1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI FILE...
  6. User manual

KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI FILE SERVER User Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
KASPERSKY LAB
Kaspersky Anti-Virus
for FreeBSD, OpenBSD and BSDi
File Server
USER GUIDE

Advertisement

Table of Contents
loading

Related Manuals for KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI FILE SERVER

Summary of Contents for KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI FILE SERVER

  • Page 1 KASPERSKY LAB Kaspersky Anti-Virus for FreeBSD, OpenBSD and BSDi File Server USER GUIDE...
  • Page 2 K A S P E R S K Y A N T I - V I R U S F O R F R E E B S D , O P E N B S D A N D B S D I F I L E S E R V E R User Guide User Guide User Guide...

  • Page 3: Table Of Contents

    Contents KASPERSKY ANTI-VIRUS FOR FREEBSD, OPENBSD AND BSDI FILE SERVER ................8 1.1. Introduction ................. 8 1.2. Distribution kit................10 1.2.1. What is in the distribution kit..........10 1.2.2. License agreement ............. 11 1.2.3. Registration card..............11 1.3. Help desk for registered users..........11 1.4.
  • Page 4 C O N T E N T S 4.1. Starting Scanner............... 25 4.2. Searching for viruses and deleting them......... 27 4.2.1. Loading anti-virus scanner ..........27 4.2.2. Handling infected objects ........... 28 4.2.3. Handling corrupted objects..........30 4.2.4. Handling suspicious objects..........31 4.3.
  • Page 5 C O N T E N T S 6.2. Launching the daemon process ..........60 6.3. Calling up the process from a client program ......63 ANTI-VIRUS MONITOR: MONITORING THE SYSTEM FOR VIRUSES ..................... 65 7.1. Features and functions............. 65 7.2.
  • Page 6 C O N T E N T S 9.6. The Options page..............93 9.7. The Report page............... 95 9.8. The ActionWith page..............98 9.9. The Customize page .............. 100 WEBTUNER: REMOTE ADMINISTRATION PROGRAM .... 102 10.1. Functions and features............102 10.2.
  • Page 7 C O N T E N T S 10.8.1. Scanner settings ............... 135 10.8.2. Remote configuration of the Scanner program ....137 10.8.3. Launching Scanner from a Remote Location....137 10.8.4. Reviewing the log file............139 10.9. WebTuner: administering Updater ........139 UPDATER: UPDATING VIRUS-DEFINITION DATABASES ..
  • Page 8 C O N T E N T S 15.1. Files with the program settings ..........163 15.2. Scanner and Daemon: The initialization file (AvpUnix.ini) ... 163 15.3. Scanner and Daemon: the profile (defUnix.prf) ....165 15.4. Scanner and Daemon: command line switches ....176 15.5.

  • Page 9: Kaspersky

    Chapter Attention!!! New viruses arise every day and if you want to keep your anti-virus fresh capable, strongly recommend you to update anti-virus databases at least every day (for more details see below). Moreover, make sure to update them right after you install the product on your computer! 1.
  • Page 10 I N T R O D U C T I O N allows detection and deletion of all currently known types of viruses and mailware codes including: polymorphic or self-encoding viruses; stealth or invisible viruses; viruses for Windows 9x, Windows NT, UNIX, OS/2; new viruses for Java applets;...

  • Page 11: Distribution Kit

    I N T R O D U C T I O N The package also contains the special configuration program kavtuner (Tuner), which allows you to define the virus-scanning settings of the Scanner and Daemon programs. By using the kavinspector program (Inspector) you can check the filesystem.

  • Page 12: License Agreement

    I N T R O D U C T I O N 1.2.2. License agreement The License Agreement (LA) is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab Ltd.) describing the terms on which you may employ the anti-virus product, which you have purchased.

  • Page 13: Information In The Book

    I N T R O D U C T I O N If you register and purchase a subscription you will be provided with the following services for the period of your subscription: daily virus-definition database updates via e-mail; product upgrades; phone and e-mail advice on matters related to your software installation, configuration and performance;...
  • Page 14 I N T R O D U C T I O N Convention Meaning Bold font Menu titles, commands, window titles, dialog elements, etc. !" Note. Additional information, notes #" Very important information Attention! $" Actions that must be taken T o do this: …...

  • Page 15: Installing Kaspersky Anti-Virus For Xbsd File Server

    Chapter 2. 2. 2. 2. Installing Kaspersky Anti Installing Kaspersky Anti- - - - Installing Kaspersky Anti Installing Kaspersky Anti Virus for xBSD File Se Virus for xBSD File Server rver Virus for xBSD File Se Virus for xBSD File Se rver rver 2.1.

  • Page 16: Backing Up Your Installation Diskettes

    I N S T A L L A T I O N 2.2. Backing up your installation diskettes If you purchased the Kaspersky Anti-Virus for xBSD File Server package on installation diskettes (but not the CD) before installing the program on your computer, it is recommended that you back up those diskettes.
  • Page 17 I N S T A L L A T I O N the following: pkg_add kav-WorkstationSuit-4.0.0.0-FreeBSD-4.x.tgz Copy the .key file from the installation CD (installation diskette) to the directory defined in the KeysPath line of the file AvpUnix.ini. The default .key file directory is /etc. Run the Updater program to download virus-definition databases that are used in searches for viruses and disinfection (for details on how to launch Updater refer to...

  • Page 18: Of Kaspersky Anti-Virus For Openbsd And Bsdi

    I N S T A L L A T I O N #" If any component of the Kaspersky Anti-Virus for FreeBSD software package failed to start, apply the launching procedure described in the corresponding chapter of this book. 2.3.2. … of Kaspersky Anti-Virus for OpenBSD and BSDi $"...

  • Page 19: Preparing To Run

    I N S T A L L A T I O N 2.4. Preparing to run How to edit the .ini file and a path to the directory for temporary files. Customizing the software for various needs. 2.4.1. Editing the .ini file The initialization file AvpUnix.ini contains information that is essential for your program’s correct performance and may be found in one of the following directories:...

  • Page 20: Editing The Path To Temporary Files

    I N S T A L L A T I O N #" When editing the SetFile parameter, be sure to specify only the name of your .set file. You do not need to define the full path to it! If you copied the key files to a separate directory, you must specify a new path to these files in the KeysPath line of your AvpUnix.ini.
  • Page 21 I N S T A L L A T I O N 3. If necessary, edit the profile (see Appendix B). If you specify the –ua=name switch (where name is the user name) in the Tuner or the Installer command line, the programs will automatically perform the steps described above.

  • Page 22: Changing Scanning Settings

    Chapter 3. 3. 3. 3. Running Kaspersky Anti Running Kaspersky Anti- - - - Virus Virus Running Kaspersky Anti Running Kaspersky Anti Virus Virus for xBSD File Server for xBSD File Server for xBSD File Server for xBSD File Server 3.1.

  • Page 23: Starting To Check

    R U N N I N G First—by means of the configuration program called Tuner (see chapter 9) or the remote configuration program called WebTuner (see chapter 10). Second—by opening and editing a profile in any text editor (see subchapter 5.2). For various situations, you may define different settings.

  • Page 24: Starting To Update Virus-Definition Databases

    R U N N I N G is defUnix.prf, a sample of which is supplied with Kaspersky Anti-Virus for xBSD File Server. If your package doesn’t contain the file, the scanner will use its own default settings. You may also redefine settings by using the switch F=profile_name in the command line.
  • Page 25 R U N N I N G You may also refer to the site at www.kaspersky.com for a complete list of Kaspersky Lab dealers that can provide you with updates. To efficiently protect your computer from new viruses it's advisable to update your virus-definition databases on a regular basis.

