1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS 5.0 - FOR SAMBA SERVERS
  6. Administrator's manual

KAPERSKY ANTI-VIRUS 5.0 - FOR LINUX WORKSTATION Administrator's Manual

Hide thumbs Also See for ANTI-VIRUS 5.0 - FOR LINUX WORKSTATION:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administrator's Manual, User Manual
K A S P E R S K Y L A B S
Kaspersky Anti-Virus 5.0
for Linux Workstation
ADMINISTRATOR'S GUIDE

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ANTI-VIRUS 5.0 - FOR LINUX WORKSTATION and is the answer not in the manual?

Questions and answers

Related Manuals for KAPERSKY ANTI-VIRUS 5.0 - FOR LINUX WORKSTATION

Summary of Contents for KAPERSKY ANTI-VIRUS 5.0 - FOR LINUX WORKSTATION

  • Page 1 K A S P E R S K Y L A B S Kaspersky Anti-Virus 5.0 for Linux Workstation ADMINISTRATOR’S GUIDE...
  • Page 2 K A S P E R S K Y A N T I - V I R U S 5 . 0 F O R L I N U X W O R K S T A T I O N Administrator's guide ...

  • Page 3: Table Of Contents

    Contents CHAPTER 1. KASPERSKY ANTI-VIRUS FOR LINUX WORKSTATION ....6 1.1. What’s new in version 5.0 ..................6 1.2. Licensing policy ..................... 8 1.3. Hardware and software requirements ..............8 1.4. Distribution kit ......................8 1.5. Help desk for registered users ................9 1.6.
  • Page 4 Kaspersky Anti-Virus for Linux Workstation 4.2.4. Advanced options: using script files............. 30 4.2.4.1. Cleaning infected objects in archives............ 30 4.2.4.2. Sending notifications to the administrator ..........32 4.3. License key management................... 33 4.3.1. Viewing the license key information............. 34 4.3.2. Renewing the license ................... 35 CHAPTER 5.
  • Page 5 Contents APPENDIX B. MALICIOUS PROGRAMS IN THE UNIX ENVIRONMENT....71 B.1. Viruses......................... 71 B.2. Trojan horses ...................... 72 B.3. Internet worms..................... 73 APPENDIX C. KASPERSKY LABS LTD..............76 C.1. Other Kaspersky Labs Products ............... 77 C.2. Contact Information..................... 80 APPENDIX D. INDEX ....................81...

  • Page 6: Chapter 1. Kaspersky Anti-Virus

    CHAPTER 1. KASPERSKY ANTI- VIRUS FOR LINUX WORKSTATION Kaspersky Anti-Virus for Linux Workstation (hereinafter also referred to as Kaspersky Anti-Virus for Linux) is designed for anti-virus file scanning in file systems of servers running under the Linux operating system. This software product allows the user to: Check for viruses in all mounted file systems.
  • Page 7 Kaspersky Anti-Virus for Linux Workstation All the product components have been transferred to the new antiviral engine, which reduces the load on workstations and servers but provides the same functionality. A number of drawbacks in Kaspersky Anti-Virus for Unix v. 4.0 related to its architectural features have been corrected.

  • Page 8: Licensing Policy

    Kaspersky Anti-Virus for Linux Workstation traffic protection, etc. Please read relevant details in para. 5.2.3 on p. 43). 1.2. Licensing policy Kaspersky Anti-Virus licensing policy includes a system of product use limitations based on product use duration (usually limited to one year from the date of purchase).

  • Page 9: Help Desk For Registered Users

    Kaspersky Anti-Virus for Linux Workstation A sealed envelope with an installation CD (or a set of floppy disks) containing software product files. Administrator’s guide. License key. Registration card (with printed serial number of the product). License agreement. Before you unseal the envelope containing the CD (or floppy disks), be sure to thoroughly review the license agreement.
  • Page 10 Kaspersky Anti-Virus for Linux Workstation Convention Meaning Bold font Menu titles, commands, window titles, dialog elements, etc. Note. Additional information, notes Attention! Very important information To do this, Actions that must be taken Step 1. … Example of a user defined task to be Task accomplished using this program.

