Chapter 2. How It Works - KAPERSKY ANTI-VIRUS 5.7 - FOR LINUX FILE SERVER Administrator's Manual

CHAPTER 2. HOW IT WORKS

To understand how Kaspersky Anti-Virus works, it is useful to know that it
comprises a number of application modules, each with a specific function in
providing anti-virus protection for your computer.
Kaspersky Anti-Virus includes:

On-demand anti-virus scan component kavscanner;

Real-time anti-virus scan component kavmonitor;

Anti-virus database update module keepup2date,

License key management utility licensemanager;

Remote administration utility for integration with Kaspersky Administration
Kit kavmidware,

Remote administration module used with Webmin application.
There follows a detailed discussion of the application‟s algorithm, based on an
example of real-time protection (that is, using the kavmonitor component).
The component operates as follows:
1. When any application on your computer attempts to access a file
system object, whether to open, run or close the file, the call is
intercepted by kavmonitor‟s kernel module, and the file is sent for anti-
virus scanning.
The ability to intercept the operations of closing a file is not sup-
ported:
2. The intercepted file is processed using a daemon application included in
the kavmonitor component. The daemon scans the object for viruses
and processes, based on settings specified in the configuration file. The
treatment includes, but is not limited to, disinfection using the anti-virus
database if this option is selected.
3. After the file has been processed, kavmonitor sends to the kernel
module the access code (allowed/prohibited) that defines the file status.
 in 32-bit operating systems: from kernel versions
2.6.21 and above;
in 64-bit operating system: from kernel versions 2.6.18

and above.