  • Page 26: Anti-Virus Scanner: Scanning And Disinfecting

    Chapter 4. 4. 4. 4. Anti Anti- - - - Virus Scanner: Scanning Virus Scanner: Scanning Anti Anti Virus Scanner: Scanning Virus Scanner: Scanning and Disinfecting and Disinfecting and Disinfecting and Disinfecting 4.1. Starting Scanner Starting the scanner from the command line or from a script file.
  • Page 27 S C A N N E R [switchN] is the optional switch in the Scanner command line, [path] is the optional xBSD path that defines the location to be checked [filemasks] are the optional xBSD file masks that define the files to be checked for viruses.

  • Page 28: Searching For Viruses And Deleting Them

    S C A N N E R 4.2. Searching for viruses and deleting them Actions to be taken regarding infected objects. Recommendations. Messages generated by the anti-virus scanner when it detected objects that are suspicious or infected with a virus, and messages about a virus in your anti-virus program.

  • Page 29: Handling Infected Objects

    S C A N N E R !" If you started the program with no predefined objects to be checked, the following message will appear on your screen: "Nothing to scan. You should select Files and/or Sectors in the *.prf file." If you see this message, specify the objects to be checked by your Scanner.
  • Page 30 S C A N N E R disInfect—try to disinfect the object; the virus will be deleted and the object will be restored to its virus-free state, close to the original; Delete—delete the object; Cancel—ignore the object and continue with checking; Stop—abort the check.

  • Page 31: Handling Corrupted Objects

    S C A N N E R #" The sector check function under your operating system may be not available. If you confirm the action, Scanner will right away start disinfecting the sectors and will replace them with a standard MS-DOS 6.0 boot sector. If you cancel the action, the scanning will be aborted.

  • Page 32: Handling Suspicious Objects

    S C A N N E R If you choose to confirm the action, the program will automatically delete all infected objects that it is not able to disinfect. If you cancel the action, next time when the program finds an infected object it is not able to disinfect, it will again ask whether you want to delete this object.

  • Page 33: Reviewing Performance Statistics

    S C A N N E R 4.3. Reviewing performance statistics How to review virus check reports. Messages about checked objects. Performance statistics. While checking for viruses the program displays current results. On the left side of your screen you may see names of the objects that were checked.
  • Page 34 S C A N N E R !" Messages about infected objects and general statistics will be logged, if you preset the program to do so. !" To process and summarize data within the performance reports and to review details of scanning operations use the Slogan program (for details refer to chapter 8).

  • Page 35: Switches And Profiles

    Chapter 5. 5. 5. 5. Anti Anti- - - - Virus Scanner and Virus Scanner and Anti Anti Virus Scanner and Virus Scanner and Daemon Proces Daemon Process: Using s: Using Daemon Proces Daemon Proces s: Using s: Using switches and profiles switches and profiles switches and profiles switches and profiles...

  • Page 36: How To Change Settings

    D E F I N I N G S E T T I N G S Actions to be taken on infected objects: they may be disinfected or deleted, or copied to another directories. Advanced scanning tools: checking for corrupted and modified viruses, redundant scanning tool, i.e.

  • Page 37: Settings For A Separate Location To Be Checked

    D E F I N I N G S E T T I N G S create a set of regular profiles with various settings. This way, when you need your Scanner to be set according to some certain profile, define this profile in the program command line. Irregular check.
  • Page 38 D E F I N I N G S E T T I N G S $" T o define the location to be checked, in the Names line of the [Object] section, enter the filesystem directories to be checked for viruses. If you define more then one directory, they must be separated by semicolons.

  • Page 39: Defining Objects To Be Checked

    D E F I N I N G S E T T I N G S 5.3.2. Defining objects to be checked 5.3.2.1. Object types Now, when you defined the location to be checked (see subchapter 5.3.1) after you defined the location to be scanned, you must define objects that will be checked for viruses.

  • Page 40: Files

    D E F I N I N G S E T T I N G S check MBR. The switch -B disables and the switch -B- enables the scanner to check Boot Sectors of disks defined in the Names line. 5.3.2.3.
  • Page 41 D E F I N I N G S E T T I N G S character ! is specified in the switch (i.e. -@!=filename), upon completion of the task the filename file will be deleted. If this character is not in the switch (i.e. -@=filename), this file will be kept. $"...

  • Page 42: Packed Executables

    D E F I N I N G S E T T I N G S 5.3.2.4. Packed executables Scanner can check for viruses in packed executable files that are unpacked by the special engine. Packed executable files contain special unpacking modules. When such a file is started, the module unpacks the program to RAM and then runs it.

  • Page 43: Archives

    D E F I N I N G S E T T I N G S If the unpacking and extracting (see subchapter 5.3.2.5) engines are enabled, Kaspersky Anti-Virus for xBSD File Server is able to detect an infected file even though it was enciphered by the CryptCOM utility, then packed by PKLITE and, finally, added to the PKZIP archive.

  • Page 44: Mail Databases And Plain Mail Files

    D E F I N I N G S E T T I N G S 5.3.2.6. Mail databases and plain mail files You can enable your Scanner to check for viruses in mail databases and plain mail files. The mail databases and especially plain mail files scanning modes noticeably slow down the Scanner scanning rate.

  • Page 45: Embedded Ole Objects

    D E F I N I N G S E T T I N G S $" T o check for viruses in plain mail files, type Yes in the MailPlain line of the profile. Otherwise, type No. !" This parameter corresponds to the command line switch -MP[-]. The switch -MP enables and the switch -MP- disables your anti-virus scanner to check for viruses in plain mail files.
  • Page 46 D E F I N I N G S E T T I N G S 0 — reports infected, suspicious and corrupted objects. Messages will be displayed and, if preset, logged into the file (see subchapter 5.4.4). The program will not disinfect or delete infected objects.

  • Page 47: Defining The Advanced Scanning Tools To Be Used

    D E F I N I N G S E T T I N G S (see subchapter 5.4.4). The program will not delete these objects. !" 0 in the IfDisinfImpossible line corresponds to the command line switch –I2S. 1 — deletes unrecoverable objects. !"...
  • Page 48 D E F I N I N G S E T T I N G S File Server algorithmic legs searching for virus-similar instructions. Redundant scanning tool checks not just the entry points into a file that are used by the system when processing, but the entire contents of the examined files.
  • Page 49 D E F I N I N G S E T T I N G S Com—the file seems to be infected by a virus that infects .COM files; Exe—the file seems to be infected by a virus that infects .EXE files;...

  • Page 50: Settings For The Cumulative Location To Be Checked

    D E F I N I N G S E T T I N G S $" T o enable the redundant scanning tool, type Yes in the RedundantScan line of the profile. !" This parameter corresponds to the command line switch -V[-]. The switch -V enables and the switch -V- disables the redundant scanning tool.

  • Page 51: Defining Scanning And Performance Settings: Scanner And Daemon

    D E F I N I N G S E T T I N G S Generation of the check report and the performance statistics (see subchapter 5.4.4). 5.4.2. Defining scanning and performance settings: Scanner and Daemon General parameters for the program performance are located in the [Customize] section of a profile.
  • Page 52 D E F I N I N G S E T T I N G S $" T o enable error reporting at the program start, type Yes in the Othermessages line of the [Customize] section of a profile. Otherwise, type No. $"...
  • Page 53 D E F I N I N G S E T T I N G S type No in the ScanRemovable line of the [Options] section of a profile. Otherwise, type Yes. $" T o scan subdirectories in the last place (after all the other objects have been scanned), type Yes in the ScanSubDirAtEnd line of the [Options] section of a profile.
  • Page 54 D E F I N I N G S E T T I N G S 2. Define the maximum number of simultaneously scanned files in the LimitForProcesses line. $" T o implement the loop-scanning for viruses: 1. Type Yes in the EndlesslyScan line. Otherwise, type No. 2.