  • Page 11: Chapter 2. Installing Kaspersky Anti-Virus

    CHAPTER 2. INSTALLING KASPERSKY ANTI-VIRUS Before you begin to install Kaspersky Anti-Virus for Unix, please prepare your system as follows: Make sure your system meets the hardware and software requirements of Kaspersky Anti-Virus (see section 1.3 on page 8). If some of the applications, such as Wget, are not installed we recommend installing them, otherwise some product functions will be unavailable.

  • Page 12: Starting The Installation Procedure

    Kaspersky Anti-Virus for Linux Workstation Installation of version 5.0 of the product without removing the earlier version. The stages of creating backup, updating to version 5.0, and concurrent installation are independent. Copying of the distribution package files to the server. Installation of the license key (only if not included in the distribution package).

  • Page 13: Creating A Backup Copy Of The Previous Distribution Package

    Installing Kaspersky Anti-Virus If no earlier version is installed on the server, then the process of copying distribution files to the server starts (see section 2.1.3 on page 15). If an earlier version of the product is found, the following message is output to the console: Previously installed components of Kaspersky AV found.

  • Page 14: Updating To Version 5.0

    Kaspersky Anti-Virus for Linux Workstation 2.1.2.2. Updating to version 5.0 The update procedure consists of converting the former profile of the anti-virus (file defUnix.prf) to the configuration file for version 5.0: Do you want to convert old settings to new config file? [yes] Answer ‘yes’...

  • Page 15: Copying The Distribution Files

    Installing Kaspersky Anti-Virus 2.1.3. Copying the distribution files In this stage, an interactive installation process starts that will copy the distribution files of Kaspersky Anti-Virus to your server. The package files are divided into several groups according to their purpose, for example: binary files, configuration files, initialization scripts etc.

  • Page 16: Completing The Installation

    Kaspersky Anti-Virus for Linux Workstation If the license key is detected, the installer outputs an appropriate message to the console and proceeds to the next stage – installation of the anti-virus database (see section 3.2 on page 20). If the license key is not detected, the installer suggests that you specify its full path.

  • Page 17: Installing The Program On A Server Running Linux

    Installing Kaspersky Anti-Virus <file | dir> <path> [size] where: file or dir is the file or the directory ID path – full name of the file or the directory size – file size (this parameter is not used for directories). Actions dealing with user’s answers to the installer questions are described by lines like this: <answer>...
  • Page 18 Kaspersky Anti-Virus for Linux Workstation A special deb-package is included for Linux Debian distribution package. To start the installation of Kaspersky Anti-Virus from the deb-package, type the following in the command line: dpkg –i <distribution_file_name> The procedure is similar to that of the rpm-package, except that the script /opt/kav/contrib/config.pl will be launched automatically.

  • Page 19: Chapter 3. Post-Installation Settings

    CHAPTER 3. POST-INSTALLATION SETTINGS During installation, the system on to which you install Kaspersky Anti-Virus is analyzed and some of its configuration parameters are set automatically. A number of parameters of the configuration file are set by default as the most suitable for the operation of the anti-virus program (see section 3.1 on page 19).

  • Page 20: Installing / Updating Anti-Virus Database

    Kaspersky Anti-Virus for Linux Workstation If any infected, suspicious or corrupted files are found, appropriate messages will be output to the console and the report file. Please note that by default any infected files the anti-virus program detects ARE NOT CLEANED! 3.2.
  • Page 21 Post-installation settings If you want to create an alternative configuration file using the Webmin program, you need to do the following: Specify the name of the alternative file on the Configuration tab (see Figure 1) in the field Full path to KAV config. Set the required parameters for file system antiviral protection on the appropriate tabs.

  • Page 22: Chapter 4. Working With Kaspersky Anti-Virus

    CHAPTER 4. WORKING WITH KASPERSKY ANTI-VIRUS The product’s functionality lies in the tasks that the administrator can perform with its help. The tasks implemented by Kaspersky Anti-Virus can be divided into three groups: Update of the anti-virus database used to scan for viruses and to clean any infected objects.

