KAPERSKY ANTI-VIRUS 5.1 - FOR MICROSOFT ISA SERVER Administrator's Manual

Advertisement

Quick Links

K A S P E R S K Y L A B S
Kaspersky Anti-Virus
5.1
®
for Microsoft ISA Server
Administrator's guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ANTI-VIRUS 5.1 - FOR MICROSOFT ISA SERVER and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for KAPERSKY ANTI-VIRUS 5.1 - FOR MICROSOFT ISA SERVER

  • Page 1 K A S P E R S K Y L A B S Kaspersky Anti-Virus ® for Microsoft ISA Server Administrator’s guide...
  • Page 2 ® K A S P E R S K Y A N T I - V I R U S 5 . 1 F O R M S I S A S E R V E R Administrator’s Guide  Kaspersky Labs Ltd. http://www.kaspersky.com Edition date: July 2004...
  • Page 3: Table Of Contents

    Contents ® CHAPTER 1. KASPERSKY ANTI-VIRUS FOR MS ISA SERVER......4 1.1. Hardware and software requirements ..............5 1.2. Distribution kit ......................6 1.3. Help Desk for registered users................6 1.4. Conventions......................7 CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS ..........8 CHAPTER 3.
  • Page 4 Kaspersky Anti-Virus for MS ISA Server 4.6.1. Recording and viewing statistics ..............42 4.6.2. Notifying the administrator using ISA Server Alerts........45 4.6.3. Configuring diagnostics options for the application ........46 4.7. Managing license keys..................48 4.7.1. Renewing your license ................. 49 4.7.2.
  • Page 5: Chapter 1. Kaspersky Anti-Virus ® For Ms Isa Server

    Chapter 1. Kaspersky Anti- Virus for MS ISA Server ® ® Kaspersky Anti-Virus for Microsoft ISA Server (hereafter, also Kaspersky ® Anti-Virus for ISA Servers) is a system of anti-virus control for files transferred using the HTTP and FTP protocols via the Microsoft Internet Security and Acceleration Server.
  • Page 6: Hardware And Software Requirements

    Kaspersky Anti-Virus for MS ISA Server anti-virus policy settings for each of the groups created. This can signifi- cantly speed up the scanning process. • Create a list of trusted servers for one or several groups of users; the traf- fic from these servers will be excluded from scanning for viruses.
  • Page 7: Distribution Kit

    ® Kaspersky Anti-Virus for MS ISA Server 1.2. Distribution kit ® You can purchase Kaspersky Anti-Virus for MS ISA Server either from our distributors (retail box) or online at one of our Internet shops (for example, www.kaspersky.com – select the E store link). The retail box includes: •...
  • Page 8: Conventions

    Kaspersky Anti-Virus for MS ISA Server • new versions of this anti-virus software product provided free of charge; • phone or e-mail advice on matters related to the installation, configuration, and operation of this anti-virus product; • information about new Kaspersky Labs products and about new computer viruses (for those who subscribe to the Kaspersky Labs newsletter).
  • Page 9: Chapter 2. Typical Deployment Scenarios

    Chapter 2. Typical Deployment scenarios A typical scenario for deploying ISA Server and most of its services is as follows: the administrator installs the application on the ISA Server computer, and the ISA administration tool on a remote computer (as a rule, an administrator’s workstation).
  • Page 10 Kaspersky Anti-Virus for MS ISA Server ® The following Kaspersky Anti-Virus filters can optionally be added to the system: • Kaspersky Anti-Virus FTP Application Filter. • Kaspersky Anti-Virus Web Filter. • Kaspersky Anti-Virus HTTP Application Filter. Table 1 shows filter options for the three ISA Server modes. Table 1 Filters Proxy...
  • Page 11 Typical Deployment scenarios Figure 1. Processing of data streams by Kaspersky Anti-Virus for MS ISA Server...
  • Page 12: Chapter 3. How To Install The Application

    Chapter 3. How to install the application ® To correctly install the Kaspersky Anti-Virus application, you should first properly configure HTTP Redirector Filter and FTP Access Filter of the ISA Server and then install the application on your computer. 3.1. Configuring ISA Server before installing the application The MS ISA Server console provides a number of standard filters for controlling data packets received from the Internet.
  • Page 13: Installing Kaspersky Anti-Virus

