper (0.0.0.1) FTP server (ftpserver, 0.0.0.2) TCP connect(to: 0.0.0.2:21) -----------------------------> TCP connect(to: 0.0.0.2:21) -----------------------------> ftpserver <----------------------------- ftpserver <----------------------------- USER user USER user -----------------------------> -----------------------------> 331 Password required 331 Password required <-----------------------------...
  • Page 143 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Transparent mode (Router or Bridge), Active FTP Client (0.0.0.3) Internet Gatekeeper (fsigk,0.0.0.1) FTP server (ftpserver, 0.0.0.2) TCP connect(to: 0.0.0.2:21) -----------------------------> TCP connect(to: 0.0.0.2:21) -----------------------------> ftpserver <----------------------------- ftpserver <----------------------------- USER user USER user -----------------------------> ----------------------------->...

  • Page 144: Http Error Responses

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.6 HTTP Error Responses The section describes errors that occur during the HTTP access. You can change the messages which are shown to the clients. You can do this by editing the error message template file (/opt/f-secure/fsigk/conf/template_http_error.html).
  • Page 145 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Description The HTTP version of the request exceeds the limit (98 bytes) Response code Reason Bad Request Message Too long Request Version Request version error Description The request HTTP version specified is a version other than "HTTP/1.0", "HTTP/1.1" or "(HTTP/0.9)"...

  • Page 146: Http Request And Response Headers

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.7 HTTP Request and Response Headers HTTP request and response headers are not changed for the most part but the following headers are changed by the product. Request header: • Request line If the request version is “HTTP/1.1”, it is changed to “HTTP/1.0”...
  • Page 147 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Response header: • Response line If the response header version is “HTTP/1.1”, it is changed to “HTTP/1.0” • Connection The current Connection header is removed If the connection is Keep-Alive, the following is added.

  • Page 148: Smtp Command Responses

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.8 SMTP Command Responses Usually, server responses are relayed to clients during SMTP connections. However, sometimes they can be generated by F-Secure Internet Gatekeeper for Linux. The product generates the following messages: [Response message] (Product name) (Example: 500 Unknown Command: "TEST"...
  • Page 149 Message 235 ok authed Reason Authentication is successful. Is displayed only when SMTP authentication is performed by F-Secure Internet Gatekeeper for Linux. If authentication is done on the SMTP server side, the SMTP server response is relayed. Message 535 authorization failed...
  • Page 150 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Reason Authentication failed. Is displayed only when SMTP authentication is performed by F-Secure Internet Gatekeeper for Linux. If authentication is done on the SMTP server side, the SMTP server response is relayed. Message 500 disconnected from server(AUTH).

  • Page 151: Smtp Commands - Operations

    11.9 SMTP Commands – Operations During SMTP connections, commands executed from clients are operated in the following way. The [Product name] is by default "F-Secure/fsigk_smtp/Version/Host name". You can change the product name by editing "product_name=" (see expert options for details).
  • Page 152 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide EHLO command 1 The following is sent to the server: EHLO [Host name] 2 Receives a response from the server. 3 The following option lines are deleted from the response information. CHUNKING, BINARYMIME, PIPELINING,STARTTLS 4 Set the response and maximum message size to the smallest value (default: 2,000,000,000) from the server in the SIZE option.
  • Page 153 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide DATA command 1 The following is sent to the client: 354 Enter mail ([Product name]) 2 Mail data is received. 3 Mail data is scanned for viruses or spam. 4 If a virus or spam is detected: ①...
  • Page 154 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide a) The following is sent to the server: To: [Recipient address of the e-mail received] b) The following is sent to the server: CC: [CC address of the e-mail received] 9) If the From field is not included in the infected e-mail notification template: a) The following is sent to the server: From: [Administrator’s e-mail address]...

  • Page 155: Pop Commands - Operations

    11.10 POP Commands – Operations During POP connections, commands executed from clients are operated in the following way. The [Product name] is by default "F-Secure/fsigk_pop/Version/Host name". You can change the product name by editing "product_name=" (see expert options for details).
  • Page 156 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide ④ If the connection fails: 1) The following is sent to the client: -ERR Can't Connect to (Server host: Server port) errmsg=[Connection error message] For connection error messages, see “Connection Error Messages ”, 162.

