1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL...
  6. Administrator's manual

KAPERSKY ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS Administrator's Manual

Hide thumbs Also See for ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
KASPERSKY LAB
®
Kaspersky Anti-Virus
5.5 for Linux
and FreeBSD Mail Servers
ADMINISTRATOR'S
GUIDE

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for KAPERSKY ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS

Summary of Contents for KAPERSKY ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL SERVERS

  • Page 1 KASPERSKY LAB ® Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers ADMINISTRATOR’S GUIDE...
  • Page 2 ® K A S P E R S K Y A N T I - V I R U S 5 . 5 F O R L I N U X A N D F R E E B S D M A I L S E R V E R S Administrator's guide ©...

  • Page 3: Table Of Contents

    Contents CHAPTER 1. KASPERSKY ANTI-VIRUS 5.5 FOR LINUX AND FREEBSD MAIL SERVERS........................6 1.1. What’s new in version 5.5 ..................7 1.2. Hardware and software requirements ..............8 1.3. Distribution kit ......................9 1.4. Services for registered users ................10 CHAPTER 2.
  • Page 4 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 5.1.3. Manual updating of the anti-virus databases..........30 5.1.4. Creating and using a local source of updates ..........31 5.1.5. Updating the anti-virus databases via a proxy server ......... 32 5.2. Antiviral protection of the server’s mail traffic ............. 32 5.2.1.
  • Page 5 Contents 6.4.1. Aveserver reloading..................61 6.4.2. Forced aveserver termination ..............62 6.5. Scanning of POP3 mail from external mailboxes..........62 6.6. Additional features for Postfix................64 6.6.1. DSN extension support ................64 6.6.2. 8bit-MIME extension support ............... 65 6.6.3. X-Forward extension support ............... 65 6.6.4.

  • Page 6: Chapter 1. Kaspersky Anti-Virus 5.5 For Linux And Freebsd Mail Servers

    CHAPTER 1. KASPERSKY ANTI- VIRUS 5.5 FOR LINUX AND FREEBSD MAIL SERVERS ® Kaspersky Anti-Virus for Linux and FreeBSD Mail Servers (hereinafter referred to as Kaspersky Anti-Virus) is designed for anti-virus processing of mail traffic and file systems of servers running the Linux or FreeBSD operating systems, and using the Sendmail, Postfix, Qmail, or Exim mail programs.

  • Page 7: What's New In Version 5.5

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • Scan for viruses all mounted file systems. • Configure Kaspersky Anti-Virus via the web-based interface provided by the Webmin program and the application configuration file. 1.1. What’s new in version 5.5 Version 5.5 of Kaspersky Anti-Virus for Linux and FreeBSD Mail Servers features the following improvements over version 5.0: •...

  • Page 8: Hardware And Software Requirements

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • A new macro, which inserts all headers from the original message, has been added for use with notifications. • The application setup and removal procedures have been simplified con- siderably. In particular, the application correctly removes its traces from configuration files during the uninstall procedure.

  • Page 9: Distribution Kit

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers FreeBSD 4.10 or 5.3 • One of the following mail systems: sendmail 8.x, qmail 1.03, postfix 1.0 or higher, exim 4.0. • Perl version 5.0 or higher (www.perl.org) for Kaspersky Anti- Virus installation, and the which utility for installation of the ap- plication.

  • Page 10: Services For Registered Users

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers If you do not agree with the terms of the license agreement, you may return the box with Kaspersky Anti-Virus to the distributor, where you have purchased it; you will be refunded the amount you've paid for subscription, provided the CD envelope remains sealed.

  • Page 11: Chapter 2. Typical Patterns Of Application Deployment

    CHAPTER 2. TYPICAL PATTERNS OF APPLICATION DEPLOYMENT Depending on the initial architecture of the mail server, there are several options for deploying Kaspersky Anti-Virus for Linux and FreeBSD Mail Servers: • On the same server with the e-mail software. This option is used when the server is hosting a Sendmail, Qmail, Postfix or Exim mail software (see section 2.2 on page 13).
  • Page 12 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers In the following examples illustrating internal operation of Kaspersky Anti-Virus for Linux and FreeBSD after its integration with the mail system, the Sendmail mail server will be used as an example. In the process of anti-virus integration into the Sendmail server, an additional configuration file sendmail.cf.listen is created.

