KAPERSKY ANTI-VIRUS - FOR SUN SOLARIS MAIL SERVER User Manual

page of 254

/ 254
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

KASPERSKY LAB

Kaspersky Anti-Virus

for Sun Solaris Mail Server

USER GUIDE

Table of Contents

Summary of Contents for KAPERSKY ANTI-VIRUS - FOR SUN SOLARIS MAIL SERVER

Page 1: User Guide
KASPERSKY LAB Kaspersky Anti-Virus for Sun Solaris Mail Server USER GUIDE...
Page 2 K A S P E R S K Y A N T I - V I R U S F O R S U N S O L A R I S M A I L S E R V E R User Guide ...
Page 3: Table Of Contents
Contents KASPERSKY ANTI-VIRUS FOR SUN SOLARIS MAIL SERVER9 1.1. Introduction ................. 9 1.2. Distribution kit................11 1.2.1. What is in the distribution kit..........11 1.2.2. License agreement ............. 12 1.2.3. Registration card..............12 1.3. Help desk for registered users..........12 1.4.
Page 4 C O N T E N T S 4.2.3. Handling corrupted objects..........30 4.2.4. Handling suspicious objects..........31 4.3. Reviewing performance statistics ..........32 ANTI-VIRUS SCANNER AND DAEMON PROCESS: USING SWITCHES AND PROFILES............. 34 5.1. Scanning settings ..............34 5.2. How to change settings............
Page 5 C O N T E N T S KEEPER: SCANNING SMTP TRAFFIC IN MAIL SYSTEMS: SENDMAIL, QMAIL, POSTFIX AND EXIM ........65 7.1. Features of the Keeper program ..........65 7.2. Integrating Anti-Virus with sendmail ........67 7.3. Integrating Anti-Virus with Qmail ..........69 7.4.
Page 6 C O N T E N T S 9.5. The Location page..............99 9.5.1. Defining the location to be scanned for viruses....99 9.5.2. Defining scanning settings for a separate directory ..101 9.5.2.1. The directory Property window: Selecting the required directory............101 9.5.2.2.
Page 7 C O N T E N T S 10.7.2. Remote configuration of the Daemon program....137 10.7.2.1. The Profile tuning window ......... 137 10.7.2.2. The objects page: location to be scanned ..... 138 10.7.2.3. The options page: scanning settings ...... 140 10.7.2.4.
Page 8 C O N T E N T S 10.10.6.1. The list of to be notified ..........178 10.10.6.2. Notifications for administrators ......... 179 10.10.6.3. Notifications for senders..........180 10.10.6.4. Notifications for recipients.......... 181 10.10.7. The restricts page: restrictions for the Keeper....181 UPDATER: UPDATING VIRUS-DEFINITION DATABASES ..184 11.1.
Page 9 C O N T E N T S 15.2. Scanner and Daemon: The initialization file (AvpUnix.ini)..204 15.3. Scanner and Daemon: the profile (defUnix.prf) ....206 15.4. Scanner and Daemon: command line switches ....217 15.5. Scanner and Daemon: report messages......222 15.6. Scanner and Daemon: exit codes .........224 15.7.
Page 10: Kaspersky
Chapter Attention!!! New viruses arise every day Attention!!! New viruses arise every day and if you want to keep your anti-virus fresh capable, strongly recommend you to update anti-virus databases at least every day (for more details see below). Moreover, make sure to update them right after you install the product on your computer! 1.
Page 11 I N T R O D U C T I O N • new viruses for Java applets; • macroviruses infecting Word documents, Excel spreadsheets, PowerPoint presentations, Help files etc.; • network worms; • Trojans. For classification of viruses that can be detected and deleted using Kaspersky Anti-Virus for Sun Solaris Mail Server refer to Appendix C.
Page 12: Distribution Kit
I N T R O D U C T I O N The package component WebTuner allows you to remotely manage Kaspersky Anti-Virus for Sun Solaris Mail Server. The server version of the software product also contains mail-checking programs: kavkeeper for sendmail, kavkeeper for Qmail, kavkeeper for Postfix and kavkeeper for Exim ;...
Page 13: License Agreement
I N T R O D U C T I O N 1.2.2. License agreement The License Agreement (LA) is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab Ltd.) describing the terms on which you may employ the anti-virus product, which you have purchased.
Page 14: Information In The Book
I N T R O D U C T I O N If you register and purchase a subscription you will be provided with the following services for the period of your subscription: • daily virus-definition database updates via e-mail; •...
Page 15 I N T R O D U C T I O N Convention Meaning Bold font Menu titles, commands, window titles, dialog elements, etc. Note. Additional information, notes Very important information Attention! Actions that must be taken To do this: … 1.
Page 16: Installing Anti-Virus
Chapter 2. Installing Anti-Virus 2.1. Software and hardware requirements Hardware and software requirements. In order to run Kaspersky Anti-Virus for Sun Solaris Mail Server you need a system that meets the following requirements: • 64 Mb of Ram; • preinstalled Sun Solaris version 7 or 8. There are special version of Kaspersky Anti-Virus for Sun Solaris Mail Server for processors Sparc and Intel.
Page 17: Backing Up Your Installation Diskettes
I N S T A L L A T I O N 2.2. Backing up your installation diskettes If you purchased the Kaspersky Anti-Virus for Sun Solaris Mail Server package on installation diskettes (but not the CD) before installing the program on your computer, it is recommended that you back up those diskettes.
Page 18 I N S T A L L A T I O N 4. Run installation of every Kaspersky Anti-Virus for Sun Solaris Mail Server component one at a time by using the string root# pkgadd –d archive_name in the command line. For example, to install the Workstation package, enter the following string in the command line: root# pkgadd –d kav-WorkstationSuit-4.0.0.0-sparc...
Page 19: Preparing To Run
I N S T A L L A T I O N If you want to be able to start the installed executable files from any directory, create appropriate links in the directory /usr/bin or /usr/local/bin. For a list of files that are critical for the program’s performance refer to Appendix A.
Page 20: Editing The Path To Temporary Files
I N S T A L L A T I O N • If you changed the name of your .set file (i.e. settings file of your virus-definition databases), you must specify its new name in the SetFile line of your AvpUnix.ini. Otherwise when started the Scanner and the Daemon will not load its virus-definition databases and will not be able to detect a virus, even if you have any!
Page 21: Customizing Software For Several Users
I N S T A L L A T I O N 2.4.3. Customizing software for several users If you want to enable two or more different users to start the Scanner and the Daemon with individual settings, follow these steps: 1.
Page 22: Running Anti-Virus
Chapter 3. Running Anti-Virus 3.1. Changing scanning settings How to change scanning settings. Using command line switches and profiles. To use various features of Kaspersky Anti-Virus for Sun Solaris Mail Server, you must define: • objects to be checked; • how to handle those objects;...
Page 23: Starting To Check
R U N N I N G • Second—by opening and editing a profile in any text editor (see subchapter 5.2). For various situations, you may define different settings. For example, if you want to perform a regular preventative check you do not need to enable advanced scanning tools.
Page 24: Starting To Update Virus-Definition Databases
R U N N I N G scanner will use its own default settings. You may also redefine settings by using the switch F=profile_name in the command line. To check for viruses you may also load the Daemon program (see chapter 0). In the beginning, this program can be started from the command line and later it may be called from the client.
Page 25 R U N N I N G You may also refer to the site at www.kaspersky.com for a complete list of Kaspersky Lab dealers that can provide you with updates. To efficiently protect your computer from new viruses it's advisable to update your virus-definition databases on a regular basis.
Page 26: Anti-Virus Scanner: Scanning And Disinfecting
Chapter 4. Anti-Virus Scanner: Scanning and Disinfecting 4.1. Starting Scanner Starting the scanner from the command line or from a script file. Using exit codes. To periodically check for viruses in your computer you must start Scanner. This program may be started from the command line or from the specially developed script file.
Page 27 S C A N N E R [switchN] is the optional switch in the Scanner command line, [path] is the optional Sun Solaris path that defines the location to be checked [filemasks] are the optional Sun Solaris file masks that define the files to be checked for viruses.
Page 28: Searching For Viruses And Deleting Them
S C A N N E R 4.2. Searching for viruses and deleting them Actions to be taken regarding infected objects. Recommendations. Messages generated by the anti-virus scanner when it detected objects that are suspicious or infected with a virus, and messages about a virus in your anti-virus program.
Page 29: Handling Infected Objects
S C A N N E R If you started the program with no predefined objects to be checked, the following message will appear on your screen: "Nothing to scan. You should select Files and/or Sectors in the *.prf file." The sector check function under your operating system may be not available.
Page 30 S C A N N E R • disInfect—try to disinfect the object; the virus will be deleted and the object will be restored to its virus-free state, close to the original; • Delete—delete the object; • Cancel—ignore the object and continue with checking; •...
Page 31: Handling Corrupted Objects
S C A N N E R To confirm the action type <Y> and press <E >. To cancel it type NTER <N> and press <E >. NTER If you confirm the action, Scanner will right away start disinfecting the sectors and will replace them with a standard MS-DOS 6.0 boot sector.
Page 32: Handling Suspicious Objects
S C A N N E R action, next time when the program finds an infected object it is not able to disinfect, it will again ask whether you want to delete this object. To cancel the deletion type <N> and press <E >.
Page 33: Reviewing Performance Statistics
S C A N N E R 4.3. Reviewing performance statistics How to review virus check reports. Messages about checked objects. Performance statistics. While checking for viruses the program displays current results. On the left side of your screen you may see names of the objects that were checked.
Page 34 S C A N N E R • Corrupted — corrupted objects; • I/O errors. Messages about infected objects and general statistics will be logged, if you preset the program to do so. To process and summarize data within the performance reports and to review details of scanning operations use the Slogan program (for details refer to chapter 8).
Page 35: Anti-Virus Scanner And Daemon Process: Using Switches And Profiles
Chapter 5. Anti-Virus Scanner and Daemon Process: Using switches and profiles 5.1. Scanning settings What to check? Where to check? How to handle infected objects?… Prior to checking for viruses in your computer you must define: • Location to be checked: system sectors including: Boot Sector, Master Boot Record, Partition Table;...
Page 36: How To Change Settings
D E F I N I N G S E T T I N G S • Actions to be taken on infected objects: they may be disinfected or deleted, or copied to another directories. • Advanced scanning tools: checking for corrupted and modified viruses, redundant scanning tool, i.e.
Page 37: Settings For A Separate Location To Be Checked
D E F I N I N G S E T T I N G S create a set of regular profiles with various settings. This way, when you need your Scanner to be set according to some certain profile, define this profile in the program command line. •...
Page 38 D E F I N I N G S E T T I N G S To define the location to be checked, in the Names line of the [Object] section, enter the filesystem directories to be checked for viruses. If you define more then one directory, they must be separated by semicolons.