  • Page 55: Defining Actions On Infected And Suspicious Objects

    D E F I N I N G S E T T I N G S 5.4.3. Defining actions on infected and suspicious objects The following three sections allow you to define actions to be taken by the program when it detects infected, suspicious or corrupted objects: [ActionWithInfected] section parameters define how to handle the infected objects.
  • Page 56 D E F I N I N G S E T T I N G S $" T o copy infected, suspicious and corrupted objects together with their paths, type Yes in the CopyWithPaths lines of the above sections. Otherwise, type No.

  • Page 57: Defining The Reporting Parameters

    D E F I N I N G S E T T I N G S 5.4.4. Defining the reporting parameters To review results of the check performed by the program you must define its reporting parameters located in the [Report] section of a profile. This section also allows you to enable/disable additional information in the log.
  • Page 58 D E F I N I N G S E T T I N G S some text editors it will be difficult to review these files, since the program shows everything written on a single line. If you feel this way with your text editor, type Yes for the above parameter and the program will use both separators (carriage return and linefeed) in your log file.
  • Page 59 D E F I N I N G S E T T I N G S $" U se the below parameters to define optional information that will be added to the report: WriteTime – reports the date and the time when the program messages were displayed.

  • Page 60: Daemon Process: Integrating Anti-Virus Protection In Clients

    Chapter 6. 6. 6. 6. Daemon Process: Integrating Daemon Process: Integrating Daemon Process: Integrating Daemon Process: Integrating Anti Anti- - - - Virus Protection in Clients Virus Protection in Clients Anti Anti Virus Protection in Clients Virus Protection in Clients 6.1.

  • Page 61: Launching The Daemon Process

    D A E M O N Daemon has all the features of anti-virus programs designed for other platforms, and allows checking for viruses in all file types (including archives, packed and plain mail files), application of the heuristic detection and redundant checking tools. The process can perform functions of the server or the client.
  • Page 62 D A E M O N [path] is the optional xBSD path that defines the location to be checked. !" The meaning of path in the Daemon command line differs from that of the Scanner program. For the scanner this setting defines the location to be checked for viruses, but for Daemon it assigns the path value to the list of locations enabled to be checked (i.e.
  • Page 63 D A E M O N In this version when you launch the daemon process, it automatically initiates the following two processes: the primary process handles calls from the client programs, the secondary process reports performance of the first. It is possible to disable the second process. -dl —...

  • Page 64: Calling Up The Process From A Client Program

    D A E M O N 6.3. Calling up the process from a client program How to call up the process from a client program. The example. $" T o call up the existing daemon process from the client program, follow these steps: 1.
  • Page 65 D A E M O N 3—the command param substring transfers parameters of the shared memory, where the examined object was preplaced. The mode is used if the objects are checked without being intermediately saved onto the disk. In this case the general format of the string is: <flags>date_and_time:<switch|length|>...

  • Page 66: Anti-Virus Monitor: Monitoring The System For Viruses

    Chapter 7. 7. 7. 7. Anti Anti- - - - Virus Monitor: Monitoring Virus Monitor: Monitoring Anti Anti Virus Monitor: Monitoring Virus Monitor: Monitoring the system for viruses the system for viruses the system for viruses the system for viruses 7.1.

  • Page 67: Assembling And Configuring

    M O N I T O R !" Monitor is a client program of the Daemon process. Therefore, in order to run Monitor you must also install and customize Daemon. 7.2. Assembling and Configuring Assembling the FreeBSD kernel anti-virus module and the anti-virus monitor.
  • Page 68 M O N I T O R Monitor. The monitor processes the file and transfers its name to the daemon process, which checks for viruses in the file. If the file is not infected, the Daemon returns the appropriate code to the Monitor, which informs the anti-virus module that a permission to work with this file is granted.

  • Page 69: Configuring Monitor

    M O N I T O R required start level. For example: insmod monitor-2.2.18.о Go to the directory with the monitor source codes using the command cd. For example, cd /usr/local/share/AVP/monitor 5. Assemble Monitor using the command make. 7.2.2. Configuring Monitor You may configure the Monitor program by changing its settings within the configuration file monitor.conf.
  • Page 70 M O N I T O R check only slows down the system performance. Therefore, it is advisable to exclude these files from the monitoring. $" T o exclude some files from the objects to be checked when they are opened, saved or executed, in the Options section of the configuration file define values for the following lines: OpenExcludeMask—the full path to the directory with files to be...
  • Page 71 M O N I T O R $" T o define the quantity of files to be scanned for viruses only once, when they are opened the first time, enter the required number in the CacheSize line of the Options section. For example: CacheSize 2500 !"...

  • Page 72: Launching Monitor

    M O N I T O R Daemon settings. For example, if a directory is not included in the location to be checked by the Daemon program, it will be ignored although it may be not excluded from the location to be checked by Monitor.

  • Page 73: Reviewing The Performance Results

    M O N I T O R 7.4. Reviewing the performance results How to review the performance results. While checking for viruses in the files to be opened, saved or executed the Monitor program (if preset) logs its performance results into the log file. The log file name and the reporting mode are defined in the Report file section of the configuration file monitor.conf.
  • Page 74 M O N I T O R $" I f when launching the Monitor you see the following message on your screen: ERROR: Could not open kavmonitor peer file: permission denied, this means that you are not authorized to launch Monitor. Only the root user has the rights to launch the Monitor program.
  • Page 75 M O N I T O R 2. Enter the command lsmod in the command line to check whether the kernel anti-virus module is loaded. 3. Try to launch the Monitor program with a path to the configuration file in the command line.

  • Page 76: Slogan: Processing And Summarizing The Performance Reports

    Chapter 8. 8. 8. 8. Slogan: Processing and Slogan: Processing and Slogan: Processing and Slogan: Processing and summarizing summarizing the perform the performance ance summarizing summarizing the perform the perform ance ance reports reports reports reports 8.1. Features and functions Function and features of the program.

  • Page 77: Launching Slogan

    S L O G A N 8.2. Launching Slogan Starting the program from the command line. To launch Slogan, the log processing and summarizing program, enter its name and the required switches in the command line: ./slogan [switch1] [switch2] […] [switchN] where [switchN] is the Slogan optional command line switch.
  • Page 78 S L O G A N Figure 2. The example of a summary report produced by Slogan -ds dd.mm.yyyy The program will summarize the reports generated starting from the date defined by this switch. -de dd.mm.yyyy The program will summarize the reports generated before and on the date defined by this switch.

  • Page 79: Slogan In The Real-Time Monitoring Mode

    S L O G A N 8.3. Slogan in the real-time monitoring mode Performance of the program in the monitoring mode. The real time monitoring mode allows you to track changes in the predefined log file and study them. The general format of the command line for Slogan in the monitoring mode is: ./slogan –s [file1] […] [fileN] –tt [switch1] […] [switchN] where:...
  • Page 80 S L O G A N This switch redisplays the log file, if it became unavailable at some point of time. The screen (see Figure 3) displayed by Slogan in the real-time monitoring mode is divided into the following two panes: General statistics displays the following total amounts: Request—objects checked.

  • Page 81: Tuner: Customizing Scanner And Daemon

    Chapter 9. 9. 9. 9. Tuner: Customizing Scanner Tuner: Customizing Scanner Tuner: Customizing Scanner Tuner: Customizing Scanner and Daemon and Daemon and Daemon and Daemon 9.1. Features and functions Function and features of the program. Tuner, the customization program, allows you to create and edit profiles, i.e.

  • Page 82: Launching Tuner

    T U N E R 9.2. Launching Tuner Starting the program from the command line. Available command line switches. The general format of the Tuner command line is: ./kavtuner [switch1] […] [switchN], where [switch1] is the optional command line switch (see below). When starting Tuner you can use the following command line switches: This switch enables defUnix.prf located in the directory /usr/local/share/AVP/ to be used as a profile.