  • Page 13: Operation On The Same Server As The Mail Server

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Figure 1. Internal architecture of Kaspersky Anti-Virus for Linux and FreeBSD Mail Servers 2.2. Operation on the same server as the mail server In this document, the operation and configuration of Kaspersky Anti-Virus are described only for the case of installation on one server with a mail system.

  • Page 14: Operation On A Dedicated Server

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Let us take a detailed look at the operation of Kaspersky Anti-Virus on the same server as any of the above mentioned mail systems (see Figure 2). The sequence of processing incoming and outgoing mail is identical, and consists of the following stages: The stream of mail messages comes in from other servers, or from the LAN, via the SMTP protocol.
  • Page 15 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers In this situation, Kaspersky Anti-Virus must be installed on a dedicated server running Linux or FreeBSD. In order to receive mail traffic and forward it to the Windows mail server, a mail system (Sendmail, Qmail, Postfix or Exim) must also be installed on the dedicated server.
  • Page 16 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • Name of the host server where the filter is installed: mx1.yourhost.domain • Host server name for mail forwarding: mx2.yourhost.domain:25 • Secondary filter (MX2) settings: • Name of the host server where the filter is installed: mx2.yourhost.domain •...

  • Page 17: Chapter 3. Installing Kaspersky Anti-Virus

    CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS Before installing Kaspersky Anti-Virus for Linux and FreeBSD, you are advised to make the following preparations for your system: • Make sure your system meets the hardware and software requirements listed in section 1.2 on page 8. If any recommended application has not been installed yet, you are advised to install it, or else a part of the appli- cation’s functionality will be unavailable.

  • Page 18: Installing The Application To A Server Running Freebsd

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 3.2. Installing the application to a server running FreeBSD The installation package of Kaspersky Anti-Virus is supplied in a .pkg package for servers running the FreeBSD operating system. To initiate installation of Kaspersky Anti-Virus from the .pkg package, enter the following on the command line: # pkg_add <package_name>...

  • Page 19: Configuring The Application

    Installing Kaspersky Anti-Virus These steps are examined in more detail in the following sections. 3.4. Configuring the application As soon as the product files are copied to the server, the installer initiates system configuration. Depending upon the package manager being used, the configuration procedure will be started automatically (e.g., RPM) or, if the manager does not support interactive scripts, the administrator may have to do that manually.

  • Page 20: Chapter 4. Post-Installation Setup

    CHAPTER 4. POST- INSTALLATION SETUP During installation, the system onto which you install Kaspersky Anti-Virus is analyzed and some of the application’s configuration parameters are set automatically to the most suitable values for the system (see section 4.1 on page 20).
  • Page 21 Post-installation setup ANTI-VIRUS PROTECTION OF THE SERVER’S MAIL TRAFFIC Anti-virus protection of mail traffic is impossible until Kaspersky Anti- Virus is integrated with the mail system. The settings explained below determine the application’s operation by default once it has been integrated with the mail system.

  • Page 22: Installing / Updating The Anti-Virus Databases

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers If any infected, suspicious or corrupted files are found, corresponding messages will be sent to the console and added to the report file. 4.2. Installing / updating the anti- virus databases You are advised to install/update the anti-virus database immediately after installing the application.

  • Page 23: Manual Integration With Mail Systems

    Post-installation setup 4.4. Manual integration with mail systems If the application has not been integrated automatically during its installation (see section 3.4 on page 19), you can perform the integration procedure manually. The integration procedure consists of configuring your mail system for work with Kaspersky Anti-Virus (see sections 4.4.1-4.4.4 on pages 23-25), setting up the application for work with the mail system (see section 4.4.5 on page 26) and start of the e-mail system with new configuration.