  • Page 157: Ftp Commands - Operations

    11.11 FTP Commands – Operations During FTP connections, commands executed from clients are operated in the following way. The [Product name] is by default "F-Secure/fsigk_ftp/Version/Host name". You can change the product name by editing "product_name=" in the expert options. Client connections 1 If “Defining parent server by user”...
  • Page 158 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 2 If (1) above does not apply: ① If user authentication is enabled: 1) If the user is not added: a) The following is sent to the client: 500 Invalid Account Auth. ② If the user name contains “@” or “#”: 1) The server specified by the last “@”...
  • Page 159 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide ④ If the connection fails: 1) The following is sent to the client: -500 Can't Connect to (Server host: Server port) errmsg=[Connection error message] For connection error messages, see “Connection Error Messages ”, 162.

  • Page 160: Connection Error Messages

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 3 If the mode is Active: ① Receives a response from the server. ② If the response code is other than 1xx: 1) The command terminates. ③ Connects to the client with the data session.
  • Page 161 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Host name lookup failure : Failed to look up the specified host. (Occurs, for example, when a response from the DNS server could not be reached. If there is no problem on the DNS server, check if you can look up the host name from the Linux Internet Gatekeeper server by using nslookup.

  • Page 162: Service Process List

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.13 Service Process List F-Secure Linux Internet Gatekeeper uses the following processes to provide its services. tomcat(java) Web application server used for the web console of the product. Tomcat uses Java. It uses a single process and it can use multiple threads. It uses approximately 100 MB of memory.
  • Page 163 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide fsavd Handles the scanning engine process. The number of processes it uses varies depending on the usage. The process uses a minimum of 2 processes for each service (http, smtp, pop, ftp), and the maximum number of processes it can use for each service is equal to the logical number of CPUs in the system (2 CPUs: 2 processes, 4 CPUs: 4 processes).

  • Page 164: Detection Names

    F-Secure Internet Gatekeeper for Linux/Administrator’s Guide 11.14 Detection Names If F-Secure Internet Gatekeeper for Linux detects a virus, the virus name is recorded in a log. Detailed information on viruses can be found on the following web page: http://www.f-secure.com/v-descs/ If you specify certain conditions, the product can detect other information besides viruses. These detection names begin with "FSIGK/"...
  • Page 165 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide FSIGK/SPAM_LIST/UCE/([Condition number])/(Header field)) Spam detected by a database (Unsolicited advertisements). The condition number indicates the number of lines detected in the database file. FSIGK/SPAM_LIST/ADVERTISEMENT/(Condition number)/ (Header field name) Spam detected by a database (general advertisements).

  • Page 166: Riskware

    If a program is identified as riskware but it is explicitly installed and correctly set up and used, it is less likely to be harmful. Riskware detected by F-Secure Internet Gatekeeper for Linux are given the detection name of “Catagoriy.Platform.Family”.
  • Page 167 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Riskware platforms: Apropos Casino ClearSearch DrWeb Dudu ESafe HTML Java Linux Macro Maxifiles NaviPromo NewDotNet Palm Perl Searcher Solomon Symantec TrendMicro UNIX Win16 Win32 Wintol ZenoSearch...

  • Page 168: Copyright Information

    This product may be covered by one or more F Secure patents, including the following: B2353372, GB2366691, GB2366692, GB2366693, GB2367933, GB2368233. F-Secure Internet Gatekeeper for Linux includes the following software. License information for the software can be found in the respective doc/ directory of each software.
  • Page 169 F-Secure Internet Gatekeeper for Linux/Administrator’s Guide Apache Myfaces(Myfaces Core / Myfaces Tomahawk) Original Package: http://myfaces.apache.org/ GNU wget Original Package: http://www.gnu.org/software/wget/ Location: “tool/wget” on installation directory License: GPL...

This manual is also suitable for:

Internet gatekeeper for linux version 4

Table of Contents