Page 39: Defining Objects To Be Checked
D E F I N I N G S E T T I N G S 5.3.2. Defining objects to be checked 5.3.2.1. Object types Now, when you defined the location to be checked (see subchapter 5.3.1) after you defined the location to be scanned, you must define objects that will be checked for viruses.
Page 40: Files
D E F I N I N G S E T T I N G S check MBR. The switch -B disables and the switch -B- enables the scanner to check Boot Sectors of disks defined in the Names line. 5.3.2.3.
Page 41 D E F I N I N G S E T T I N G S character ! is specified in the switch (i.e. -@!=filename), upon completion of the task the filename file will be deleted. If this character is not in the switch (i.e. -@=filename), this file will be kept. To exclude some files from the check: 1.
Page 42: Packed Executables
D E F I N I N G S E T T I N G S 5.3.2.4. Packed executables Scanner can check for viruses in packed executable files that are unpacked by the special engine. Packed executable files contain special unpacking modules. When such a file is started, the module unpacks the program to RAM and then runs it.
Page 43: Archives
D E F I N I N G S E T T I N G S If the unpacking and extracting (see subchapter 5.3.2.5) engines are enabled, Kaspersky Anti-Virus for Sun Solaris Mail Server is able to detect an infected file even though it was enciphered by the CryptCOM utility, then packed by PKLITE and, finally, added to the PKZIP archive.
Page 44: Mail Databases And Plain Mail Files
D E F I N I N G S E T T I N G S 5.3.2.6. Mail databases and plain mail files You can enable your Scanner to check for viruses in mail databases and plain mail files. The mail databases and especially plain mail files scanning modes noticeably slow down the Scanner scanning rate.
Page 45: Embedded Ole Objects
D E F I N I N G S E T T I N G S To check for viruses in plain mail files, type Yes in the MailPlain line of the profile. Otherwise, type No. This parameter corresponds to the command line switch -MP[-]. The switch -MP enables and the switch -MP- disables your anti-virus scanner to check for viruses in plain mail files.
Page 46 D E F I N I N G S E T T I N G S • 0 — reports infected, suspicious and corrupted objects. Messages will be displayed and, if preset, logged into the file (see subchapter 5.4.4). The program will not disinfect or delete infected objects.
Page 47: Defining The Advanced Scanning Tools To Be Used
D E F I N I N G S E T T I N G S (see subchapter 5.4.4). The program will not delete these objects. 0 in the IfDisinfImpossible line corresponds to the command line switch –I2S. • 1 — deletes unrecoverable objects. 1 in the IfDisinfImpossible line corresponds to the command line switch –I2D.
Page 48 D E F I N I N G S E T T I N G S Solaris Mail Server algorithmic legs searching for virus-similar instructions. • Redundant scanning tool checks not just the entry points into a file that are used by the system when processing, but the entire contents of the examined files.
Page 49 D E F I N I N G S E T T I N G S • Com—the file seems to be infected by a virus that infects .COM files; • Exe—the file seems to be infected by a virus that infects .EXE files;...
Page 50: Settings For The Cumulative Location To Be Checked
D E F I N I N G S E T T I N G S To enable the redundant scanning tool, type Yes in the RedundantScan line of the profile. This parameter corresponds to the command line switch -V[-]. The switch -V enables and the switch -V- disables the redundant scanning tool.
Page 51: Defining Scanning And Performance Settings: Scanner And Daemon
D E F I N I N G S E T T I N G S • Generation of the check report and the performance statistics (see subchapter 5.4.4). 5.4.2. Defining scanning and performance settings: Scanner and Daemon General parameters for the program performance are located in the [Customize] section of a profile.
Page 52 D E F I N I N G S E T T I N G S To enable error reporting at the program start, type Yes in the Othermessages line of the [Customize] section of a profile. Otherwise, type No. To be asked for confirmation when enabling the redundant scanning tool, type Yes in the Redundantmessage line of the [Customize] section of a...
Page 53 D E F I N I N G S E T T I N G S type No in the ScanRemovable line of the [Options] section of a profile. Otherwise, type Yes. To scan subdirectories in the last place (after all the other objects have been scanned), type Yes in the ScanSubDirAtEnd line of the [Options] section of a profile.
Page 54 D E F I N I N G S E T T I N G S 2. Define the maximum number of simultaneously scanned files in the LimitForProcesses line. To implement the loop-scanning for viruses: 1. Type Yes in the EndlesslyScan line. Otherwise, type No. 2.
Page 55: Defining Actions On Infected And Suspicious Objects
D E F I N I N G S E T T I N G S 5.4.3. Defining actions on infected and suspicious objects The following three sections allow you to define actions to be taken by the program when it detects infected, suspicious or corrupted objects: •...
Page 56 D E F I N I N G S E T T I N G S To copy infected, suspicious and corrupted objects together with their paths, type Yes in the CopyWithPaths lines of the above sections. Otherwise, type No. It’s recommended to enable the above option since you may have files with similar names on your computer.
Page 57: Defining The Reporting Parameters
D E F I N I N G S E T T I N G S 5.4.4. Defining the reporting parameters To review results of the check performed by the program you must define its reporting parameters located in the [Report] section of a profile. This section also allows you to enable/disable additional information in the log.
Page 58 D E F I N I N G S E T T I N G S some text editors it will be difficult to review these files, since the program shows everything written on a single line. If you feel this way with your text editor, type Yes for the above parameter and the program will use both separators (carriage return and linefeed) in your log file.
Page 59 D E F I N I N G S E T T I N G S Use the below parameters to define optional information that will be added to the report: • WriteTime – reports the date and the time when the program messages were displayed.
Page 60: Daemon Process: Integrating Anti-Virus Protection In Clients
Chapter 6. Daemon Process: Integrating Anti-Virus Protection in Clients 6.1. Features of the Daemon program Describing functions and features of the program. The Daemon anti-virus process, kavdaemon, is designed to integrate anti- virus protection (search and deletion of viruses) in client software on a computer running Sun Solaris.
Page 61: Launching The Daemon Process
D A E M O N Daemon has all the features of anti-virus programs designed for other platforms, and allows checking for viruses in all file types (including archives, packed and plain mail files), application of the heuristic detection and redundant checking tools. The process can perform functions of the server or the client.
Page 62 D A E M O N [path] is the optional Sun Solaris path that defines the location to be checked. The meaning of path in the Daemon command line differs from that of the Scanner program. For the scanner this setting defines the location to be checked for viruses, but for Daemon it assigns the path value to the list of locations enabled to be checked (i.e.
Page 63 D A E M O N In this version when you launch the daemon process, it automatically initiates the following two processes: the primary process handles calls from the client programs, the secondary process reports performance of the first. It is possible to disable the second process. -dl —...
Page 64: Calling Up The Process From A Client Program
D A E M O N 6.3. Calling up the process from a client program How to call up the process from a client program. The example. To call up the existing daemon process from the client program, follow these steps: 1.
Page 65 D A E M O N The number of paths and parameters is unlimited. • 3—the command param substring transfers parameters of the shared memory, where the examined object was preplaced. The mode is used if the objects are checked without being intermediately saved onto the disk.
Page 66: Keeper: Scanning Smtp Traffic In Mail Systems: Sendmail, Qmail, Postfix And Exim
Chapter 7. Keeper: Scanning SMTP Traffic in Mail Systems: sendmail, Qmail, Postfix and Exim 7.1. Features of the Keeper program Describing functions and features of the program. Keeper is designed to handle viruses in incoming and outgoing SMTP traffic. The program is built into the mail server in order to check for viruses in the traffic passing through.
Page 67 K E E P E R questions related to these programs, refer to the corresponding documentation. Right after you install the program on a server (see chapter 2) you must integrate it with one of the mail systems listed above and define its settings (see subchapter 7.6).
Page 68: Integrating Anti-Virus With Sendmail
K E E P E R 7.2. Integrating Anti-Virus with sendmail Step-by-step integration. Integration of Kaspersky Anti-Virus for Sun Solaris Mail Server with the sendmail system can be implemented by starting the install-sendmail script-file or manually. To integrate the program manually you must first start the WebTuner program, which allows you to edit the Keeper configuration file.
Page 69 K E E P E R ° enter the From address for notifications in the Keeper e-mail text field. • On the groups page (see subchapter 10.10.3.1), select the required group of user addresses and press the properties button. • On the administrator page of the dialog window on your screen (see subchapter 10.10.3.4), use the Group administrator address text field to specify an e-mail...
Page 70: Integrating Anti-Virus With Qmail
K E E P E R 7.3. Integrating Anti-Virus with Qmail Step-by-step integration. Integration of Kaspersky Anti-Virus for Sun Solaris Mail Server with the Qmail mail system can be implemented by starting the install-qmail script- file or manually. To integrate the program manually you must first start the WebTuner program, which allows you to edit the Keeper configuration file.
Page 71: Integrating Anti-Virus With Postfix
K E E P E R ° specify the following working path for the Sender mailer, Recipient mailer and Admin mailer parameters: qmail:(/var/qmail/bin/qmail-que); ° enter the host name where Keeper will be running in the Hostname text field; ° enter the From address for notifications in the Keeper e-mail text field.
Page 72 K E E P E R To integrate Keeper into the Postfix mail system manually, follow these steps: 1. Check the version number of your Postfix mail system. The version number must be more than snapshot_20000529. If it is not, download the required program version from the Postfix web site (www.postfix.org).
Page 73: Integrating Anti-Virus With Exim
K E E P E R ° enter the From address for notifications in the Keeper e-mail text field. • On the groups page (see subchapter 10.10.3.1), select the required group of user addresses and press the properties button. • On the administrator page of the dialog window on your screen (see subchapter 10.10.3.4), use the Group administrator address text field to specify an e-mail...
Page 74 K E E P E R driver = lmtp command = "/opt/AVP/kavkeeper • define parameters of the local mail delivery in the DIRECTORS CONFIGURATION section: localuser: transport=kav_lmtp_transport • define parameters of the remote mail delivery in the ROUTERS CONFIGURATION section: lookuphost: transport=kav_lmtp_transport 3.
Page 75: Customizing Keeper
K E E P E R 7.6. Customizing Keeper Changing configuration of the Keeper program. 7.6.1. General concept Keeper loads settings from the initialization file . The file may be edited from the WebTuner program (for details refer to subchapter 10.10 ). To do this: 1.
