KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER User Manual

Table of Contents

Quick Links

Download this manual

KASPERSKY LAB

Kaspersky Anti-Virus

for FreeBSD, OpenBSD and BSDi

Mail Server

USER GUIDE

Table of Contents

Summary of Contents for KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER

Page 1: User Guide
KASPERSKY LAB Kaspersky Anti-Virus for FreeBSD, OpenBSD and BSDi Mail Server USER GUIDE...
Page 2 K A S P E R S K Y A N T I - V I R U S F O R F R E E B S D , O P E N B S D A N D B S D I M A I L S E R V E R User Guide ...
Page 3: Table Of Contents
Contents KASPERSKY ANTI-VIRUS FOR FREEBSD, OPENBSD AND BSDI MAIL SERVER ................11 1.1. Introduction ................11 1.2. Distribution kit................14 1.2.1. What is in the distribution kit..........14 1.2.2. License agreement ............. 14 1.2.3. Registration card..............15 1.3. Help desk for registered users..........15 1.4.
Page 4 C O N T E N T S 3.2. Starting to check............... 26 3.3. Starting to update virus-definition databases......28 ANTI-VIRUS SCANNER: SCANNING AND DISINFECTING..29 4.1. Starting Scanner............... 29 4.2. Searching for viruses and deleting them......... 31 4.2.1. Loading anti-virus scanner ..........31 4.2.2.
Page 5 C O N T E N T S 5.4.1. Cumulative settings............. 54 5.4.2. Defining scanning and performance settings: Scanner and Daemon................55 5.4.3. Defining actions on infected and suspicious objects..59 5.4.4. Defining the reporting parameters ........61 DAEMON PROCESS: INTEGRATING ANTI-VIRUS PROTECTION IN CLIENTS ..................
Page 6 C O N T E N T S 7.6.3. Defining attributes of the notification........96 7.6.4. Log..................97 7.6.5. Communication between Keeper and the daemon process ..................... 97 7.7. Launching Keeper ..............97 ANTI-VIRUS MONITOR: MONITORING THE SYSTEM FOR VIRUSES ..................... 99 8.1.
Page 7 C O N T E N T S 10.5.2.1. The directory Property window: Selecting the required directory............123 10.5.2.2. The directory Property window: Objects to be checked ................. 124 10.5.2.3. The directory Property window: Defining anti-virus actions................127 10.5.2.4. The directory Property window: Defining the advanced scanning tools used.
Page 8 C O N T E N T S 11.7.1. Daemon settings...............159 11.7.2. Remote configuration of the Daemon program....161 11.7.2.1. The Profile tuning window ......... 161 11.7.2.2. The objects page: location to be scanned ..... 162 11.7.2.3. The options page: scanning settings ...... 165 11.7.2.4.
Page 9 C O N T E N T S 11.10.3.5. The Group: window sender page: notifications for the sender ................198 11.10.3.6. The Group: window recipient page: messages to group recipients ............200 11.10.4. The users page: the list of legal users ......203 11.10.5.
Page 10 C O N T E N T S CONTROL CENTRE: SCHEDULING THE ANTI-VIRUS PERFORMANCE ................227 14.1. Function and Features ............227 14.2. Running Control Centre ............227 14.3. Scheduling performance of package component-based tasks ....................228 14.4. Saving the performance report ..........233 APPENDIX A. PRINCIPAL FILES..........234 APPENDIX B.
Page 11 C O N T E N T S 18.2. Other Kaspersky Lab AntiViral Products.......289 18.3. Kaspersky Lab Contact Information ........292 INDEX ....................293...
Page 12: Kaspersky
Chapter Attention!!! New viruses arise every day and if you want to keep your anti-virus fresh and capable, we strongly recom- mend you to update anti-virus databases at least every day (for more details see below). Moreover, make sure to update them right after you install the product on your computer! 1.
Page 13 I N T R O D U C T I O N allows detection and deletion of all currently known types of viruses and mailware codes including: • polymorphic or self-encoding viruses; • stealth or invisible viruses; • viruses for Windows 9x, Windows NT, UNIX, OS/2; •...
Page 14 I N T R O D U C T I O N When checking for viruses Kaspersky Anti-Virus for xBSD Mail Server uses virus-definition databases that contain information al- lowing detection and deletion of many viruses. Kaspersky Lab re- leases virus-definition database updates containing information about new viruses on a daily basis.
Page 15: Distribution Kit
I N T R O D U C T I O N 1.2. Distribution kit What is in the distribution kit. License agreement. Reg- istration card. 1.2.1. What is in the distribution kit The distribution kit includes: • a sealed envelope with installation CD (or diskettes) with files of the software product;...
Page 16: Registration Card
I N T R O D U C T I O N product to your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope with CD (or diskettes) is sealed. If you unsealed the envelope, you have agreed to all the terms of the LA. 1.2.3.
Page 17: Information In The Book
I N T R O D U C T I O N • phone and e-mail advice on matters related to your software in- stallation, configuration and performance; • information about new Kaspersky Lab products and new com- puter viruses (for those who subscribe to our newsletter http://www.kaspersky.com/subscribeNow.asp).
Page 18 I N T R O D U C T I O N Convention Meaning Note. Additional information, notes Very important information Attention! Actions that must be taken To do this: … 1. Step 1. 2. … • Function of the con- Description of the settings tree trol—function of the control.
Page 19: Installing Anti-Virus
Chapter 2. Installing Anti-Virus 2.1. Software and hardware requirements What hardware and software do you need to run Kaspersky Anti-Virus for xBSD Mail Server? In order to run Kaspersky Anti-Virus for xBSD Mail Server you need a system that meets the following requirements: •...
Page 20: Backing Up Your Installation Diskettes
I N S T A L L A T I O N 2.2. Backing up your installation diskettes If you purchased the Kaspersky Anti-Virus for xBSD Mail Server package on installation diskettes (but not the CD) before installing the program on your computer, it is recommended that you back up those diskettes.
Page 21 I N S T A L L A T I O N 3. Run installation of the Kaspersky Anti-Virus Workstation package by using the string pkg_add archive_name in the command line. For example, your command line may look like the following: pkg_add kav-WorkstationSuit-4.0.0.0- FreeBSD-4.x.tgz The Workstation for FreeBSD software package includes the follow- ing programs: Scanner, Daemon, Inspector, Control Centre, Tuner,...
Page 22: Installation Of Anti-Virus For Openbsd And Bsdi Mail Server
I N S T A L L A T I O N 10. Move to the directory /usr/local/etc/rc.d and edit as required the following auto-start parameters for the Kaspersky Anti-Virus for FreeBSD components in the file kavd.sh: RUN_DAEMON="Y" – launches the Daemon program. RUN_MONITOR="Y"...
Page 23: Preparing To Run
I N S T A L L A T I O N 4. Copy the .key file from the installation CD (installation disk- ette) to the directory defined in the KeysPath line of the file AvpUnix.ini. The default .key file directory is /etc. 5.
Page 24 I N S T A L L A T I O N When started, the program searches for the file AvpUnix.ini in the directories listed above one after another. If the file is not detected there, the program begins to look for it in the current directory! If required, you may edit the file (for details of the INI file see Appendix B).
Page 25: Editing The Path To Temporary Files
I N S T A L L A T I O N 2.4.2. Editing the path to temporary files If you want your anti-virus scanner and the daemon process while checking for viruses to place temporary in a directory that is different from /tmp (the default directory for temporary files), define the desired directory by follow- ing these steps: 1.
Page 26: Running Anti-Virus
Chapter 3. Running Anti-Virus 3.1. Changing scanning settings How to change scanning settings. Using command line switches and profiles. To use various features of Kaspersky Anti-Virus for xBSD Mail Server, you must define: • objects to be checked; • how to handle those objects; •...
Page 27: Starting To Check
R U N N I N G • First—by means of the configuration program called Tuner (see chapter 10) or the remote configuration program called WebTuner (see chapter 11). • Second—by opening and editing a profile in any text editor (see subchapter 5.2).
Page 28 R U N N I N G ./kavscanner When started, the Scanner automatically loads settings from the file de- fined by the DefaultProfile parameter in AvpUnix.ini. The default file name is defUnix.prf, a sample of which is supplied with Kaspersky Anti-Virus for xBSD Mail Server.
Page 29: Starting To Update Virus-Definition Databases
R U N N I N G 3.3. Starting to update virus- definition databases Sources of updates for your virus-definition databases. An example of how to use Updater. You may acquire updates for your virus-definition databases via the Inter- net or from Kaspersky Lab dealers. The main address for updates is http://updates2.kaspersky-labs.com/updates.
Page 30: Anti-Virus Scanner: Scanning And Disinfecting
Chapter 4. Anti-Virus Scanner: Scanning and Disinfecting 4.1. Starting Scanner Starting the scanner from the command line or from a script file. Using exit codes. To periodically check for viruses in your computer you must start Scanner. This program may be started from the command line or from the specially developed script file.
Page 31 S C A N N E R ./kavscanner [switch1] [switch2] [...] [switchN] [path] [filemasks] where: [switchN] is the optional switch in the Scanner command line, [path] is the optional xBSD path that defines the location to be checked [filemasks] are the optional xBSD file masks that define the files to be checked for viruses.
Page 32: Searching For Viruses And Deleting Them
S C A N N E R When you create a profile for your Scanner on the boot diskettes, make sure to define Yes for the UseMemoryFiles parameter (for details of this parameter see subchapter 5.4.2). 4.2. Searching for viruses and deleting them Actions to be taken regarding infected objects.
Page 33: Handling Infected Objects
S C A N N E R puter hard disk. If there is no way to do so, select to desInfect the file. After the file is disinfected, your anti-virus scanner will suggest restart- ing the program and will shutdown. If your anti-virus scanner is not infected, after the self-check, it will begin checking for viruses in user predefined objects by using predefined settings for handling them and by applying...
Page 34 S C A N N E R If your anti-virus scanner was preset to ask for instructions on how to handle infected objects, after detection of such an object it will display the object’s name, the vi- rus name and will ask you to choose the method to handle this object. For example, the inquiry string may look similar to the following: Actions —...
Page 35 S C A N N E R To select the default method you may press the key with its capital let- ter or the <O> key (that means OK). To select one of the other methods press the key with its capital letter. For example, to disInfect the object you must press the I key.
Page 36: Handling Corrupted Objects
S C A N N E R 4.2.3. Handling corrupted objects As we mentioned already, infected objects sometimes cannot be disin- fected because some viruses change the data irreversibly. Objects that were infected in such a way must be deleted. If the program is not able to desinfect an object, it will display the following query: Disinfecting of <OBJECT_NAME>...
Page 37: Handling Suspicious Objects
S C A N N E R The anti-virus scanner does not disinfect mail databases and plain mail files, but you may use Keeper to delete viruses from mail mes- sages (see chapter 7). The scanner does not disinfect and delete in- fected objects, if they are archived, but you may try the following method to disinfect them: extract the archive and disinfect extracted files with your anti-virus scanner.
Page 38 S C A N N E R When the check is finished, the program displays statistics about objects that have been checked and viruses that have been detected and deleted. The statistics table is divided into two columns: • Its left column displays values for objects that have been checked: sectors, files, directories, packed files and archives.