    How to install the application For FTP Access Filter, click Enable this filter in the FTP Access Filter Properties dialog box. For HTTP Redirector Filter, click Enable this filter on the General tab of the HTTP Redirector Filter Properties dialog box. Then, on the Options tab, select Send to requested Web server, if MS ISA Server is operating in Firewall mode.
  • Page 14 Kaspersky Anti-Virus for MS ISA Server installation or custom installation (Fig. 2). If you are installing the entire ® Kaspersky Anti-Virus application (anti-virus kernel, administration tools, etc.) on an MS ISA Server computer, select complete installation. ® If you want to install a separate component of Kaspersky Anti-Virus , select custom installation.
  • Page 15 How to install the application Figure 3. Custom Setup. Installing the administration console Step 4. Anti-virus kernel settings In this installation step, you must define the anti-virus protection settings that will be used as default values (Fig. 4). The following settings can be adjusted: •...
  • Page 16 Kaspersky Anti-Virus for MS ISA Server Figure 4. Default settings for the program Immediately after this stage is completed, the program will start copying files to your computer. Step 5. Completing the setup ® The last step of Kaspersky Anti-Virus installation is restarting MS ISA Server.
  • Page 17: Reinstalling

    How to install the application Figure 5. Complete the setup 3.2.2. Reinstalling Kaspersky Anti-Virus for ISA Server must be reinstalled if the first installation of the application was incorrect or if you want to install a component of Kaspersky ® Anti-Virus To correctly install the anti-virus application, select Repair in the dialog box that appears on your screen (Fig.
  • Page 18: Troubleshooting Installation Problems

    Kaspersky Anti-Virus for MS ISA Server Figure 6. Selecting the reinstallation mode To install an individual component of the anti-virus application on your computer, select Modify. After this, the custom installation dialog box will appear (Fig. 3). To con- tinue with setup, follow the steps described for the first installation. 3.2.3.
  • Page 19 How to install the application This error occurs when the program fails register performance counters during the installation of Kaspersky ® Anti-Virus These performance counters are used in the Windows 2000 operating system to view the statistics of application performance. Figure 7.
  • Page 20: Chapter 4. Using Kaspersky Anti-Virus ® For Isa Server

    Chapter 4. Using Kaspersky Anti-Virus for ISA Server ® ® The installation package installs Kaspersky Anti-Virus according to the current mode of your ISA Server. After the application is installed, you can immediately start scanning data streams because all the parameters necessary for the scan have been already set by default.
  • Page 21 ® Using Kaspersky Anti-Virus for ISA Server (%ERR%)</p> </body> </html> • Message sent to the client about detection of a malicious object: <html> <head> <title>Kaspersky Anti-Virus for Microsoft ISA Server</title> </head> <body> <h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1> <p>The requested URL "%URL%" is infected with %VIRUSNAME% virus</p>...
  • Page 22: Managing Scans

    Kaspersky Anti-Virus for MS ISA Server ® the system log on the computer running Kaspersky Anti-Virus for ISA Server. • The Updating tab (see section 4.3 on page 38) contains settings for up- dating the anti-virus database and the frequency of its updating. By de- fault, updating starts every day at 11:15 p.m.
  • Page 23: Configuring General Settings Of Anti-Virus Scanning

    ® Using Kaspersky Anti-Virus for ISA Server Figure 10. The Kaspersky Anti-Virus for MS ISA Server main window Figure 11. Shortcut menu 4.2.1. Configuring general settings of anti- virus scanning The administrator may need to change general settings of anti-virus protection. To edit general settings of anti-virus scanning:...
  • Page 24: General Settings

    Kaspersky Anti-Virus for MS ISA Server ® In the Kaspersky Anti-Virus main window, select Edit Kaspersky Anti- Virus settings to open the Properties of Kaspersky Anti-Virus for ISA Server dialog box. The general settings of anti-virus scanning are available on the Anti-Virus, HTTP, and FTP tabs.
  • Page 25 ® Using Kaspersky Anti-Virus for ISA Server • Temporary files. When protection of archives and compressed executable ® files is enabled, Kaspersky Anti-Virus places the extracted files in the temporary folder. After scanning, the temporary files are deleted. ® Kaspersky Anti-Virus for MS ISA Server can run simultaneously with other anti-virus programs in order to protect the file system of your ®...
  • Page 26: Settings For Http Scanning

