KAPERSKY ANTI-SPAM 3.0 -, Administrator'S Manual

Page 1: ...KASPERSKY LAB Kaspersky Anti Spam 3 0 ADMINISTRATOR S GUIDE ...

Page 2: ...K A S P E R S K Y A N T I S P A M 3 0 Administrator s Guide Kaspersky Lab http www kaspersky com Revision date May 2007 ...

Page 3: ...System 18 2 3 Recognition results and actions over messages 19 2 4 Content filtration databases 20 2 5 Filtration policies 21 2 6 Control Center 21 2 7 Monitoring 22 CHAPTER 3 INSTALLING KASPERSKY ANTI SPAM 23 3 1 Preparing for installation 23 3 2 Installing Kaspersky Anti Spam distribution package 24 3 3 Configuring access to the Control Center 25 3 4 Installing the license key 26 3 5 Integrating...

Page 4: ...uring the spam filtration server 55 4 5 1 Common filtration server parameters 56 4 5 2 Parameters of the filtration master process 57 4 5 3 Parameters of the filtering processes 58 4 5 4 Spam recognition parameters 59 4 5 5 Client module settings 61 4 5 6 Notifications about rejected messages 62 4 6 Control Center settings 63 4 7 Managing the license keys 64 4 7 1 Viewing the license information 6...

Page 5: ...mail mail server 96 A 2 7 kas cgpro a client module for the Communigate Pro mail server 97 A 3 Kaspersky Anti Spam configuration files 99 A 3 1 Main configuration file filter conf 100 A 3 2 Configuration file kas thttpd conf 104 A 4 Kaspersky Anti Spam utilities 105 A 4 1 kas htpasswd 105 A 4 2 kas show license 106 A 4 3 install key 106 A 4 4 remove key 107 A 4 5 kas restart 108 A 4 6 mkprofiles 1...

Page 6: ...ky Anti Spam runs the following checks as a part of its analysis procedure a check of message sender s address e mail and or IP address using black and white lists the presence of the sender s IP address in a DNS based real time black hole list DNSBL DNSBL DNS based black hole list is a database that lists IP addresses of mail servers used for uncontrolled mass mailing Such servers receive mail fr...

Page 7: ...ol Center interface see section 2 6 on page 21 1 1 What s new in version 3 0 Kaspersky Anti Spam 3 0 preserves all advantages of the previous version featuring also a number of improvements and additions 1 New version of the Spamtest filtering engine The new filtering engine included into Kaspersky Anti Spam 3 0 offers the following benefits Higher performance and stability Low RAM requirements Lo...

Page 8: ...elated settings Version 3 0 of the application uses the intuitively understandable Control Center interface to customize the filtration policies Its benefits include Easy administration convenient interface offers the minimum toolset necessary for system administration while providing a lot of ways to customize the system for a specific environment Individual settings for user groups certain scann...

Page 9: ... the Control Center see section 4 3 4 on page 44 E mail sent to recipients in domains that are not included into the list will not be filtered Please specify the list of protected domains before you start using Kaspersky Anti Spam 1 3 Hardware and software requirements Minimum system requirements for normal operation of Kaspersky Anti Spam are as follows Intel Pentium III 500 MHz processor or high...

Page 10: ...ial floppy disk License Agreement Before you open the envelope with the CD or a set of floppy disks make sure that you have carefully read the license agreement If you buy Kaspersky Anti Spam online you will download the application from the Kaspersky Lab website In this case the distribution kit will include this User s Guide along with the application The license key will be emailed to you upon ...

Page 11: ... and during the license period you can enjoy the following services Application module and anti virus database updates Support on issues related to the installation configuration and use of the application You can use the services by selecting one of the following methods Make a phone call to contact the Technical Support service Create and submit your request using the web site of the Technical S...

Page 12: ... components Client plug in modules intended for product integration with mail server Anti Spam Engine the filtration server component that analyzes e mail messages rating and processing them Filtration server includes a number of auxiliary modules which provide for its functioning and integration with mail servers Filtration module the module filtering spam Licensing module the module that manages...

Page 13: ...status and functionality Monitoring system a system that tracks the status of Kaspersky Anti Spam and its individual components and notifies system administrator about various problems in product operation Client plug in modules are designed for Kaspersky Anti Spam integration with various mail servers Every client plug in takes into account the peculiarities of a specific mail server and the sele...

Page 14: ...lysis and returns the results The standard installation procedure assumes that the mail server with an integrated client plug in and the filtration server are installed on the same computer However the anti spam engine of Kaspersky Anti Spam can also be installed to a separate server In that case client modules running on another computer server will exchange data with the filtration server throug...