  • Page 24: Integration With Qmail

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers /usr/sbin/sendmail –C /etc/mail/sendmail.cf If Sendmail version 8.12 is used in configuration with submit.cf, add the following processes to the start-up scripts: /usr/sbin/sendmail –bd –q10m \ –C /etc/mail/sendmail.cf.listen /usr/sbin/sendmail \ -C /etc/mail/sendmail.cf /usr/sbin/sendmail –C /etc/mail/submit.cf After Kaspersky Anti-Virus integration with Sendmail, use the kavsend- mail.sh script included into the application package to start the mail system and...

  • Page 25: Integration With Postfix

    Post-installation setup 4.4.3. Integration with Postfix To configure Kaspersky Anti-Virus for work with Postfix, the following steps are required: Add the following line to the Postfix mail system configuration file main.cf: content_filter = lmtp:localhost:10025 Add the following lines to the Postfix mail system configuration file master.cf: localhost:10025 inet spawn...

  • Page 26: Configuring Kaspersky Anti-Virus For Integration With A Mail System

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers kav_lmtp_transport: driver = lmtp command = /opt/kav/bin/smtpscanner • define local mail delivery parameters in the ROUTERS CON- FIGURATION section: localuser: driver=accept transport=kav_lmtp_transport set the parameters for remote mail delivery: lookuphost: driver=dnslookup transport=kav_lmtp_transport Kaspersky Anti-Virus Configure...
  • Page 27 Post-installation setup • Define the mail receipt and delivery settings in the [smtpscan.general] section. The parameters use the following syntax: protocol:host:port, where: • protocol is the protocol, which will be used for mail sending (smtp or lmtp) • host is the name of the host or its IP address, from which the mail will be sent, or the name of the mail program.

  • Page 28: Chapter 5. Working With Kaspersky Anti-Virus

    CHAPTER 5. WORKING WITH KASPERSKY ANTI-VIRUS With Kaspersky Anti-Virus you can organize complete antiviral protection of your server from a file stored on the server for incoming and outgoing mail traffic, including mail collected from external mail services. Kaspersky Anti-Virus allows administrators to create management tasks for the application.

  • Page 29: Database Update From Kaspersky Lab Servers

    Working with Kaspersky Anti-Virus During the updating procedure the keepup2date component accesses the list of servers in this file, selects a server and attempts to download the anti-virus databases from it. If the attempt to use the server for updating fails, keepup2date repeats the process using the next address.

  • Page 30: Scheduling Anti-Virus Database Updates Using Cron

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 5.1.2. Scheduling anti-virus database updates using cron You can schedule regular automatic anti-virus database updates using the cron service. Task: set up automatic daily anti-virus database updating scheduled to run every 3 hours.

  • Page 31: Creating And Using A Local Source Of Updates

    Working with Kaspersky Anti-Virus 5.1.4. Creating and using a local source of updates To ensure that updates to the anti-virus databases are distributed correctly from a shared network directory in your LAN to local computers, the structure within the network directory must be identical to the structure of Kaspersky Lab’s update servers.

  • Page 32: Updating The Anti-Virus Databases Via A Proxy Server

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Launch the keepup2date component as follows: # keepup2date –l /tmp/report.txt 5.1.5. Updating the anti-virus databases via a proxy server Example: Set up updating of the anti-virus databases through a proxy server. To accomplish the task, you should perform the following steps: Assign value...

  • Page 33: Delivering Clean And Disinfected Messages

    Working with Kaspersky Anti-Virus The option of additional filtering according to the type of the attachment makes it possible to decrease the server load during mail traffic processing. All the settings of the smtpscanner component are grouped in the [smtpscan.*] sections of the kav4mailservers.conf configuration file.

