1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS 5.0 - FOR SAMBA SERVERS
  6. Administrator's manual

KAPERSKY Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Administrator's Manual

Hide thumbs Also See for Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, User Manual
K A S P E R S K Y L A B S
Kaspersky Anti-Virus
5.0
®
for Linux, FreeBSD and OpenBSD File Server
ADMINISTRATOR'S GUIDE

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KAPERSKY Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server

Summary of Contents for KAPERSKY Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server

  • Page 1 K A S P E R S K Y L A B S Kaspersky Anti-Virus ® for Linux, FreeBSD and OpenBSD File Server ADMINISTRATOR’S GUIDE...
  • Page 2 ® K A S P E R S K Y A N T I - V I R U S 5 . 0 F O R L I N U X , F R E E B S D A N D O P E N B S D F I L E S E R V E R Administrator's guide...

  • Page 3: Table Of Contents

    Contents ® CHAPTER 1. KASPERSKY ANTI-VIRUS 5.0 FOR LINUX, FREEBSD AND OPENBSD FILE SERVER................... 6 1.1. What’s new in version 5.0 ..................7 1.2. Licensing policy ..................... 8 1.3. Hardware and software requirements ..............8 1.4. Distribution kit ......................9 1.5.
  • Page 4 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server 4.2.2. Scheduled daily directory scan ..............29 4.2.3. Moving objects to a separate directory (quarantine) ........29 4.2.4. Advanced options: using script files............. 31 4.2.4.1. Cleaning infected objects in archives............ 31 4.2.4.2.
  • Page 5 Contents A.9. The aveclient component return codes.............. 69 A.10. A sample script file (vox.sh) for disinfecting tar- and zip-archives....70 APPENDIX B. MALICIOUS PROGRAMS IN THE UNIX ENVIRONMENT....73 B.1. Viruses......................... 73 B.2. Trojan horses ...................... 74 B.3. Internet worms..................... 75 APPENDIX C.

  • Page 6: Chapter 1. Kaspersky Anti-Virus

    CHAPTER 1. KASPERSKY ANTI- VIRUS 5.0 FOR LINUX, ® FREEBSD AND OPENBSD FILE SERVER ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server ® (hereinafter also referred to as Kaspersky Anti-Virus ) is designed for anti-virus file scanning in file systems of servers. This software product allows the user to: Check for viruses in all mounted file systems.

  • Page 7: What's New In Version 5.0

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server 1.1. What’s new in version 5.0 ® Version 5.0 of Kaspersky Anti-Virus has the following changes compared to version 4.0: All the product components have been transferred to the new antiviral engine, which reduces the load on workstations and servers but provides the same functionality.

  • Page 8: Licensing Policy

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server The executable file of the kavdaemon component has been renamed to aveserver and updated. The product has been supplemented with the aveserver component including the aveclient client software, which allows the creation of custom solutions (e.g.

  • Page 9: Distribution Kit

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Perl version 5.0 or higher (www.perl.org) for Kaspersky Anti- ® Virus installation using install.pl. 1.4. Distribution kit ® You can purchase Kaspersky Anti-Virus either from our distributors (retail box) or in our Internet-shop (www.kaspersky.com, Buy online section).

  • Page 10: Conventions

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server 1.6. Conventions In this book we use various conventions to emphasize different meaningful parts of the documentation. Convention Meaning Bold font Menu titles, commands, window titles, dialog elements, etc. Note.

  • Page 11: Chapter 2. Installing Kaspersky Anti-Virus

    CHAPTER 2. INSTALLING KASPERSKY ANTI-VIRUS ® ® Before you begin to install Kaspersky Anti-Virus for Unix, please prepare your system as follows: Make sure your system meets the hardware and software requirements of ® Kaspersky Anti-Virus (see section 1.3 on page 8). If some of the applications, such as Wget, are not installed we recommend installing them, otherwise some product functions will be unavailable.

  • Page 12: Starting The Installation Procedure

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Installation of version 5.0 of the product without removing the earlier version. The stages of creating backup, updating to version 5.0, and concurrent installation are independent. Copying of the distribution package files to the server. Installation of the license key (only if not included in the distribution package).

  • Page 13: Creating A Backup Copy Of The Previous Distribution Package

    Installing Kaspersky Anti-Virus If no earlier version is installed on the server, then the process of copying distribution files to the server starts (see section 2.1.3 on page 15). If an earlier version of the product is found, the following message is output to the console: Previously installed components of Kaspersky AV found.