Page 15: ...to the SPF daemon ap spfd which sends necessary queries to a DNS server and returns the results to the filtering process The application analyzes messages and applies to them rules defined in the filtration policies only if there is a valid license key available All licensing checks are performed by the licensing module kas license upon a request from a filtration process Having finished processin...

Page 16: ...ns The method uses a set of rules based on examination of certain message headers and their comparison with sets of headers typical of spam messages In addition to header analysis the application takes into account message structure size presence of attachments and other similar signs The method also provides for analysis of data transmitted by the sender during an SMTP session In particular the f...

Page 17: ...d combinations in message body and their subsequent probabilistic analysis The method provides for heuristic search for typical phrases and expressions in text Fuzzy comparison of a message being examined with a collection of sample messages based on comparison of their signatures The method helps detect modified spam messages Analysis of attached images All the data employed by Kaspersky Anti Spa...

Page 18: ... 4 Urgent Detection System Urgent Detection System is an original technology of spam detection developed and supported by Kaspersky Lab It is based on the following principles A message being analyzed is used to select a collection of properties which can be used to identify the message The set of properties may include header information text fragments and other information about the message bein...

Page 19: ...ot be unambiguously identified as spam Formal message is formal E g it is a mail server notification informing about mail delivery or inability to deliver it or about message infection with a virus The category includes messages sent automatically by mail clients Such messages are usually not considered to be spam Trusted message received from trusted sources for example from internal mail servers...

Page 20: ...ructive actions with mail identified after content analysis as spam or probable spam E g append to the Subject header labels such as SPAM 2 4 Content filtration databases The application recognizes spam messages using the records of its regularly updated content filtration databases These databases contain the sets of rules terms and message signatures used in the process of filtering Content filt...

Page 21: ...ps while group settings may either inherit those values or redefine them Thus for instance the product may employ more sophisticated methods of spam recognition and stricter actions can be specified for a group of users that requires more thorough filtration of messages The combination of recognition settings is closely connected with the properties of the content filtration databases it can be ex...

Page 22: ...m components The monitoring system also generates notifications and reports while running The monitoring script starts regularly and sends to system administrator a message informing about detected problems whenever it finds any issues The messages are sent once at the moment of problem detection thus ensuring timely notification about situations which require administrator s intervention Later if...

Page 23: ...sky Anti Spam 3 0 Ensure that bzip2 perl and which programs are installed Make sure that the mail server installed in your system functions properly Make backup copies of the mail server configuration file Log on to the system as root You are advised to install the product during a period when the mail server load is lowest Kaspersky Anti Spam installation consists of five steps 1 Installation of ...

Page 24: ...m the tbz package enter the following in the command line pkg_add kas 3 package version tbz The installer performs the following actions during the procedure Creation of the mailflt3 user account and group with appropriate privileges that will be used to run Kaspersky Anti Spam Installation of all programs included into the Kaspersky Anti Spam suite to the usr local ap mailfilter3 directory Creati...

Page 25: ...CGI scripts You can create a new user or change an existing password using the kas htpasswd utility included into Kaspersky Anti Spam At the utility start you should specify the path to the file containing passwords and the name of the user being created or an existing user whose password must be modified usr local ap mailfilter3 bin kas htpasswd usr local ap mailfilter3 control www htpasswd user ...

Page 26: ...y corresponding to the purchased license is bundled with the distribution package of Kaspersky Anti Spam If for some reason you have no license key contact the Technical Support service of Kaspersky Lab see section Services Technical Support site of Kaspersky Lab website In order to install a new license key using the Control Center perform the following steps 1 Use your web browser to connect to ...

Page 27: ...ible e g when the mail server has a non standard configuration you can use to that effect configuration scripts of that specific e mail server Please refer to the Appendix A 2 on page 83 for details about applicable methods for integration of client plug in modules into each of the supported mail servers and about the changes introduced into their configuration files In order to integrate Kaspersk...

Page 28: ...ase refer to section A 2 4 2 on page 91 for details To integrate Kaspersky Anti Spam with Qmail run the following command as root usr local ap mailfilter3 bin config qmail pl path where path stands for the path to the Qmail configuration file Correct integration with Qmail by running the config qmail pl script is possible only if Qmail uses the qmailq account and the qmail group used by default Ka...

Page 29: ...dates Install crontab for user mailflt3 ok You can adjust automatic updates settings via control center Automatic updates and UDS are now enabled You can also use the Control Center interface to enable updates of the content filtration databases see section 4 4 on page 51 and activate the UDS service see section 4 5 4 on page 59 In order to check proper operation of a UDS service thus testing the ...