  • Page 34: Delivery Of All Messages

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers AdminAction=unchanged SenderNotify=yes RecipientNotify=yes RecipientAttachReport=yes RecipientAction=remove CuredRecipientNotify=yes CuredRecipientAttachReport=yes CuredRecipientAction=cured Please refer to section 6.1.3 on page 52 for detailed description of actions over messages. The Sender*, Recipient* and Admin* parameters define the rules for processing all object types except for objects with the status Clear.
  • Page 35 Working with Kaspersky Anti-Virus Task: • Scan all mail traffic for viruses. • Clean any infected messages for all users except for those included in the urgent group. • Move mail messages that fail to be disinfected, as well as suspicious and corrupted mails, to the Quarantine directory for all users except those in- cluded in the urgent group.

  • Page 36: Delivery Of Messages Containing Password-Protected Archives

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Please refer to section 6.1.3 on page 52 for detailed description of actions over messages. Set the urgent group configuration in the following way: [smtpscan.group:urgent] Check=yes Quarantine=no AdminAddress=<e-mail_address> AdminNotify=yes AdminAction=unchanged SenderNotify=yes RecipientNotify=yes RecipientAttachReport=yes RecipientAction=unchanged...
  • Page 37 Working with Kaspersky Anti-Virus One such situation is when a mail message containing important data is suspected of being infected by a virus. The data might get lost during disinfection. In this situation the mail message should be isolated and, for example, sent to Kaspersky Lab’s experts for analysis.

  • Page 38: Complementary Filtration Of Messages By Attachment Types

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Please refer to section 6.1.3 on page 52 for detailed description of actions over messages. 5.2.5. Complementary filtration of messages by attachment types Quite often, mail messages have attachments that have a serious chance of containing a virus (e.g., .exe files).
  • Page 39 Working with Kaspersky Anti-Virus In order to accomplish the task, do the following: Define the following configuration settings for the users group: [smtpscan.group:users] Check=yes QuarantinePath=/var/db/Quarantine Quarantine=yes AdminAddress=<e-mail_address> AdminNotify=yes AdminAction=unchanged SenderNotify=yes RecipientNotify=yes RecipientAttachReport=yes RecipientAction=remove FilterByName=.*\.exe$ FilteredQuarantine=yes FilteredRecipientNotify=yes CuredRecipientNotify=yes CuredRecipientAttachReport=yes CuredRecipientAction=cured ProtectedRecipientNotify=yes ProtectedRecipientAction=unchanged ProtectedRecipientAttachReport=no ProtectedSenderNotify=no...

  • Page 40: Anti-Virus Protection Of File Systems

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers AdminNotify=yes AdminAction=unchanged SenderNotify=yes RecipientNotify=yes RecipientAttachReport=no RecipientAction=remove ProtectedRecipientNotify=yes ProtectedRecipientAttachReport=yes ProtectedRecipientAction=unchanged CuredRecipientNotify=yes CuredRecipientAttachReport=yes CuredRecipientAction=cured Please refer to section 6.1.1 on page 50 for details regarding creation of the list of user groups. 5.3. Anti-virus protection of file systems Server file systems are protected against viruses by the kavscanner component which scans server files for viruses, and processes infected and/or suspicious...

  • Page 41: On-Demand Scanning

    Working with Kaspersky Anti-Virus 5.3.1. On-demand scanning Kaspersky Anti-Virus enables scanning for, and disinfection of, files in a specified server directory. Task: start recursively scanning of the /tmp directory, automatically disinfecting all infected objects. Objects which cannot be disinfected are to be deleted. The results of component activity (start date, detailed information about all files except for those containing no viruses) are to be stored in a log file kavscanner- <current_date>.log in the same directory.

  • Page 42: Advanced Options: Using Scripts

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 5.3.3. Advanced options: using scripts Kaspersky Anti-Virus enables additional processing of objects which have passed through anti-virus analysis, by using standard Unix/Linux commands and scripts. These tools allow experienced administrators to extend the functionality of Kaspersky Anti-Virus by defining different actions to be applied to objects of different status.

  • Page 43: Moving Objects To Quarantine

    Working with Kaspersky Anti-Virus Task: configure notification of the administrator about infected files and archives discovered in the server file system during each server scanning performed in accordance with the parameters defined in the application configuration file. Solution: in order to accomplish the task, do the following: Define the rules for processing simple objects and container objects in the application configuration file: [scanner.object]...