  • Page 23: Scheduling Anti-Virus Database Updating Using Cron

    Working with Kaspersky Anti-Virus another or at random), and attempts to download the anti-virus database. If the update from the selected address fails, the program tries the next address and makes another attempt to update the database. You can adjust the update servers list. For example, you may want to move the most frequently used server to the first position in the list, or delete those addresses that you never use.
  • Page 24 Kaspersky Anti-Virus for Linux Workstation Report level – Level of detail of the component work results report. Select Errors in the drop-down list. Append – Append the results of program operation to the end of the existing report file (system log in this case), If no value is entered in the Report file name field, then the program’s operation results will be saved in the system log.

  • Page 25: One-Time Update Of The Anti-Virus Database

    Working with Kaspersky Anti-Virus 4.1.2. One-time update of the anti-virus database You can start anti-virus database updating from the command line at any time. The object: to start anti-virus database updating and to save the results into the file /tmp/updatesreport.log. The solution: in order to accomplish the above objective, input the following in the command line: kavupdater –l /tmp/updatesreport.log...

  • Page 26: Antiviral Protection Of File Systems

    Kaspersky Anti-Virus for Linux Workstation Start anti-virus database updating: click the Start button for the Kaspersky Anti-Virus KeepUp2Date component on the Run Kaspersky Anti-Virus component tab (see Figure 3), Other KAV for Unix AV Run Figure 3. Run Kaspersky Anti-Virus component tab Edit the file /etc/kav/5.0/servers.lst, which contains the list of update servers, place the network directory /home/bases (where the database is stored) in the first position.

  • Page 27: Launching Directory Scan From The Command Line

    Working with Kaspersky Anti-Virus of an exceptionally informational nature (outputting the information to the log and to the server’s console, plus administrator notification) or can result in object changing (disinfection, quarantine, or deletion). All the settings of the kavscanner component are grouped in the options [scanner.*] of the kav4unix.conf configuration file (see section A.2 on page 56).

  • Page 28: Scheduled Daily Directory Scan

    Kaspersky Anti-Virus for Linux Workstation 4.2.2. Scheduled daily directory scan In the Unix family of operating systems, scheduled program start, including that of Kaspersky Anti-Virus tasks, is carried out using the cron utility. The object: every night at 12 a.m. start scanning the /home directory for viruses.
  • Page 29 Working with Kaspersky Anti-Virus The solution: in order to accomplish the above objective, do the following: Set the program to move the objects to quarantine. To do so, enter the line provided below in the On infected parameter input field in the sections Object action and Container action on the Kasperksy Anti-Virus Scanner tab of the Webmin program (see Figure 4):...

  • Page 30: Advanced Options: Using Script Files

    Kaspersky Anti-Virus for Linux Workstation exec mv %FULLPATH%/%FILENAME% /tmp/infected/%FILENAME%; chmod –x /tmp/infected/%FILENAME% In the sections [object] and [container] of the configuration file /etc/kav/kavscanner.conf enter the following line as an infected objects processing rule: OnInfected=exec mv %FULLPATH%/%FILENAME% /tmp/infected/%FILENAME%; chmod –x /tmp/infected/%FILENAME% 4.2.4.
  • Page 31 Working with Kaspersky Anti-Virus exec /tmp/kavscanner/test/vox.sh \ %FULLPATH%/%FILENAME% Press the Start button for the Kaspersky Anti-Virus On-Demand Scanner component Kaspersky Anti-Virus component tab (see Figure 3) to start scanning the server’s file system with the above settings. If necessary, limit the scan area: in the Scan path parameter input field in the Startup options window (see Figure 5) specify the path to the directory to start scanning from, then click Start.

  • Page 32: Sending Notifications To The Administrator

    Kaspersky Anti-Virus for Linux Workstation Other KAV for Unix AV Run+Start Figure 5. Scan area definition tab Create an alternative file kavscanner.conf.in. In the [container] section of this file set the following line as the infected objects processing rule: OnInfected=exec /tmp/kavscanner/test/vox.sh %FULLPATH%/%FILENAME% In the command line type: # kavscanner –c kavscanner.conf.in –ePASE –qR...