Page 39: Anti-Virus Scanner And Daemon Process: Using Switches And Profiles
Chapter 5. Anti-Virus Scanner and Daemon Process: Using switches and profiles 5.1. Scanning settings What to check? Where to check? How to handle in- fected objects?… Prior to checking for viruses in your computer you must define: • Location to be checked: system sectors including: Boot Sector, Master Boot Record, Partition Table;...
Page 40: How To Change Settings
D E F I N I N G S E T T I N G S • Objects to be checked: packed files, archives, mail databases, local mail boxes of the most commonly used messaging sys- tems, files of various types. •...
Page 41: Settings For A Separate Location To Be Checked
D E F I N I N G S E T T I N G S When setting your Scanner for different purposes you may use various configuration methods: • Regular check. You may preset Scanner for some regular checks; e.g. for daily preventative checks, for an extremely thor- ough check of a diskette etc.
Page 42 D E F I N I N G S E T T I N G S The location to be checked must be defined in the Names line of the [Object] section of a profile. A PROFILE MAY HAVE MORE THEN ONE [Object] SECTION for several different locations to be checked.
Page 43: Defining Objects To Be Checked
D E F I N I N G S E T T I N G S For the program to cross filesystem borders, type Yes in the CrossFs line of the [Object] section. Otherwise, type No. The CrossFs parameter corresponds to the command line switch -C[-].
Page 44: Sectors
D E F I N I N G S E T T I N G S Objects to be checked must be defined in the appropriate lines of the [Ob- ject] section of a profile. 5.3.2.2. Sectors The sector check function under your operating system may be not available.
Page 45 D E F I N I N G S E T T I N G S .exe, .fpm, .hlp, .hta,.htm, .htt, .ini, .js, .jse, .lnk, .mbx, .md*, .msg, .msi, .ocx, .otm, .ov*, .php, .pht, .pif, .plg, .pp*, .prg, .rtf, .scr, .shs, .sys, .tsp, .vbe, .vbs, .vxd, .xl*. •...
Page 46: Packed Executables
D E F I N I N G S E T T I N G S This parameter corresponds to the command line switch - XF=filemasks, where filemasks must be substituted with the file masks to be excluded from the check. 3.
Page 47: Archives
D E F I N I N G S E T T I N G S The unpacking engine unpacks files that have been packed by various ver- sions of the most popular utilities: DIET, PKLITE, LZEXE, EXEPACK etc., to temporary files so the anti-virus scanner can check them. When the check is completed the temporary files are deleted.
Page 48: Mail Databases And Plain Mail Files
D E F I N I N G S E T T I N G S will be inactive and therefore invisible to you, but some day the virus may break loose and ruin your system. To enable the extracting engine: 1.
Page 49 D E F I N I N G S E T T I N G S Kaspersky Anti-Virus for xBSD Mail Server checks mail databases of the following formats: • Microsoft Outlook, Microsoft Outlook Express (*.pst and *.pab files, a type of MS Mail archive); •...
Page 50: Embedded Ole Objects
D E F I N I N G S E T T I N G S While scanning plain mail files Kaspersky Anti-Virus for xBSD Mail Server searches in every file for the message header, and then checks for viruses in the attached data (UUEncode, XXEncode etc.). 5.3.2.7.
Page 51 D E F I N I N G S E T T I N G S 0 in the InfectedAction line of the profile corresponds to the com- mand line switch -I0. • 1 — displays the inquiry about how to handle the infected object (see subchapter 4.2.2).
Page 52: Defining The Advanced Scanning Tools To Be Used
D E F I N I N G S E T T I N G S 0 in the IfDisinfImpossible line corresponds to the command line switch –I2S. • 1 — deletes unrecoverable objects. 1 in the IfDisinfImpossible line corresponds to the command line switch –I2D.
Page 53 D E F I N I N G S E T T I N G S • Redundant scanning tool checks not just the entry points into a file that are used by the system when processing, but the entire contents of the examined files.
Page 54 D E F I N I N G S E T T I N G S where <TYPE> is replaced by one of the following strings: • Com—the file seems to be infected by a virus that infects .COM files; •...
Page 55: Settings For The Cumulative Location To Be Checked
D E F I N I N G S E T T I N G S that aren’t yet in the database will be detected with the same degree of probability. To enable the redundant scanning tool, type Yes in the RedundantScan line of the profile. This parameter corresponds to the command line switch -V[-].
Page 56: Defining Scanning And Performance Settings: Scanner And Daemon
D E F I N I N G S E T T I N G S You can define the following general settings: • General parameters of scanning and performance of the anti- virus scanner (see subchapter 5.4.2). • Methods to handle infected, suspicious and corrupted objects (see subchapter 5.4.3).
Page 57 D E F I N I N G S E T T I N G S 1. Type Yes in the UpdateCheck line of the [Customize] section of a profile. 2. Decide how often do you want to see a message reminding you to update your virus-definition databases.
Page 58 D E F I N I N G S E T T I N G S To be reported about the performance results using the ex- tended exit codes, type Yes in the UseExtendedExitCode line of the [Customize] section of a profile.
Page 59 D E F I N I N G S E T T I N G S 1 in the Symlinks line corresponds to the command line switch -LH. • 2 — check files and directories available via the symbolic links. 2 in the Symlinks line corresponds to the command line switch -LL.
Page 60: Defining Actions On Infected And Suspicious Objects
D E F I N I N G S E T T I N G S This setting will be used only if you entered a positive value (Yes) in the UseMemoryFiles line of the [Tempfiles] section. 3. To limit the size of files to be extracted in the memory (see subchapter 5.3.2.5), define the maximum size (in Kb) for this type of temporary files in the MemFilesMaxSize line.
Page 61 D E F I N I N G S E T T I N G S To copy infected files to a separate folder, in the [ActionWithInfected] section of a profile: • Type Yes in the InfectedCopy line. • Define a path to the folder for infected files in the InfectedFolder line.
Page 62: Defining The Reporting Parameters
D E F I N I N G S E T T I N G S To change extensions of infected, suspicious and corrupted files, in the sections listed above: • Type Yes in the ChangeExt lines. • Define the target extension for the files in the NewExtension line. For example, you may type vir for infected files, susp for suspi- cious files and corr for corrupted files.
Page 63 D E F I N I N G S E T T I N G S To create a log file for the program reports: 1. Type Yes in the Report line. 2. Define the name of your log file in the ReportFileName line. The default value is report.txt.
Page 64 D E F I N I N G S E T T I N G S your text editor, type Yes for the above parameter and the program will use both separators (carriage return and linefeed) in your log file. To define the file for storing check-reports, you may use the com- mand line switch -W[T][A][+][=filename], where filename is a name of the log file (the default name is report.txt).
Page 65 D E F I N I N G S E T T I N G S To add more details to the report, type Yes in the ExtReport line. Use the below parameters to define optional information that will be added to the report: •...
Page 66: Daemon Process: Integrating Anti-Virus Protection In Clients
Chapter 6. Daemon Process: Integrating Anti-Virus Protection in Clients 6.1. Features of the Daemon program Describing functions and features of the program. The Daemon anti-virus process, kavdaemon, is designed to integrate anti- virus protection (search and deletion of viruses) in client software (e.g. Monitor) on a computer running xBSD.
Page 67: Launching The Daemon Process
D A E M O N tems must be promptly checked for viruses, and this is the task that can be accomplished with the daemon process. Daemon has all the features of anti-virus programs designed for other plat- forms, and allows checking for viruses in all file types (including archives, packed and plain mail files), application of the heuristic detection and re- dundant checking tools.
Page 68 D A E M O N ./kavdaemon [switch1] [switch2] [...] [switchN] [path] where [switch…] is the optional command line switch of the Daemon program; [path] is the optional xBSD path that defines the location to be checked. The meaning of path in the Daemon command line differs from that of the Scanner program.
Page 69 D A E M O N -o{the list of files, directories or symbolic links separated by colons} checks the defined files, directories and links. If the objects are not lo- cated in the check-permitted area, they will be ignored. -f=directoryname creates and stores the files AvpCtl and AvpPid in the defined directory.
Page 70: Calling Up The Process From A Client Program
D A E M O N For the Daemon program to be started correctly the initialization file, AvpUnix.ini (see Appendix B), must be located in a directory together with the Daemon module. If you decide to move the executable file, kavdaemon, to some other directory, AvpUnix.ini must be copied there as well and then appropriately edited (e.g.
Page 71 D A E M O N file name and parameters of the command line will be transferred. In this case the general format of the string is: <flags>date_and_time: 0xfeparameter1[|parameter2[|parameter3[…]]] 0xfepath1[;path2[;path3[…]]] where: ° 0xfe defines the section beginning; ° [parameterN] defines the corresponding command line parameter (without the leading character "–");...
Page 72 D A E M O N 4 bytes read containing a size of the shared memory with the disinfected object. This value may be present only if during the transfer the flag was switched to the value 3 (or 1) and the exit code is 5. In this case you must open the shared memory and rewrite the examined object from it.
Page 73: Keeper: Scanning Smtp Traffic In Mail Systems: Sendmail, Qmail, Postfix And Exim
Chapter 7. Keeper: Scanning SMTP Traffic in Mail Systems: sendmail, Qmail, Postfix and Exim 7.1. Features of the Keeper program Describing functions and features of the program. Keeper is designed to handle viruses in incoming and outgoing SMTP traf- fic. The program is built into the mail server in order to check for viruses in the traffic passing through.
Page 74 K E E P E R This book does not describe the sendmail, Qmail, Postfix and Exim mail systems and their performance concept. If you have any ques- tions related to these programs, refer to the corresponding documen- tation. Right after you install the program on a server (see chapter 2) you must integrate it with one of the mail systems listed above and define its settings (see subchapter 7.6).
Page 75: Integrating Anti-Virus With Sendmail
K E E P E R • The program logs the performance report to the predefined file (see subchapter 7.6.4). Its is strongly unadvisable to perform integration of Kaspersky Anti- Virus for xBSD Mail Server with your mail system (one of the above listed) via Keeper while the system is up and running.
Page 76 K E E P E R • create the sendmail.cf file by entering the following string: m4 kaspersky-av.m4 > sendmail.cf • copy the sendmail.listen.cf and sendmail.cf files to the directory /etc/mail. 2. Use the WebTuner program to redefine the Keeper configura- tion: •...
Page 77: Integrating Anti-Virus With Qmail
K E E P E R • /usr/local/share/AVP is the directory for the Kaspersky Anti- Virus for xBSD Mail Server distributive package files. • /usr/local/share/AVP/kavkeeper is the directory for the Keeper files. • /usr/local/share/AVP/kavkeeper/sendmail-cf is the directory for the advanced setting files and the setting samples. Files within the directory /usr/local/share/AVP/kavkeeper/sendmail-cf must be copied to the directory where the sendmail setting files are lo- cated.
Page 78 K E E P E R To integrate Keeper into the Qmail system manually, follow these steps: 1. Rename the qmail-queue file located in the directory /var/qmail/bin/ into qmail-que. 2. Copy the qmail-queue from the directory /usr/local/share/AVP/KAVKeeper/ to the directory /var/qmail/bin, or create the corresponding symbolic link.