  • Page 44: Backup Of Processed Objects

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Disable the disinfection mode (Cure=no) if it was enabled. Run the kavscanner component as follows: # kavscanner –@/tmp/download.lst –ePASBME –rq\ –i0 -o /tmp/report.log –j3 –mCn Please refer to section 6.2.3 on page 58 for details on actions over files. In order to define several actions in a rule for processing of infected objects, enumerate them using the «;»...

  • Page 45: Product Key Management

    Working with Kaspersky Anti-Virus 5.4. Product key management A product key entitles you to use the application and also contains data pertaining to the purchased product, such as key type, expiration date, the number of protected users or protected traffic volume (depending on the key type), information about the distributors, etc.

  • Page 46: Viewing The Product Key Information

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers An identical notification mechanism is provided for cases of key expiry, and when email traffic exceeds the licensed traffic volume. However, if the traffic volume exceeds the licensed volume by more than 10 percent, a corresponding notification will be sent to the administrator each time the application detects a message with a status other than Clean.
  • Page 47 Working with Kaspersky Anti-Virus The component will return information about installed keys, similar to the following: Kaspersky license manager Version 5.5 Copyright (C) Kaspersky Lab. 1998-2005. License file 0003D3EA.key, serial 0038-000419- 0003D3EA, "Kaspersky Anti-Virus for Unix Mail Server", expires 04-07-2003 in 28 days License file 0003E3E8.key, serial 011E-000413- 0003E3E8, "Kaspersky Anti-Virus for Unix Mail Server (license per e-mail address)", expires 25-01-2004 in...

  • Page 48: Key Validity Extension

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Copyright (C) Kaspersky Lab. 1998-2005. Daily traffic statistic(Bytes): 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 License traffic units: 10 (MB) Traffic units used: 0 (MB) Traffic units left: 10 (MB) 5.4.3. Key validity extension Extension of your key for Kaspersky Anti-Virus extends or restores complete application functionality, including additional services listed in section 5.3.5 on page 44.

  • Page 49: Chapter 6. Advanced Settings

    CHAPTER 6. ADVANCED SETTINGS This section describes some advanced settings of Kaspersky Anti-Virus. Unlike the required settings made during installation process (see Chapter 4 on page 20), without which the product cannot be used, advanced settings are used at the administrator’s discretion to extend the application’s functionality and tailor it to fulfill particular business needs.

  • Page 50: Forming User Groups

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • If the addresses of the sender and the recipient of the processed mes- sage fall into several groups, the program will use the parameters of the first one. • If these addresses are not part of any address group defined by the ad- ministrator, then the message will be processed according to the rules specified in the default group.

  • Page 51: Message Check And Disinfection Mode

    Advanced settings • Deliver only clean and disinfected mail messages. • Messages that fail to be disinfected, as well as suspicious, corrupted, or password-protected messages and those that cannot be scanned shall only be delivered to the group administrator. • Notify the senders, the recipients, and the group administrator about in- fected, cleaned, suspicious, corrupted, and password-protected mes- sages and those that cannot be scanned.

  • Page 52: Actions On Objects

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers To do so, set the parameter Check=yes in the kav4mailservers.conf configuration file for the respective group. When Check mode is enabled, all mail messages attributed to the group by the criterion of sender/recipient are scanned by Kaspersky Anti-Virus for viruses. However, infected mail messages will not be cleaned.
  • Page 53 Advanced settings You can specify common actions for all object types, or specify individual actions for each type. To set common actions for all the object types, Set the desired values for the parameters AdminAction and RecipientAction. These parameters define actions for all object types. E. AdminAction=unchanged RecipientAction=remove All attachments to mail messages for the group will be delivered to the...

  • Page 54: Notifying Senders, Recipients, And Administrators

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 6.1.4. Notifying senders, recipients, and administrators Kaspersky Anti-Virus allows delivery of notifications for mail message senders, recipients and group administrators regarding objects of all statuses (suspicious, infected, cleaned, corrupted etc.) Sending of notifications is regulated by the following configuration parameters: •...
  • Page 55 Advanced settings • Create a new template file and specify the full path to it as the value of the Template parameter in the [smtpscan.notify] section. In the text of the template you can use the following macros, which will be automatically replaced by the corresponding value depending on the status assigned to those objects after their anti-virus scanning: •...