Page 30: ...and task performance locally from the command line as well as product management using the Control Center 4 1 Starting and managing Kaspersky Anti Spam components The main components of the filtration server including the filtering master process ap process server licensing module kas license and the SPF daemon ap spfd are launched at the operating system start up by a special script which is name...

Page 31: ...ipt 4 2 Kaspersky Anti Spam Control Center Control Center is the main administration tool for Kaspersky Anti Spam Control Center is a web based application which allows you to configure remotely the parameters used by the filtration server for its operation This section contains a detailed description of all interface components of the application Figure 3 Kaspersky Anti Spam Control Center The up...

Page 32: ...erarchy of Control Center sections Further we shall examine the main tasks pertaining to the administration of the filtration server and its individual components 4 3 Filtration policy management Detection and filtration of unsolicited mail is the main function of Kaspersky Anti Spam The administration system provides a powerful combination of settings for the spam recognition process and further ...

Page 33: ...ettings A forced compilation may be necessary for example to update the settings of a filtration policy if the application has read them incorrectly 4 3 1 General filtration policy The Default Rules see Fig 4 section contains the settings of the default filtration policy common for all groups To switch to that section use the Default Rules link in the Common menu of the Policies section Figure 4 D...

Page 34: ...ules of that section The button is highlighted in orange for the sections containing modified rules Clicking the button opens a page where you can edit the filtration policy Policy editor can also be invoked by clicking the functional section s title Click the button to cancel the changes made within a section 4 3 1 1 The General section You can switch to configuring the rules of the General secti...

Page 35: ... message as spam When lower detection levels are used the same set of signs will only result in message recognition as a suspicious the Probable Spam status or a message may be not recognized as spam altogether You are advised to use the Standard detection level Higher detection level can be used in cases when Kaspersky Anti Spam does not detect spam messages or recognizes them as suspicious with ...

Page 36: ...ly The Reset button returns the parameters to their initial values i e it cancels unsaved changes The Default button returns the settings to the default values specified for the content filtration databases You can also use the button opposite a section title in the list of default filtration policy rules to restore the default values In order to return to the list of general default policy rules ...

Page 37: ...ction The Headers Checks section see Fig 7 allows you to configure the parameters of rules used to analyze e mail message headers Figure 7 The Headers Checks section of the default filtration policy rules This section does not contain a complete list of all rules that Kaspersky Anti Spam uses for analysis of message headers Instead it contains just the rules ...

Page 38: ...able the use of this rule if delivery of such messages is allowed in your mail system SUBJECT contains lots of white space or dots Programs used for spam distribution also frequently insert into the message header long groups of spaces or dots Disable the use of this rule if delivery of such messages is allowed in your mail system SUBJECT contains DIGIT ID or Timestamp like Time 14 30 35 Addition ...

Page 39: ...f your mail system use any of these languages for correspondence select the is allowed option from the drop down list for that language If certain languages are not used by the users of your mail system set the is treated as suspicious value for them 4 3 1 5 The Obscene Content section The Obscene Content section see Fig 9 allows you to define whether the application should mark messages containin...

Page 40: ...ce from the senders included into a white list will receive the Trusted status The list of blocked senders Black List has an opposite meaning The administrator of a filtration server can add to that list addresses used by spammers for mass mailing Messages sent from an address found in a black list will be assigned the Blacklisted status These lists can be managed in a similar manner In this secti...

Page 41: ...cancel unsaved changes use the Reset button Save your changes before using the e mails ip addresses toggle All unsaved changes will be lost after a switch The following formats can be used for entry of e mail addresses user domain indicates a specific address domain indicates all e mail addresses within the domain domain The following wildcards can be used in e mail addresses star a line of charac...

Page 42: ...e DNS Black Lists link in the Common menu of the Policies section see Fig 11 to open the page where you can manage the lists of DNSBL services Configuration of the list of DNSBL being used applies to the default filtration policy Later you can specify for every user group whether it should use the results of DNSBL based checks The list of employed services is common for all user groups Figure 11 C...

Page 43: ...s presence in black lists is used as an additional sign and the message will be recognized as spam if only there are more spam signs revealed by other analysis methods You can perform the following operations with the list of DNSBL services Add a new service Change service rating Delete a service Let us examine closely each of these operations In order to add a new service to the list 1 Specify th...

Page 44: ...The list of protected domains You can use wildcards while entering domain names stands for any number of characters stands for any single character E g to add the example com domain and all its subdomains into the list of protected domains you will only have to add the following record example com To configure the product to filter all incoming mail you should either leave the list empty or add th...