Page 79: Integrating Anti-Virus With Postfix
K E E P E R 7.4. Integrating Anti-Virus with Postfix Step-by-step integration. Integration of Kaspersky Anti-Virus for xBSD Mail Server with the Postfix mail system can be implemented by starting the install-postfix script-file or manually. To integrate the program manually you must first start the WebTuner pro- gram, which allows you to edit the Keeper configuration file.
Page 80 K E E P E R 4. Create the filter user by entering the following string: adduser filter 5. Create a home directory for this user by entering the following strings: mkdir /var/spool/filter chown filter.filter /var/spool/filter For a sample of a Postfix configuration file refer to subchapter 16.14 of Appendix B.
Page 81: Integrating Anti-Virus With Exim
K E E P E R 7.5. Integrating Anti-Virus with Exim Step-by-step integration. Integration of Kaspersky Anti-Virus for xBSD Mail Server with the Exim mail system can be implemented by starting the install-exim script-file or manu- ally. To integrate the program manually you must first start the WebTuner pro- gram, which allows you to edit the Keeper configuration file.
Page 82 K E E P E R 3. Use the WebTuner program to redefine the Keeper configura- tion: • On the main page (see subchapter 11.6.2): ° specify the following working path for the Sender mailer, Recipient mailer and Admin mailer pa- rameters: smtp: (/usr/sbin/exim –bs –C /etc/exim/exim.conf) °...
Page 83: Customizing Keeper
K E E P E R 7.6. Customizing Keeper Changing configuration of the Keeper program. 7.6.1. General concept Keeper loads settings from the initialization file . The file may be edited from the WebTuner program (for details refer to subchapter 11.10 ). To do this: 1.
Page 84 K E E P E R • deliver a disinfected message to the recipient’s mailbox (see subchapter 7.6.2.4.3); • pass an infected message without disinfecting to the re- cipient’s mailbox (see subchapter 7.6.2.7). • Filtering mail messages according to their attachments (see subchapter 7.6.2.5).
Page 85: Processing Infected Messages For An Address Group
K E E P E R • Communication between Keeper and the daemon process (see subchapter 7.6.5). Keeper operates with the rights of the user running the mail system (sendmail, Qmail, Postfix or Exim). If this user is authorized to ac- cess OS files and you failed to define the correct path to the log file or the temporary directory, the system files might be damaged! 7.6.2.
Page 86 K E E P E R group and define the appropriate processing rules for this group (for exam- ple, if you need to apply a certain processing rule exactly for the messages delivered from ег@localhost.ru to 123@localhost2.ru). The default address group is mandatory for the Keeper address group list, since this section defines default settings to be applied to all the message addresses not included in the other groups.
Page 87: The Address Group And The To/From Addresses
K E E P E R Figure 1. Keeper: Processing a mail message 7.6.2.2. The address group and the To/From addresses In order for the Keeper program to process incoming and/or outgoing mes- sages belonging to a certain user’s address list, you must use the Web- Tuner program to create an address group, add the required addresses to the group and define processing rules to be applied to it.
Page 88: To Check Or Not To Check
K E E P E R To create an address group, follow these steps: 1. On the group page (see subchapter 11.10.3.1), press the add button. 2. Enter the group name in the Name text field of the Add new group dialog box on your screen. 3.
Page 89: Defining After-Check Processing Of A Message
K E E P E R 1. On the groups page (see subchapter 11.10.3.1), select the required group name and press the properties button. 2. On the masks page of the dialog window on your screen (see subchapter 11.10.3.2), check the Check this group check box and press the accept button in the right upper corner.
Page 90 K E E P E R Figure 2. The notification as it looks in the recipient mailbox • notification of an infected message with the message attached to it (see Figure 3 and Figure 4); • notification of an infected message and the message disinfected (if possible) and attached to it (see Figure 5 and Figure 6).
Page 91 K E E P E R Figure 3.The notification as it looks in the recipient mailbox To send notification of an infected message and the message disinfected (if possible) and attached to it, follow these steps: 1. On the recipient page, check the Add report check box for the Infected object type, and select Remove from the corresponding Object action drop down list.
Page 92 K E E P E R The program will send notification to the recipient with the disinfected mes- sage attached to it. If the object could not be disinfected, it will be deleted. Figure 5.The notification as it looks in the recipient mailbox Figure 6.
Page 93 K E E P E R To set the program to block all incoming infected messages, follow the steps: 1. On the masks page (see subchapter 11.10.3.2), check the Check this group check box for the selected address group. 2. On the administrator page (see subchapter 11.10.3.4), check the Isolator and the Send notify check boxes for the Infected object type and select Unchanged from the...
Page 94: Filtering Mail By The Files Attached
K E E P E R 3. On the recipient page: • check the Block mail check box for the Infected ob- ject type and select Unchanged from the corresponding Object action drop-down list; • check the Add report check box for the Cured ob- ject type and select Cured from the corresponding Ob- ject action drop-down list.
Page 95: Delivering Infected Messages To The Administrator
K E E P E R you specify objects to be processed using rules that are de- fined for the filtered files. 2. In the Attach file and Attach mime-type text fields, define the file type and the MIME type (respectively) to be ex- cluded from the check.
Page 96: Notifying The Sender
K E E P E R • enter the administrator email address or the alias in the Group administrator address text field; • define the full path to the quarantine directory in the Iso- lator path text field and press the accept button in the right upper corner.
Page 97: Defining Attributes Of The Notification
K E E P E R 2. On the sender page, check the Send notify check box for the Infected object type and select None from the cor- responding Object action drop-down list. Senders of infected messages will be notified of viruses that were detected in their messages without reference to whether the message is disinfected or not.
Page 98: Log
K E E P E R 7.6.4. Log Keeper might be set to log all the actions applied to the mail messages. Use options on the WebTuner log page to define the Keeper reporting set- tings (for details refer to subchapter 11.10.5). Keeper does not log information about viruses detected and the check statistics.
Page 99 K E E P E R edit the settings, use the WebTuner program (for details refer to subchapter 11.10). The following command line switches are available: –с database_name sets Keeper to use the defined settings base. –h displays the list of command line switches. –v displays the program version number.
Page 100: Anti-Virus Monitor: Monitoring The System For Viruses
Chapter 8. Anti-Virus Monitor: Monitoring the system for viruses 8.1. Features and functions Function and features of the program. Monitor is used under FreeBSD operating system only! Monitor has been developed to check for viruses in files every time they are opened, saved or executed.
Page 101: Assembling And Configuring
M O N I T O R • Log the performance results to a log file. Monitor is a client program of the Daemon process. Therefore, in order to run Monitor you must also install and customize Daemon. 8.2. Assembling and Configuring Discussing the file monitoring technology.
Page 102: Configuring Monitor
M O N I T O R Right before a file within the FreeBSD filesystem is opened, recorded or executed it is intercepted by the anti-virus module and transferred to Moni- tor. The monitor processes the file and transfers its name to the daemon process, which checks for viruses in the file.
Page 103 M O N I T O R The program configuration file contains two sections: the Report file section allowing you to define the program reporting mode and Options section with parameters defining the program performance. When a file is processed and saved to the hard disk, Monitor returns the appropriate exit code.
Page 104 M O N I T O R • WriteExcludeMask—the full path to the directory with files to be ig- nored when saved. You can enter more than one path in this line, but make sure to separate them by colons. For example: WriteExcludeMask /etc:/var/log •...
Page 105 M O N I T O R size where Monitor will store these file names. It must be done by using the OpenCacheSize parameter. Your cache size depends on your computer ca- pacity. Select the size that will allow your Monitor cache to store names of all files that are opened for writing in your system at any time, but which will not result in reduction of your system efficiency.
Page 106: Launching Monitor
M O N I T O R • Append—type Yes to append a new report to the contents of the log file. To overwrite the report with the new one, type No. Right after launched the Monitor program runs in the interactive mode with the performance results displayed on your screen.
Page 107: Reviewing The Performance Results
M O N I T O R 3. Edit as required the Monitor configuration file monitor.conf (for details refer to subchapter ), if it was not done before. 4. Launch the Monitor program with a path to the program con- figuration file in the command line.
Page 108 M O N I T O R If you cannot load the kavmon kernel anti-virus module and see a message similar to the following on your screen: Exec format error… check the module version number. The module version must corre- spond to the version of your FreeBSD kernel, otherwise you will not be able to start the anti-virus module.
Page 109 M O N I T O R If when launching the Monitor you see the following message on your screen: "Error opening daemon socket: no such file or directory", this means that the daemon process is not running or is set to use the wrong socket.
Page 110: Slogan: Processing And Summarizing The Performance Reports
Chapter 9. Slogan: Processing and summarizing the performance reports 9.1. Features and functions Function and features of the program. The Slogan program is developed to process and summarize data within the performance reports of the Scanner and the Daemon programs. Slogan performs the following functions: •...
Page 111: Launching Slogan
S L O G A N 9.2. Launching Slogan Starting the program from the command line. To launch Slogan, the log processing and summarizing program, enter its name and the required switches in the command line: ./slogan [switch1] [switch2] […] [switchN] where [switchN] is the Slogan optional command line switch.
Page 112 S L O G A N The program includes several templates *.tm, to be used by Slogan when summarizing logs data (for details of the templates see subchapter 16.7 Appendix B). By default the program generates the summary report using template.tm (see Figure 10) and this report is similar to the one described in subchapter .
Page 113: Slogan In The Real-Time Monitoring Mode
S L O G A N This switch allows use of the English language in the summary reports. By default, the Slogan report language is defined by the appropriate settings of your operating system. -tt filename This switch enables the program monitoring/real time mode (for details refer to subchapter 9.3).
Page 114 S L O G A N -R sec The required refresh rate of the Slogan real-time statistics screen. For example, for the screen to be updated every thirty seconds you must enter the command line switch -R 30. By default the screen is updated every second.