  • Page 56: Configuring Anti-Virus Protection For Server File Systems

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 6.2. Configuring anti-virus protection for server file systems All the parameters for the protection for server’s file systems can be subdivided into groups that determine: • Scan area (see section 6.2.1 on page 56). •...

  • Page 57: File Scanning And Disinfection Mode

    Advanced settings • Restricting default paths (both listed in the command line and in the text file), can be accomplished by entering masks for files and directories to be excluded from the scanning area, using the parameters ExcludeMask ExcludeDirs [scanner.options] section kav4mailservers.conf configuration file.

  • Page 58: Operations On Files

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • CureFailed – file disinfection has failed. These files will be treated according to the rules defined for infected objects. 6.2.3. Operations on files Certain actions may be applied to files depending upon their status assigned after anti-virus scanning (see section 6.2.2 on page 57).

  • Page 59: Backup Mode

    Advanced settings The syntax defining actions is similar for simple objects and containers. 6.2.4. Backup mode This section examines the backup mode settings, using the task below as an example. Task: scan for viruses all objects within the directories and files listed in /tmp/download.lst, and disinfect them.

  • Page 60: Using Ichecker Database

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 6.3.1. Using iChecker database The application avoids scanning files anew each time they are accessed, by checking to see whether the file has changed since it was last scanned. The algorithm for object (file) scanning for virus presence is as follows: •...

  • Page 61: Aveserver Reloading

    Advanced settings Aveserver is launched during the operating system start-up. A connection with aveserver is established immediately when smtpscanner accesses this process. The aveserver process is controlled by parameters in the [aveserver.options] section of the kav4mailservers.conf configuration file: • DetachFromTerminal – the process is disconnected from the terminal immediately after startup.

  • Page 62: Forced Aveserver Termination

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers aveserver 6.4.2. Forced termination If you need to force the termination of the aveserver process, use the following command: # kill <process_PID> The command will send the SIGTERM signal to the process. This signal will end the operation of aveserver and close all the copies it created.
  • Page 63 Advanced settings set properties "" poll mail.that.is.free.ru with proto POP3 user 'remote_user' there with password 'pass12345' is 'user' here poll mail2.that.is.free.ru with proto POP3 user 'remote_user2' there with password 'pass123452' is 'user' here where: • user is the user’s name on the local network •...

  • Page 64: Additional Features For Postfix

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers The following script file may be used for adding mailbox records: #!/bin/bash echo "poll $1 with proto POP3 " >>$HOME/.fetchmailrc echo "user '$2' with password '$3' is '$4' \ here">>$HOME/.fetchmailrc If you run this script file with the following parameters: pop.mail.ru dan secret admin then messages for the user dan@mail.ru will be forwarded to the address admin@your_host.your_domain.

  • Page 65: 8Bit-Mime Extension Support

    Advanced settings 6.6.2. 8bit-MIME extension support The 8bit-MIME extension is frequently used when a mail system works with national encodings using SMTP because basic version of the protocol does not support transfer of messages in languages using non-ASCII characters. Therefore support for that extension has been added in Kaspersky Anti-Virus 5.5. If your external mail system does not support the 8bit-MIME extension, Kaspersky Anti-Virus must be configured appropriately, too.

  • Page 66: Localization Of Displayed Date And Time Format

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • Change the protocol value from lmtp to smtp under the smtp service in Postfix configuration file (master.cf). • Restart the mail system. 6.7. Localization of displayed date and time format While working, Kaspersky Anti-Virus compiles reports for each of its components, and notifications for users and administrators which are always supplemented with the date and time at which they occurred.
  • Page 67 Advanced settings The level of detail is a number that sets the level of verboseness for information regarding the components’ work. Each subsequent level (higher numbers) includes information of the previous level together with some additional data. The possible levels of event log details are listed in the table below. Levels Level name Meaning...