Page 76 K E E P E R • Filtering mail messages according to their attachments (see subchapter 7.6.2.5). • Forwarding infected messages to the administrator (see subchapter 7.6.2.6). • Notifying the sender about the infected message detected (see subchapter 7.6.2.7). Example 1. If a system administrator wants to be in charge of the disinfecting procedure.
Page 77: Processing Infected Messages For An Address Group
K E E P E R 7.6.2. Processing infected messages for an address group 7.6.2.1. General concept Every e-mail message contains sender and recipient addresses. These features of a message define the processing rules to be applied to it. In fact, these processing rules (settings) are predefined for the address group.
Page 78 K E E P E R the message is processed according to this group processing rules. If some of the processing settings are not defined for the group, the program will apply the settings defined for the default group. If the To and the From addresses of a message are detected in several groups, the program will apply processing rules defined for the first of these groups.
Page 79: The Address Group And The To/From Addresses
K E E P E R 7.6.2.2. The address group and the To/From addresses In order for the Keeper program to process incoming and/or outgoing messages belonging to a certain user’s address list, you must use the WebTuner program to create an address group, add the required addresses to the group and define processing rules to be applied to it.
Page 80: To Check Or Not To Check
K E E P E R 7.6.2.3. To check or not to check… For every message sent by or delivered to users you may enable or disable the message-processing mode. To do this: 1. On the groups page (see subchapter 10.10.3.1), select the required group name and press the properties button.
Page 81 K E E P E R • notification of an infected message with the message attached to it (see Figure 3 and Figure 4); • notification of an infected message and the message disinfected (if possible) and attached to it (see Figure 5 and Figure 6). To send only the notification, check the Add report check box for the Infected object type on the...
Page 82 K E E P E R Figure 3.The notification as it looks in the recipient mailbox Figure 4. The infected message attached to the notification To send notification of an infected message and the message disinfected (if possible) and attached to it, follow these steps: 1.
Page 83 K E E P E R 2. Check the Add report check box for the Cured object type and select Cured from the corresponding Object action drop-down list. The program will send notification to the recipient with the disinfected message attached to it. If the object could not be disinfected, it will be deleted.
Page 84 K E E P E R 7.6.2.4.2 Blocking infected messages In some cases, an administrator may want to block incoming infected messages. To set the program to block all incoming infected messages, follow the steps: 1. On the masks page (see subchapter 10.10.3.2), check the Check this group check box for the selected address group.
Page 85: Filtering Mail By The Files Attached
K E E P E R 3. On the recipient page: • check the Block mail check box for the Infected object type and select Unchanged from the corresponding Object action drop-down list; • check the Add report check box for the Cured object type and select Cured from the corresponding Object action drop-down list.
Page 86: Delivering Infected Messages To The Administrator
K E E P E R 2. In the Attach file and Attach mime-type text fields, define the file type and the MIME type (respectively) to be excluded from the check. To enable filtering by attachment size, enter the maximum and the minimum sizes to be scanned in the Min attach size(Kb) and Max attach size(Kb) text fields respectively.
Page 87: Notifying The Sender
K E E P E R Figure 7. The notification with the infected message attached as it looks in the administrator’s mailbox 7.6.2.7. Notifying the sender To notify a sender about infected message delivered from his or her mailbox, follow these steps: 1.
Page 88: Defining Attributes Of The Notification
K E E P E R Senders of infected messages will be notified of viruses that were detected in their messages without reference to whether the message is disinfected or not. 7.6.3. Defining attributes of the notification Keeper allows sending notifications of infected messages to the recipient, the sender and the administrator.
Page 89: Launching Keeper
K E E P E R 7.7. Launching Keeper How to launch the Keeper program. Keeper can be launched from the command line. The general format of the Keeper command line is, ./kavkeeper [switch1] [switch2] […] [switchN] where [switchN] is an optional command line switch of the Keeper program.
Page 90: Slogan: Processing And Summarizing The Performance Reports
Chapter 8. Slogan: Processing and summarizing the performance reports 8.1. Features and functions Function and features of the program. The Slogan program is developed to process and summarize data within the performance reports of the Scanner and the Daemon programs. Slogan performs the following functions: •...
Page 91: Launching Slogan
S L O G A N 8.2. Launching Slogan Starting the program from the command line. To launch Slogan, the log processing and summarizing program, enter its name and the required switches in the command line: ./slogan [switch1] [switch2] […] [switchN] where [switchN] is the Slogan optional command line switch.
Page 92 S L O G A N Figure 9. The example of a summary report produced by Slogan -ds dd.mm.yyyy The program will summarize the reports generated starting from the date defined by this switch. -de dd.mm.yyyy The program will summarize the reports generated before and on the date defined by this switch.
Page 93: Slogan In The Real-Time Monitoring Mode
S L O G A N 8.3. Slogan in the real-time monitoring mode Performance of the program in the monitoring mode. The real time monitoring mode allows you to track changes in the predefined log file and study them. The general format of the command line for Slogan in the monitoring mode is: ./slogan –s [file1] […] [fileN] –tt [switch1] […] [switchN] where:...
Page 94 S L O G A N This switch redisplays the log file, if it became unavailable at some point of time. The screen (see Figure 10) displayed by Slogan in the real-time monitoring mode is divided into the following two panes: •...
Page 95: Tuner: Customizing Scanner And Daemon
Chapter 9. Tuner: Customizing Scanner and Daemon 9.1. Features and functions Function and features of the program. Tuner, the customization program, allows you to create and edit profiles, i.e. files containing a certain set of predefined settings of the anti-virus scanner and the daemon process: •...
Page 96: Launching Tuner
T U N E R 9.2. Launching Tuner Starting the program from the command line. Available command line switches. The general format of the Tuner command line is: ./kavtuner [switch1] […] [switchN], where [switch1] is the optional command line switch (see below). When starting Tuner you can use the following command line switches: This switch enables defUnix.prf located in the directory /opt/AVP/ to be used as a profile.
Page 97: Interface
T U N E R 9.3. Interface Discussing the interface. The page functions. When you start the program its main window appears on your screen. The main window is divided into the following two panes: menu bar and working area. At the top of the window you may see the menu bar containing three menus: File, Settings, Help.
Page 98: Creating, Editing And Saving A Profile
T U N E R Use the following keys when selecting options within a page: • <H >—move the cursor to the beginning of the text field; • <E >—move the cursor to the end of the text field; • <S >—check/uncheck the check-box or select/deselect the PACE...
Page 99 T U N E R To cancel saving of the settings press the Cancel button. To edit a profile, follow these steps: 1. Start your Tuner. The main window will appear on your screen. When started the program loads the default profile (its name is specified in the .ini file) or the file defined in the command line (see subchapter 9.2).
Page 100: The Location Page
T U N E R 9.5. The Location page Defining the location to be checked. The settings defined for a separate directory to be checked for viruses. 9.5.1. Defining the location to be scanned for viruses In the Location page (see Figure 11) you can define the list of directories to be scanned for viruses.
Page 101 T U N E R This is a general list of directories to be checked. The directories that should be checked are prefixed with "+", and the directories that should be skipped are prefixed with "-". To edit an item within the list, you must press the S key or double-click it with your mouse.
Page 102: Defining Scanning Settings For A Separate Directory
T U N E R 9.5.2. Defining scanning settings for a separate directory 9.5.2.1. The directory Property window: Selecting the required directory The Tuner program allows to define scanning settings for a separate directory. To do this, follow these steps: 1.
Page 103: The Directory Property Window: Objects To Be Checked
T U N E R When you press the button the Add folder window will appear on your screen. Use the window to add the required directory to the list of directories on the Location page (for instructions about how to add a directory to the location to be checked see subchapter 9.5.1).
Page 104 T U N E R The sector check function under your operating system may be not available. Files — check this box to scan for viruses in files. If you checked this box, you must select the file types to be checked. For details of how to do this see below.
Page 105: The Directory Property Window: Defining Anti-Virus Actions
T U N E R that are capable of containing a virus-code. Programs — scans all the files with extensions: .bat, .bin, .cla, .cmd, .com, .cpl, .dll, .doc, .dot, .dpl, .drv, .dwg, .eml, .exe, .fpm, .hlp, .hta, .htm, .htt, .ini, .js, .jse, .lnk, .mbx, .md*, .msg, .msi, .ocx, .otm, .ov*, .php, .pht, .pif, .plg, .pp*, .prg, .rtf, .scr, .shs, .sys, .tsp, .vbe, .vbs, .vxd, .xl*.
Page 106 T U N E R Display Disinfect Dialog — displays the inquiry about how to handle the infected object. The program will suggest to disinfect the object (for recoverable objects) or to delete it (for unrecoverable objects). Disinfect automatically — disinfects infected objects without asking first.
Page 107: The Directory Property Window: Defining The
T U N E R 9.5.2.4. The directory Property window: Defining the advanced scanning tools used. The Options page Options on the Property window Options page (see Figure 14) allow you enable/disable the following advanced scanning tools. You can use the following advanced scanning tools: Warnings —...
Page 108: The Options Page
T U N E R scanning tool. Scan subdirectories — check this box to check for viruses in subdirectories of the selected directory. Cross filesystems — check this box to enable the program to cross filesystem borders. This check box is useful if there are other filesystems mounted under yours, and you want to scan files in all the available filesystems.
Page 109 T U N E R Skip symbolic links — do not check symbolic links. Define the following settings: Scan subdir at end — check this box to scan subdirectories in the last place (after all the other predefined objects have been scanned).
Page 110: The Report Page
T U N E R Scan delay – enter the interval between two loops (in seconds). This parameter is used only if you checked Endlessly scan check box. If the Scan delay value is equal to 0, there will be no interval between the loops! 9.7.