    Kaspersky Anti-Virus for MS ISA Server • If you want to scan compressed executable files, check the Scan com- pressed executable files box. As for archives, if this option is disabled, executable files will be scanned as uncompressed. The program will detect only those viruses that have penetrated the compressed file.
  • Page 27: Settings For Ftp Scanning

    ® Using Kaspersky Anti-Virus for ISA Server • If an infected file has been detected and disinfected before the first chunk of data containing a part of this file was sent to the client, the client receives the disinfected file. •...
  • Page 28: Managing Groups

    Kaspersky Anti-Virus for MS ISA Server In addition to the anti-virus protection mode, you can specify the amount of data transmitted via the FTP protocol and collected by the server for subsequent analysis. After the server receives the specified amount of data, the data is sent to the client.
  • Page 29 ® Using Kaspersky Anti-Virus for ISA Server ® In the present version of Kaspersky Anti-Virus , clients are defined by their IP address or a group of IP addresses. Clients with a specified IP address can be computers with pre-set network services and static IP addresses, for example, mail servers.
  • Page 30 Kaspersky Anti-Virus for MS ISA Server In the Create a Group dialog box (Fig. 16), enter the name and description of the new group. Figure 16. Creating a new group In the next dialog box (Fig. 17), click Add clients … Figure 17.
  • Page 31 ® Using Kaspersky Anti-Virus for ISA Server Figure 18. The Clients dialog box If you select New…, you will see the Client Properties dialog box (Fig. 19). In this dialog box, fill in the Client name field and select one of the following options: •...
  • Page 32 Kaspersky Anti-Virus for MS ISA Server The newly created group is assigned to the default policy. To change the description and contents of the clients in a group: Select the required group in the Manage groups of Kaspersky Anti- Virus clients (Fig. 15) and click Edit group properties. This will open the Group properties dialog box.
  • Page 33: Specifying Policies For Anti-Virus Scanning

    ® Using Kaspersky Anti-Virus for ISA Server 4.2.3. Specifying policies for anti-virus scanning A specific policy can be assigned to each group of clients. The anti-virus policies define additional settings of filtering incoming traffic for different groups of clients, thus increasing the speed of anti-virus scanning. Only one policy can be assigned to each group.
  • Page 34 Kaspersky Anti-Virus for MS ISA Server Figure 23. Creating a new policy In the next dialog box (Fig. 24), click Add group and select a group of clients to be assigned to the new policy. Figure 24. Adding a group of clients In the Add Trusted Servers to a Policy dialog box (Fig.
  • Page 35 ® Using Kaspersky Anti-Virus for ISA Server Figure 25. Adding trusted servers The Add Trusted Object Types to a Policy dialog box (Fig. 26) will appear on your screen. In this dialog box, click Add a object type to add a type of object to be excluded from anti-virus scanning (see section 4.2.3.2 on page 37 for more details).
  • Page 36 Kaspersky Anti-Virus for MS ISA Server On the General tab of the new dialog box (Fig. 27), you can rename the policy and change its description. On the Groups tab (Fig. 28), you can change the list of groups assigned to this policy, add a new group to the list of groups, or delete a group from the list.
  • Page 37: Managing A List Of Trusted Servers

    ® Using Kaspersky Anti-Virus for ISA Server To delete a policy: In the Manage Kaspersky Anti-Virus policies dialog box (Fig. 22), se- lect a policy and click Delete a policy. After a policy is deleted, all groups of clients assigned to this policy are automatically assigned to the default policy.
  • Page 38: Creating A List Of Objects Excluded From Scans

    Kaspersky Anti-Virus for MS ISA Server Figure 31. Adding a trusted server To delete a trusted server from the list, click the corresponding button on the Servers tab. 4.2.3.2. Creating a list of objects excluded from scans Reducing the types of object excluded from anti-virus scans, as well as the list of trusted servers, in turn reduces the load on the resources of the ISA Server computer.
  • Page 39: Updating The Anti-Virus Database