Page 45: ...for details about special headers 4 3 5 Group management Filtration server administrator can define various spam recognition settings for different users This can be accomplished using the group policies of spam filtration Before you start configuring the rules of a group policy you have to define the list of e mail addresses that the group policy will apply to In addition to the groups created by...

Page 46: ...dresses for which group rules will apply Rules of spam recognition Actions over mail messages Black and white lists of senders The title and the list of mail addresses of the All group cannot be edited since this group defines the rules used to process messages whose senders and recipients are not included into any of the groups created by the administrator In order to create a new group perform t...

Page 47: ...o delete an existing group Click the button to the right of the group name Figure 14 The page for creation of a new group In order to change the order of group listing Click the button to the left of group name The selected group will be moved up then During message processing the filtration module reviews groups in the order defined in their list from the list beginning to end A message will be p...

Page 48: ...be redefined You can use the Rules link in the Group Policy menu of the group properties editor to configure the recognition rules of a group filtration policy The structure of rules is identical to that of the default filtration policy see section 4 3 1 on page 33 The only difference in the configuration of a group policy is manifested in the fact that the list of parameter values possible in a p...

Page 49: ...r that describes message status The administrator can select the following actions Accept this message mail server accepts a message and delivers it to the recipient Send a copy of this message to other recipient s mail server accepts a message delivers it to the recipient and sends a copy thereof to the address specified in the Send message to field Redirect this message to other recipient s mail...

Page 50: ...ions informing that the delivery was impossible Figure 16 The Actions page of a group filtration policy Messages with the Not detected status i e messages not recognized as spam or with the Trusted status i e messages received from reliable sources or addressed to a recipient whose mail is not scanned according to a group policy are always routed to the specified recipient ...

Page 51: ...the label text Addition of a special X Spamtest Header containing text specified by the administrator The header may be used then for automatic processing of such messages in e mail software employed by end users The Set X Spamtest Header field defines the header text Please refer to section A 5 on page 112 for details about the headers added to a mail message as a result of filtration procedure 4...

Page 52: ... specified within the range from 20 minutes to 3 hours You are advised to set as short updating interval as possible Frequent updates to the content filtration databases provide for better server response speed to new spam The interval recommended for database updates 20 minutes Parameter value determines the interval between the starts of a cron task updating the product If necessary you can conf...

Page 53: ...ection mode recommended when an update server is contacted via FTP The Updates Server section contains parameters of the server used as the source of updates Region region where the user is located The product uses this parameter value to select an update server with the most suitable geographical location Updates server URL address of the server acting as the source of updates It is used in combi...

Page 54: ...er 4 4 2 Initiating an update There are two methods to start an update of the content filtration databases Automatic scheduled start Manual launch from the command line You are advised to configure automatic scheduled updates as it will allow you to maintain the up to date status of your content filtration databases ensuring most efficient spam filtering In order to initiate an update manually ent...

Page 55: ... contain the settings for the components of the spam filtering server You can switch between the pages using the links in the Anti Spam Engine menu Common general parameters of the filtration server Process Server parameters used by the ap process server filtration master process during operation Filtration Process parameters used by the ap mailfilter filtering processes during operation Check Opt...

Page 56: ...g the etc syslog conf file Please refer to manual pages for syslogd and syslog conf for details The monitoring system uses the system log to display the messages about the activity of the filtering server and its components In order to identify the directory where the necessary files are located it uses the parameter values from the etc syslog conf configuration file Figure 18 Common settings of t...

Page 57: ...wing settings for the filtration master process see Fig 19 Max number of filtration processes maximum number of filtering processes running simultaneously Default value 10 Number of filtration processes at server start up the number of filtration processes initiated when the filtering process starts By default the parameter is set to 0 It means that the processes of the filtration module will be i...

Page 58: ...to define the maximum number of messages that a single filtering process can serve This value is selected at random from a range with the smallest number defined by the Max number of mail messages to be processed parameter and the largest number determined by a sum of the Max number of mail messages to be processed and Max number of mail messages randomization parameters Thus if the values of thes...

Page 59: ...tion must check intermediate servers using DNSBL As a rule when the filter checks the sender s IP address it uses for that purpose the IP of the server from which the message arrived at the filtering server However if the message in transit passes one or several intermediate servers the original sender s IP turns out to be hidden To check the IP addresses of intermediate servers as well as the fin...

Page 60: ...o the content filtration databases are downloaded You are advised to disable UDS based checks only in case when that method considerably decreases the filtering server performance or when there is no way to organize the interaction between your filtration server and UDS servers of Kaspersky Lab For details about UDS please see section 2 2 4 on page 18 Timeout for receiving response from UDS server...