  • Page 68: Format Of Messages About Scanning

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • [date time level_of_detail] is the parameter generated by the system, and contains the date and the time (in the format set by the ad- ministrator) and the report level of detail (the first letter of the level of de- tail).
  • Page 69 Advanced settings • Extended message format (ShowContainerResultOnly=no): "archive_name" "file_name" result [virus_name] "file_name" result [virus_name] • Short message format (ShowContainerResultOnly=yes): "file_name" result Event/Result Value The file is not infected. The file had been infected and was successfully (only with CURED cleaned. disinfection mode enabled)

  • Page 70: The Format Of Messages Output To The Console

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers 6.8.2. The format of messages output to the console Messages are output to the console by the kavscanner and keepup2date components. The output of the information by the kavscanner component to the console is governed by the presence of the –q option (quiet) in the command line when launching the component.

  • Page 71: Additional Data Fields In Messages

    Advanced settings perl /usr/libexec/webmin/kavms5.5/parse_avstat.pl \ -sd=/var/db/kav/5.5/kav4mailservers/proc_avstat\ /var/log/kav/5.5/kav4mailservers/smtpscanner.stat • Review the updated statistical information within Webmin after launching the above-mentioned script only. If Webmin is installed at a path different from the default, then the /usr/libexec/webmin/kavms5.5/parse_avstat.pl path must modified accordingly! 6.8.4. Additional data fields in messages The application allows addition of supplementary information to message headers.

  • Page 72: Chapter 7. Uninstalling Kaspersky Anti-Virus

    CHAPTER 7. UNINSTALLING KASPERSKY ANTI-VIRUS The procedure for uninstalling Kaspersky Anti-Virus requires the following: • superuser privileges (root). • Installation log file. Names and sizes of the files installed as parts of Kaspersky Anti-Virus must be exactly the same as specified in the instal- lation log file.

  • Page 73: Chapter 8. Testing The Operation Of Kaspersky Anti-Virus

    CHAPTER 8. TESTING THE OPERATION OF KASPERSKY ANTI-VIRUS After installing and adjusting Kaspersky Anti-Virus, you can test the correctness of its settings and operation using a series of test "viruses". The test virus was specially designed by the European Institute for Computer Antivirus Research organization, for testing anti-virus products.
  • Page 74 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Prefix Object type CURE– Cured. The object is disinfected; the text of the "virus" body is changed for CURE. DELE– The object is automatically deleted. The first table column lists prefixes to be added at the beginning of the string of the standard test "virus".

  • Page 75: Chapter 9. Frequently Asked Questions

    CHAPTER 9. FREQUENTLY ASKED QUESTIONS This chapter is devoted to the most frequently asked users’ questions pertaining to installation, setup and operation of Kaspersky Anti-Virus; here we shall try to answer them in detail. Constantly growing Knowledge Base containing answers to frequently asked questions available Kaspersky...
  • Page 76 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Experienced users can, of course, accelerate anti-virus scanning by disabling scanning of various file types. However, please keep in mind that it will decrease the overall security level. Kaspersky Anti-Virus recognizes more than 700 formats of archived and packed files.
  • Page 77 Frequently asked questions To make sure your request is answered as soon as possible, follow these suggestions: In the message header, specify your server’s operating system, the name of the component you are experiencing problems with, and briefly describe the problem. For example: Linux, Webmin, no access to settings of the licensed users’...
  • Page 78 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers against a new threat. In order to resist new viruses, you should update the anti-virus databases daily. Every year Kaspersky Lab increases the frequency of its updates issued for the anti-virus databases. Currently they are released every hour. Updating of the application modules is an additional feature that allows both correction of discovered vulnerabilities and addition of new functions.
  • Page 79 Frequently asked questions Question: will Kaspersky Anti-Virus for Unix Mail Servers work with my Linux dis- tribution? Version 5.5 of Kaspersky Anti-Virus for Unix Mail Servers has been tested with RedHat, Debian and SuSE distributions and Kaspersky Anti-Virus packages have been compiled specifically for the listed distributions. Please see the supported OS versions in section 1.2 on page 8.
  • Page 80 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers Question: Can Network Control Centre for Windows be used to control Kasper- sky Anti-Virus? It is impossible to use Network Control Centre for Windows when working with Kaspersky Anti-Virus for Unix Mail Servers. In this version of the application we provide an option to configure it remotely using a special module for the Webmin package.