Page 115 S L O G A N • Disinfections failed—unrecoverable objects detected. • Deleted—objects deleted. • Warnings—modified and corrupted viruses detected. • The end of the monitored log file. The key combination <C +C> allows to exit the real time monitoring mode.
Page 116: Tuner: Customizing Scanner And Daemon
Chapter 10. Tuner: Customizing Scanner and Daemon 10.1. Features and functions Function and features of the program. Tuner, the customization program, allows you to create and edit profiles, i.e. files containing a certain set of predefined settings of the anti-virus scanner and the daemon process: •...
Page 117: Launching Tuner
T U N E R 10.2. Launching Tuner Starting the program from the command line. Available command line switches. The general format of the Tuner command line is: ./kavtuner [switch1] […] [switchN], where [switch1] is the optional command line switch (see below). When starting Tuner you can use the following command line switches: This switch enables defUnix.prf located in the directory /usr/local/share/AVP/ to be used as a profile.
Page 118: Interface
T U N E R This switch enables the program to generate reports, text messages etc. in English. 10.3. Interface Discussing the interface. The page functions. When you start the program its main window appears on your screen. The main window is divided into the following two panes: menu bar and working area.
Page 119 T U N E R To switch to another page, select its name in the Settings menu or press the <A > key and a key with the letter that is highlighted in the name of the page. To switch to the next page, select Next Page in the Settings menu.
Page 120: Creating, Editing And Saving A Profile
T U N E R 10.4. Creating, editing and saving a profile Creating, editing and saving a profile using the customi- zation program. For your anti-virus scanner to use values that you defined in the working area of the customization program, you must save them to a profile. To create a new profile, follow these steps: 1.
Page 121 T U N E R When started the program loads the default profile (its name is specified in the .ini file) or the file defined in the command line (see subchapter 10.2). 2. Select Load Profile... in the File menu. The Load Profile... dia- log will appear on your screen.
Page 122: The Location Page
T U N E R 10.5. The Location page Defining the location to be checked. The settings defined for a separate directory to be checked for viruses. 10.5.1. Defining the location to be scanned for viruses In the Location page (see Figure 12) you can define the list of directories to be scanned for viruses.
Page 123 T U N E R To define the location to be checked, create the list of directories to be checked for viruses. This is a general list of directories to be checked. The directories that should be checked are prefixed with "+", and the directories that should be skipped are prefixed with "-".
Page 124: Defining Scanning Settings For A Separate Directory
T U N E R You do not have to remove a directory from the list. Just use the <S > PACE key to disable its prefix ("+" or "-"). This is very useful if you have saved your settings to a profile (see subchapter 10.4). In this case you do not need to remove directories from the list and add them again.
Page 125: The Directory Property Window: Objects To Be Checked
T U N E R 3. Buttons at the bottom of the Property for… window allow you to do the following: • Accept — applies the defined settings to the directory selected on the Location page. • Accept to all — applies the defined settings to the loca- tion to be checked (the entire list of directories defined on the Location page).
Page 126 T U N E R Figure 13. The Objects page Files — check this box to scan for viruses in files. If you checked this box, you must select the file types to be checked. For details of how to do this see below. Packed files —...
Page 127 T U N E R scanning rate. Therefore, we do not recommend their use in a regu- lar check for viruses. Kaspersky Anti-Virus for xBSD Mail Server does not delete vi- ruses from archives, mail databases and plain mail files. Embedded —...
Page 128: The Directory Property Window: Defining Anti-Virus Actions
T U N E R To make sure there is not virus in the location to be checked, it is advisable to scan all the files (the All files option). Exclude directories — check this box to enable the program to ignore the files defined in the below text field.
Page 129: The Directory Property Window: Defining The Advanced Scanning Tools Used. The Options
T U N E R Display Disinfect Dialog — displays the inquiry about how to handle the infected object. The program will suggest to disinfect the object (for recoverable objects) or to delete it (for unrecover- able objects). Disinfect automatically — disinfects infected objects without asking first.
Page 130 T U N E R Code Analyzer — check this box to enable the heuristic detect- ing tool searching for unknown viruses. Figure 15. The Options page Sometimes a file may be infected in the so called "incorrect" way and turns out to be "under-treated", what means that it’s recovered but the virus isn't cut off.
Page 131: The Options Page
T U N E R 10.6. The Options page Options located on the Options page. Options on the Options page of the Tuner main window (see Figure 16) allow you to define the scanning settings applied to the entire list of directo- ries to be checked (the cumulative location to be checked).
Page 132 T U N E R Define the following settings: Scan subdir at end — check this box to scan subdirectories in the last place (after all the other predefined objects have been scanned). Scan removable — check this box to scan for viruses on the removable disks.
Page 133: The Report Page
T U N E R Scan delay – enter the interval between two loops (in seconds). This parameter is used only if you checked Endlessly scan check box. If the Scan delay value is equal to 0, there will be no interval between the loops! 10.7.
Page 134 T U N E R check-results to a file. In the below text field define the file name. By default the log file name is report.txt. Use syslog — check the box to log the performance reports in the system log. The checked Use syslog box automatically suppresses the following parameters: ReportFileName, Append, ReportFileLimit Report- FileSize and RepCreateFlag.
Page 135 T U N E R To define access attributes of the log file to be created, Report create flag — define the target attribute mask in this text field. For example, the value 600 assigns the following attributes to the file: Read by owner and Write by owner). The Showing button on the Report page allows you to define optional information that must be added to the report.
Page 136: The Actionwith Page
T U N E R Use the below check boxes to define optional information that will be included in the report: Show clean object in the log — check this box to be reported about the examined virus-free objects. Show pack info in the log — check this box to be reported about the examined packed executable files.
Page 137 T U N E R Use the below check boxes to define how the program must handle infected files: Copy to infected folder — check this box to copy infected files to a separate folder. In the below text field define a path to the folder for infected files.
Page 138: The Customize Page
T U N E R Use the below text fields to define access attributes of infected files: 1. Chown to — to change the name of the owner of infected files that the program failed to disinfect, enter the target name in this text field.
Page 139 T U N E R Redundant message — check this box to be asked for confir- mation when enabling the redundant scanning tool. Figure 20. The Customize page This setting will be used only for the directory to be checked with enabled redundant scanning tool (see subchapter 10.5.2.4).
Page 140: Webtuner: Remote Administration Program
Chapter 11. WebTuner: Remote administration program 11.1. Functions and features Discussing the program features. WebTuner is developed to administrate Kaspersky Anti-Virus for xBSD Mail Server, i.e. to change settings and launch the package components locally or from a remote location. Management of the WebTuner program is implemented via the web browser.
Page 141: General Concept Of The Program Performance
W E B T U N E R • Keeper (see subchapter 11.10). • WebTuner (see subchapter 11.6). Keeper and WebTuner cannot be started using WebTuner. 11.2. General concept of the program performance Features and the operation sequence of the program performance.
Page 142 W E B T U N E R After you installed the web server and WebTuner and defined correspond- ing access-rights you can use the WebTuner program to administrate Kaspersky Anti-Virus for xBSD Mail Server. To do this, start your Web- Tuner using your web browser.
Page 143: Installing Webtuner. Access Rights
W E B T U N E R The web server that is supplied together with the program distribu- tive supports SSL. 2. The web server prompts for the WebTuner user login and the password. 3. The system verifies your login and password against the list of authorized users.
Page 144: Setting Up The Web Server And Webtuner
W E B T U N E R settings/ — the subdirectory containing the WebTuner configuration files. tmp/ — the subdirectory for temporary files generated by Web- Tuner. log/ — the directory containing the web server reports. 11.3.2. Setting up the web server and WebTuner Web server and WebTuner, the remote administration program, are in- stalled on your computer by the Installer program (for details refer to chap-...
Page 145 W E B T U N E R • CHARSET—the table of symbols to be used in the MIME text. • PID_FILE—path to the web server .pid file. For example, PID_FILE=/var/run/_httpd.pid • LOG_FILE—path to the web server log file. For example, LOG_FILE=/usr/local/share/AVP/httpd/log/_httpd •...
Page 146 W E B T U N E R htpasswd [-c] filename username, where: • filename is a name of the .htpasswd file; • username is the user password for the web server; • [-c] is the optional switch enabling creation of the new access file.
Page 147 W E B T U N E R 1. To enable the web server to start automatically when you started the xBSD operating system, place the script _http.init into the directory /etc/init.d, and then add the corresponding symbolic link to the required start level using the ntsysv and chkconfig utilities or by the command ln –s.
Page 148: Rights On The Web Server
W E B T U N E R 7. To be able to review anti-virus performance reports from WebTuner, copy Slogan (if not installed), supplied in the Kaspersky Anti-Virus for xBSD Mail Server package, and the files web_new_template.tm and web_template.tm, located in the directory /usr/local/share/AVP/httpd, to the directory /usr/local/share/AVP/Tools.
Page 149: Rights To Run The Webtuner Copy
W E B T U N E R • read and execute files within the directory containing the web server configuration file (conf/); • execute files within the directory bin/. 2. Define the new user name in the USER line of the file _httpd.conf located in the directory conf/.
Page 150 W E B T U N E R Server. In this connection, you are able to call up WebTuner from a com- puter with a preinstalled web browser. To launch WebTuner, the remote administration program, follow these steps: 1. Start your web browser. 2.
Page 151: Interface
W E B T U N E R If you succeed the program main window will appear on your screen. This window allows remote administration of the Kaspersky Anti-Virus for xBSD Mail Server components. 11.5. Interface Discussing the interface. When you start the program the main window appears on your screen (see Figure 23).
Page 152 W E B T U N E R To select a program from the list, 1. Highlight it with your left mouse button. 2. Press the select button, if your browser does not support Java Script or the Java Script support is disabled. For web browsers supporting Java Script you do need to use this button.
Page 153: Defining The Configuration Of Webtuner
W E B T U N E R 11.6. Defining the Configuration of WebTuner Defining the configuration of the WebTuner program. Defining remote management settings. 11.6.1. WebTuner settings Attention! If you enter incorrect values for any parameter using WebTuner, it may result in the abnormal performance of the pro- gram! When using the WebTuner program, you can define its own configuration.