  • Page 83: Interface

    T U N E R 9.3. Interface Discussing the interface. The page functions. When you start the program its main window appears on your screen. The main window is divided into the following two panes: menu bar and working area. At the top of the window you may see the menu bar containing three menus: File, Settings, Help.

  • Page 84: Creating, Editing And Saving A Profile

    T U N E R Use the following keys when selecting options within a page: <H >—move the cursor to the beginning of the text field; <E >—move the cursor to the end of the text field; <S >—check/uncheck the check-box or select/deselect the PACE option;...
  • Page 85 T U N E R !" To cancel saving of the settings press the Cancel button. $" T o edit a profile, follow these steps: 1. Start your Tuner. The main window will appear on your screen. !" When started the program loads the default profile (its name is specified in the .ini file) or the file defined in the command line (see subchapter 9.2).

  • Page 86: The Location Page

    T U N E R 9.5. The Location page Defining the location to be checked. The settings defined for a separate directory to be checked for viruses. 9.5.1. Defining the location to be scanned for viruses In the Location page (see Figure 4) you can define the list of directories to be scanned for viruses.
  • Page 87 T U N E R !" This is a general list of directories to be checked. The directories that should be checked are prefixed with "+", and the directories that should be skipped are prefixed with "-". $" T o edit an item within the list, you must press the S key or double-click it with your mouse.

  • Page 88: Defining Scanning Settings For A Separate Directory

    T U N E R 9.5.2. Defining scanning settings for a separate directory 9.5.2.1. The directory Property window: Selecting the required directory $" T he Tuner program allows to define scanning settings for a separate directory. To do this, follow these steps: 1.

  • Page 89: The Directory Property Window: Objects To Be Checked

    T U N E R When you press the button the Add folder window will appear on your screen. Use the window to add the required directory to the list of directories on the Location page (for instructions about how to add a directory to the location to be checked see subchapter 9.5.1).
  • Page 90 T U N E R #" The sector check function under your operating system may be not available. Files — check this box to scan for viruses in files. If you checked this box, you must select the file types to be checked. For details of how to do this see below.

  • Page 91: The Directory Property Window: Defining Anti-Virus Actions

    T U N E R that are capable of containing a virus-code. Programs — scans all the files with extensions: .bat, .bin, .cla, .cmd, .com, .cpl, .dll, .doc, .dot, .dpl, .drv, .dwg, .eml, .exe, .fpm, .hlp, .hta, .htm, .htt, .ini, .js, .jse, .lnk, .mbx, .md*, .msg, .msi, .ocx, .otm, .ov*, .php, .pht, .pif, .plg, .pp*, .prg, .rtf, .scr, .shs, .sys, .tsp, .vbe, .vbs, .vxd, .xl*.
  • Page 92 T U N E R Display Disinfect Dialog — displays the inquiry about how to handle the infected object. The program will suggest to disinfect the object (for recoverable objects) or to delete it (for unrecoverable objects). Disinfect automatically — disinfects infected objects without asking first.

  • Page 93: The Directory Property Window: Defining The Advanced Scanning Tools Used. The Options

    T U N E R 9.5.2.4. The directory Property window: Defining the advanced scanning tools used. The Options page Options on the Property window Options page (see Figure 7) allow you enable/disable the following advanced scanning tools. $" Y ou can use the following advanced scanning tools: Warnings —...

  • Page 94: The Options Page

    T U N E R subdirectories of the selected directory. Cross filesystems — check this box to enable the program to cross filesystem borders. This check box is useful if there are other filesystems mounted under yours, and you want to scan files in all the available filesystems.
  • Page 95 T U N E R $" D efine the following settings: Scan subdir at end — check this box to scan subdirectories in the last place (after all the other predefined objects have been scanned). Scan removable — check this box to scan for viruses on the removable disks.

  • Page 96: The Report Page

    T U N E R parameter is used only if you checked Endlessly scan check box. #" If the Scan delay value is equal to 0, there will be no interval between the loops! 9.7. The Report page 9.7. 9.7. 9.7.
  • Page 97 T U N E R !" The checked Use syslog box automatically suppresses the following parameters: ReportFileName, Append, ReportFileLimit ReportFileSize and RepCreateFlag. Append — check this box to append new reports to the contents of the log file. Extended report — check this box to add more details to the report.
  • Page 98 T U N E R Check the Showing button to display the corresponding dialog window (see Figure 10) that is divided into the following two parts: The working area with the list of check boxes defining optional messages to be included in the performance report. By default all the check boxes are checked.

  • Page 99: The Actionwith Page

    T U N E R Show warning in the log — check this box to be reported about the objects suspected as infected with the modification of a known virus. Show corrupted in the log — check this box to be reported about the examined corrupted objects.
  • Page 100 T U N E R Figure 11. The ActionWith page !" We recommend that you enter an absolute path to suspicious and infected folders, but not relative. #" Be careful when handling infected and suspicious objects or their copies! If an executable file is infected, do not start it. Copy with path —...

  • Page 101: The Customize Page

    T U N E R 9.9. The Customize page Options located on the Customize page. Options on the Customize page of the Tuner main window (see Figure 12) allow you to define the program performance settings. !" The Customize page corresponds to the [Customize] section of a profile.
  • Page 102 T U N E R confirmation when enabling the redundant scanning tool. !" This setting will be used only for the directory to be checked with enabled redundant scanning tool (see subchapter 9.5.2.4). "Delete all…" message — check this box to be asked for confirmation when deleting an infected object.

  • Page 103: Webtuner: Remote Administration Program

    Chapter 10. WebTuner: Remote WebTuner: Remote WebTuner: Remote WebTuner: Remote administration program administration program administration program administration program 10.1. Functions and features Discussing the program features. WebTuner is developed to administrate Kaspersky Anti-Virus for xBSD File Server, i.e. to change settings and launch the package components locally or from a remote location.

  • Page 104: General Concept Of The Program Performance

    W E B T U N E R 10.2. General concept of the program performance Features and the operation sequence of the program performance. WebTuner is developed to remotely administrate Kaspersky Anti-Virus for xBSD File Server. You can call up this program via any web browser. The browser communicates with WebTuner via the web server supplied with the WebTuner distributive.
  • Page 105 W E B T U N E R Figure 13. Calling up Kaspersky Anti-Virus for xBSD File Server from WebTuner The sequence of steps to be performed to call up Kaspersky Anti-Virus for xBSD File Server: 1. Refer to the web server using your web browser. Communication between the web server and the web browser is implemented via the Secure Socket Layer protocol (SSL) supporting the communication privacy.

  • Page 106: Installing Webtuner. Access Rights

    W E B T U N E R 4. While working with WebTuner you can administrate (change settings and start) Kaspersky Anti-Virus for xBSD File Server. 10.3. Installing WebTuner. Access rights Step-by-step installation. Defining access rights to the programs. 10.3.1. The WebTuner components Right after the installation of Kaspersky Anti-Virus for xBSD File Server on your computer (see chapter 2) the WebTuner program will be located in the directory /usr/local/share/AVP/httpd.

  • Page 107: Setting Up The Web Server And Webtuner

    W E B T U N E R 10.3.2. Setting up the web server and WebTuner Web server and WebTuner, the remote administration program, are installed on your computer by the Installer program (for details refer to chapter 2). Right after the installation is completed you must follow the steps described below in order to set up these programs: 1.
  • Page 108 W E B T U N E R CH_ROOT—Yes in this line enables the program to perform the function chroot() when the server is started. No disables the feature. DOCROOT—path to the web server root directory. For example, DOCROOT=/usr/local/share/AVP/httpd/html #" Make sure that the LOG_FILE and the DOCROOT parameters are correct.
  • Page 109 W E B T U N E R with the distributive. These are the files providing the communication privacy. To do this, open the Open SSL project programs and follow these steps: Create the key and the certificate request: openssl req -new >; cert.csr Delete the password from the key: openssl rsa -in privkey.pem -out key.pem Convert the certificate call in one certificate:...