  • Page 33: License Key Management

    Working with Kaspersky Anti-Virus OnInfected=exec echo %FULLPATH%/%FILENAME% is infected by %VIRUSNAME% | mail -s kavscanner admin@localhost.ru [scanner.container] OnInfected=exec echo archive %FULLPATH%/%FILENAME% is infected, viruses list is in the attached file %LIST% | mail -s kavscanner -a %LIST% admin@localhost.ru Set the actions to be applied to infected component objects. To do so, enter the line provided below in the On infected parameter input field in the section Object action on the Kasperksy Anti- Virus Scanner tab of the Webmin program (see Figure 4):...

  • Page 34: Viewing The License Key Information

    Kaspersky Anti-Virus for Linux Workstation When the license expires, these services are automatically disabled. Kaspersky Anti-Virus will continue providing anti-virus processing of the server’s file systems, but it will only use the anti-virus database that was current at the time of license expiration.

  • Page 35: Renewing The License

    Working with Kaspersky Anti-Virus Other KAV for Unix Keys Info Figure 6. License information In order to view key information, do the following: In the command line type, for example: licenseviewer –k 0003D3EA.key The following information will be output to the console: Kaspersky license viewer Version 5.0 Copyright (C) Kaspersky Labs.
  • Page 36 Kaspersky Anti-Virus for Linux Workstation Contact the company you purchased the product from and pay for Kaspersky Anti-Virus license renewal, Renew the license directly with Kaspersky Labs. To do so please write to our sales department (sales@kaspersky.com) or fill in the appropriate form on our web site (www.kaspersky.com) in the section Buy on-line ! For Linux users.

  • Page 37: Chapter 5. Advanced Settings

    CHAPTER 5. ADVANCED SETTINGS In this section we shall consider advanced settings of Kaspersky Anti-Virus functions. Unlike the required settings (see Chapter 3 on page 19), without which the product cannot be used, advanced settings are made as administrator’s options. They can help to extend the product’s functionality and set it up for certain business specifics.

  • Page 38: File Check And Disinfection Mode

    Kaspersky Anti-Virus for Linux Workstation When launching the component, list directories and files with absolute or relative (to the current directory) paths to them directly in the command line, separating them by spaces. Set scan paths in a text file and specify the file name in the command line -@ <file_name>.

  • Page 39: Actions Taken With The Files

    Advanced settings Clear – No viruses were detected in the file. Infected – The file is infected. Warning – The code of the file is similar to that of a known virus. Suspicious – The code of the file is similar to that of an unknown virus. Corrupted –...

  • Page 40: Setting Up File Scanning Parameters For The Aveserver And Aveclient Components

    Kaspersky Anti-Virus for Linux Workstation Actions taken with these two kinds of object are different too; they are separated in different sections in the configuration file. For simple objects – [scanner.object] section, for compound ones – [scanner.container]. Actions taken to self-extracting archives are ambiguous. If the archive itself is infected, it is treated as a simple object, but if the objects inside it are infected then it is considered a compound object.

  • Page 41: Operation Mechanism Of Aveserver And Aveclient

    Advanced settings The aveclient component receives a request for file scanning from the command line, transfers it to the daemon and then outputs a report on scanning results in the form most suitable for its further processing by various scripts. Such application architecture allows a considerable decrease of the time it takes to perform anti-virus scanning of several files.
  • Page 42 Kaspersky Anti-Virus for Linux Workstation section). Therefore proper functioning of the aveclient component requires mandatory indication of the socket path using the -p<path> command line option. The component can accomplish the following tasks: It can detect whether aveserver is running. If it is, the client component can output on-screen information about the date of the most recent update effected for the anti-virus databases and the number of records therein.

  • Page 43: Additional Opportunities For Integration With Third Party Software

    Advanced settings where: <file name> represents the name of the file being scanned <status> represents the file status If viruses have been detected in a file (Warnings or Suspicions status) or successfully removed from it, a corresponding list will be output to screen. The list will consist of one of the words: LINFECTED, LCURED, LWARNING, LSUSPICION, followed by a tab-separated list of names for the respective viruses.

  • Page 44: Parameters Of Kaspersky Anti-Virus Report Generation

    Kaspersky Anti-Virus for Linux Workstation By default, Kaspersky Anti-Virus uses the formats of time and date conforming to the strftime standard: %H:%M:%S – Displayed time format. %d/%m/%y – Displayed date format. The administrator is provided with the option of changing the format of time and date representation.
  • Page 45 Advanced settings Level name in Levels Value Webmin Errors Information regarding other errors, including those not causing components to terminate, e.g. information regarding a file scanning failure. Info Important information messages e.g. whether the component is running or not, the path to the configuration file, scan...