Page 154 W E B T U N E R Figure 24. The WebTuner main window with WebTuner selected in the list The WebTuner configure window (see Figure 25) will appear on your screen. The window contains hyperlinks allowing you to display the follow- ing pages: •...
Page 155: The Main Page: Webtuner Performance Settings
W E B T U N E R 11.6.2. The main page: WebTuner performance settings For your WebTuner to operate correctly, you must define its main perform- ance settings located on the main page (see Figure 25) of the WebTuner configure window.
Page 156: The Modules Page: Remote Administration Settings
W E B T U N E R 2. Enter the full path to the Kaspersky Anti-Virus for xBSD Mail Server directory in the Kaspersky Anti-Virus directory text field. You can do this manually or by using the browse button. The default path is: /usr/local/share/AVP/ 3.
Page 157 W E B T U N E R Figure 26. The modules page To add an item to the list, follow these steps: 1. Press the add button. 2. Enter the new module name in the Name text field of the Add new module window on your screen.
Page 158 W E B T U N E R By removing an item from the list you disable the remote administra- tion of the corresponding Kaspersky Anti-Virus for xBSD Mail Server software package component from WebTuner! To define the properties of a module, follow these steps: 1.
Page 159 W E B T U N E R Tuner main window with the corresponding program se- lected from the Programs list. • Report exec str – the string defining availability and the address of the view report hyperlink that appears in the WebTuner main window with the corresponding pro- gram selected from the Programs list.
Page 160: Webtuner: Administering Daemon
W E B T U N E R 11.7. WebTuner: Administering Daemon WebTuner for the daemon process. Editing the profile, launching the program and reviewing the log. 11.7.1. Daemon settings WebTuner allows you to remotely administrate the Daemon program, i.e. to edit the program profile, to launch it and to review the performance report.
Page 161 W E B T U N E R Figure 28. The WebTuner main window: Daemon is selected To edit another profile, follow these steps: 1. Click the config hyperlink. 2. Select the required profile from the drop down list in the win- dow on your screen and press the open button.
Page 162: Remote Configuration Of The Daemon Program
W E B T U N E R To display the performance report, Click the view log hyperlink (for details refer to subchapter ). Functions of the select, show all and hide buttons are similar to those described in subchapter 11.5. 11.7.2.
Page 163: The Objects Page: Location To Be Scanned
W E B T U N E R • The customs page items allow you to define the ad- vanced scanning settings (for details refer to subchap- ter 11.7.2.6). • Buttons (apply to all the pages): • save – saves the defined settings to the default profile. •...
Page 164 W E B T U N E R To define scanning settings for the selected directory, follow these steps: 1. Press the properties button. 2. Edit settings for the selected directory in the window on your screen. The window contains tabs allowing you to switch to the following pages: •...
Page 165 W E B T U N E R To change an item’s status within the list of directories to be checked, you must use the change stat button. You may select one of the fol- lowing options for the item: •...
Page 166: The Options Page: Scanning Settings
W E B T U N E R 11.7.2.3. The options page: scanning set- tings The options page items allow you to define the scanning settings to be applied to the entire list of directories to be checked (for details see sub- chapter 11.7.2.2.
Page 167: The Report Page: Reporting Settings
W E B T U N E R To move between the subpages use the arrow buttons cated in the upper right corner of the page. Figure 30. The actions page 11.7.2.5. The report page: reporting set- tings The report page allows you to define the format of the Daemon program reports.
Page 168: The Customs Page: Advanced Scanning Settings
W E B T U N E R 11.7.2.6. The customs page: advanced scanning settings The customs page items allow you to define advanced program perform- ance settings for the entire list on the objects page. The page options and their functions are similar to those described in sub- chapter 10.9.
Page 169 W E B T U N E R Figure 31. Daemon is starting for the first time To start the daemon process, follow these steps: 1. Press the run button. 2. The Daemon starter (see Figure 32) will appear on your screen.
Page 170 W E B T U N E R Figure 32. Daemon start parameters Figure 33. Daemon starting log...
Page 171 W E B T U N E R Starting the daemon process for the second (third, fourth…) time In this case the Daemon starter window (see Figure 34) on your screen contains information about the existing daemon process: • Pid – the daemon process identification number. •...
Page 172 W E B T U N E R To start a new daemon process: 1. Kill the existing daemon process using the kill button. The window displaying the process-killed results will appear on your screen (see Figure 35). Figure 35. The process-killed report The existing process must be killed to avoid conflicts that may arise between two or more simultaneously existing processes.
Page 173: Reviewing The Log File
W E B T U N E R steps 2-3 described for the daemon process started for the first time. 11.7.4. Reviewing the log file WebTuner allows you to review performance reports of the existing dae- mon process and of the processes run previously. To review the log of the existing daemon process, press the view log button in the WebTuner main window with the Daemon item selected in the list (see Figure 28).
Page 174 W E B T U N E R • List of all found virus types — a list of virus types detected and the amount for each of the types. • List of all found suspicion viruses — a list of virus types that seem to be present within the location checked (but the process is not sure) and the amount for each of the types.
Page 175: Webtuner: Administering Scanner
W E B T U N E R and by pressing the select button (for browsers not support- ing Java Script). 3. Press the open button. To review the log in HTML, press the full view button. You may change the log display. It may be displayed in the text format or in HTML.
Page 176 W E B T U N E R ure 37). These are the links allowing you to display windows with Scanner- related options and commands. Scanner parameters and values are located within a profile defined in the DefaultProfile line of AvpUnix.ini (the default profile is defUnix.prf) To edit the profile defined in the Kaspersky Anti-Virus for xBSD Mail Server initialization file, follow these steps: 1.
Page 177: Remote Configuration Of The Scanner Program
W E B T U N E R To edit another profile, follow these steps: 1. Click the config hyperlink. 2. Select the required profile from the drop-down list in the win- dow on your screen. Edit the Scanner settings using appropri- ate pages in the window on your screen.
Page 178: Launching Scanner From A Remote Location
W E B T U N E R objects defined in the text field that follows the word Scan. Endlessly scan – check this box to implement loop-scanning for viruses. Scan delay – enter the interval between two loops (in seconds). This parameter is used only if you checked Endlessly scan check box.
Page 179 W E B T U N E R 2. Select the Scan input path option button to scan the de- fined location. To scan the location defined in the default profile, select the Scan default path option button. To launch Scanner, press the run button, the Scanner status window that may display messages listed in the subchapter 16.5 of Appendix B will appear on your screen.
Page 180: Reviewing The Log File
W E B T U N E R 11.8.4. Reviewing the log file WebTuner allows to review reports about the current scanning operation and about the operations performed previously. To review the required scanning report, follow these steps: 1. Click the run hyperlink in the WebTuner main window with the Scanner item selected in the list.
Page 181 W E B T U N E R • Virus-definition database updating parameters (for details see below). • Buttons: • run – launches the updating utility. • view log – displays the Updater performance report. • exit – allows you to exit the Updater window. Figure 39.
Page 182 W E B T U N E R Select one of the following options: From web – updating via the Internet. This is the default option. The Update path text field above contains the following path: ftp://ftp.kasperskylab.com/updates. The web location of the database updates may be manually edited.
Page 183 W E B T U N E R To launch the updating operation, press the run button. The updating will be started and the window dis- playing information about the updating progress will appear on your screen (see Figure 41). Figure 41.
Page 184: Webtuner: Administering Keeper
W E B T U N E R 11.10. WebTuner: administering Keeper Changing Keeper settings. 11.10.1. Keeper settings Keeper is designed to process and transfer mail messages to the Daemon program that subsequently checks for viruses and disinfects them. Web- Tuner allows you to remotely define the Keeper settings within the program initialization file.
Page 185 W E B T U N E R for a separate address group (for details refer to sub- chapter 11.10.3.1). Figure 42. The WebTuner main window: Keeper is selected • The users page contains a list of legal users (for details refer to subchapter 11.10.4).
Page 186: The Main Page: Identification Settings And Communication With Daemon
W E B T U N E R • exit – allows you to exit the Keeper tunning window without saving the changes made. Figure 43. The main page 11.10.2. The main page: identification settings and communication with Daemon The main page items (see Figure 43) allow you to define the Keeper identi- fication settings, the Keeper/daemon communication settings, and the mailers to be used by administrators, senders and recipients included in the Keeper address groups.
Page 187 W E B T U N E R To define the Keeper identification settings, follow these steps: 1. Enter the host name where the Keeper will be running in the Hostname text field. For example, localhost.ru. If you do not define the host name, it will be identified automatically. 2.
Page 188 W E B T U N E R The path to the AvpCtl file is defined by the switch –f, when you launch the daemon process from the command line (see subchapter 6.2). • Name or IP address of the corresponding server, if the communication is to be performed via Inet connect.
Page 189: Defining Processing Rules For A Separate Group
W E B T U N E R 2. In the Recipient mailer text field, enter the required mailer identifier for the recipient. The general format of this string is similar to the one described for the Sender mailer parameter. 3.
Page 190 W E B T U N E R The location of a group within the group list is very important, since a mail message is processed according to the rules of the FIRST group to which it belongs, i.e. the first group that includes both the message addresses (From and To) (for details refer to subchap- ter 7.6.2.1).
Page 191 W E B T U N E R To add a group to the list, follow these steps: 1. Press the add button. 2. Enter the address group name in the text field of the Add new group window on your screen. 3.
Page 192: The Group: Window Masks Page: Defining Group Recipients And Senders
W E B T U N E R • The group window administrator page allows you to define rules for handling messages to be delivered to the group administrator (for details refer to subchap- ter 11.10.3.4). • The group window sender page allows you to define rules for handling messages to be sent by the group senders (for details refer to subchapter 11.10.3.5).
Page 193 W E B T U N E R Figure 45. The masks page To define the list of addresses for the message senders and recipients, follow these steps: 1. Define the required address mask (mask list) for the message From addresses in the Sender mask text field. 2.