  • Page 14: Updating To Version 5.0

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server 2.1.2.2. Updating to version 5.0 The update procedure consists of converting the former profile of the anti-virus (file defUnix.prf) to the configuration file for version 5.0: Do you want to convert old settings to new config file? [yes] Answer ‘yes’...

  • Page 15: Copying The Distribution Files

    Installing Kaspersky Anti-Virus 2.1.3. Copying the distribution files In this stage, an interactive installation process starts that will copy the ® distribution files of Kaspersky Anti-Virus to your server. The package files are divided into several groups according to their purpose, for example: binary files, configuration files, initialization scripts etc.

  • Page 16: Completing The Installation

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server If the license key is detected, the installer outputs an appropriate message to the console and proceeds to the next stage – installation of the anti-virus database (see section 3.2 on page 20). If the license key is not detected, the installer suggests that you specify its full path.

  • Page 17: Installing The Program On A Server Running Linux

    Installing Kaspersky Anti-Virus <file | dir> <path> [size] where: file or dir is the file or the directory ID path – full name of the file or the directory size – file size (this parameter is not used for directories). Actions dealing with user’s answers to the installer questions are described by lines like this: <answer>...

  • Page 18: Installing The Program On A Server Running Freebsd Or Openbsd

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server A special deb-package is included for Linux Debian distribution package. ® To start the installation of Kaspersky Anti-Virus from the deb-package, type the following in the command line: dpkg –i <distribution_file_name> The procedure is similar to that of the rpm-package, except that the script /opt/kav/contrib/config.pl will be launched automatically.

  • Page 19: Chapter 3. Post-Installation Settings

    CHAPTER 3. POST-INSTALLATION SETTINGS ® During installation, the system on to which you install Kaspersky Anti-Virus analyzed and some of its configuration parameters are set automatically. A number of parameters of the configuration file are set by default as the most suitable for the operation of the anti-virus program (see section 3.1 on page 19).

  • Page 20: Installing / Updating Anti-Virus Database

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server If any infected, suspicious or corrupted files are found, appropriate messages will be output to the console and the report file. Please note that by default any infected files the anti-virus program detects ARE NOT CLEANED! 3.2.
  • Page 21 Post-installation settings If you want to create an alternative configuration file using the Webmin program, you need to do the following: Specify the name of the alternative file on the Configuration tab (see Figure 1) in the field Full path to KAV config. Set the required parameters for file system antiviral protection on the appropriate tabs.

  • Page 22: Chapter 4. Working With Kaspersky Anti-Virus

    CHAPTER 4. WORKING WITH KASPERSKY ANTI-VIRUS ® The product’s functionality lies in the tasks that the administrator can perform ® with its help. The tasks implemented by Kaspersky Anti-Virus can be divided into three groups: Update of the anti-virus database used to scan for viruses and to clean any infected objects.

  • Page 23: Scheduling Anti-Virus Database Updating Using Cron

    Working with Kaspersky Anti-Virus another or at random), and attempts to download the anti-virus database. If the update from the selected address fails, the program tries the next address and makes another attempt to update the database. You can adjust the update servers list. For example, you may want to move the most frequently used server to the first position in the list, or delete those addresses that you never use.
  • Page 24 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Report level – Level of detail of the component work results report. Select Errors in the drop-down list. Append – Append the results of program operation to the end of the existing report file (system log in this case), If no value is entered in the Report file name field, then the program’s operation results will be saved in the...

  • Page 25: One-Time Update Of The Anti-Virus Database

    Working with Kaspersky Anti-Virus Other KAV for Unix KeepUp2Date ® Figure 2. Kaspersky Anti-Virus KeepUp2Date tab Edit the file that sets the rules of the cron process operation crontab –e Input the following line: 0 7 * * * /opt/kav/bin/kavupdater 4.1.2.
  • Page 26 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server The solution: in order to accomplish the above objective, input the following in the command line: kavupdater –l /tmp/updatesreport.log If you need to update the anti-virus database on more than one computer, it may be more convenient to download it from an update server once, save to a local directory, and then update from this directory.