    ® Using Kaspersky Anti-Virus for ISA Server 4.3. Updating the anti-virus database Updates to your anti-virus database can be downloaded on demand or automatically (scheduled). The updated anti-virus database can be downloaded from: • the Internet via the FTP or HTTP protocol from Kaspersky Labs update servers;...
  • Page 40 Kaspersky Anti-Virus for MS ISA Server Click Settings for updating from Internet… to define the source of updates. In the new dialog box (Fig. 34): • Choose Select update server automatically if you want to re- trieve updates from a random server. •...
  • Page 41: Scheduled Updating Of The Anti-Virus Database

    ® Using Kaspersky Anti-Virus for ISA Server To update your anti-virus database from a local folder: Select Update from a local or shared folder and enter the full path to the desired folder. The results of each database updating session are saved in the updater.log file. In the Path to updating log field, change the name and location of the report log.
  • Page 42 Kaspersky Anti-Virus for MS ISA Server Messages are formed only if the malicious object was detected by Kaspersky Anti-Virus Web Filter or Kaspersky Anti-Virus HTTP Ap- plication Filter. The following is the default message created in the Message sent to the client about detection of a malicious object field (Fig.
  • Page 43: Testing Kaspersky Anti-Virus Operation

    ® Using Kaspersky Anti-Virus for ISA Server 4.5. Testing Kaspersky Anti-Virus ® operation ® After installing and adjusting Kaspersky Anti-Virus , we recommend that you test its settings and operation of the program using a test “virus” or its modifications. The test virus was specially designed by the organization (The European Institute for Computer Antivirus Research) for testing anti-virus...
  • Page 44 Kaspersky Anti-Virus for MS ISA Server Performance console (Start -> Settings -> Control Panel -> Administration Tools -> Performance). The following performance parameters are logged: • Disinfected objects. • Infected (not cured) objects. • Corrupted objects. • Unscanned objects. • Scan errors.
  • Page 45 ® Using Kaspersky Anti-Virus for ISA Server Figure 35. Customizing statistics The following settings are required to view counters from a remote com- puter! To view statistics from a remote computer, you must be granted the ® following permissions on the computer where Kaspersky Anti-Virus MS ISA Server is installed: •...
  • Page 46: Notifying The Administrator Using Isa Server Alerts

    Kaspersky Anti-Virus for MS ISA Server Profile Single Process. The above list of permissions is described in Microsoft Knowledge Base Article Q158438 at http://support.microsoft.com/default.aspx?kbid=158438 By default, these permissions are granted to users from the Ad- ® ministrators group on the computer where Kaspersky Anti-Virus for MS ISA Server is installed.
  • Page 47: Configuring Diagnostics Options For The Application

    ® Using Kaspersky Anti-Virus for ISA Server The administrator must immediately response to some critical events related to ® Kaspersky Anti-Virus performance. For example, a critical event is Your license expires in 14 days (see Figure 36). Kaspersky Anti-Virus critical events are added to the existing list of critical events after the application is installed on the server.
  • Page 48 Kaspersky Anti-Virus for MS ISA Server ® viruslogDATE.log – Kaspersky Anti-Virus log file that stores information about malicious objects detected during scans. You can custom the report detail level on the Diagnostics tab (see Figure 37). Time of events, written to the above-listed event logs, is displayed in Universal Coordinated Time (UTC) format ®...
  • Page 49: Managing License Keys

    ® Using Kaspersky Anti-Virus for ISA Server • Medium – In addition to main event, log additional events describing ® Kaspersky Anti-Virus performance in more detail (for example, errors when connecting to update servers). • Maximum – Log all possible information on application performance, ex- cept for debugging messages.
  • Page 50: Renewing Your License

    Kaspersky Anti-Virus for MS ISA Server 4.7.1. Renewing your license If your license has expired, you need to renew it to restore the functionality of the ® program, i. e., you must purchase a new license key. Kaspersky Anti-Virus will not update the anti-virus database until your license is renewed, and, hence we do not guarantee 100% protection from viruses.
  • Page 51: Removing A License Key

    ® Using Kaspersky Anti-Virus for ISA Server To install a new license key: Click Add and select the new license key file (*.key) in the file selection dialog box that appears on your screen. If you want the program to send you reminders about the expiry of the license: Enter the corresponding number of days in the special field.
  • Page 52: Chapter 5. Troubleshooting