Page 194: The Group: Window Filters Page: Defining The Filter193
W E B T U N E R If both the fields (Recipient mask and Sender mask) are blank, no mes- sages will be processed according to the processing rules of this group. You may do this to disable the processing rules of the address group without removing it from the group list.
Page 195 W E B T U N E R Figure 46. The filters page To define masks of the attachments to be processed following the processing rules for filtered files, enter the required masks in the Attach file mask text field (the Filters frame).
Page 196: The Group: Window Administrator Page: Notifications For The Administrator. Isolating Infected Objects
W E B T U N E R image/.* text/richtext To limit the size of attachments to be processed, enter the maximum and the minimum attachment sizes in the Min at- tach size(Kb) and Max attach size(Kb) text fields respectively (the Filters frame).
Page 197 W E B T U N E R • Corrupted – corrupted objects. • Filtered – objects meeting the filtering conditions defined on the filters page. On this page you may define the following settings: • what object types and in what form objects must be delivered to the administrator;...
Page 198 W E B T U N E R To define what object types and in what form objects must be delivered to the administrator, for every object type in the list select one of the following values from the Object action drop down list: •...
Page 199: The Group: Window Sender Page: Notifications For The Sender
W E B T U N E R Let's review the following example for training purposes: Example: If the Keeper program fails to disinfect a message that belongs to this address group, you want it to send the appropriate notification to the administrator with the original message attached to it and copy the message to the isolation directory.
Page 200 W E B T U N E R To notify the sender about the required object type detected in the message, check the Send notify check box for the corresponding object type. When sending notifications to the senders, the Keeper program does not attach the original messages to them.
Page 201: The Group: Window Recipient Page: Messages To Group Recipients
W E B T U N E R Example: If the Keeper program fails to disinfect a message that belongs to this address group, you want it to notify the sender and the administrator, copy the message to the isolation directory, and add the sender’s address to the list of suspicious addresses.
Page 202 W E B T U N E R On this page, you may define the following settings: • messages with object types that must be prohibited from delivery to the recipient mailbox (the Object type list on this page is simi- lar to the one located on the administrator page);...
Page 203 W E B T U N E R Figure 49. The recipient page Let's review the following example for training purposes: Example: If the Keeper program detects an infected object in a message that belongs to this address group, you want it to disinfect it and deliver to the recipient mailbox together with the appropriate report.
Page 204: The Users Page: The List Of Legal Users
W E B T U N E R • Check the Add report check box for the Cured ob- ject type; • Select Cured from the Object action drop-down list for the Cured object type; • Select Unchanged from the Object action drop-down list for the Infected object type.
Page 205 W E B T U N E R Figure 50. The users page To add a user to the list, follow these steps: 1. Press the add button; 2. Enter the required user name in the text field of the Add new user dialog box on your screen.
Page 206: The Log Page: Data To Be Logged
W E B T U N E R 11.10.5. The log page: data to be logged The log page (see Figure 51) allows you to define the reporting settings. Figure 51. The log page Define the Keeper log file: Log file – path to the log file. You may enter the required path manually or by using the Browse button.
Page 207: The Report Page: Defining The Notification Contents
W E B T U N E R This setting is in use only if you haven’t checked the Use sys log check box (see below). To add the program performance results to the system log, check the Use sys log check box. To define the detail level for the log data, select one of the following values from the Log level drop-down list: •...
Page 208 W E B T U N E R Figure 52. The report page To enable the program to broadcast notifications you must also define the appropriate settings for the following Group: window pages: the adminis- trator, the sender (the Send notify check box) and recipient (the Add report check box) pages.
Page 209: Notifications For Administrators
W E B T U N E R 11.10.6.2. Notifications for administra- tors The administrator can be notified about all infected messages from/to ad- dresses that are included in the address group. To do this you must check the Send notify check box on the administrator page (for details refer to subchapter 11.10.3.4) and define attributes of the notifications.
Page 210 W E B T U N E R • Content-type – the type of insertion to be used when adding text to the notification. Enter the value in the corresponding text field (for example, MIME). • File with report content – the path to the file containing the text to be inserted into the notification.
Page 211: Notifications For Senders
W E B T U N E R 11.10.6.3. Notifications for senders You can define attributes of the notifications to be sent to senders of the infected and suspicious messages. Options for these notifications are similar to those described for the admin- istrator notifications in subchapter 11.10.6.2.
Page 212 W E B T U N E R If the defined value is exceeded the message will not be accepted for processing. For example, Max hopes=12 • Enter the maximum number of recipients for a single message in the Max recipients text field. The above settings are used by the program to protect you from un- wanted e-mail messages and DoS attacks! Figure 54.
Page 213 W E B T U N E R Since the Keeper program is the sender of the notifications, make sure to add the address defined in the main page Keeper e-mail text field to the above list of addresses not to be notified (see subchap- ter 11.10.2).
Page 214: Updater: Updating Virus-Definition Databases
Chapter 12. Updater: Updating Virus- Definition Databases 12.1. Function and features Updater updates virus-definition databases, which are used in the process of checking for viruses. The program allows you to update virus-definition databases via the Internet, from an archive, or from a network location. The wget program is a software requirement for updating virus- definition databases and programs via the Internet.
Page 215: Starting The Updater
U P D A T E R 12.2. Starting the Updater Starting Updater. Command line switches. Optimizing the .set file. The general format of the Updater command line is: ./kavupdater update_switch [switch1] [switch2]... where update_switch is a mandatory switch reflecting the way the update will be performed (see subchapter 12.3);...
Page 216: How To Update Virus-Definition Databases
U P D A T E R 12.3. How to update virus- definition databases Updating via the Internet. Updating from a network directory. Updating from an archive. Examples. 12.3.1. Updating via the Internet To retrieve new virus-definition databases from an FTP or a web server, launch the program with the command line switch –uik: ./kavupdater -uik=server_and_path...
Page 217: Updating From A Network Directory
U P D A T E R To retrieve new Kaspersky Anti-Virus for xBSD Mail Server components from an FTP or a web server without the subse- quent auto-upgrading, launch the program with the command line switch –uipd: ./kavupdater -uipd=server_and_path 12.3.2.
Page 218: Updating From An Archive
U P D A T E R 12.3.3. Updating from an archive To install new virus-definition databases that are located in a ZIP or a RAR archive, launch the program with the command line switch –ua: ./kavupdater –ua=archive The program will extract databases from the archive and copy them to the virus-definition database directory.
Page 219 U P D A T E R To append reports to the defined file, enter a string similar to the following in the command line: ./kavupdater -uip=server_and_path -wa=myreport.rep The program will append reports to myreport.rep. To save reports to your system log, use the command line switch –ws: ./kavupdater -uip=server_and_path -ws To add details to the program reports, use the command line switch –r: ./kavupdater -uip=server_and_path -r...
Page 220: Inspector: Monitoring Filesystem Integrity
Chapter 13. Inspector: Monitoring Filesystem Integrity 13.1. Function and Features The Inspector program is an integrity checker running under the xBSD op- erating system. Inspector performs the following functions: • monitors the defined location for changes. • checks for viruses in the defined location and removes them. Unlike the Scanner and the Daemon programs, while searching for viruses Inspector is not guided by virus-definitions in the cor- responding databases.
Page 221: Running Inspector
I N S P E C T O R against the database. If it detects new or modified files with a structure that is identified as suspicious or unknown, the program tries to cure them (to restore the originals). For details about handling new or modified files see subchapter 13.2.3.
Page 222 I N S P E C T O R copy and later all newly collected data will be compared against this copy. When starting Inspector you must also make sure that the location to be checked does not contain viruses. By using the switch –dc in the Inspector command line you set the program to transfer all the new files to the Dae- mon program where they will be examined.
Page 223: Defining The Location To Be Checked
I N S P E C T O R 13.2.2. Defining the location to be checked When starting Inspector, you must define the location to be checked. You may do this one of the following ways: • by creating a text file listing all the required directories and defin- ing its name in the Inspector command line.
Page 224 I N S P E C T O R by space characters. For example, the Inspector command line may look like the following: ./kavinspector /tmp /var If you know for sure that some directories or files included in the defined location do not contain a virus, you may exclude them from the check.
Page 225: Handling Modified And New Files
I N S P E C T O R 13.2.3. Handling modified and new files When it detects modified or new files Inspector may perform one of the fol- lowing actions: • prompt for disinfection of infected objects; • display a report about the modified and new files detected; •...
Page 226 I N S P E C T O R To set the program to transfer all the infected files detected to Daemon where they will be processed, use the switches –da1 and –a[=socket_directory] in the Inspector com- mand line. The switch –a[=socket_directory] must define the path to the directory containing the Daemon socket file.
Page 227: Saving The Performance Report
I N S P E C T O R 13.2.4. Saving the performance report Inspector can save the performance report to the system log or a separate file. You can define the reporting settings by using the following switches in the Inspector command line: -w[t][a][-][+][=filename] This switch logs the performance report to the defined file (the default...
Page 228: Control Centre: Scheduling The Anti-Virus Performance
Chapter 14. Control Centre: Scheduling the Anti-Virus Performance 14.1. Function and Features The Control Centre program has been developed to schedule perform- ance of all the Kaspersky Anti-Virus for xBSD Mail Server components. This program allows you to • create, change and schedule performance of package compo- nent-based tasks.
Page 229: Scheduling Performance Of Package Component-Based Tasks
C O N T R O L C E N T R E where: switchN – is the optional command line switch of Control Centre. You can use more than one switch in the Control Centre command line. For the complete list of available command line switches refer to subchapter 16.8 Appendix B.