Page 111 T U N E R The checked Use syslog box automatically suppresses the following parameters: ReportFileName, Append, ReportFileLimit ReportFileSize and RepCreateFlag. Append — check this box to append new reports to the contents of the log file. Extended report — check this box to add more details to the report.
Page 112 T U N E R Check the Showing button to display the corresponding dialog window (see Figure 17) that is divided into the following two parts: • The working area with the list of check boxes defining optional messages to be included in the performance report. By default all the check boxes are checked.
Page 113: The Actionwith Page
T U N E R Show warning in the log — check this box to be reported about the objects suspected as infected with the modification of a known virus. Show corrupted in the log — check this box to be reported about the examined corrupted objects.
Page 114 T U N E R the infected files only and you will apply the guidelines to the suspicious files. Use the below check boxes to define how the program must handle infected files: Copy to infected folder — check this box to copy infected files to a separate folder.
Page 115: The Customize Page
T U N E R 9.9. The Customize page Options located on the Customize page. Options on the Customize page of the Tuner main window (see Figure 19) allow you to define the program performance settings. The Customize page corresponds to the [Customize] section of a profile.
Page 116 T U N E R confirmation when enabling the redundant scanning tool. This setting will be used only for the directory to be checked with enabled redundant scanning tool (see subchapter 9.5.2.4). "Delete all…" message — check this box to be asked for confirmation when deleting an infected object.
Page 117: Webtuner: Remote Administration Program
Chapter 10. WebTuner: Remote administration program 10.1. Functions and features Discussing the program features. WebTuner is developed to administrate Kaspersky Anti-Virus for Sun Solaris Mail Server, i.e. to change settings and launch the package components locally or from a remote location. Management of the WebTuner program is implemented via the web browser.
Page 118: General Concept Of The Program Performance
W E B T U N E R Keeper and WebTuner cannot be started using WebTuner. 10.2. General concept of the program performance Features and the operation sequence of the program performance. WebTuner is developed to remotely administrate Kaspersky Anti-Virus for Sun Solaris Mail Server.
Page 119 W E B T U N E R The flowchart below illustrates the chain of interconnections to be implemented when working with Kaspersky Anti-Virus for Sun Solaris Mail Server via WebTuner. Figure 20. Calling up Kaspersky Anti-Virus for Sun Solaris Mail Server from WebTuner The sequence of steps to be performed to call up Kaspersky Anti-Virus for Sun Solaris Mail Server:...
Page 120: Installing Webtuner. Access Rights
W E B T U N E R 3. The system verifies your login and password against the list of authorized users. If these are detected in the list, you are enabled to manage the program executable files. 4. While working with WebTuner you can administrate (change settings and start) Kaspersky Anti-Virus for Sun Solaris Mail Server.
Page 121: Setting Up The Web Server And Webtuner
W E B T U N E R log/ — the directory containing the web server reports. 10.3.2. Setting up the web server and WebTuner Web server and WebTuner, the remote administration program, are installed on your computer by the Installer program (for details refer to chapter 2).
Page 122 W E B T U N E R • USE_SSL—Yes in this line enables the program to communicate via SSL. No disables the feature. • CH_ROOT—Yes in this line enables the program to perform the function chroot() when the server is started. No disables the feature.
Page 123 W E B T U N E R 5. Generate the new certificate file (cert.pem) and the new encoding key file (key.pem) for SSL instead of those supplied with the distributive. These are the files providing the communication privacy. To do this, open the Open SSL project programs and follow these steps: Create the key and the certificate request: openssl req -new >;...
Page 124: Rights On The Web Server
W E B T U N E R To use some other web server with WebTuner, define the following settings: 1. Edit the server settings to create a virtual server whose root directory points to the extracted html directory and register the alias for this directory in the existing server.
Page 125: Rights To Run The Webtuner Copy
W E B T U N E R If you want to redefine the user running the server, follow these steps: 1. Be enter the host name where Keeper will be running sure that the target user is authorized to: •...
Page 126: Launching Webtuner
W E B T U N E R To define the users authorized to run WebTuner you must generate the access file. For details of how to generate the .htpasswd file refer to step 5 in subchapter 10.3.2. The login and the password are prompted by the web server when a user calls up WebTuner.
Page 127: Interface
W E B T U N E R Figure 21. The login dialog 4. Press the OK button and if you are authorized to run WebTuner, you will be let in. If you succeed the program main window will appear on your screen. This window allows remote administration of the Kaspersky Anti-Virus for Sun Solaris Mail Server components.
Page 128 W E B T U N E R Figure 22. The WebTuner main window To select a program from the list, 1. Highlight it with your left mouse button. 2. Press the select button, if your browser does not support Java Script or the Java Script support is disabled.
Page 129: Defining The Configuration Of Webtuner
W E B T U N E R Be careful when pressing the hide button. If you will do it without an item selected in the list, the list will be cleared. If you again want to see all the controllable programs in the list, press the show all button.
Page 130 W E B T U N E R The WebTuner configure window (see Figure 24) will appear on your screen. The window contains hyperlinks allowing you to display the following pages: • The main page items allow you to define the contents of the WebTuner performance settings (for details refer to subchapter 10.6.2).
Page 131: The Main Page: Webtuner Performance Settings
W E B T U N E R 10.6.2. The main page: WebTuner performance settings For your WebTuner to operate correctly, you must define its main performance settings located on the main page (see Figure 24) of the WebTuner configure window. To insure correct performance of the WebTuner program, follow these steps: 1.
Page 132: The Modules Page: Remote Administration Settings
W E B T U N E R Figure 24. The main page 10.6.3. The modules page: remote administration settings The list of modules to be remotely administered from WebTuner and their properties can be edited using the add, delete and properties buttons on the modules page (see Figure 25).
Page 133 W E B T U N E R Figure 25. The modules page Before you use the properties or the delete button make sure to select a module from the list with your left mouse button! To add an item to the list, follow these steps: 1.
Page 134 W E B T U N E R To define the properties of a module, follow these steps: 1. Select the required module from the list with your left mouse button. 2. Press the properties button. 3. In the Module: name window on your screen (see Figure 26), define the following settings: •...
Page 135 W E B T U N E R Figure 26. Properties of the selected module For details on the macroinstructions that are used in the above text field values refer to subchapter 15.13 of Appendix B. By omitting any of the above values and leaving the corresponding text field blank, you remove the corresponding hyperlink from the WebTuner main window!
Page 136: Webtuner: Administering Daemon
W E B T U N E R 10.7. WebTuner: Administering Daemon WebTuner for the daemon process. Editing the profile, launching the program and reviewing the log. 10.7.1. Daemon settings WebTuner allows you to remotely administrate the Daemon program, i.e. to edit the program profile, to launch it and to review the performance report.
Page 137 W E B T U N E R The Daemon parameters and the values are located within a profile defined in the DefaultProfile line of AvpUnix.ini (the default profile is defUnix.prf). To edit parameters of the profile defined in the Kaspersky Anti- Virus for Sun Solaris Mail Server initialization file, follow these steps: 1.
Page 138: Remote Configuration Of The Daemon Program
W E B T U N E R 10.7.2. Remote configuration of the Daemon program 10.7.2.1. The Profile tuning window WebTuner allows you to edit profiles of the Daemon program. The settings defined from WebTuner can be saved to the default profile as well as to any other profile that can be assigned to the daemon process, for example, by using the –F switch in the Daemon command line.
Page 139: The Objects Page: Location To Be Scanned
W E B T U N E R Figure 28. The objects page 10.7.2.2. The objects page: location to be scanned On the objects page (see Figure 28) you can define the list of directories to be scanned for viruses and scanning settings for a separate directory. To define scanning settings for the selected directory, follow these steps: 1.
Page 140 W E B T U N E R • The actions page allows you to define the way infected and suspicious objects must be processed. Options on this page are similar to those described in subchapter 9.5.2.3. • The options page allows you to define the advanced scanning tools to be used.
Page 141: The Options Page: Scanning Settings
W E B T U N E R pressing the select button (for browsers not supporting Java Script). 3. Check the Exclude path check box if you want the directory to be excluded from the location to be checked (prefixed with "–"). 4.
Page 142: The Report Page: Reporting Settings
W E B T U N E R In fact, the actions page includes two subpages containing: 1. Options for infected and suspicious objects detected. The page options and their functions are similar to those described in subchapter 9.8. 2. Options for corrupted and suspicious objects detected (see Figure 29).
Page 143: The Customs Page: Advanced Scanning Settings
W E B T U N E R included in the report is defined on the second sub-page of the Report page. To move between the subpages use the arrow buttons located in the upper right corner of the page. 10.7.2.6.
Page 144 W E B T U N E R client programs) in the Socket file dir text field manually or by using the browse button. The default path is /var/run. 3. Press the run button. The Daemon starting log will be displayed on your screen (see Figure 32).
Page 145 W E B T U N E R Figure 31. Daemon start parameters Figure 32. Daemon starting log...
Page 146 W E B T U N E R To start a new daemon process: 1. Kill the existing daemon process using the kill button. The window displaying the process-killed results will appear on your screen (see Figure 34). Figure 33. Daemon starter The existing process must be killed to avoid conflicts that may arise between two or more simultaneously existing processes.
Page 147: Reviewing The Log File
W E B T U N E R perform steps 2-3 described for the daemon process started for the first time. Figure 34. The process-killed report 10.7.4. Reviewing the log file WebTuner allows you to review performance reports of the existing daemon process and of the processes run previously.
Page 148 W E B T U N E R • Archives – archives checked. • Packed – packed executable files checked. • Infected – infected objects detected. • Disinfected – objects disinfected. • Disinfection failed – unrecoverable objects detected. • Deleted files – objects deleted. •...
Page 149 W E B T U N E R Figure 35. The daemon process performance results You may change the log display. It may be displayed in the text format or in HTML. The display depends on the templates used by the program when generating the log (for details of the templates see subchapter 15.7 of Appendix B).