  • Page 46: Format Of Scanning Messages Output By Kavscanner

    Kaspersky Anti-Virus for Linux Workstation Below is a detailed explanation of each message type and format. 5.4.1. Format of scanning messages output by kavscanner Messages about scanning are only generated for the components and kavscanner. The format of the report regarding file scanning depends on the object type (simple or compound) to which it belongs.

  • Page 47: Format Of Other Messages Output By Kavscanner

    Advanced settings Event/Result Value CURED (only with The file was infected and was successfully disinfection mode cleaned. enabled) INFECTED The file is infected by one or more viruses. No request for disinfection. CUREFAILED (only The file is infected by one or more viruses. Request with disinfection mode for disinfection is present, but disinfection of the file enabled)

  • Page 48: Format Of Kavscanner Console Messages

    Kaspersky Anti-Virus for Linux Workstation Scan summary: Files=num Folders=num Archives=num Packed=num Infected=num Warnings=num Suspicious=num Cured=num CureFailed=num Corrupted=num Protected=num Error=num ScanTime=hh:mm:ss ScanSpeed=speed Kb/s Messages about actions taken to files: File relocation: File src_file_name moved to dst_file_name File deletion: File file_name removed Information regarding the action taken to a file: Command executed_string for file file_name was executed with code ret_code...
  • Page 49 Advanced settings The scanning report detail level is adjusted by the key –x<option> in the command line on condition that the [display] section is present.

  • Page 50: Chapter 6. Questions And Answers

    CHAPTER 6. QUESTIONS AND ANSWERS This chapter contains FAQs about installation, setting up, and use of Kaspersky Anti-Virus. Question: Does the program support X architecture processors (PowerPC, SPARC, Alpha, PA-RISC etc.)? These processors are not supported in the current version of the software product.
  • Page 51 Questions and answers Question: Why do I need the key file? Will my copy of the anti-virus program work without it? No, Kaspersky Anti-Virus does not work without a license key. If you are still deciding whether or not to purchase Kaspersky Anti-Virus, we can provide you with a temporary key file (trial key), which will only work for two weeks or a month.
  • Page 52 Kaspersky Anti-Virus for Linux Workstation Question: My anti-virus program does not work. What should I do? First, check if a solution for your problem is provided in this document, in particular, in this section or on our website (Services ! For customers ! Technical support ! On-line support).
  • Page 53 Questions and answers Less than 64 Mb or more than 2 Gb of RAM. Specify the approximate amount of daily traffic and whether or not the server has peak loads. Question: How can I save the program’s console output to a file? In order to save the information output to the console by Kaspersky Anti-Virus during its operation you can either make the appropriate settings in the configuration file (see section A.2 on page 56) or type the...

  • Page 54: Chapter 7. Uninstalling Kaspersky Anti-Virus

    CHAPTER 7. UNINSTALLING KASPERSKY ANTI-VIRUS To uninstall Kaspersky Anti-Virus for Unix the following is required: Superuser rights (root or any other user with UID=0). If you do not have such rights when you wish to uninstall the program, you will have to log on as the root user.

  • Page 55: Appendix A. Supplementary Information About The Product

    APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT These supplementary notes include a description of the directory tree of Kaspersky Anti-Virus distribution after installation, a description of the configuration file, and a description of command line keys for every component and their return codes. An example script file for virus removal is also provided . A.1.