Page 230 C O N T R O L C E N T R E where: prgname is the name of the prgname program executable file; –a:arg[:arg1[…]] are the prgname performance parameters; Program performance parameters must be separated by colons. –u=username is the user name under which the prgname program will be started;...
Page 231 C O N T R O L C E N T R E –cal="task_parameters" – for a task to be performed every time the Control Centre is started. To schedule a task to be performed daily, enter the following strings in the command line: ./kavucc -cad="prgname -a:arg[:arg1[...]] -u=username -st=hour:min -fs=day.month.year -ls=day.month.year -re=delay -e=hour:min"...
Page 232 C O N T R O L C E N T R E ./kavucc -caw="prgname -a:arg[:arg1[...]] -u=username -st=hour:min -fs=day.month.year -ls=day.month.year -re=delay -sd=[sun|mon|tue|wed|thu|fri|sat] -e=hour:min" where: -re=delay is the interval between two starts (in weeks); -sd=[sun|mon|tue|wed|thu|fri|sat] is the weekday when the task must be performed.
Page 233 C O N T R O L C E N T R E To schedule a task to be performed once, enter the following strings in the command line: ./kavucc -cao="prgname -a:arg[:arg1[...]] -u=username -st=hour:min -sd=day.month.year -e=hour:min" Parameters in this command line are similar to the ones described for a task to be performed daily.
Page 234: Saving The Performance Report
C O N T R O L C E N T R E To review the task schedule that you created using the Control Centre pro- gram, enter the switch –ct in the Control Centre command line. The com- plete list of created tasks with their descriptions will be displayed on your screen.
Page 235: Appendix A. Principal Files
15. Appendix A. Principal files Files that are principal for Kaspersky Anti-Virus for xBSD Mail Server and their functions. The following files are vital for the Kaspersky Anti-Virus for xBSD Mail Server performance: • AvpUnix.ini contains information critical for the correct operation of the Kaspersky Anti-Virus for xBSD Mail Server components.
Page 236 A P P E N D I X • contact information of the entity that sold this program copy to you (company name, address, phone numbers); • the name of the person or entity that the product is regis- tered under.
Page 237: Appendix B. Supplementary Details Of Anti-Virus
16. Appendix B. Supplementary details of Anti- Virus 16.1. Files with the program settings You may edit a file with parameters (.prf, .ini, .conf) in any text editor. The file contains several sections with parameters and their values. The general format of a section is: [Section_name] Parameter_name=Value...
Page 238 A P P E N D I X [AVP32] DefaultProfile=defUnix.prf [Configuration] KeyFile=AVPLinux.key KeysPath=. SetFile=avp.set BasePath=. You may edit any section of the file ([AVP32] and [Configuration]). The [AVP32] section contains the parameter: DefaultProfile – the profile to be loaded by the program when it starts. If you leave it blank the program will load defUnix.prf.
Page 239: Scanner And Daemon: The Profile (Defunix.prf)
A P P E N D I X For your Kaspersky Anti-Virus for xBSD Mail Server to operate cor- rectly, make sure to place the initialization file AvpUnix.ini in the di- rectory where the Scanner and the Daemon are located. For exam- ple, if you move your Scanner to a separate directory, AvpUnix.ini must be copied to the same directory or the personal directory of a user authorized to access the Scanner.
Page 240 A P P E N D I X [Report] ChownTo=None Report=Yes ChModTo=No UseSysLog=No ReportFileName=~report.txt [ActionWithSuspicion] Append=Yes SuspiciousCopy=No ReportFileLimit=Yes SuspiciousFolder=suspicious ReportFileSize=10 CopyWithPath=Yes ExtReport=Yes ChangeExt=None RepCreateFlag=600 NewExtension=Susp UseCR=No ChownTo=None RepForEachDisk=No ChModTo=No WriteTime=1 WriteTimeInfo=1 [ActionWithCorrupted] LongStrings=No CorruptedCopy=No UserReport=No CorruptedFolder=corrupted UserReport- CopyWithPath=Yes Name=userreport.log ChangeExt=None ShowOK=Yes NewExtension=Corr ShowPack=Yes...
Page 241 A P P E N D I X [Customize] RedundantMessage=Yes UpdateCheck=Yes DeleteAllMessage=Yes UpdateInterval=90 ExitOnBadBases=Yes OtherMessages=Yes UseExtendedExitCode=Yes You can edit all the sections in this file. The [Object] section contains parameters defining the location and the ob- jects to be checked. If you are not authorized to access the defined directo- ries and/or files, they will be ignored during the check.
Page 242 A P P E N D I X dows and OS/2 (.exe, *.dll), Linux (in the format elf); files with the format of Microsoft Office documents and spreadsheets (OLE2 and Access) and Java applets. Thereby, this value scans all the files that are capable of carrying virus code. 1 –...
Page 243 A P P E N D I X Directories defined by the InfectedFolder, SuspiciousFolder and Corrupt- edFolder parameters (see subchapter 5.4.3) will be automatically ig- nored by the program. Packed – Yes in this line enables the unpacking engine and checks packed files.
Page 244 A P P E N D I X Warnings – Yes in this line enables the advanced checking tool to search for corrupted or modified viruses. No disables this feature. CodeAnalyser – Yes in this line enables the heuristic detecting tool to search for unknown viruses.
Page 245 A P P E N D I X LimitForProcesses line. LimitForProcesses – the maximum number of simultaneously scanned files (valid only if ParallelScan=Yes). EndlesslyScan – Yes in this line enables the program to implement loop-scanning for viruses. No disables this feature. ScanDelay –...
Page 246 A P P E N D I X RepCreateFlag – the log file attributes mask. UseCR – Yes in this line enables the program to use both the carriage return and the linefeed characters to separate records in a log file.
Page 247 A P P E N D I X ShowPassworded – Yes in this line enables the program to report password-protected archives. No disables this feature. ShowSuspicion – Yes in this line enables the program to report suspi- cious objects. No disables this feature. ShowWarning –...
Page 248 A P P E N D I X fected files when they are copied to the infected folder. If you type No the access attributes will not be changed. For example, the value 640 assigns the following attributes to the file: Read by owner, Write by owner, Read by group.
Page 249 A P P E N D I X If you prefix the name with the character "~", the directory will be created in your home directory. The CopyWithPaths, ChangeExt, NewExtension, ChownTo and ChModTo lines in the [ActionWithSuspicion] section and their features are similar to those (with the same names) described for the infected files..
Page 250: Scanner And Daemon: Command Line Switches
A P P E N D I X UpdateInterval – the interval (in days) between the two reminders (valid only if UpdateCheck=Yes). OtherMessages – Yes in this line enables error reporting at the program start. No disables this feature. RedundantMessage – Yes in this line enables the program to ask for confirmation when enabling the redundant scanning tool (valid only if RedundantScan=Yes).
Page 251 A P P E N D I X where: [switchN] is the optional command line switch; [path] is the optional xBSD path; [filemasks] are the optional file masks defining xBSD files to be checked for viruses. By default, the program checks all the executable files.
Page 252 A P P E N D I X -V[-] enables the redundant scanning tool . -R[-] skips the scanning into subdirectories. If you define this switch, the scanner will check only files of the predefined directories and ignore the subdirectory files. checks all files.
Page 253 A P P E N D I X checks the files and directories available via symbolic links. skips the files and directories available via symbolic links. -Y[-] skips all dialogs (to be used in script files) runs check once per day (to be used in script files). -Z[-] prohibits the check from being interrupted.
Page 254 A P P E N D I X prompts for disinfecting infected objects. -- or -I2 disinfects infected objects automatically if possible. When running in this mode the program checks for viruses and tries to recover infected files and boot sectors to exactly (if possible) or mostly match the origi- nals.
Page 255 A P P E N D I X port heading. The character - disables the extra information in the re- port heading. logs check results in the system log. -VL[=filename] logs the list of viruses into filename. If the file is not defined, the list of vi- ruses will be screened.
Page 256 A P P E N D I X -o{ the list of files, directories or symbolic links} checks the defined files, directories and links. If the objects are not lo- cated in the check-permitted area, they will be ignored. terminates the performance right after the check and disinfecting is completed without starting the daemon process.
Page 257: Scanner And Daemon: Report Messages
A P P E N D I X 16.5. Scanner and Daemon: report messages The list of report messages. During the check the program displays report messages (these messages can also be saved to the log file, if predefined). Object names are displayed on the left-hand side of your screen.
Page 258: Scanner And Daemon: Exit Codes
A P P E N D I X Corrupted – the file contents don’t correspond to the file format. I/O error – the file or sector is located on a write-protected disk or a system error has occurred. This message is also displayed if the program tried to open a file that is write-protected by the system.
Page 259 A P P E N D I X 5 – all infected objects were disinfected; 6 – infected objects were deleted; 7 – the kavscanner or kavdaemon file is corrupted; 8 – files are corrupted or an I/O error has occurred. In the high half-byte, the program returns the following advanced codes: 8 –...
Page 260: Slogan: Report Templates
A P P E N D I X echo Internal error: integrity failed echo Internal error: bases not found esac exit 0 16.7. Slogan: report templates Details of the templates that are used when displaying performance reports of Scanner and Daemon. The Kaspersky Anti-Virus for xBSD Mail Server distributive includes the following templates for the performance reports to be generated by the programs Scanner and Daemon (including those generated by Slogan):...
Page 261 A P P E N D I X $REQUEST – the number of objects checked. $ARCHIVE – the number of archives checked. $PACKED – the number of packed executable files checked. $INFECTED – the number of infected objects detected. $DESINFECTED – the number of objects disinfected. $DESFAILED –...
Page 262 A P P E N D I X $VIRUS – name of the virus detected. $COUNT – total number of the virus pieces detected. For example, the file template.tm2 may look similar to the following: Start date: $DATELO End date: $DATEHI Total statistic --------------- Request...
Page 263: Inspector: Command Line Switches
A P P E N D I X Virus name: $VIRUS Total found: $COUNT ------------------------------------------------- List of all warnings: ------------------------------------------------- Virus name: $VIRUS Total found: $COUNT ------------------------------------------------ Generated by KAV Daemon Log Analizer at $NOW . 16.8. Inspector: command line switches The list of Inspector command line switches and their functions.
Page 264 A P P E N D I X –g[=database_name] loads details of the location to be checked from the defined database file. –s[=database_name] saves details of the location to be checked to the defined database file. If you do not specify any database name in the above command line switches, the program will use the default database under the check- base name.
Page 265 A P P E N D I X -xf=file_mask excludes the files matching the defined mask from the check. You may specify more than one mask, but make sure to separate them by co- lons. -c[-] disables the program from crossing filesystem borders. checks only the files and directories available via the symbolic links predefined in the command line and ignores other symbolic links.
Page 266 A P P E N D I X –da[0|1|2[d]] allows you to define one of the following methods of handling modified and new files: –da – prompts for disinfecting a modified or new file; –da0 – reports a modified or new file detected; –da1 –...
Page 267: Control Centre: Command Line Switches