  • Page 27: Antiviral Protection Of File Systems

    Working with Kaspersky Anti-Virus Other KAV for Unix AV Run ® Figure 3. Run Kaspersky Anti-Virus component tab Edit the file /etc/kav/5.0/servers.lst, which contains the list of update servers, place the network directory /home/bases (where the database is stored) in the first position. Turn random selection of update servers off by setting RandomServerOrder=no in configuration file.

  • Page 28: Launching Directory Scan From The Command Line

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server infected and suspicious files according to the settings. Object processing can be of an exceptionally informational nature (outputting the information to the log and to the server’s console, plus administrator notification) or can result in object changing (disinfection, quarantine, or deletion).

  • Page 29: Scheduled Daily Directory Scan

    Working with Kaspersky Anti-Virus "%Y-%m-%d-$$"`.log -i3 -ePASBMe –j3 -mCn /tmp 4.2.2. Scheduled daily directory scan In the Unix family of operating systems, scheduled program start, including that ® of Kaspersky Anti-Virus tasks, is carried out using the cron utility. The object: every night at 12 a.m. start scanning the /home directory for viruses.
  • Page 30 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server The object: scan for viruses all the objects listed in the file /tmp/download.lst, move any infected objects that are detected with their full paths to the directory /tmp/infected. Use heuristic checker. Disable recursive scanning.

  • Page 31: Advanced Options: Using Script Files

    Working with Kaspersky Anti-Virus Scanner tab of the Webmin program (see Figure 4) enter the following line: exec mv %FULLPATH%/%FILENAME% /tmp/infected/%FILENAME%; chmod –x /tmp/infected/%FILENAME% In the sections [object] and [container] of the configuration file /etc/kav/kavscanner.conf enter the following line as an infected objects processing rule: OnInfected=exec mv %FULLPATH%/%FILENAME% /tmp/infected/%FILENAME%;...
  • Page 32 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server The solution: in order to accomplish the above objective do the following: Set the actions to be applied to infected compound objects. To do so, enter the line provided below in the On infected parameter input field in the section Container action on the Kasperksy Anti- Virus Scanner tab of the Webmin program (see Figure 4): exec /tmp/kavscanner/test/vox.sh \...
  • Page 33 Working with Kaspersky Anti-Virus Other KAV for Unix AV File Check ® Figure 4. Kaspersky Anti-Virus On-Demand Scanner Other KAV for Unix AV Run+Start Figure 5. Scan area definition tab...

  • Page 34: Sending Notifications To The Administrator

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Create an alternative file kavscanner.conf.in. In the [container] section of this file set the following line as the infected objects processing rule: OnInfected=exec /tmp/kavscanner/test/vox.sh %FULLPATH%/%FILENAME% In the command line type: # kavscanner –c kavscanner.conf.in –ePASE –qR –o /tmp/logfile.log –j3 –pi /tmp/infected_archive.lst /...

  • Page 35: License Key Management

    Working with Kaspersky Anti-Virus input field in the section Object action on the Kasperksy Anti- Virus Scanner tab of the Webmin program (see Figure 4): exec echo %FULLPATH%/%FILENAME% is infected by %VIRUSNAME% | mail -s kavscanner admin@localhost.ru Define the actions to be applied to infected component objects. To do so, enter the line provided below in the On infected parameter input field in the section Container action on the Kasperksy Anti- Virus Scanner tab of the Webmin program (see Figure 4):...

  • Page 36: Viewing The License Key Information

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server 4.3.1. Viewing the license key information You can view the information about the installed license keys in the work reports of kavscanner, and kavupdater components. Starting each of these components loads the key information.

  • Page 37: Renewing The License

    Working with Kaspersky Anti-Virus Other KAV for Unix Keys Info Figure 6. License information In order to view key information, do the following: In the command line type, for example: licenseviewer –k 0003D3EA.key The following information will be output to the console: Kaspersky license viewer Version 5.0 Copyright (C) Kaspersky Labs.
  • Page 38 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Contact the company you purchased the product from and pay for ® Kaspersky Anti-Virus license renewal, Renew the license directly with Kaspersky Labs. To do so please write to our sales department (sales@kaspersky.com) or fill in the appropriate form on our web site (www.kaspersky.com) in the section Buy on-line ! For Linux users.

  • Page 39: Chapter 5. Advanced Settings

    CHAPTER 5. ADVANCED SETTINGS ® In this section we shall consider advanced settings of Kaspersky Anti-Virus functions. Unlike the required settings (see Chapter 3 on page 19), without which the product cannot be used, advanced settings are made as administrator’s options.