  • Page 110: Rights On The Web Server

    W E B T U N E R 2. Edit the server settings to define the file index.html as the default file for this directory. If it is not possible, rename the file into the one defined as the default for your server. 3.

  • Page 111: Rights To Run The Webtuner Copy

    W E B T U N E R read and write within the directory containing the Kaspersky Anti-Virus for xBSD File Server initialization file (AvpUnix.ini); read, write and execute files within the directory for temporary files of WebTuner (html/tmp); read, write and execute files within the directory containing the WebTuner executable files (html/cgi-bin);...

  • Page 112: Launching Webtuner

    W E B T U N E R 10.4. Launching WebTuner Discussing how to start the WebTuner program. As it was mentioned above, WebTuner is installed under the web server enabling remote administration of Kaspersky Anti-Virus for xBSD File Server. In this connection, you are able to call up WebTuner from a computer with a preinstalled web browser.

  • Page 113: Interface

    W E B T U N E R Figure 14. The login dialog If you succeed the program main window will appear on your screen. This window allows remote administration of the Kaspersky Anti-Virus for xBSD File Server components. 10.5. Interface Discussing the interface.
  • Page 114 W E B T U N E R Figure 15. The WebTuner main window $" T o select a program from the list, 1. Highlight it with your left mouse button. 2. Press the select button, if your browser does not support Java Script or the Java Script support is disabled.

  • Page 115: Defining The Configuration Of Webtuner

    W E B T U N E R !" Be careful when pressing the hide button. If you will do it without an item selected in the list, the list will be cleared. $" I f you again want to see all the controllable programs in the list, press the show all button.
  • Page 116 W E B T U N E R Figure 16. The WebTuner main window with WebTuner selected in the list The WebTuner configure window (see Figure 17) will appear on your screen. The window contains hyperlinks allowing you to display the following pages: The main page items allow you to define the contents of the WebTuner performance settings (for details refer to...

  • Page 117: The Main Page: Webtuner Performance Settings

    W E B T U N E R 10.6.2. The main page: WebTuner performance settings For your WebTuner to operate correctly, you must define its main performance settings located on the main page (see Figure 17) of the WebTuner configure window. Figure 17.

  • Page 118: The Modules Page: Remote Administration Settings

    W E B T U N E R 2. Enter the full path to the Kaspersky Anti-Virus for xBSD File Server directory in the Kaspersky Anti-Virus directory text field. You can do this manually or by using the browse button. The default path is: /usr/local/share/AVP/ 3.
  • Page 119 W E B T U N E R Figure 18. The modules page !" Before you use the properties or the delete button make sure to select a module from the list with your left mouse button! $" T o add an item to the list, follow these steps: 1.
  • Page 120 W E B T U N E R $" T o define the properties of a module, follow these steps: 1. Select the required module from the list with your left mouse button. 2. Press the properties button. 3. In the Module: name window on your screen (see Figure 19), define the following settings: Main CGI name –...
  • Page 121 W E B T U N E R !" For details on the macroinstructions that are used in the above text field values refer to subchapter 15.13 of Appendix B. #" By omitting any of the above values and leaving the corresponding text field blank, you remove the corresponding hyperlink from the WebTuner main window! Figure 19.

  • Page 122: Webtuner: Administering Daemon

    W E B T U N E R 10.7. WebTuner: Administering Daemon WebTuner for the daemon process. Editing the profile, launching the program and reviewing the log. 10.7.1. Daemon settings WebTuner allows you to remotely administrate the Daemon program, i.e. to edit the program profile, to launch it and to review the performance report.
  • Page 123 W E B T U N E R Figure 20. The WebTuner main window: Daemon is selected $" T o edit another profile, follow these steps: 1. Click the config hyperlink. 2. Select the required profile from the drop down list in the window on your screen and press the open button.

  • Page 124: Remote Configuration Of The Daemon Program

    W E B T U N E R 10.7.2. Remote configuration of the Daemon program 10.7.2.1. The Profile tuning window WebTuner allows you to edit profiles of the Daemon program. The settings defined from WebTuner can be saved to the default profile as well as to any other profile that can be assigned to the daemon process, for example, by using the –F switch in the Daemon command line.

  • Page 125: The Objects Page: Location To Be Scanned

    W E B T U N E R Figure 21. The objects page 10.7.2.2. The objects page: location to be scanned On the objects page (see Figure 21) you can define the list of directories to be scanned for viruses and scanning settings for a separate directory. $"...
  • Page 126 W E B T U N E R The actions page allows you to define the way infected and suspicious objects must be processed. Options on this page are similar to those described in subchapter 9.5.2.3. The options page allows you to define the advanced scanning tools to be used.

  • Page 127: The Options Page: Scanning Settings

    W E B T U N E R pressing the select button (for browsers not supporting Java Script). 3. Check the Exclude path check box if you want the directory to be excluded from the location to be checked (prefixed with "–"). 4.

  • Page 128: The Report Page: Reporting Settings

    W E B T U N E R In fact, the actions page includes two subpages containing: 1. Options for infected and suspicious objects detected. The page options and their functions are similar to those described in subchapter 9.8. 2. Options for corrupted and suspicious objects detected (see Figure 22).

  • Page 129: The Customs Page: Advanced Scanning Settings

    W E B T U N E R included in the report is defined on the second sub-page of the Report page. To move between the subpages use the arrow buttons located in the upper right corner of the page. 10.7.2.6.
  • Page 130 W E B T U N E R client programs) in the Socket file dir text field manually or by using the browse button. The default path is /var/run. 3. Press the run button. The Daemon starting log will be displayed on your screen (see Figure 25).
  • Page 131 W E B T U N E R Figure 24. Daemon start parameters Figure 25. Daemon starting log...
  • Page 132 W E B T U N E R Starting the daemon process for the second (third, fourth…) time In this case the Daemon starter window (see Figure 26) on your screen contains information about the existing daemon process: Pid – the daemon process identification number. Socket directory name –...

  • Page 133: Reviewing The Log File

    W E B T U N E R #" The existing process must be killed to avoid conflicts that may arise between two or more simultaneously existing processes. In this case, if a client program calls up a daemon process, it will be impossible to identify the target process correctly among the existing ones and it may affect the check results.
  • Page 134 W E B T U N E R $" T o review the log of the existing daemon process, press the view log button in the WebTuner main window with the Daemon item selected in the list (see Figure 20). The Daemon log window will appear on your screen (see Figure 28).
  • Page 135 W E B T U N E R Figure 28. The daemon process performance results $" T o review the log of a previous process, 1. Press the report button. 2. In the window on your screen, select the required log file from the appropriate drop-down list with your right mouse button and by pressing the select button (for browsers not supporting Java Script).

  • Page 136: Webtuner: Administering Scanner

    W E B T U N E R WebTuner distributive. Reports in text format are generated on the basis of web_template.tm, and reports in HTML are generated on the basis of web_new_template.tm. 10.8. WebTuner: administering Scanner WebTuner for the anti-virus scanner. Editing the profile, launching the program and reviewing the log.
  • Page 137 W E B T U N E R Figure 29. The WebTuner main window: Scanner is selected $" T o edit another profile, follow these steps: 1. Click the config hyperlink. 2. Select the required profile from the drop-down list in the window on your screen.