Page 150: Webtuner: Administering Scanner
W E B T U N E R 10.8. WebTuner: administering Scanner WebTuner for the anti-virus scanner. Editing the profile, launching the program and reviewing the log. 10.8.1. Scanner settings WebTuner allows you to remotely administer the Scanner program, i.e. to edit the program profile, to launch it and to review the performance report.
Page 151: Remote Configuration Of The Scanner Program
W E B T U N E R Scanner parameters and values are located within a profile defined in the DefaultProfile line of AvpUnix.ini (the default profile is defUnix.prf) To edit the profile defined in the Kaspersky Anti-Virus for Sun Solaris Mail Server initialization file, follow these steps: 1.
Page 152: Launching Scanner From A Remote Location
W E B T U N E R where you cannot define the User report setting for your Scanner, and the options page (see Figure 15), where you will find the following extra options: Scan … files in parallel – check this box to simultaneously scan the objects defined in the text field that follows the word Scan.
Page 153: Reviewing The Log File
W E B T U N E R 2. Select the Scan input path option button to scan the defined location. To scan the location defined in the default profile, select the Scan default path option button. To launch Scanner, press the run button, the Scanner status window that may display messages listed in the subchapter 15.5 of Appendix B will appear on your screen.
Page 154: Webtuner: Administering Updater
W E B T U N E R To review the required scanning report, follow these steps: 1. Click the run hyperlink in the WebTuner main window with the Scanner item selected in the list. 2. In the Scanner start parameters window (see Figure 37) press the view log button.
Page 155 W E B T U N E R Figure 38. The WebTuner main window: Updater is selected The virus-definition databases may be updated: • via the Internet; • from an archive; • from a network directory. Select one of the following options: From web –...
Page 156 W E B T U N E R Figure 39. The update source window To launch the updating operation, press the run button. The updating will be started and the window displaying information about the updating progress will appear on your screen (see Figure 40).
Page 157: Webtuner: Administering Keeper
W E B T U N E R Figure 40. The updating operation is in progress 10.10. WebTuner: administering Keeper Changing Keeper settings. 10.10.1. Keeper settings Keeper is designed to process and transfer mail messages to the Daemon program that subsequently checks for viruses and disinfects them. WebTuner allows you to remotely define the Keeper settings within the program initialization file.
Page 158 W E B T U N E R To display a window with the Keeper settings, follow these steps: 1. Select Keeper from the program list with your mouse left button and by pressing the select button (for browsers not supporting Java Script).
Page 159 W E B T U N E R Figure 41. The WebTuner main window: Keeper is selected Figure 42. The main page...
Page 160: The Main Page: Identification Settings And Communication With Daemon
W E B T U N E R 10.10.2. The main page: identification settings and communication with Daemon The main page items (see Figure 42) allow you to define the Keeper identification settings, the Keeper/daemon communication settings, and the mailers to be used by administrators, senders and recipients included in the Keeper address groups.
Page 161 W E B T U N E R the value specified in the Link type text field you may enter one of the following paths: • Full path to the AvpCtl file, if the communication to be performed via File or Shared memory. The path to the AvpCtl file is defined by the switch –f, when you launch the daemon process from the command line (see subchapter 6.2).
Page 162: Defining Processing Rules For A Separate Group
W E B T U N E R For example, the mailer identification string may look similar to the following: smtp:localhost.tu:1100 lmtp:(local.mail –l) 2. In the Recipient mailer text field, enter the required mailer identifier for the recipient. The general format of this string is similar to the one described for the Sender mailer parameter.
Page 163 W E B T U N E R • move down – moves the group highlighted in the list one line down; Figure 43. The groups page The location of a group within the group list is very important, since a mail message is processed according to the rules of the FIRST group to which it belongs, i.e.
Page 164 W E B T U N E R To add a group to the list, follow these steps: 1. Press the add button. 2. Enter the address group name in the text field of the Add new group window on your screen. 3.
Page 165: The Group: Window Masks Page: Defining Group Recipients And Senders
W E B T U N E R • The group window sender page allows you to define rules for handling messages to be sent by the group senders (for details refer to subchapter 10.10.3.5). • The group window recipient page allows you to define rules for handling messages to be delivered to the group recipients (for details refer to subchapter 10.10.3.6).
Page 166 W E B T U N E R Figure 44. The masks page When defining masks in these fields use the POSIX regexp standard. If you leave the Sender mask field blank, the Keeper will apply the group processing rules to all the messages to be delivered to the addresses defined in the other field (Recipient mask) without regard to the sender address.
Page 167 W E B T U N E R 10.10.3.3. The Group: window filters page: defining the filter The filters page (see Figure 45) allows you to define the message filtering settings for the group. Figure 45. The filters page When processing files that meet the filtering conditions Keeper follows processing rules defined on the administrator, sender and recipient pages for the Filtered object type.
Page 168 W E B T U N E R To define masks of the attachments to be processed following the processing rules for filtered files, enter the required masks in the Attach file mask text field (the Filters frame). For example, .*\.bmp .*\.txt Each mask must be placed on a new line!
Page 169: The Group: Window Administrator Page: Notifications For The Administrator. Isolating Infected Objects
W E B T U N E R 10.10.3.4. The Group: window administrator page: notifications for the administrator. Isolating infected objects The administrator page (see Figure 46) allows you to define the administrator notification settings and the objects to be placed in the isolation directory.
Page 170 W E B T U N E R Figure 46. The administrator page If you select Unchanged for the Cured type, the administrator will receive infected messages despite the fact that they have already been disinfected by the program. • Remove –...
Page 171: The Group: Window Sender Page: Notifications For The Sender
W E B T U N E R To notify the administrator about the required object type detected and to attach the original message to the notification, follow these steps: 1. Check the Send notify check box for the corresponding object type;...
Page 172 W E B T U N E R • blacklisting of the message sender address for every object type. To notify the sender about the required object type detected in the message, check the Send notify check box for the corresponding object type. When sending notifications to the senders, the Keeper program does not attach the original messages to them.
Page 173: The Group: Window Recipient Page: Messages To Group Recipients
W E B T U N E R Example: If the Keeper program fails to disinfect a message that belongs to this address group, you want it to notify the sender and the administrator, copy the message to the isolation directory, and add the sender’s address to the list of suspicious addresses.
Page 174 W E B T U N E R • what object types must be reported to the message recipients; • what object types and in what form objects must be delivered to the message recipients. Figure 48. The recipient page To define what object types and in what form objects must be delivered to the recipients, select one of the following values from the Object action drop-down...
Page 175 W E B T U N E R The Cured value can be found only in the Object action drop-down for cured objects. To define messages with object types to be prohibited from delivery to the recipient mailbox, check the Block mail check box for the corresponding object types.
Page 176: The Users Page: The List Of Legal Users
W E B T U N E R • Enter the e-mail address or the alias of the administrator in the Group administrator address text field; • Select Unchanged from the Object action drop-down list for the Infected object type; •...
Page 177: The Log Page: Data To Be Logged
W E B T U N E R Figure 49. The users page 10.10.5. The log page: data to be logged The log page (see Figure 50) allows you to define the reporting settings. Define the Keeper log file: Log file – path to the log file. You may enter the required path manually or by using the Browse button.
Page 178 W E B T U N E R Figure 50. The log page To add the program performance results to the system log, check the Use sys log check box. To define the detail level for the log data, select one of the following values from the Log level drop-down list: •...
Page 179: The Report Page: Defining The Notification Contents
W E B T U N E R 10.10.6. The report page: defining the notification contents 10.10.6.1. The list of to be notified The report page (see Figure 51) allow you to define the format and the contents of the virus-detected notifications to be broadcasted. Figure 51.
Page 180: Notifications For Administrators
W E B T U N E R options to define the notification attributes (for details refer to subchapter 10.10.6.2). 10.10.6.2. Notifications for administrators The administrator can be notified about all infected messages from/to addresses that are included in the address group. To do this you must check the Send notify check box on the administrator page (for details refer to subchapter 10.10.3.4) and define attributes of the notifications.
Page 181: Notifications For Senders
W E B T U N E R • Content-type – the type of insertion to be used when adding text to the notification. Enter the value in the corresponding text field (for example, MIME). • File with report content – the path to the file containing the text to be inserted into the notification.
Page 182: Notifications For Recipients
W E B T U N E R 10.10.6.4. Notifications for recipients You can define attributes of the notifications to be sent to recipients of the infected and suspicious messages. Options for these notifications are similar to those described for the administrator notifications in subchapter 10.10.6.2.
Page 183 W E B T U N E R • Enter the maximum size (in bytes) for the mail message to be processed in the Max mail size (Kb) text field. If the defined size is exceeded the message will not be accepted for processing.
Page 184 W E B T U N E R ° RCPT timeout – after the RCPT instruction is transmitted. ° QUIT timeout – after the QUIT instruction is transmitted. ° DATA timeout – after the DATA instruction is transmitted. • Enter the maximum period of waiting for the DATA instruction to be transmitted in the Send data timeout text field.
Page 185: Updater: Updating Virus-Definition Databases
Chapter 11. Updater: Updating Virus- Definition Databases 11.1. Function and features Updater updates virus-definition databases, which are used in the process of checking for viruses. The program allows you to update virus-definition databases via the Internet, from an archive, or from a network location. The wget program is a software requirement for updating virus- definition databases and programs via the Internet.