  • Page 56: Kaspersky Anti-Virus Configuration File

    Kaspersky Anti-Virus for Linux Workstation /var/db/kav/5.0/kav4unix/bases.backup – The directory where the anti-virus database is stored that was current before the last update. /var/db/kav/5.0/kav4unix/keys – The directory where the license keys are stored. /var/run/aveserver – Local socket used for connection with the aveserver process /var/run/aveserver.pid –...
  • Page 57 Appendix A DateFormat=%d/%m/%y – The format of date representation according to strftime. You can change the format of date representation to the following: %y/%m/%d or %m/%d/%y. The [scanner.options] section contains the server’s file system scanning parameters: ExcludeMask=mask1:mask2:...:maskN – Masks of the files to be excluded from scanning.
  • Page 58 Kaspersky Anti-Virus for Linux Workstation OnWarning=action – Actions to be taken in the event of detection of a file with a code similar to that of a known virus. OnCorrupted=action – Actions to be taken in the event of corrupted file detection.
  • Page 59 Appendix A %LIST% – File name or the list of infected, suspicious, and corrupted files detected in the container. The file has the following format: <virus name>\t<file name>. %FULLPATH% – Full path to the container. %FILENAME% – The file name without the path. %CONTAINERTYPE% –...
  • Page 60 Kaspersky Anti-Virus for Linux Workstation The [updater.options] section contains parameters of the kavupdater component work: ExtraWgetOptions – Advanced options of the Wget package. KeepSilent=no – The mode in which information regarding the kavupdater component operation is output to the console. To disable the mode set the parameter to yes.

  • Page 61: Command Line Keys For The Kavscanner Component

    Appendix A ReportFileName=/tmp/aveserver.log – The name for the report file in which the results of component actions are to be recorded. Append=yes – The append mode for new messages added to the report file. Use the no value to disable the mode. ReportLevel=10 –...
  • Page 62 Kaspersky Anti-Virus for Linux Workstation Enable/disable scanning of plain text messages. Enable/disable heuristic code analyzer. –r/R Enable/disable recursive scanning. –l Only scan local file systems. Report generation options: –q Do not output messages to the console. –o name Sets the name of the file to which component work results should be output.
  • Page 63 Appendix A –m<option> Sets the level of detail of the scanning report output to the report file. The following modes can be used as the <option>: Short/extended format of messages regarding scanning of a simple object. Short/extended format of messages regarding scanning of an archive.

  • Page 64: The Kavscanner Component Return Codes

    Kaspersky Anti-Virus for Linux Workstation whole container. –i4 Delete infected objects and containers. A.4. The kavscanner component return codes During its work, the kavscanner component can return the following codes: No viruses were detected. All the infected objects were cleaned. Password-protected archives were detected.

  • Page 65: Command Line Keys For The Licenseviewer Component

    Appendix A The kavscanner component is corrupted and cannot be recovered. A.5. Command line keys for the licenseviewer component Help options: –h Output help on the licenseviewer component to the console. Options used during work with the license keys: –s Output information regarding all the installed license keys to the console.

  • Page 66: The Kavupdater Component Return Codes

    Kaspersky Anti-Virus for Linux Workstation –s <file_path> Use the update servers list specified in the file <file_path>. –b <path> Prior to updating, copy the existing anti-virus database to the directory <path>. –t <path> Use the <path> directory to store temporary files. Report generation options: –l <file_path>...

  • Page 67: Command Line Keys For The Aveclient Component

    Appendix A A.8. Command line keys for the aveclient component Help options: –h Output help on the component to the console. –v Display program version and terminate. Report generation options: –q Do not display any messages (except for error messages). File processing options: –с...

  • Page 68: A Sample Script File (Vox.sh) For Disinfecting Tar- And Zip-Archives

    Kaspersky Anti-Virus for Linux Workstation No viruses were detected. Connection with aveserver could not be established. Files with code similar to that of known viruses were detected. Objects suspected for virus infection were discovered An infected object was discovered. All found infected objects have been cured successfully. Indefinite scanning result: the file is either password-protected or encrypted.
  • Page 69 Appendix A sname=${bname%%.*} if [ ! -d $TEMP ]; then mkdir -p $TEMP ## tar if [ $suf == gz -o $suf == tgz ] ; then list=`tar -ztf $name` tar -C $TEMP -zxf $name $KAVKAVSCANNER -c $CONF -i3 $TEMP cd $TEMP tar -czf $sname.tgz * for i in $list...
  • Page 70 Kaspersky Anti-Virus for Linux Workstation elif [ $suf == rar ] ; then list=`rar l $name` rar x $name $TEMP $KAVKAVSCANNER -c $CONF -i3 $TEMP cd $TEMP zip $sname.zip -r . echo $SPWD mv $TEMP/$sname.zip $SPWD/$sname.zip.cure rm -rf $TEMP...