Page 61: ...e temporary error the message will not be delivered The application will return to the sender a notification about a temporary mail server error As a rule in that case the sender s mail server after some time tries again to send the message Default domain name of the mail domain to be substituted into addresses where mail domain is omitted E g if mycompany com is specified as the default domain th...

Page 62: ...ations The use of messages of a certain type is determined by the product settings and recognition results The first type of notifications is Reject message Such message is transmitted to the sender immediately during an SMTP session together with an error code informing that the message has not been delivered The example of an SMTP session below contains a Reject message text Server 220 mail myco...

Page 63: ...filtration policies allow its delivery to at least one of them then the server will respond during SMTP session that the message has been accepted Then it will return to the sender a Bounce message with information about the recipients whom it did not deliver the message You can edit the text of these messages on the Settings Anti Spam Engine Reject Messages page of the Control Center see Fig 23 F...

Page 64: ...ring Anti Spam Engine page see section 4 8 1 1 on page 69 Figure 24 Control Center settings 4 7 Managing the license keys The opportunity to use Kaspersky Anti Spam is determined by the availability of a license key The key is included into the product package and entitles you to use the application since the date of key purchase and installation Kaspersky Anti Spam DOES NOT FUNCTION without a lic...

Page 65: ...nse to use Kaspersky Anti Spam in a timely manner You can also install a backup key which the application will start using as soon as the current key expires Control Center can be used to perform all operations related to the management of installed license keys 4 7 1 Viewing the license information You can view the license information and manage the license keys on the License License Keys page s...

Page 66: ... new license key the administrator can either use the Control Center or install the key locally from the command line In order to install a new license key using the Control Center perform the following steps 1 Open the license keys management page License License Keys 2 Use the field in the lower part of the page under the Install a New License Key section to specify the path to your license key ...

Page 67: ...oubles occurring in system functioning 4 8 1 General product status information The Monitoring General Status page provides brief information about Kaspersky Anti Spam and its main components for the system administrator see Fig 26 For each of the monitored components in addition to the status data the page may contain information about occurrence of certain events pertaining to that component Ico...

Page 68: ...r reflecting the load on the server Please refer to the manual pages for the top and uptime utilities for details on that parameter Kaspersky Anti Spam section contains a summary on the product and the status of its key components The section consists of the following fields Product full name of the installed product Version version and build number of the filtration module being used Anti Spam En...

Page 69: ...tion module being used ap process server status of filtration master process During normal process operation the line contains information about process identifier pid ap mailfilter status of the filtering processes During normal operation the line also contains information about the number of currently running processes ap spfd SPF daemon status During normal daemon operation the field displays t...

Page 70: ...t to define the category of messages which will be displayed in the log The drop down list contains the following values All messages all possible messages will be displayed Notices Warnings and Errors the page will display all messages except for informational ones Warnings and Errors the page will only display messages about fatal errors and warnings Errors only only messages about fatal errors ...

Page 71: ... their date they are supplemented by respective icons indicating the level of message importance The administrator can use the View drop down list to define the category of messages which will be displayed in the log The values in the drop down list and their meaning are identical to the ones described in the section about the filtration server monitoring page see section 4 8 1 1 on page 69 4 8 1 ...

Page 72: ... filtration server monitoring page see section 4 8 1 1 on page 69 4 8 2 Monitoring system messages and reports In addition to the monitoring tools available within the Control Center Kaspersky Anti Spam also includes the sfmonitoring script that provides for constant monitoring of the anti spam engine status The start of that script is performed automatically using the cron service After launch sf...

Page 73: ...ng p If Kaspersky Anti Spam is installed on a server running RedHat use the following command to start the sfmonitoring utility su m mailflt3 c usr local ap mailfilter3 control bin sfmonitoring parameters The messages generated by the monitoring system will be sent to the address specified on the Settings Maintenance Control Center page see section 4 6 on page 63 4 9 Kaspersky Anti Spam statistics...

Page 74: ... of processed messages for the last 7 days Last Month statistics of processed messages for the last 30 days Last Year statistics of processed messages for the last 365 days The upper part of the page contains a table with a summary of the number and size of processed messages of various types Below the table the product displays a graph demonstrating the distribution of volume between detected mes...

Page 75: ...ents which size is insignificant comparing to another segments are combined in a single segment Other The Messages and Bytes links in the lower left corner allow you to select the measurement units used for output of statistics for the processed e mail traffic i e messages or bytes respectively The Export data CSV Html links in the lower right corner are used to export the statistical data in CSV ...