  • Page 40: File Check And Disinfection Mode

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server When launching the component, list directories and files with absolute or relative (to the current directory) paths to them directly in the command line, separating them by spaces. Set scan paths in a text file and specify the file name in the command line -@ <file_name>.

  • Page 41: Actions Taken With The Files

    Advanced settings Clear – No viruses were detected in the file. Infected – The file is infected. Warning – The code of the file is similar to that of a known virus. Suspicious – The code of the file is similar to that of an unknown virus. Corrupted –...

  • Page 42: Setting Up File Scanning Parameters For The Aveserver And Aveclient Components

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Actions taken with these two kinds of object are different too; they are separated in different sections in the configuration file. For simple objects – [scanner.object] section, for compound ones – [scanner.container]. Actions taken to self-extracting archives are ambiguous.

  • Page 43: Operation Mechanism Of Aveserver And Aveclient

    Advanced settings The aveclient component receives a request for file scanning from the command line, transfers it to the daemon and then outputs a report on scanning results in the form most suitable for its further processing by various scripts. Such application architecture allows a considerable decrease of the time it takes to perform anti-virus scanning of several files.
  • Page 44 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server section). Therefore proper functioning of the aveclient component requires mandatory indication of the socket path using the -p<path> command line option. The component can accomplish the following tasks: It can detect whether aveserver is running. If it is, the client component can output on-screen information about the date of the most recent update effected for the anti-virus databases and the number of records therein.

  • Page 45: Additional Opportunities For Integration With Third Party Software

    Advanced settings <file name> represents the name of the file being scanned <status> represents the file status If viruses have been detected in a file (Warnings or Suspicions status) or successfully removed from it, a corresponding list will be output to screen. The list will consist of one of the words: LINFECTED, LCURED, LWARNING, LSUSPICION, followed by a tab-separated list of names for the respective viruses.

  • Page 46: Parameters Of Kaspersky Anti-Virus ® Report Generation

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server %H:%M:%S – Displayed time format. %d/%m/%y – Displayed date format. The administrator is provided with the option of changing the format of time and date representation. The formats can be localized in the section [locale] of the configuration file kav4unix.conf.
  • Page 47 Advanced settings Level name in Levels Value Webmin Errors Information regarding other errors, including those not causing components to terminate, e.g. information regarding a file scanning failure. Info Important information messages e.g. whether the component is running or not, the path to the configuration file, scan...

  • Page 48: Format Of Scanning Messages Output By Kavscanner

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Below is a detailed explanation of each message type and format. 5.4.1. Format of scanning messages output by kavscanner Messages about scanning are only generated for the components and kavscanner.

  • Page 49: Format Of Other Messages Output By Kavscanner

    Advanced settings Event/Result Value CURED (only with The file was infected and was successfully disinfection mode cleaned. enabled) INFECTED The file is infected by one or more viruses. No request for disinfection. CUREFAILED (only The file is infected by one or more viruses. Request with disinfection mode for disinfection is present, but disinfection of the file enabled)

  • Page 50: Format Of Kavscanner Console Messages

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Scan summary: Files=num Folders=num Archives=num Packed=num Infected=num Warnings=num Suspicious=num Cured=num CureFailed=num Corrupted=num Protected=num Error=num ScanTime=hh:mm:ss ScanSpeed=speed Kb/s Messages about actions taken to files: File relocation: File src_file_name moved to dst_file_name File deletion: File file_name removed Information regarding the action taken to a file:...
  • Page 51 Advanced settings The scanning report detail level is adjusted by the key –x<option> in the command line on condition that the [display] section is present.

  • Page 52: Chapter 6. Questions And Answers

    CHAPTER 6. QUESTIONS AND ANSWERS This chapter contains FAQs about installation, setting up, and use of Kaspersky ® Anti-Virus Question: Does the program support X architecture processors (PowerPC, SPARC, Alpha, PA-RISC etc.)? These processors are not supported in the current version of the software product.
  • Page 53 Questions and answers Question: Why do I need the key file? Will my copy of the anti-virus program work without it? ® No, Kaspersky Anti-Virus does not work without a license key. If you are still deciding whether or not to purchase Kaspersky Anti- ®...
  • Page 54 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Question: My anti-virus program does not work. What should I do? First, check if a solution for your problem is provided in this document, in particular, in this section or on our website (Services ! For customers ! Technical support ! On-line support).
  • Page 55 Questions and answers Less than 64 Mb or more than 2 Gb of RAM. Specify the approximate amount of daily traffic and whether or not the server has peak loads. Question: How can I save the program’s console output to a file? In order to save the information output to the console by Kaspersky ®...