Page 186 U P D A T E R ./kavupdater update_switch [switch1] [switch2]... where update_switch is a mandatory switch reflecting the way the update will be performed (see subchapter 11.3); [switchN] is an optional command line switch. For a list of switches and their functions see Appendix B. By default, the updater uses the following two parameters in AvpUnix.ini (see Appendix A): BasePath –...
Page 187: How To Update Virus-Definition Databases
U P D A T E R 11.3. How to update virus- definition databases Updating via the Internet. Updating from a network directory. Updating from an archive. Examples. 11.3.1. Updating via the Internet To retrieve new virus-definition databases from an FTP or a web server, launch the program with the command line switch –uik: ./kavupdater -uik=server_and_path...
Page 188: Updating From A Network Directory
U P D A T E R 11.3.2. Updating from a network directory If you need to update virus-definition databases and upgrade programs on several computers, it’s more convenient to download updates/upgrades via the Internet to your network directory and then perform updating/upgrading from this directory.
Page 189: Saving The Report To A File
U P D A T E R 11.4. Saving the report to a file Saving the report to a file. Example. To save report data to a file, use the command line switch –w: ./kavupdater -uik=server_and_path -w[t][a][-][+][=filename] where: • -wt or -wt+ is the switch creating a new log file; •...
Page 190: Inspector: Monitoring Filesystem Integrity
Chapter 12. Inspector: Monitoring Filesystem Integrity 12.1. Function and Features The Inspector program is an integrity checker running under the Sun Solaris operating system. Inspector performs the following functions: • monitors the defined location for changes. • checks for viruses in the defined location and removes them. Unlike the Scanner and the Daemon programs, while searching for viruses Inspector is not guided by virus-definitions in the corresponding databases.
Page 191: Running Inspector
I N S P E C T O R restore the originals). For details about handling new or modified files see subchapter 12.2.3. If Inspector fails to disinfect infected files, they are transferred to the Daemon program. 12.2. Running Inspector 12.2.1.
Page 192: Defining The Location To Be Checked
I N S P E C T O R By comparing newly collected data against the database master copy the program identifies new and modified files and checks for viruses in them. You can create separate Inspector databases for every location to be checked.
Page 193 I N S P E C T O R To set Inspector to load the location to be checked from a text file, follow these steps: 1. Create a list of directories to be checked and save it to a text file.
Page 194: Handling Modified And New Files
I N S P E C T O R By default, Inspector is preset to check for viruses in the subdirectories of the defined directories to be checked. To exclude all the subdirectories from the check use the switch –r in the Inspector command line. Let's review the following example for training purposes: Example: You want the Inspector to check the directory /documents and all the subdirectories and ignore all the .bmp files located there.
Page 195 I N S P E C T O R To set the program to display a report about the modified and new files detected, use the switch –da0 in the Inspector command line. To set the program to automatically handle all the modified and new files detected, use the switch –da2 in the Inspector command line.
Page 196: Saving The Performance Report
I N S P E C T O R Solution: To do this, enter the following strings in the Inspector start-up command line: ./kavinspector –g[=base_documents] /documents –r– –da2d –dc –a[=var/run] –s[=base_documents] 12.2.4. Saving the performance report Inspector can save the performance report to the system log or a separate file.
Page 197: Control Centre: Scheduling The Anti-Virus Performance
Chapter 13. Control Centre: Scheduling the Anti-Virus Performance 13.1. Function and Features The Control Centre program has been developed to schedule performance of all the Kaspersky Anti-Virus for Sun Solaris Mail Server components. This program allows you to • create, change and schedule performance of package component-based tasks.
Page 198: Scheduling Performance Of Package Component-Based Tasks
C O N T R O L C E N T R E You can use more than one switch in the Control Centre command line. For the complete list of available command line switches refer to subchapter 15.8 Appendix B. 13.3.
Page 199 C O N T R O L C E N T R E -e=hour:min is the prgname program performance time. When the time is over, the program shuts down. Let's review the following example for training purposes: Example: Right after the Control Centre is started, you want to load the Scanner in order to scan the location defined in the file task.txt.
Page 200 C O N T R O L C E N T R E –u=username is the user name under which the prgname program will be started; -fs=day.month.year is the date when the task must be started the first time; -st=hour:min is the time when the task must be started; If you do not enter values for the parameters -fs=day.month.year and - st=hour:min, they will be automatically defined as the task creation date and time.
Page 201 C O N T R O L C E N T R E -sd=[sun|mon|tue|wed|thu|fri|sat] -xm=[jan|feb|mar|apr|may|jun|jul|aug|sep|oct|now|dec] -e=hour:min" where: -xm=[jan|feb|mar|apr|may|jun|jul|aug|sep|oct|now|dec] is the month when the task must not be performed. If you want the task performance to be prohibited in more than one month, enter the required months in the command line using the parameter –xm for every month: for example, –xm=jan –xm=aug.
Page 202: Saving The Performance Report
C O N T R O L C E N T R E Example: You want to schedule the Updater to update virus- definition databases from the archive kavbases.zip on every Monday at 7.00 p.m. and to log the performance results in the file report.txt.
Page 203 C O N T R O L C E N T R E If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.
Page 204: Appendix A. Principal Files
14. Appendix A. Principal files Files that are principal for Kaspersky Anti-Virus for Sun Solaris Mail Server and their functions. The following files are vital for the Kaspersky Anti-Virus for Sun Solaris Mail Server performance: • AvpUnix.ini contains information critical for the correct operation of the Kaspersky Anti-Virus for Sun Solaris Mail Server components.
Page 205: Appendix B. Supplementary Details Of Anti-Virus
15. Appendix B. Supplementary details of Anti- Virus 15.1. Files with the program settings You may edit a file with parameters (.prf, .ini, .conf) in any text editor. The file contains several sections with parameters and their values. The general format of a section is: [Section_name] Parameter_name=Value...
Page 206 A P P E N D I X [Configuration] KeyFile=AVPLinux.key KeysPath=. SetFile=avp.set BasePath=. You may edit any section of the file ([AVP32] and [Configuration]). The [AVP32] section contains the parameter: DefaultProfile – the profile to be loaded by the program when it starts. If you leave it blank the program will load defUnix.prf.
Page 207: Scanner And Daemon: The Profile (Defunix.prf)
A P P E N D I X make sure to edit the parameter values within the initialization file the appropriate way (e.g. path to the virus-definition databases). 15.3. Scanner and Daemon: the profile (defUnix.prf) Let's review an example of a profile and discuss the sections within the file: [Object] Names=*/home/user/mydoc;./ [Options]...
Page 208 A P P E N D I X UserReport=No UserReportName=userreport. [ActionWithCorrupted] CorruptedCopy=No ShowOK=Yes CorruptedFolder=corrupted ShowPack=Yes CopyWithPath=Yes ShowPassworded=Yes ChangeExt=None ShowSuspision=Yes NewExtension=Corr ShowWarning=Yes ChownTo=None ShowCorrupted=Yes ChModTo=No ShowUnknown=Yes [TempFiles] [ActionWithInfected] UseMemoryFiles=Yes InfectedCopy=No LimitForMemFiles=6000 InfectedFolder=infection MemFilesMaxSize=20000 CopyWithPath=Yes TempPath=/tmp ChangeExt=None NewExtension=Vir [Priority] ChownTo=None Father=0 ChModTo=No Child=0 [ActionWithSuspicion] [Customize]...
Page 209 A P P E N D I X Names – this parameter defines the location to be checked, i.e. directories that should be checked for viruses. If you define more than one directory, they must be separated by semicolons. There is one more important thing: if you define a directory in this line and want the program to check it for viruses, make sure to prefix it with "*".
Page 210 A P P E N D I X "*.*"). 3 – scans file types defined by the user for the UserMask parameter. If you define more then one file type, they must be separated by commas. To make sure there is no virus in the location to be checked, it is advisable to scan all the files.
Page 211 A P P E N D I X Embedded – Yes in this line enables the program to check for viruses in OLE objects embedded in the examined files. No disables this feature. InfectedAction – here you must define one of the values listed below: 0 –...
Page 212 A P P E N D I X been scanned). No disables this feature. Symlinks – here you must define one of the values listed below: 0 – do not check files and directories available via the symbolic links (corresponds to the command line switch -LP). 1 –...
Page 213 A P P E N D I X The positive value (Yes) in the UseSysLog line automatically suppresses the following parameters: ReportFileName, Append, ReportFileLimit, ReportFileSize and RepCreateFlag. ReportFileName – the name of your log file (valid only if Report=Yes and UseSysLog=No).
Page 214 A P P E N D I X The following two parameters are used only if you call up the daemon process from a script file and want to display the performance report. UserReport – Yes in this line enables the program to add current check results to the user-defined log file (see the UserReportName line).
Page 215 A P P E N D I X CopyWithPaths – Yes in this line enables the program to copy infected objects to a separate folder together with their paths. No disables this feature. ChangeExt – Yes in this line enables the program to change extensions of infected files.
Page 216 A P P E N D I X The [ActionWithCorrupted] section parameters define the actions to be taken by the program when it detects corrupted objects. CorruptedCopy – Yes in this line enables the program to copy corrupted files to a separate folder that must be defined in the CorruptedFolder line.
Page 217 A P P E N D I X The [Customize] section parameters define the advanced program performance settings. UpdateCheck – Yes in this line enables the program to remind you about the need to update your virus-definition databases. No disables this feature. UpdateInterval –...
Page 218: Scanner And Daemon: Command Line Switches
A P P E N D I X 15.4. Scanner and Daemon: command line switches A list of scanner command line switches and their functions. The difference between command line switches for the scanner and the daemon process. The general format of the Scanner command line is: ./kavscanner [switch1] [switch2] [...] [switchN] [path] [filemasks], where: [switchN] is the optional command line switch;...
Page 219 A P P E N D I X -U[-] disables Unpacking Engine. -A[-] disables Unpacking Engine. -V[-] enables the redundant scanning tool . -R[-] skips the scanning into subdirectories. If you define this switch, the scanner will check only files of the predefined directories and ignore the subdirectory files.
Page 220 A P P E N D I X checks the files and directories available via symbolic links. skips the files and directories available via symbolic links. -Y[-] skips all dialogs (to be used in script files) runs check once per day (to be used in script files). -Z[-] prohibits the check from being interrupted.