Page 76: ...tion file of the mail server has been modified after Kaspersky Anti Spam installation automatic restoration of earlier settings will be impossible and the administrator will have to remove manually the changes introduced by the installer during product setup The mailflt3 user account and the mailflt3 group corresponding to it will not be deleted The administrator can remove them manually There are...

Page 77: ... the script will restore the original parameters of the mail server used before Kaspersky Anti Spam has been installed However the said script cannot be used to restore the original mail server configuration in the following cases If the mail server configuration file has been modified after Kaspersky Anti Spam setup If the server uses Exim with kas exim client plug in module If the server uses Co...

Page 78: ...riod expires the key will be blocked Question What happens when my license expires After the expiration of the license Kaspersky Anti Spam will continue operating but its database updating feature will be disabled The product will continue filtering of mail traffic but it will be unable to filter new spam types When this happens inform your system administrator or contact for license extension the...

Page 79: ...r purchase in case if you have bought the product online In addition you can contact the Technical Support service by filling a special form http www kaspersky com helpdesk Please fill in the web form carefully Enter precise information about the product of Kaspersky Lab that you are using your registration data and try to describe your problem clearly Specify the following information in mandator...

Page 80: ... Anti Spam As a result of spam recognition the message will be assigned the SPAM status and the product will apply to it the action defined in the policy assigned to the recipient s group Question When the load on server is high Kaspersky Anti Spam does not filter spam Processed messages include the following header X SpamTest Info Not processed One of the most likely causes of this problem is the...

Page 81: ...the IPv6 standard Question An attempt to integrate the product with Exim using the MTA config pl script fails The following message appears on the server s console Your Exim configuration file usr local etc exim configure already contains kas exim local_scan configuration parameters If your Exim hasn t been integrated with kas exim remove all local_scan parameters and try again This message means ...

Page 82: ...ory includes the following subdirectories def the directory that contains files required for compiling message filtering policies including source files of content filtering databases and files containing the information on filtering policies data the directory where configuration binary files are stored src the directory containing temporary representation of filtering rules used in compilation o...

Page 83: ...sky Anti Spam includes the following client modules used to integrate the product with different mail servers kas milter a client module for Sendmail mail server kas pipe a universal client module used for Postfix and Exim mail servers by default kas exim a client module for the Exim mail server alternative version kas qmail a client module for the Qmail mail server kas cgpro a client module for t...

Page 84: ...umber of mail servers This configuration requires manual adjustment of settings that control interaction of Kaspersky Anti Spam and mail server components A 2 2 Global settings of client modules Kaspersky Anti Spam version 3 0 keeps client module settings in the filtering server s global configuration file filter conf which is located in the usr local ap mailfilter3 etc directory The following set...

Page 85: ...g server The e mail messages of a greater size are allowed to pass without processing by filtering server The default value is 500 ClientMessageStoreMem minimum message size in kilobytes at which storing temporary data on disk is allowed This mode allows controlling the amount of used RAM To store all data in RAM set this parameter to 0 the default value ClientTempDir path to the temporary files s...

Page 86: ...when operating system is loading Sendmail starts before Kaspersky Anti Spam Because of this Sendmail cannot find the interaction socket and writes the following warning message to the system log WARNING Xkas local socket name socket_file missing This warning does not indicate a failure because the missing socket file is created by the kas milter module after execution of Kaspersky Anti Spam The sp...

Page 87: ...elected then the bounce message is not sent to the individual recipients Since there is no way to limit the number of simultaneous connections to the port 25 in Sendmail then the number of running ap mailfilter filtering processes depends on the number of incoming connections which can cause additional server load A 2 4 kas pipe a client module for the Postfix and Exim mail servers The kas pipe mo...

Page 88: ...ile listing the client module settings ClientConnectTo tcp 127 0 0 1 2277 ClientConnectTimeout 10 ClientDataTimeout 30 PipeInProtocol lmtp PipeOutProtocol lmtp PipeOutgoingAddr exec usr sbin sendmail bs PipeMultipleMessagesAllowed yes ClientDefaultDomain localhost ClientOnError accept ClientFilteringSizeLimit 500 In addition to the settings described earlier in the appendix A 2 2 for the kas milte...

Page 89: ...eving the IP address of the server from which a message came only when Postfix is used Possible values are yes no Pipe8BitHack use of 8BITMIME extension Possible values are yes no Specify yes if your mail server is configured for support of 8BITMIME extension PipeBufferedIO use of buffering during processing of mail messages Buffering allows you to speed up message processing by using additional v...