  • Page 138: Remote Configuration Of The Scanner Program

    W E B T U N E R 10.8.2. Remote configuration of the Scanner program WebTuner allows you to edit the profiles of the Scanner program. Scanner parameters are similar to those described for the daemon process (see subchapter 10.7.2). The difference is the report page (see Figure 9), where you cannot define the User report setting for your Scanner, and the options page (see Figure 8), where you will find the following extra options:...
  • Page 139 W E B T U N E R view log – displays the Scanner performance report. exit – allows you to exit the Scanner start parameters window. $" T o scan a location different from that defined in the profile, 1.

  • Page 140: Reviewing The Log File

    W E B T U N E R 10.8.4. Reviewing the log file WebTuner allows to review reports about the current scanning operation and about the operations performed previously. $" T o review the required scanning report, follow these steps: 1.
  • Page 141 W E B T U N E R run – launches the updating utility. view log – displays the Updater performance report. exit – allows you to exit the Updater window. Figure 31. The WebTuner main window: Updater is selected The virus-definition databases may be updated: via the Internet;...
  • Page 142 W E B T U N E R From archive – updating from an archive. If you selected this option, enter the corresponding path in the Update path text field. Figure 32. The update source window $" T o launch the updating operation, press the run button.
  • Page 143 W E B T U N E R Figure 33. The updating operation is in progress $" T o review the status of the last updating operation, press the view log button. The program will display a window with information about the last updating operation (see Figure 33). If the updating operation is in progress, the window will display the status of the operation.

  • Page 144: Updater: Updating Virus-Definition Databases

    Chapter 11. Updater: Updating Virus Updater: Updating Virus- - - - Updater: Updating Virus Updater: Updating Virus Definition Databases Definition Databases Definition Databases Definition Databases 11.1. Function and features Updater updates virus-definition databases, which are used in the process of checking for viruses. The program allows you to update virus-definition databases via the Internet, from an archive, or from a network location.
  • Page 145 U P D A T E R ./kavupdater update_switch [switch1] [switch2]... where update_switch is a mandatory switch reflecting the way the update will be performed (see subchapter 11.3); [switchN] is an optional command line switch. For a list of switches and their functions see Appendix B. By default, the updater uses the following two parameters in AvpUnix.ini (see Appendix A): BasePath –...

  • Page 146: How To Update Virus-Definition Databases

    U P D A T E R 11.3. How to update virus- definition databases Updating via the Internet. Updating from a network directory. Updating from an archive. Examples. 11.3.1. Updating via the Internet $" T o retrieve new virus-definition databases from an FTP or a web server, launch the program with the command line switch –uik: ./kavupdater -uik=server_and_path...

  • Page 147: Updating From A Network Directory

    U P D A T E R 11.3.2. Updating from a network directory If you need to update virus-definition databases and upgrade programs on several computers, it’s more convenient to download updates/upgrades via the Internet to your network directory and then perform updating/upgrading from this directory.

  • Page 148: Saving The Report To A File

    U P D A T E R 11.4. Saving the report to a file Saving the report to a file. Example. $" T o save report data to a file, use the command line switch –w: ./kavupdater -uik=server_and_path -w[t][a][-][+][=filename] where: -wt or -wt+ is the switch creating a new log file;...

  • Page 149: Inspector: Monitoring Filesystem Integrity

    Chapter 12. Inspector: Monitoring Inspector: Monitoring Inspector: Monitoring Inspector: Monitoring Filesystem Integrity Filesystem Integrity Filesystem Integrity Filesystem Integrity 12.1. Function and Features The Inspector program is an integrity checker running under the xBSD operating system. Inspector performs the following functions: monitors the defined location for changes.

  • Page 150: Running Inspector

    I N S P E C T O R restore the originals). For details about handling new or modified files see subchapter 12.2.3. If Inspector fails to disinfect infected files, they are transferred to the Daemon program. 12.2. Running Inspector 12.2.1.

  • Page 151: Defining The Location To Be Checked

    I N S P E C T O R By comparing newly collected data against the database master copy the program identifies new and modified files and checks for viruses in them. !" You can create separate Inspector databases for every location to be checked.
  • Page 152 I N S P E C T O R $" T o set Inspector to load the location to be checked from a text file, follow these steps: 1. Create a list of directories to be checked and save it to a text file.

  • Page 153: Handling Modified And New Files

    I N S P E C T O R By default, Inspector is preset to check for viruses in the subdirectories of the defined directories to be checked. To exclude all the subdirectories from the check use the switch –r in the Inspector command line. Let's review the following example for training purposes: Example: You want the Inspector to check the directory /documents and all the subdirectories and ignore all the .bmp files located there.
  • Page 154 I N S P E C T O R $" T o set the program to display a report about the modified and new files detected, use the switch –da0 in the Inspector command line. $" T o set the program to automatically handle all the modified and new files detected, use the switch –da2 in the Inspector command line.

  • Page 155: Saving The Performance Report

    I N S P E C T O R %" Solution: To do this, enter the following strings in the Inspector start-up command line: ./kavinspector –g[=base_documents] /documents –r– –da2d –dc –a[=var/run] –s[=base_documents] 12.2.4. Saving the performance report Inspector can save the performance report to the system log or a separate file.

  • Page 156: Control Centre: Scheduling The Kaspersky Anti

    Chapter 13. Control Centre: Scheduling Control Centre: Scheduling Control Centre: Scheduling Control Centre: Scheduling the Kaspersky Anti the Kaspersky Anti- - - - Virus for Virus for the Kaspersky Anti the Kaspersky Anti Virus for Virus for xBSD File Server Performance xBSD File Server Performance xBSD File Server Performance xBSD File Server Performance...

  • Page 157: Scheduling Performance Of Package Component-Based Tasks

    C O N T R O L C E N T R E where: switchN – is the optional command line switch of Control Centre. !" You can use more than one switch in the Control Centre command line. For the complete list of available command line switches refer to subchapter 15.8 Appendix B.
  • Page 158 C O N T R O L C E N T R E #" Program performance parameters must be separated by colons. –u=username is the user name under which the prgname program will be started; -e=hour:min is the prgname program performance time. When the time is over, the program shuts down.
  • Page 159 C O N T R O L C E N T R E where: prgname is the name of the prgname program executable file; –a:arg[:arg1[…]]is the prgname performance parameters; #" Program performance parameters must be separated by colons. –u=username is the user name under which the prgname program will be started;...
  • Page 160 C O N T R O L C E N T R E $" T o schedule a task to be performed monthly, enter the following strings in the command line: ./kavucc -cam="prgname -a:arg[:arg1[...]] -u=username -st=hour:min - fs=day.month.year -ls=day.month.year -sd=[sun|mon|tue|wed|thu|fri|sat] -xm=[jan|feb|mar|apr|may|jun|jul|aug|sep|oct|now|dec] -e=hour:min"...

  • Page 161: Saving The Performance Report

    C O N T R O L C E N T R E Example: You want to schedule the Updater to update virus- definition databases from the archive kavbases.zip on every Monday at 7.00 p.m. and to log the performance results in the file report.txt.
  • Page 162 C O N T R O L C E N T R E If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.

  • Page 163: Appendix A. Principal Files

    14. Appendix A. Appendix A. Appendix A. Appendix A. Principal files Principal files Principal files Principal files Files that are principal for Kaspersky Anti-Virus for xBSD File Server and their functions. The following files are vital for the Kaspersky Anti-Virus for xBSD File Server performance: AvpUnix.ini contains information critical for the correct operation of the Kaspersky Anti-Virus for xBSD File Server components.