Page 221 A P P E N D I X -- or -I2 disinfects infected objects automatically if possible. When running in this mode the program checks for viruses and tries to recover infected files and boot sectors to exactly (if possible) or mostly match the originals.
Page 222 A P P E N D I X -VL[=filename] logs the list of viruses into filename. If the file is not defined, the list of viruses will be screened. -h or -? displays the list of command line switches. -T=path the path to the temporary files directory.
Page 223: Scanner And Daemon: Report Messages
A P P E N D I X kills the parent daemon process. kills all daemon processes running. displays the version number. -f=directory creates and stores the files AvpCtl and AvpPid in the defined directory. If you do not start Daemon from under the root user, the program may be prohibited from accessing the default directory for these files.
Page 224 A P P E N D I X Ok – no virus or virus-like instructions were detected in the file or sector. This message will be displayed only if you preset the scanner to report virus-free objects. Infected: <VIRUS_NAME> – the defined virus (e.g. OneHalf.3544) has been detected in the file or sector.
Page 225: Scanner And Daemon: Exit Codes
A P P E N D I X 15.6. Scanner and Daemon: exit codes The list of exit codes that can be returned by the program. Example of using these codes in a script file. If you start Scanner or Daemon from a script file, you may analyze its exit code.
Page 226: Slogan: Report Templates
A P P E N D I X hi=$[$exitcode/16] case $lo in echo 7 - File kavscanner is corrupted echo 0 - No viruses were found echo Error! esac case $hi in echo Internal error: integrity failed echo Internal error: bases not found esac exit 0 15.7.
Page 227 A P P E N D I X • template.tm2 – detail report template for the console display; • template.htm – detail report template in HTML for the console display; • web_template.tm – report template for WebTuner; • web_new_template.tm – report template in HTML for WebTuner. By editing these reports, you can change display of the program performance reports.
Page 228 A P P E N D I X The list of modified and corrupted viruses detected: Virus name: $VIRUS Total found: $COUNT Each of the cycles mentioned above may include the following macros: $VIRUS – name of the virus detected. $COUNT –...
Page 229: Inspector: Command Line Switches
A P P E N D I X List of all found suspicion virus: ------------------------------------------------ Virus name: $VIRUS Total found: $COUNT ------------------------------------------------- List of all warnings: ------------------------------------------------- Virus name: $VIRUS Total found: $COUNT ------------------------------------------------ Generated by KAV Daemon Log Analizer at $NOW . 15.8.
Page 230 A P P E N D I X loads details of the location to be checked from the defined database file. –s[=database_name] saves details of the location to be checked to the defined database file. If you do not specify any database name in the above command line switches, the program will use the default database under the checkbase name.
Page 231 A P P E N D I X checks only the files and directories available via the symbolic links predefined in the command line and ignores other symbolic links. checks the files and directories available via symbolic links. skips the files and directories available via symbolic links. -r[-] skips checking into subdirectories.
Page 232: Control Centre: Command Line Switches
A P P E N D I X a[=socket_directory] defines the full path to the directory containing the Daemon socket file. -w[t][a][-][+][=filname] logs the performance report into the defined file (the default file is report.txt). If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.
Page 233 A P P E N D I X where: [switchN] is the optional command line switch of Control Centre; [instructionN[="task_parameters"]] is the optional instruction of the program. You can use more than one switch and more than one command in the Control Centre command line.
Page 234 A P P E N D I X -w[t][a][-][+][=filename] logs the performance report into the defined file (the default file is report.txt). If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.
Page 235 A P P E N D I X If you do not enter values for the parameters -fs=day.month.year and - st=hour:min, they will be automatically defined as the task creation date and time. -ls=day.month.year is the date when the task must be started for the last time;...
Page 236: Updater: Command Line Switches
A P P E N D I X -cd=IdN deletes the task with the defined ID. 15.10. Updater: command line switches The list of command line switches available for Updater. The general format of the updating utility command line is: ./kavupdater update_switch [switch1] [switch2] [...] [switchN] where: update_switch is the way to update virus-definition databases;...
Page 237 A P P E N D I X The switch –a=path cannot be used together with the switch –kb! -p[=num] defines the maximum number of simultaneously downloaded files. The default value is num=16. -udp=directory upgrades the installed Kaspersky Anti-Virus for Sun Solaris Mail Server components from the defined directory.
Page 238 A P P E N D I X -t[=directory] enables the program to use the defined directory for intermediate operations. For example, ./kavupdater -t=/home/user1/temp. -kb[-] skips the query for saving old virus-definition databases. -ki[-] skips loading the .ini file. -ks[-] skips writing the .set file name into the .ini file.
Page 239: Keeper For Sendmail: Configuration File (Kaspersky-Av.mc)
A P P E N D I X -ws[-] logs performance results in the system log. defines English as the default language for reports and messages. 15.11. Keeper for sendmail: configuration file (kaspersky-av.mc) An example of the Keeper for sendmail configuration file, kaspersky-av.mc: divert(-1) dnl This is the macro config file used to generate the /etc/sendmail.cf...
Page 240: Keeper For Postfix: Configuration File (Master.cf)
A P P E N D I X define(`QUEUE_DIR',`/var/spool/mqueue1') FEATURE(`smrsh',`/usr/sbin/smrsh') FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable') FEATURE(redirect) FEATURE(always_add_domain) FEATURE(use_cw_file) MAILER(smtp) MAILER(keeper) FEATURE(`access_db') FEATURE(`blacklist_recipients') 15.12. Keeper for Postfix: configuration file (master.cf) An example of the Keeper for sendmail configuration file, master.cf: service type priv upriv chroo Wakeup...
Page 241: Webtuner: The Configuration File (Loader.cfg)
A P P E N D I X smtp unix smtp showq unix showq error unix error local unix local virtual unix virtual lmtp unix lmtp ## This line added by Kaspersky Anti-Virus Installer localhost:10025 inet spawn user=filter argv=/opt/AVP/kavkeeper/kavkeeper localhost:10026 inet smtpd -o content_filter= -o myhostname=anton.avp.ru...
Page 242 A P P E N D I X Run=./daemon_exec.cgi?avp_d=%AVP_DIR%&d_exec=%EXE Report=./daemon_report.cgi?avp_d=%AVP_DIR%&avp_pr f=%AVP_PRF% Hide=No [Updater] Exec=kavupdater.sh MainCgi=updater.cgi Configure=updater.cgi?avp_d=%AVP_DIR%&e_upd=%EXEC Hide=No [Scanner] Exec=kavscanner MainCgi=scanner_prf.cgi Configure=./scanner_prf.cgi?avp_d=%AVP_DIR%&avp_p rf=%AVP_PRF%&start_dir=%AVP_DIR% ConfigureDefault=./scanner_prf.cgi?avp_d=%AVP_DIR %&avp_prf=%AVP_PRF%&op=v&sec=ob&prf=%DEFAULT_KAV_ PROFILE% Run=scanner_exec.cgi?avp_d=%AVP_DIR%&s_exec=%EXEC Hide=No [Keeper] MainCgi=keeper_prf.cgi ConfigureDefault=./keeper_prf.cgi?op=v_op&sec=mn_ main&prf=%AVP_DIR%etc/defUnix&usrdb=%AVP_DIR%etc/ userdb Hide=No [WebTuner] MainCgi=self_cfg.cgi Configure=./self_cfg.cgi Hide=No...
Page 243 A P P E N D I X The [Main] section parameters define the WebTuner performance settings: Modules – the list of Kaspersky Anti-Virus for Sun Solaris Mail Server components that can be administrated from WebTuner. The default list includes: Daemon, Updater, Scanner, Keeper and WebTuner.
Page 244 A P P E N D I X The Configure parameter insures availability of the config hyperlink on the WebTuner main window with the package component selected in the Programs list. ConfigureDefault – defines editing of the file with the package component settings from WebTuner.
Page 245: Appendix C. Classifying Computer Viruses
16. Appendix C. Classifying computer viruses Discussing various virus types. The computer virus is a computer program (that is, executable code and/or a collection of instructions) that can replicate itself (though the copy may not necessarily exactly match the original) and penetrate files and other resources of computer systems and networks and make them perform tasks the virus dictates without the user’s permission.
Page 246 A P P E N D I X We can differentiate viruses by the operating system they infect. Every file or network virus is able to infect files of one or more operating systems: DOS, Windows, Win95/NT, OS/2 etc. Macro viruses infect file formats used by Word, Excel, and Office97.
Page 247 A P P E N D I X SELF-ENCODING and POLYMORPHIC features are used by almost all virus types to make it difficult to detect them. Polymorphic viruses are difficult to detect because they contain no constant code blocks. Generally speaking, two samples of the same polymorph won’t have even a single matching code block.
Page 248: Appendix D. Kaspersky Lab Ltd
17. Appendix D. Kaspersky Labs Ltd. About Kaspersky Labs Kaspersky Labs is a privately-owned, international, anti-virus software- development group of companies headquartered in Moscow (Russia), and representative offices in the United Kingdom, United States of America, China, France and Poland. Founded in 1997, Kaspersky Labs concentrates its efforts on the development, marketing and distribution of leading-edge information security technologies and computer software.
Page 249: Other Kaspersky Lab Antiviral Products
A P P E N D I X 60,000 known viruses and all other types of malicious code. The product is also powered by a unique heuristic technology combating even future threats: the built-in heuristic code analyzer, which is able to detect up to 92% of unknown viruses and the world's only behavior blocker for MS Office 2000 providing 100% guaranteed protection against any macro- viruses.
Page 250 A P P E N D I X • anti-virus scanner provides a comprehensive check of all local and network drive contents on demand; • anti-virus monitor automatically checks in real-time all used files; • mail filter automatically checks in the background for viruses in all incoming and outgoing messages;...
Page 251: Kaspersky Lab Contact Information
A P P E N D I X Kaspersky® Security for PDA Kaspersky® Security for PDA provides reliable virus protection for the data stored on PDA running Palm OS or Windows CE, as well as for any information transferred from a PC or extension card, ROM files and databases.
Page 252 A P P E N D I X data-protection system that is fully appropriate and compatible for your network configurations. Kaspersky® Corporate Suite includes full-scale anti-virus protection of: • workstations running Windows 95/98/ME, Windows NT/2000 Workstation, Windows XP, Linux, OS/2; •...
Page 253: Contact Information
A P P E N D I X 17.2. Contact Information If you have any questions, comments or suggestions please refer them to our distributors or directly to Kaspersky Labs. We will be glad to advise you on any matters related to our product by phone or e-mail and all your recommendations and suggestions will be thoroughly reviewed and considered.
Page 254: Index
18. Index Advanced checking tool..46, 47, 107, 213 Location to be checked....28, 38, 39 Advanced scanning tools......107 Objects to be scanned ........38 Daemon ..........10, 59 Path to the temporary files directory ..19 Extracting engine........42 Profile ....20, 21, 22, 23, 35, 206, 209 Heuristic analyzer......35, 220, 226 Redundant scanning tool ...35, 108, 213, 221 Initialization file ....18, 62, 74, 206, 207...