Page 90: ...taneous connections and uses the smtp_send_xforward_command option to transfer the IP address of the sender server to the kas pipe module To implement this scheme do the following 1 In the filter conf configuration file specify the following values ClientConnectTo tcp 127 0 0 1 2277 PipeMultipleMessagesAllowed yes PipeInProtocol smtp PipeOutProtocol smtp PipeOutgoingAddr tcp 127 0 0 1 9025 PipeUse...

Page 91: ...tfix version 2 1 and higher you can configure kas pipe to act as a proxy filter smtpd_proxy_filter In this case the reject action is used during SMTP sessions which speeds up message processing However such a configuration is recommended only when a mail server is not heavily loaded To configure kas pipe to act as a proxy filter replace the first two lines in the example above with the following s...

Page 92: ...router for the kas pipe module will be skipped because the mail was sent locally 4 Exim delivers the message to the recipient To implement this scheme do the following 1 In the filter conf configuration file specify the following values PipeInProtocol lmtp PipeOutProtocol smtp PipeOutgoingAddr exec usr local sbin exim bs 2 Modify the Exim configuration file as follows Add the following lines in th...

Page 93: ...gure the Exim mail server to work with the kas pipe module do the following If the exim4 conf template template is used for the Exim configuration add the above provided strings to the corresponding ROUTERS and TRANSPORTS sections If the templates from the etc exim4 conf d directory are used for the Exim configuration 1 In the etc exim4 conf d router directory create a new file 099_exim4 config_ka...

Page 94: ...d To recompile the Exim mail server with the integrated kas exim module do the following 1 Save the kas_exim c file located at usr local ap mailfilter3 src to the Local directory in the tree of Exim source files 2 Modify the Makefile file in the Local directory as follows CFLAGS I usr local ap mailfilter3 include EXTRALIBS_EXIM L usr local ap mailfilter3 lib lspamtest LOCAL_SCAN_SOURCE Local kas_e...

Page 95: ...ection with the filtering process data exchange timeout is exceeded etc Possible values reject reject an incoming message return the 5xx code during an SMTP session tempfail temporarily reject an incoming message return the 4xx code during an SMTP session default value accept accept a message kas_log_level detalization level of the log file The data is recorded in the Exim debugging mode Note the ...

Page 96: ...of modules when Kaspersky Anti Spam uses the kas qmail module Figure 33 Interaction of Kaspersky Anti Spam with the Qmail mail server The client module can be integrated into the Qmail mail server either manually or automatically using special scripts see section 3 5 on page 27 Manual configuration of the client module options is performed by modifying the configuration file filter conf located at...

Page 97: ...ti Spam with the Communigate Pro mail server The mail traffic is processed using the following algorithm 1 Communigate Pro passes all incoming mail to the kas cgpro client module 2 The kas cgpro module processes message modifies them inserts a special header into each message and places processed mail to the Submitted directory The DISCARD response is returned to Communigate Pro 3 The PIPE driver ...

Page 98: ...to the processed messages CGProAllTransports allows prohibits processing of mail received using all kinds of transport Possible values yes all mail is processed no only SMTP mail traffic is processed default value To configure Communigate Pro to work with the kas cgpro module do the following steps using the web interface of the mail server 1 To the Settings General Helpers menu add a new content ...

Page 99: ...dd to its database the accounts of system users you will have to create manually a mailflt3 user account in the user database of Communigate Pro When the Drop Root option is used in Communigate Pro the mail server is switched to using the privileges of user nobody The switch does not affect the kas cgpro module resulting in a loss of connection between the mail server and its client module Perform...

Page 100: ...p name or gid Filtering server settings ServerListen socket using which the filtering server interacts with the module integrated into the mail server The format of the value is tcp host port where host is the IP address or name of the mail server port is the port number that specifies a network socket and the record unix path_to_file where path_to_file is the path to the socket file specifies a l...

Page 101: ...m time in seconds during which a filtering process can be idle If a filtering process does not receive any message for processing during the specified time this process is ended The default value is 300 FilterDelayedExit 0 30 maximum time in seconds for which stopping a filtering process can be delayed after the command to stop the process is received If the value of this option differs from zero ...

Page 102: ...nalyzed The default value is no FilterStatLogFile path to the file where the application stores statistics on processed messages FilterUserLogFile path to the file defined by the user to store statistic data FilterUDSCfgFile path to the file containing the UDS configuration FilterUDSEnabled yes no parameter which enables disables mail checks using UDS FilterUDSTimeout 1 60 timeout period for estab...