  • Page 164: Appendix B. Supplementary Details Of Kaspersky

    15. Appendix B. Appendix B. Appendix B. Appendix B. Supplementary details of Supplementary details of Supplementary details of Supplementary details of Kaspersky Anti Kaspersky Anti- - - - Virus for xBSD Virus for xBSD Kaspersky Anti Kaspersky Anti Virus for xBSD Virus for xBSD File Server File Server...
  • Page 165 A P P E N D I X [AVP32]" DefaultProfile=defUnix.prf [Configuration] KeyFile=AVPLinux.key KeysPath=. SetFile=avp.set BasePath=. You may edit any section of the file ([AVP32] and [Configuration]). The [AVP32] section contains the parameter: DefaultProfile – the profile to be loaded by the program when it starts. If you leave it blank the program will load defUnix.prf.

  • Page 166: Scanner And Daemon: The Profile (Defunix.prf)

    A P P E N D I X example, if you move your Scanner to a separate directory, AvpUnix.ini must be copied to the same directory or the personal directory of a user authorized to access the Scanner. In this case make sure to edit the parameter values within the initialization file the appropriate way (e.g.
  • Page 167 A P P E N D I X RepForEachDisk=No ChownTo=None WriteTime=1 ChModTo=No WriteTimeInfo=1 LongStrings=No [ActionWithCorrupted] UserReport=No CorruptedCopy=No UserReportName=userreport. CorruptedFolder=corrupted CopyWithPath=Yes ShowOK=Yes ChangeExt=None ShowPack=Yes NewExtension=Corr ShowPassworded=Yes ChownTo=None ShowSuspision=Yes ChModTo=No ShowWarning=Yes ShowCorrupted=Yes [TempFiles] ShowUnknown=Yes UseMemoryFiles=Yes LimitForMemFiles=6000 [ActionWithInfected] MemFilesMaxSize=20000 InfectedCopy=No TempPath=/tmp InfectedFolder=infection CopyWithPath=Yes [Priority] ChangeExt=None Father=0...
  • Page 168 A P P E N D I X The [Object] section contains parameters defining the location and the objects to be checked. If you are not authorized to access the defined directories and/or files, they will be ignored during the check. Names –...
  • Page 169 A P P E N D I X .ov*, .php, .pht, .pif, .plg, .pp*, .prg, .rtf, .scr, .shs, .sys, .tsp, .vbe, .vbs, .vxd, .xl*. 2 – scans every file of every type (this value is equal to the mask "*.*"). 3 –...
  • Page 170 A P P E N D I X in mail databases. No disables this feature. MailPlain – Yes in this line enables the program to check for viruses in plain mail files. No disables this feature. Embedded – Yes in this line enables the program to check for viruses in OLE objects embedded in the examined files.
  • Page 171 A P P E N D I X viruses on the removable disks. No disables this feature. ScanSubDirAtEnd – Yes in this line enables the program to scan subdirectories in the last place (after all the other objects have been scanned). No disables this feature. Symlinks –...
  • Page 172 A P P E N D I X !" The positive value (Yes) in the UseSysLog line automatically suppresses the following parameters: ReportFileName, Append, ReportFileLimit, ReportFileSize and RepCreateFlag. ReportFileName – the name of your log file (valid only if Report=Yes and UseSysLog=No).
  • Page 173 A P P E N D I X #" The following two parameters are used only if you call up the daemon process from a script file and want to display the performance report. UserReport – Yes in this line enables the program to add current check results to the user-defined log file (see the UserReportName line).
  • Page 174 A P P E N D I X CopyWithPaths – Yes in this line enables the program to copy infected objects to a separate folder together with their paths. No disables this feature. ChangeExt – Yes in this line enables the program to change extensions of infected files.
  • Page 175 A P P E N D I X The [ActionWithCorrupted] section parameters define the actions to be taken by the program when it detects corrupted objects. CorruptedCopy – Yes in this line enables the program to copy corrupted files to a separate folder that must be defined in the CorruptedFolder line.
  • Page 176 A P P E N D I X The [Customize] section parameters define the advanced program performance settings. UpdateCheck – Yes in this line enables the program to remind you about the need to update your virus-definition databases. No disables this feature. UpdateInterval –...

  • Page 177: Scanner And Daemon: Command Line Switches

    A P P E N D I X 15.4. Scanner and Daemon: command line switches A list of scanner command line switches and their functions. The difference between command line switches for the scanner and the daemon process. The general format of the Scanner command line is: ./kavscanner [switch1] [switch2] [...] [switchN] [path] [filemasks], where: [switchN] is the optional command line switch;...
  • Page 178 A P P E N D I X -H[-] disables the heuristic checking tool . -U[-] disables Unpacking Engine. -A[-] disables Unpacking Engine. -V[-] enables the redundant scanning tool . -R[-] skips the scanning into subdirectories. If you define this switch, the scanner will check only files of the predefined directories and ignore the subdirectory files.
  • Page 179 A P P E N D I X checks only the files and directories available via the symbolic links predefined in the command line and ignores other symbolic links. checks the files and directories available via symbolic links. skips the files and directories available via symbolic links. -Y[-] skips all dialogs (to be used in script files) runs check once per day (to be used in script files).
  • Page 180 A P P E N D I X prompts for disinfecting infected objects. -- or -I2 disinfects infected objects automatically if possible. When running in this mode the program checks for viruses and tries to recover infected files and boot sectors to exactly (if possible) or mostly match the originals.
  • Page 181 A P P E N D I X -VL[=filename] logs the list of viruses into filename. If the file is not defined, the list of viruses will be screened. -h or -? displays the list of command line switches. -T=path the path to the temporary files directory.

  • Page 182: Scanner And Daemon: Report Messages

    A P P E N D I X kills the parent daemon process. kills all daemon processes running. displays the version number. -f=directory creates and stores the files AvpCtl and AvpPid in the defined directory. If you do not start Daemon from under the root user, the program may be prohibited from accessing the default directory for these files.
  • Page 183 A P P E N D I X Ok – no virus or virus-like instructions were detected in the file or sector. This message will be displayed only if you preset the scanner to report virus-free objects. #" The sector check function under your operating system may be not available.

  • Page 184: Scanner And Daemon: Exit Codes

    A P P E N D I X 15.6. Scanner and Daemon: exit codes The list of exit codes that can be returned by the program. Example of using these codes in a script file. If you start Scanner or Daemon from a script file, you may analyze its exit code.

  • Page 185: Slogan: Report Templates

    A P P E N D I X hi=$[$exitcode/16] case $lo in echo 7 - File kavscanner is corrupted echo 0 - No viruses were found echo Error! esac case $hi in echo Internal error: integrity failed echo Internal error: bases not found esac exit 0 15.7.
  • Page 186 A P P E N D I X template.tm2 – detail report template for the console display; template.htm – detail report template in HTML for the console display; web_template.tm – report template for WebTuner; web_new_template.tm – report template in HTML for WebTuner. By editing these reports, you can change display of the program performance reports.
  • Page 187 A P P E N D I X The list of modified and corrupted viruses detected: Virus name: $VIRUS Total found: $COUNT Each of the cycles mentioned above may include the following macros: $VIRUS – name of the virus detected. $COUNT –...

  • Page 188: Inspector: Command Line Switches

    A P P E N D I X List of all found suspicion virus: ------------------------------------------------ Virus name: $VIRUS Total found: $COUNT ------------------------------------------------- List of all warnings: ------------------------------------------------- Virus name: $VIRUS Total found: $COUNT ------------------------------------------------ Generated by KAV Daemon Log Analizer at $NOW . 15.8.
  • Page 189 A P P E N D I X –g[=database_name] loads details of the location to be checked from the defined database file. –s[=database_name] saves details of the location to be checked to the defined database file. #" If you do not specify any database name in the above command line switches, the program will use the default database under the checkbase name.
  • Page 190 A P P E N D I X checks only the files and directories available via the symbolic links predefined in the command line and ignores other symbolic links. checks the files and directories available via symbolic links. skips the files and directories available via symbolic links. -r[-] skips checking into subdirectories.