KAPERSKY ANTI-VIRUS - FOR SUN SOLARIS MAIL SERVER User Manual

1 Kaspersky

2 Installing Anti-Virus

3 Running Anti-Virus

4 Anti-Virus Scanner: Scanning and Disinfecting

5 Anti-Virus Scanner and Daemon Process: Using Switches and Profiles

6 Daemon Process: Integrating Anti-Virus Protection in Clients

7 Keeper: Scanning Smtp Traffic in Mail Systems: Sendmail, Qmail, Postfix and Exim

8 Slogan: Processing and Summarizing the Performance Reports

9 Tuner: Customizing Scanner and Daemon

10 Webtuner: Remote Administration Program

11 Updater: Updating Virus-Definition Databases

12 Inspector: Monitoring Filesystem Integrity

13 Control Centre: Scheduling the Anti-Virus Performance

14 Appendix A. Principal Files

15 Appendix B. Supplementary Details of Anti-Virus

16 Appendix C. Classifying Computer Viruses

17 Appendix D. Kaspersky Lab Ltd

18 Index

Quick Links

USER GUIDE

Related Manuals for KAPERSKY ANTI-VIRUS - FOR SUN SOLARIS MAIL SERVER

Summary of Contents for KAPERSKY ANTI-VIRUS - FOR SUN SOLARIS MAIL SERVER