A P P E N D I X -h or -? displays the list of command line switches. defines English as the default language for reports and messages. displays the Inspector version number. 16.9. Control Centre: command line switches The list of Control Centre command line switches and their functions.
Page 268 A P P E N D I X -p=path defines the path to the directory with the files AvpCtl and AvpPid. -g=base defines the path the master database containing performance parame- ters to be used by Control Centre. -gu=base path to the database containing details of the legal users. cancels the task planner start.
Page 269 A P P E N D I X included in the report heading. The character – disables the extra in- formation in the report heading. -ws[-] logs the performance report in the system log. The following command line instructions are available: displays information about the licensed traffic and the Kaspersky Anti- Virus for xBSD Mail Server legal users.
Page 270 A P P E N D I X If you do not enter values for the parameters -fs=day.month.year and - st=hour:min, they will be automatically defined as the task creation date and time. -ls=day.month.year is the date when the task must be started for the last time;...
Page 271: Monitor: Configuration File (Monitor.conf)
A P P E N D I X schedules a task to be performed every time the Control Centre is started. displays the task list. -cd=IdN deletes the task with the defined ID. 16.10. Monitor: configuration file (monitor.conf) Parameters in the Monitor configuration file. Let's review an example of monitor.conf: #Report file section# LogFile /tmp/KasperskyMonitor.log...
Page 272 A P P E N D I X MaxConcurrentChecks 10 MaxTimeout 0 RunAsDaemon Yes OpenCacheSize 500 You may edit any section of monitor.conf. Report file section defines the reporting settings: LogFile – the path to the log file. Append – Yes in this line enables the program to append new reports to the contents of the log file (valid for all the program reports).
Page 273 A P P E N D I X but make sure to separate them by colons. Warnings – Yes in this line enables the program to report errors. No disables this feature. ShowOK – Yes in this line enables the program to report virus-free ob- jects.
Page 274: Updater: Command Line Switches
A P P E N D I X 16.11. Updater: command line switches The list of command line switches available for Up- dater. The general format of the updating utility command line is: ./kavupdater update_switch [switch1] [switch2] [...] [switchN] where: update_switch is the way to update virus-definition databases;...
Page 275 A P P E N D I X The switch –a=path cannot be used together with the switch –kb! -p[=num] defines the maximum number of simultaneously downloaded files. The default value is num=16. -udp=directory upgrades the installed Kaspersky Anti-Virus for xBSD Mail Server components from the defined directory.
Page 276 A P P E N D I X -s[=filename] enables the program to use the defined file as a .set file (the default file is defined in the SetFile line in AvpUnix.ini). For example, ./kavupdater -s=avp.set. -t[=directory] enables the program to use the defined directory for intermediate op- erations.
Page 277: Installer: Command Line Switches
A P P E N D I X -w[t][a][-][+][=filename] logs performance results in the defined file (the default file is report.txt). If the character a is defined in the switch, the report will be appended to the contents of filename, the character t overwrites the report with a new one.
Page 278: Keeper For Sendmail: Configuration File (Kaspersky-Av.mc)
A P P E N D I X displays the list of Kaspersky Anti-Virus family products installed on this computer. displays details during the installation. -dp [software] uninstalls the defined Kaspersky Anti-Virus family software product from this computer. uninstalls all Kaspersky Anti-Virus software products from this com- puter.
Page 279: Keeper For Postfix: Configuration File (Master.cf)
A P P E N D I X dnl preprocessor: m4 /etc/sendmail.mc > /etc/sendmail.cf dnl You will need to have the sendmail-cf package installed for this to dnl work. include(`../m4/cf.m4') define(`confDEF_USER_ID',``8:12'') OSTYPE(`linux') define(`confAUTO_REBUILD') define(`confTO_CONNECT', `1m') define(`confTRY_NULL_MX_LIST',true) define(`confDONT_PROBE_INTERFACES',true) define(`QUEUE_DIR',`/var/spool/mqueue1') FEATURE(`smrsh',`/usr/sbin/smrsh') FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable') FEATURE(redirect) FEATURE(always_add_domain)
Page 280 A P P E N D I X service type pri- upriv chroo Wakeup Maxproc command + vate args (yes) t(yes) (yes) (50) smtp inet smtpd pickup fifo pickup cleanup unix cleanup qmgr fifo qmgr #qmgr fifo nqmgr rewrite unix trivial- rewrite bounce...
Page 281: Webtuner: The Configuration File (Loader.cfg)
A P P E N D I X 16.15. WebTuner: the configuration file (loader.cfg) Let's review an example of loader.cfg, the WebTuner configuration file. [Main] Modules=Daemon;Updater;Scanner;Keeper;WebTuner CgiDir=/usr/local/share/AVP/httpd/html/cgi-bin/ AvpDir=/usr/local/share/AVP/ AvpIni=AvpUnix.ini [Daemon] Exec=kavdaemon MainCgi=DaemonPrf.cgi Config- ure=./DaemonPrf.cgi?avp_d=%AVP_DIR%&avp_prf=%AVP_ PRF%&start_dir=%AVP_DIR% ConfigureDe- fault=./DaemonPrf.cgi?avp_d=%AVP_DIR%&avp_prf=%AV P_PRF%&op=v&sec=ob&prf=%DEFAULT_KAV_PROFILE% Run=./daemon_exec.cgi?avp_d=%AVP_DIR%&d_exec=%EXE port=./daemon_report.cgi?avp_d=%AVP_DIR%&avp_prf= %AVP_PRF% Hide=No [Updater]...
Page 282 A P P E N D I X [Scanner] Exec=kavscanner MainCgi=scanner_prf.cgi Config- ure=./scanner_prf.cgi?avp_d=%AVP_DIR%&avp_prf=%AV P_PRF%&start_dir=%AVP_DIR% ConfigureDe- fault=./scanner_prf.cgi?avp_d=%AVP_DIR%&avp_prf=% AVP_PRF%&op=v&sec=ob&prf=%DEFAULT_KAV_PROFILE% Run=scanner_exec.cgi?avp_d=%AVP_DIR%&s_exec=%EXEC Hide=No [Keeper] MainCgi=keeper_prf.cgi ConfigureDe- fault=./keeper_prf.cgi?op=v_op&sec=mn_main&prf=%A VP_DIR%etc/defUnix&usrdb=%AVP_DIR%etc/userdb Hide=No [WebTuner] MainCgi=self_cfg.cgi Configure=./self_cfg.cgi Hide=No The [Main] section parameters define the WebTuner performance settings: Modules – the list of Kaspersky Anti-Virus for xBSD Mail Server com- ponents that can be administrated from WebTuner.
Page 283 A P P E N D I X Anti-Virus for xBSD Mail Server files. The default value is Avp- Dir=/usr/local/share/AVP/ AvpIni – the name of the Kaspersky Anti-Virus for xBSD Mail Server initialization file. The default value is AvpIni=AvpUnix.ini The [the_package_component_name] section parameters define the adminis- trated program dependent settings of WebTuner.
Page 284 A P P E N D I X The ConfigureDefault parameter insures availability of the default config hyperlink on the WebTuner main window with the package component selected in the Programs list. Run – defines launching of the package component from a remote lo- cation by using WebTuner.
Page 285: Appendix C. Classifying Computer Viruses
17. Appendix C. Classifying computer viruses Discussing various virus types. The computer virus is a computer program (that is, executable code and/or a collection of instructions) that can replicate itself (though the copy may not necessarily exactly match the original) and penetrate files and other resources of computer systems and networks and make them per- form tasks the virus dictates without the user’s permission.
Page 286 A P P E N D I X of infection, use stealth and polymorphic features, etc. Another example of the combination virus is the network-macro-virus that infects edited docu- ments and broadcast its copies with e-mail messages. We can differentiate viruses by the operating system they infect. Every file or network virus is able to infect files of one or more operating systems: DOS, Windows, Win95/NT, OS/2 etc.
Page 287 A P P E N D I X ruses temporarily disinfect the infected file or substitute themselves for “healthy” data blocks. In case of macro-viruses, the most popular feature used is the prohibition to activate the menu list of macros. One of the first file-stealth-viruses is Frodo and the first boot-stealth-virus is called Brain.
Page 288 A P P E N D I X COM or EXE files only by their extension but not by the inner file format. Naturally, if the format of a file does not correspond to its extension these viruses corrupt the file. The "jam" of a resident virus and the system, when using the new versions of DOS, or Windows, or other powerful program systems, is also possible.
Page 289: Appendix D. Kaspersky Lab Ltd
18. Appendix D. Kaspersky Labs Ltd. About Kaspersky Labs. Kaspersky Labs is a privately-owned, international, anti-virus software- development group of companies headquartered in Moscow (Russia), and representative offices in the United Kingdom, United States of America, China, France and Poland. Founded in 1997, Kaspersky Labs concentrates its efforts on the development, marketing and distribution of leading-edge information security technologies and computer software.
Page 290 A P P E N D I X defense for e-mail gateways (MS Exchange Server, Lotus Notes/ Domino, Sendmail, Qmail, Postfix, and Exim), firewalls and WEB servers. All Kaspersky Labs products rely on Kaspersky's own database of over 60,000 known viruses and all other types of malicious code. The product is also powered by a unique heuristic technology combating even future threats: the built-in heuristic code analyzer, which is able to detect up to 92% of unknown viruses and the world's only behavior blocker for MS Office 2000...
Page 291 A P P E N D I X tic-analysis system effectively neutralizes unknown viruses. The simple and easy-to-use interface allows you to quickly change the program settings and makes you feel maximum comfort while working with the program. Kaspersky® Anti-Virus Personal includes: •...
Page 292 A P P E N D I X influence of this mode while working on the Web: the program provides conventional transparency and accessibility of the data. Kaspersky® Anti-Hacker blocks the most common hacker network at- tacks, monitors for attempts to scan computer ports. Software supports simplified management by choosing one of five security levels.
Page 293 A P P E N D I X You are free to choose any of the anti-virus programs according to the op- eration systems and applications you use. Kaspersky® Corporate Suite The package has been developed to provide the full-scale data-protection for corporate networks of any size and complexity.
Page 294: Contact Information
A P P E N D I X Kaspersky® Anti-Spam acts as a filter installed at a network’s entrance where it verifies incoming e-mail traffic streams for objects identified as spam. Software is compatible with any mail system, already used in the customer company, and can be installed both on existing mail server or dedicated one.
Page 295 A P P E N D I X 19. Index Advanced checking tool..51, 52, 131, 247 Monitor ..........12, 101 Advanced scanning tools......131 Objects to be scanned ........42 Daemon ..........12, 66 Path to the temporary files directory ..24 Extracting engine........47 Profile ....

KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER User Manual

1 Kaspersky

2 Installing Anti-Virus

3 Running Anti-Virus

4 Anti-Virus Scanner: Scanning and Disinfecting

5 Anti-Virus Scanner and Daemon Process: Using Switches and Profiles

6 Daemon Process: Integrating Anti-Virus Protection in Clients

7 Keeper: Scanning Smtp Traffic in Mail Systems: Sendmail, Qmail, Postfix and Exim

8 Anti-Virus Monitor: Monitoring the System for Viruses

9 Slogan: Processing and Summarizing the Performance Reports

10 Tuner: Customizing Scanner and Daemon

11 Webtuner: Remote Administration Program

12 Updater: Updating Virus-Definition Databases

13 Inspector: Monitoring Filesystem Integrity

14 Control Centre: Scheduling the Anti-Virus Performance

15 Appendix A. Principal Files

16 Appendix B. Supplementary Details of Anti-Virus

17 Appendix C. Classifying Computer Viruses

18 Appendix D. Kaspersky Lab Ltd

Quick Links

USER GUIDE

Related Manuals for KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER

Summary of Contents for KAPERSKY ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL SERVER