  • Page 71: Appendix B. Malicious Programs In The Unix Environment

    APPENDIX B. MALICIOUS PROGRAMS IN THE UNIX ENVIRONMENT Viruses are much less common in Unix-system environments than, for example, in the Windows environment because of the features of these platforms. However, Trojan horses and Internet Worms are more widespread. Malicious programs spread themselves via networks, sometimes exploiting "loopholes"...

  • Page 72: Trojan Horses

    Kaspersky Anti-Virus for Linux Workstation ELF_SNOOPY – A virus that infects executable Unix files. The virus operation algorithm: This finds all the executables on the workstation, renames them changing their extension to .X23 and places them into the directory /E it creates. Then the virus copies its code into the original files and changes their attributes to 777.

  • Page 73: Internet Worms

    Appendix B A typical specimen of Unix-oriented Trojans is TROJ_IRCKILL – a Trojan that consists of a set of software tools used to disconnect users from IRC channels. This set includes four utilities used for attacks: FLOOD, MCB (Multiple Collide BOTs), SUMO BOTs, and FLASH –...
  • Page 74 Kaspersky Anti-Virus for Linux Workstation Source of spreading: Via the network as a tgz archive. Operation algorithm: The worm sends a short piece of its code to remote computers using the problem of buffer overflow. After startup of the worm’s main component (the file start.sh) it sequentially downloads other components that detect the addresses of the attacked systems, using the buffer overflow problem.
  • Page 75 Appendix B Worm.Linux.Adm– An internet worm that infects Linux systems. The worm sends a short piece of its code to remote computers, executes it, then downloads the rest of its code and runs it. Source of spreading: Via the network. It spreads its copies (infects remote Linux systems) exploiting a “loophole”...

  • Page 76: Appendix C. Kaspersky Labs Ltd

    APPENDIX C. KASPERSKY LABS LTD. Kaspersky Labs is a privately-owned, international, anti-virus software- development group of companies headquartered in Moscow (Russia), and representative offices in the United Kingdom, United States of America, China, France and Poland. Founded in 1997, Kaspersky Labs concentrates its efforts on the development, marketing and distribution of leading-edge information security technologies and computer software.

  • Page 77: Other Kaspersky Labs Products

    Appendix C C.1. Other Kaspersky Labs Products Kaspersky® Anti-Virus Lite The program is the easiest to use Kaspersky Labs anti-virus product, and is developed for protection of home computers running Windows 95/98/Me, Windows 2000/NT Workstation, Windows XP. Kaspersky® Anti-Virus Lite includes: Anti-virus scanner, which provides a comprehensive check of all local and network drive contents on demand...
  • Page 78 Kaspersky Anti-Virus for Linux Workstation Integrity checker , which traces content changes on your hard drive and allows the complete recovery of modified files and boot sectors on demand Behavior blocker , which guarantees 100% protection from destructive macro-viruses. Kaspersky® Anti-Hacker Kaspersky®...
  • Page 79 Appendix C Kaspersky® Anti-Virus Business Optimal includes full-scale anti-virus protection for: workstations running Windows 95/98/ME, Windows NT/2000 Workstation, Windows XP, Linux file and application servers running Windows NT/2000 Server, Linux, Solaris, Novell NetWare, FreeBSD, BSDi, OpenBSD mail gateways MS Exchange Server 5.5/2000, Lotus Notes/Domino You can choose the anti-virus program that is most appropriate to the operating systems and applications you use.

  • Page 80: Contact Information

    Kaspersky Anti-Virus for Linux Workstation Kaspersky® Anti-Spam acts as a filter installed at a network entrance where it verifies incoming e-mail traffic streams for objects identified as spam. The software is compatible with any mail system already used in the customer‘s company, and can be installed both on existing mail server or a dedicated one.

  • Page 81: Appendix D. Index

    APPENDIX D. INDEX Anti-virus database updating..5, 20, 22, License agreement......8 48, 56, 57 License key....6, 15, 33, 34, 36, 48 Distribution kit Quarantine ......5, 28, 54 Buy offline ........7 Buy online ........8 Technical support ....... 8 Technical support service ....

Table of Contents