  • Page 191: Control Centre: Command Line Switches

    A P P E N D I X a[=socket_directory] defines the full path to the directory containing the Daemon socket file. -w[t][a][-][+][=filname] logs the performance report into the defined file (the default file is report.txt). If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.
  • Page 192 A P P E N D I X where: [switchN] is the optional command line switch of Control Centre; [instructionN[="task_parameters"]] is the optional instruction of the program. You can use more than one switch and more than one command in the Control Centre command line.
  • Page 193 A P P E N D I X -w[t][a][-][+][=filename] logs the performance report into the defined file (the default file is report.txt). If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.
  • Page 194 A P P E N D I X #" If you do not enter values for the parameters -fs=day.month.year and - st=hour:min, they will be automatically defined as the task creation date and time. -ls=day.month.year is the date when the task must be started for the last time;...

  • Page 195: Monitor: Configuration File (Monitor.conf)

    A P P E N D I X -cd=IdN deletes the task with the defined ID. 15.10. Monitor: configuration file (monitor.conf) Parameters in the Monitor configuration file. Let's review an example of monitor.conf: #Report file section# LogFile /tmp/KasperskyMonitor.log Append No #Options section# CacheSize 2500 OpenExcludeMask...
  • Page 196 A P P E N D I X Options section defines the program performance settings: CacheSize – the quantity of files to be scanned for viruses only once, when they are opened for the first time. The value 500 through 5000 is recommended.

  • Page 197: Updater: Command Line Switches

    A P P E N D I X none – ignores the object. MaxConcurrentChecks – the maximum number of simultaneously scanned files. The value 5 through 15 is recommended depending on the capacity of your computer. 15.11. Updater: command line switches The list of command line switches available for Updater.
  • Page 198 A P P E N D I X -a=path before performing the updating operation saves the old virus-definition databases to the defined location. #" The switch –a=path cannot be used together with the switch –kb! -p[=num] defines the maximum number of simultaneously downloaded files. The default value is num=16.
  • Page 199 A P P E N D I X -s[=filename] enables the program to use the defined file as a .set file (the default file is defined in the SetFile line in AvpUnix.ini). For example, ./kavupdater -s=avp.set. -t[=directory] enables the program to use the defined directory for intermediate operations.

  • Page 200: Installer: Command Line Switches

    A P P E N D I X one. If the character + is defined, extra information will be included in the report heading. The character - disables the extra information in the report heading. -ws[-] logs performance results in the system log. defines English as the default language for reports and messages.

  • Page 201: Webtuner: The Configuration File (Loader.cfg)

    A P P E N D I X uninstalls all Kaspersky Anti-Virus software products from this computer. defines English as the default language for reports and messages. 15.13. WebTuner: the configuration file (loader.cfg) Let's review an example of loader.cfg, the WebTuner configuration file. [Main] Modules=Daemon;Updater;Scanner;WebTuner CgiDir=/usr/local/share/AVP/httpd/html/cgi-bin/...
  • Page 202 A P P E N D I X MainCgi=updater.cgi Configure=updater.cgi?avp_d=%AVP_DIR%&e_upd=%EXEC Hide=No [Scanner] Exec=kavscanner MainCgi=scanner_prf.cgi Configure=./scanner_prf.cgi?avp_d=%AVP_DIR%&avp_p rf=%AVP_PRF%&start_dir=%AVP_DIR% ConfigureDefault=./scanner_prf.cgi?avp_d=%AVP_DIR %&avp_prf=%AVP_PRF%&op=v&sec=ob&prf=%DEFAULT_KAV_ PROFILE% Run=scanner_exec.cgi?avp_d=%AVP_DIR%&s_exec=%EXEC Hide=No [WebTuner] MainCgi=self_cfg.cgi Configure=./self_cfg.cgi Hide=No The [Main] section parameters define the WebTuner performance settings: Modules – the list of Kaspersky Anti-Virus for xBSD File Server components that can be administrated from WebTuner.
  • Page 203 A P P E N D I X heading must contain a name of the Kaspersky Anti-Virus for xBSD File Server software package component to be administrated. Exec – the name of the component executable file. MainCgi – the name of the component file with the .cgi extension. This file insures availability of the program name in the Programs list of the WebTuner main window.
  • Page 204 A P P E N D I X !" The Run parameter insures availability of the hyperlink on the WebTuner main window with the package component selected in the Programs list. Report – defines viewing of the package component performance results from a remote location by using WebTuner.

  • Page 205: Appendix C. Classifying Computer Viruses

    16. Appendix C. Appendix C. Appendix C. Appendix C. Classifying computer viruses Classifying computer viruses Classifying computer viruses Classifying computer viruses Discussing various virus types. The computer virus is a computer program (that is, executable code and/or a collection of instructions) that can replicate itself (though the copy may not necessarily exactly match the original) and penetrate files and other resources of computer systems and networks and make them perform tasks the virus dictates without the user’s permission.
  • Page 206 A P P E N D I X We can differentiate viruses by the operating system they infect. Every file or network virus is able to infect files of one or more operating systems: DOS, Windows, Win95/NT, OS/2 etc. Macro viruses infect file formats used by Word, Excel, and Office97.
  • Page 207 A P P E N D I X SELF-ENCODING and POLYMORPHIC features are used by almost all virus types to make it difficult to detect them. Polymorphic viruses are difficult to detect because they contain no constant code blocks. Generally speaking, two samples of the same polymorph won’t have even a single matching code block.

  • Page 208: Appendix D. Kaspersky Lab Ltd

    17. Appendix D. Kaspersky Labs Ltd. About Kaspersky Labs Kaspersky Labs is a privately-owned, international, anti-virus software- development group of companies headquartered in Moscow (Russia), and representative offices in the United Kingdom, United States of America, China, France and Poland. Founded in 1997, Kaspersky Labs concentrates its efforts on the development, marketing and distribution of leading-edge information security technologies and computer software.

  • Page 209: Other Kaspersky Lab Antiviral Products

    A P P E N D I X 60,000 known viruses and all other types of malicious code. The product is also powered by a unique heuristic technology combating even future threats: the built-in heuristic code analyzer, which is able to detect up to 92% of unknown viruses and the world's only behavior blocker for MS Office 2000 providing 100% guaranteed protection against any macro- viruses.
  • Page 210 A P P E N D I X • anti-virus scanner provides a comprehensive check of all local and network drive contents on demand; • anti-virus monitor automatically checks in real-time all used files; • mail filter automatically checks in the background for viruses in all incoming and outgoing messages;...

  • Page 211: Kaspersky Lab Contact Information

    A P P E N D I X Kaspersky® Security for PDA Kaspersky® Security for PDA provides reliable virus protection for the data stored on PDA running Palm OS or Windows CE, as well as for any information transferred from a PC or extension card, ROM files and databases.
  • Page 212 A P P E N D I X data-protection system that is fully appropriate and compatible for your network configurations. Kaspersky® Corporate Suite includes full-scale anti-virus protection of: • workstations running Windows 95/98/ME, Windows NT/2000 Workstation, Windows XP, Linux, OS/2; •...

  • Page 213: Contact Information

    A P P E N D I X 17.2. Contact Information If you have any questions, comments or suggestions please refer them to our distributors or directly to Kaspersky Labs. We will be glad to advise you on any matters related to our product by phone or e-mail and all your recommendations and suggestions will be thoroughly reviewed and considered.

  • Page 214: Index

    18. Index Advanced checking tool..46, 47, 92, 170 Path to the temporary files directory ..19 Advanced scanning tools......92 Profile ....20, 21, 22, 23, 35, 162, 166 Daemon ..........9, 59 Redundant scanning tool ..35, 93, 170, 178 Extracting engine........42 Scanner ..........9, 83 Heuristic analyzer......35, 178, 183 Set file............18...

Table of Contents