    Chapter 5. Troubleshooting ® Why does Kaspersky Anti-Virus cause a certain decrease of server performance, noticeably loading the CPU? Virus detection is a purely computational (mathematical) problem con- nected with structural analysis, checksum calculation and mathematical data conversions. Therefore processor time is the main resource con- sumed by the anti-virus software.
  • Page 53 ® Using Kaspersky Anti-Virus for ISA Server ® After expiration of the license Kaspersky Anti-Virus will continue operating, but anti-virus database updating will be disabled. The anti- virus program will continue cleaning infected objects but only using the old anti-virus database. It will be impossible to download anti-virus database updates from ®...
  • Page 54 Kaspersky Anti-Virus for MS ISA Server To make sure your request is answered as soon as possible follow these suggestions: In the message header specify your server’s operating system, the name of the component you are experiencing problems with, and briefly describe the problem.
  • Page 55: Appendix A. Glossary

    Appendix A. Glossary This documentation uses some terms specific to anti-virus protection. The glossary is a list of definitions of these terms. The glossary entries are arranged in alphabetical order for ease of use. А Administrator console – an application providing a user interface for ®...
  • Page 56 Appendix B. Kaspersky Lab Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.
  • Page 57: Other Kaspersky Labs Products

    Error! Reference source not found. B.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal ® Kaspersky Anti-Virus Personal protects home computers running Windows 98/ME, 2000/NT/XP from all types of known viruses, including Riskware. The program constantly checks all possible sources of virus penetration, such as e- mail, Internet, floppy disks, CDs, etc.
  • Page 58 Kaspersky Anti-Virus for MS ISA Server ® Kaspersky Anti-Virus Personal Pro features: • on-demand scans of local disks to detect all possible kinds of viruses; • automatic real-time protection of all files from viruses; • mail filter that scans all incoming and outgoing messages in background mode;...
  • Page 59 Error! Reference source not found. ® handheld (PDA) from unauthorized Kaspersky Security for PDA protects your intrusion by memory encrypting both access to the device and data stored on cards ® Kaspersky Anti-Virus Business Optimal This package provides a configurable security solution for small- and medium- sized corporate networks.
  • Page 60 Kaspersky Anti-Virus for MS ISA Server • E-mail systems, including Microsoft Exchange Server 5.5/2000/2003, Lo- tus Notes/Domino, Sendmail, Postfix, Exim and Qmail; • Internet-gateways: CheckPoint Firewall –1; MS ISA Server; • Hand-held computers (PDAs), running Windows CE abd Palm OS. ®...
  • Page 61 Error! Reference source not found. B.2. Contact Us If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to advise you on any matters related to our product by phone or via e-mail. Rest assured that all of your recommendations and suggestions will be thoroughly reviewed and considered.
  • Page 62: Appendix C. License Agreement

    Appendix C. License agreement Standard End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LE- GAL AGREEMENT ("AGREEMENT"), FOR THE LICENSE OF SPECI- FIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LABS. ("KASPERSKY LABS"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT.
  • Page 63 Appendix C 1.1 Use. The Software is licensed as a single product; it may not be used on more than one Client Device or by more than one user at a time, except as set forth in this Section. 1.1.1 The Software is "in use" on a Client Device when it is loaded into the temporary memory (i.e., random-access memory or RAM) or installed into the permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that Client Device.
  • Page 64 Kaspersky Anti-Virus for MS ISA Server exceed the use limits specified for the licence you have obtained. This licence authorises you to make or download such copies of the Documentation for each Client Device or seat that is licensed as are necessary for its lawful use, provided that each such copy contains all of the Documentation proprietary notices.
  • Page 65 Appendix C (c) Extended technical support via e-mail and hot phone-line provided by Vendor and/or Reseller; (d) Virus detection and curing updates in 24-hours period. 4. Ownership Rights. The Software is protected by copyright laws. Kaspersky Labs and its suppliers own and retain all right, title and interest in and to the Software, including all copyrights, patents, trademarks and other intellectual property rights therein.
  • Page 66 Kaspersky Anti-Virus for MS ISA Server of, failure to supply or delay in supplying the Software or the Documentation which might but for this paragraph (v) have effect between Kaspersky Labs and you or would otherwise be implied or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or as to the use of...
  • Page 67 Appendix C claimant shall be entitled to initiate proceedings in any court of competent jurisdiction. 9. (i) This Agreement contains the entire understanding of the parties with respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Labs, whether oral or in writing, which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the...

Table of Contents