  • Page 81: Appendix A. Kaspersky Lab

    Appendix A. Kaspersky Lab Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.

  • Page 82: Other Kaspersky Lab Products

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers A.1. Other Kaspersky Lab Products ® Kaspersky Anti-Virus Personal ® Kaspersky Anti-Virus Personal has been designed to provide anti-virus protection to personal computers running Microsoft Windows 98/ME or Microsoft Windows 2000/NT/XP against all known viruses, including potentially dangerous software.
  • Page 83 Appendix A retrieval of daily updates for the anti-virus database and the program modules. A unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever. ®...
  • Page 84 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers ® Kaspersky Personal Security Suite ® Kaspersky Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from penetrating through any possible data sources and protects you from unauthorized attempts to access your computer’s data, as well as blocking spam.
  • Page 85 Appendix A • Exclude archives and e-mail databases from scanning. • Select standard/extended anti-virus databases for scanning. • Save a report on the scanning results in txt or html formats. ® Kaspersky OnLine Scanner Pro The program is a subscription service offered to the visitors of Kaspersky Lab's corporate website.
  • Page 86 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • Monitoring of changes in OS registry due to internal system registry control. • Blocking of dangerous VBA macros in Microsoft Office documents. • System restoration after malicious spyware influence accomplished due to recording of all changes in the registry and computer file system and an opportunity to perform their roll-back at user's discretion.
  • Page 87 Appendix A computer detection from outside. When you switch into that mode, the system will block all network activity except for a few transactions allowed in user- defined rules. The program employs complex approach to anti-spam filtering of incoming e-mail messages: •...
  • Page 88 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers • E-mail systems including Microsoft Exchange 2000/2003, Lotus Notes/Domino, Postfix, Exim, Sendmail, and Qmail. • Internet gateways: CheckPoint Firewall –1; Microsoft ISA Server 2000 Standard Edition. ® ® The Kaspersky Anti-Virus Business Optimal distribution kit includes Kaspersky Administration Kit, a unique tool for automated deployment and administration.
  • Page 89 Appendix A ® Kaspersky Anti-Spam ® Kaspersky Anti-Spam is a cutting-edge software suite that is designed to help organizations with small- and medium-sized networks wage war against the onslaught of undesired e-mail (spam). The product combines the revolutionary technology of linguistic analysis with modern methods of e-mail filtration, including DNS Black Lists and formal letter features.

  • Page 90: Contact Us

    Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers performs centralized anti-spam filtration of e-mail stream. This solution also includes some additional mail traffic filtration features. A.2. Contact Us If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab.

  • Page 91: Appendix B. License Agreement

    Appendix B. License agreement Standard End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") LICENSE SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED KASPERSKY LAB. ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT.
  • Page 92 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers usage terms specified on the applicable price list or product packaging that apply to any such Software products individually. 1.1 Use. The Software is licensed as a single product; it may not be used on more than one Client Device or by more than one user at a time, except as set forth in this Section.
  • Page 93 Appendix B "multiplexing" or "pooling" software or hardware) does not reduce the number of licenses required (i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the number of Client Devices or seats that can connect to the Software exceeds the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the license you have obtained.
  • Page 94 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers and you explicitly consent to the transfer of data to other countries outside your own as set out in the Privacy Policy. (iv) "Support Services" means (a) Daily updates of the anti-virus database; (b) Free software updates, including version upgrades;...
  • Page 95 Appendix B warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving the defective item; (v) The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended or (c) use the Software other than as permitted under this Agreement;...
  • Page 96 Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers (iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software.

Table of Contents