  • Page 56: Chapter 7. Uninstalling Kaspersky Anti-Virus

    CHAPTER 7. UNINSTALLING KASPERSKY ANTI-VIRUS ® ® To uninstall Kaspersky Anti-Virus for Unix the following is required: Superuser rights (root or any other user with UID=0). If you do not have such rights when you wish to uninstall the program, you will have to log on as the root user.

  • Page 57: Appendix A. Supplementary Information About The Product

    APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT These supplementary notes include a description of the directory tree of ® Kaspersky Anti-Virus distribution after installation, a description of the configuration file, and a description of command line keys for every component and their return codes.

  • Page 58: Kaspersky Anti-Virus ® Configuration File

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server /var/db/kav/5.0/kav4unix/bases.backup – The directory where the anti-virus database is stored that was current before the last update. /var/db/kav/5.0/kav4unix/keys – The directory where the license keys are stored. /var/run/aveserver – Local socket used for connection with the aveserver process /var/run/aveserver.pid –...
  • Page 59 Appendix A DateFormat=%d/%m/%y – The format of date representation according to strftime. You can change the format of date representation to the following: %y/%m/%d or %m/%d/%y. The [scanner.options] section contains the server’s file system scanning parameters: ExcludeMask=mask1:mask2:...:maskN – Masks of the files to be excluded from scanning.
  • Page 60 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server OnWarning=action – Actions to be taken in the event of detection of a file with a code similar to that of a known virus. OnCorrupted=action – Actions to be taken in the event of corrupted file detection.
  • Page 61 Appendix A %LIST% – File name or the list of infected, suspicious, and corrupted files detected in the container. The file has the following format: <virus name>\t<file name>. %FULLPATH% – Full path to the container. %FILENAME% – The file name without the path. %CONTAINERTYPE% –...
  • Page 62 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server The [updater.options] section contains parameters of the kavupdater component work: ExtraWgetOptions – Advanced options of the Wget package. KeepSilent=no – The mode in which information regarding the kavupdater component operation is output to the console. To disable the mode set the parameter to yes.

  • Page 63: Command Line Keys For The Kavscanner Component

    Appendix A ReportFileName=/tmp/aveserver.log – The name for the report file in which the results of component actions are to be recorded. Append=yes – The append mode for new messages added to the report file. Use the no value to disable the mode. ReportLevel=10 –...
  • Page 64 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Enable/disable scanning of plain text messages. Enable/disable heuristic code analyzer. –r/R Enable/disable recursive scanning. –l Only scan local file systems. Report generation options: –q Do not output messages to the console. –o name Sets the name of the file to which component work results should be output.
  • Page 65 Appendix A –m<option> Sets the level of detail of the scanning report output to the report file. The following modes can be used as the <option>: Short/extended format of messages regarding scanning of a simple object. Short/extended format of messages regarding scanning of an archive.

  • Page 66: The Kavscanner Component Return Codes

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server whole container. –i4 Delete infected objects and containers. A.4. The kavscanner component return codes During its work, the kavscanner component can return the following codes: No viruses were detected. All the infected objects were cleaned.

  • Page 67: Command Line Keys For The Licenseviewer Component

    Appendix A The kavscanner component is corrupted and cannot be recovered. A.5. Command line keys for the licenseviewer component Help options: –h Output help on the licenseviewer component to the console. Options used during work with the license keys: –s Output information regarding all the installed license keys to the console.

  • Page 68: The Kavupdater Component Return Codes

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server –s <file_path> Use the update servers list specified in the file <file_path>. –b <path> Prior to updating, copy the existing anti-virus database to the directory <path>. –t <path> Use the <path> directory to store temporary files. Report generation options: –l <file_path>...

  • Page 69: Command Line Keys For The Aveclient Component

    Appendix A A.8. Command line keys for the aveclient component Help options: –h Output help on the component to the console. –v Display program version and terminate. Report generation options: –q Do not display any messages (except for error messages). File processing options: –с...

  • Page 70: A Sample Script File (Vox.sh) For Disinfecting Tar- And Zip-Archives

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server No viruses were detected. Connection with aveserver could not be established. Files with code similar to that of known viruses were detected. Objects suspected for virus infection were discovered An infected object was discovered.
  • Page 71 Appendix A sname=${bname%%.*} if [ ! -d $TEMP ]; then mkdir -p $TEMP ## tar if [ $suf == gz -o $suf == tgz ] ; then list=`tar -ztf $name` tar -C $TEMP -zxf $name $KAVKAVSCANNER -c $CONF -i3 $TEMP cd $TEMP tar -czf $sname.tgz * for i in $list...
  • Page 72 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server elif [ $suf == rar ] ; then list=`rar l $name` rar x $name $TEMP $KAVKAVSCANNER -c $CONF -i3 $TEMP cd $TEMP zip $sname.zip -r . echo $SPWD mv $TEMP/$sname.zip $SPWD/$sname.zip.cure rm -rf $TEMP...

  • Page 73: Appendix B. Malicious Programs In The Unix Environment

    APPENDIX B. MALICIOUS PROGRAMS IN THE UNIX ENVIRONMENT Viruses are much less common in Unix-system environments than, for example, in the Windows environment because of the features of these platforms. However, Trojan horses and Internet Worms are more widespread. Malicious programs spread themselves via networks, sometimes exploiting "loopholes"...

  • Page 74: Trojan Horses

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server ELF_SNOOPY – A virus that infects executable Unix files. The virus operation algorithm: This finds all the executables on the workstation, renames them changing their extension to .X23 and places them into the directory /E it creates.

  • Page 75: Internet Worms

    Appendix B A typical specimen of Unix-oriented Trojans is TROJ_IRCKILL – a Trojan that consists of a set of software tools used to disconnect users from IRC channels. This set includes four utilities used for attacks: FLOOD, MCB (Multiple Collide BOTs), SUMO BOTs, and FLASH –...
  • Page 76 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server Source of spreading: Via the network as a tgz archive. Operation algorithm: The worm sends a short piece of its code to remote computers using the problem of buffer overflow. After startup of the worm’s main component (the file start.sh) it sequentially downloads other components that detect the addresses of the attacked systems, using the buffer overflow problem.
  • Page 77 Appendix B Worm.Linux.Adm– An internet worm that infects Linux systems. The worm sends a short piece of its code to remote computers, executes it, then downloads the rest of its code and runs it. Source of spreading: Via the network. It spreads its copies (infects remote Linux systems) exploiting a “loophole”...

  • Page 78: Appendix C. Kaspersky Labs Ltd

    APPENDIX C. KASPERSKY LABS LTD. Founded in 1997, Kaspersky Labs has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e-mail messages, and hacker attacks.

  • Page 79: Other Kaspersky Labs Products

    Appendix C customer with 24-hour technical support service, which is available in several languages to accommodate its international clientele. C.1. Other Kaspersky Labs Products ® Kaspersky Anti-Virus Lite This is an optimal choice for even an unskilled user who wants to protect his/her home computer against viruses.
  • Page 80 ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server ® XP as well as MS Office 2000 applications. Kaspersky Anti-Virus Personal Pro includes an easy-to-use application for automatic retrieval of daily updates to the anti-virus database and the program modules. A second-generation heuristic ®...
  • Page 81 Appendix C anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using the HotSync™ technology. ® handheld (PDA) from unauthorized Kaspersky Security for PDA protects your intrusion by memory encrypting both access to the device and data stored on cards ®...

  • Page 82: Contact Us

    ® Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD File Server File and application servers running Windows NT 4.0 Server, Windows 2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD, OpenBSD and Linux; E-mail systems, including Microsoft Exchange Server 5.5/2000/2003, Lotus Notes/Domino, Sendmail, Postfix, Exim and Qmail; Data streams transmitted via firewalls;...
  • Page 83 Appendix C General WWW: http://www.kaspersky.com information http://www.viruslist.com E-mail: sales@kaspersky.com...

  • Page 84: Appendix D. Index

    APPENDIX D. INDEX Anti-virus database updating..6, 20, 22, Installation CD ........9 53, 62 License agreement......9 Distribution kit License key... 8, 15, 35, 36, 37, 53 Buy offline ........9 Quarantine ......6, 29, 60 Buy online ........9 Technical support .......

Table of Contents