Page 103: ...nished and the SPF daemon starts a new process The default value is 1000 SPFDMaxQueueSize 10 1000 maximum number of requests that can be simultaneously placed to a queue for processing The default value is 200 SPFDCleanupInterval 30 3600 frequency in seconds of the SPF daemon cache cleanups The default value is 600 General settings of client modules ClientConnectTo address of the socket through wh...

Page 104: ...s controlling the volume of the operating memory in use If the value is set to 0 default value all data are always stored in the operating memory ClientTempDir temporary files folder Control Center settings ControlCenterSendAlertsTo address where the product will send the messages from the monitoring system and the error messages pertaining to performance of scripts executed by cron service Contro...

Page 105: ...ory that stores the cgi scripts of the Management Center The default value is usr local ap mailfilter3 control www cgipat template of the names of cgi scripts The value of this option should be set to cgi A 4 Kaspersky Anti Spam utilities This section provides a description of main Kaspersky Anti Spam utilities their functional characteristics and command line options used to configure each compon...

Page 106: ... redefines the path to the filter conf configuration file If filter conf is located in a directory other than the default specify a complete path to the filter conf file as a value for the configuration_file parameter If the utility is started without command line options it outputs to server console information about all installed license keys A 4 3 install key The install key utility is intended...

Page 107: ...s the path to the kas conf script which reads Kaspersky Anti Spam configuration If kas conf is located in a directory other than the default specify a complete path to the kas conf file as a value for the kas conf_script parameter h outputs to the console information about the utility A 4 4 remove key The remove key utility is intended for removal of license keys for Kaspersky Anti Spam Startup li...

Page 108: ...tart The kas restart utility is used to restart Kaspersky Anti Spam and its separate components Startup line usr local ap mailfilter3 bin kas restart f p s m w W q d v l V details_level L details_level c configuration_file k kas conf_script h Command line options f restarts the ap mailfilter filtering processes The processes handle messages and finish their work depending on the specified delay fo...

Page 109: ...an the default specify a complete path to the filter conf file as a value for the configuration_file parameter k kas conf_script redefines the path to the kas conf script which reads Kaspersky Anti Spam configuration If kas conf is located in a directory other than the default specify a complete path to the kas conf file as a value for the kas conf_script parameter h outputs to the console informa...

Page 110: ...sfmonitoring p m q h If Kaspersky Anti Spam is installed on a server running RedHat enter the following in the command line to start the sfmonitoring utility su m mailflt3 c usr local ap mailfilter3 control bin sfmonitoring p m q h Command line options p checks the system status and outputs messages about Kaspersky Anti Spam errors to the console m checks the system status and sends a daily report...

Page 111: ...irectory other than the default specify a complete path to the kas conf file as a value for the kas conf_script parameter s skips downloading updates q enables a mode when only error messages are output to the console It is better to start this mode using the cron service v outputs console messages at a higher detalization level than used by default d outputs console messages at the maximum detali...

Page 112: ...contains a set of statuses corresponding to Kaspersky Anti Spam 2 0 In this version it is used for compatibility purposes The table below lists possible values of the headers Header Meaning Description Trusted The sender of this message is in the white list of senders or mail anti spam scanning is disabled for the recipient in group policy SPAM Message is classified as spam Probable Spam Message i...

Page 113: ...ded to messages that contain obscene phrases X SpamTest Formal header added to a message that was classified as Formal X Spamtest Rate header containing a rate assigned to the message during processing Kaspersky Anti Spam uses this value to assign a status to this email message X Spamtest Group ID header that contains the identifier of the group whose rules were used to process this message X Spam...

Page 114: ...tering by the black list of IP addresses black email list Filtering by the black list of email addresses GSG Analysis of graphic signatures headers and headers plus Analysis of headers DNSBL Filtering using DNSBL services UDS Filtering using UDS UDS BL Filtering using UDS It combines heuristic and black lists check SURBL Filtering using SURBL service Content Filtering of message content probable P...

Page 115: ...ommand usr local ap mailfilter3 bin sfupdates q Recommended startup frequency every twenty minutes To avoid overloading of updating servers provide some delay from the beginning of an hour when specifying the time when the script should be run For example 7 27 47 usr local ap mailfilter3 bin sfupdates q Monitoring script Startup command usr local ap mailfilter3 control bin sfmonitoring q Recommend...

Page 116: ...log files used by the Management Center and the statistic system Startup command usr local ap mailfilter3 control bin logrotate sh q Recommended startup frequency twice every 24 hours Upon an increase in system load you can set rotate logs more frequently Script calculating the time required to access UDS servers The application uses the uds rtts sh script to determine the time it takes to access ...

Page 117: ... The fragment below is an example of the crontab file that illustrates the above described settings MAILTO admin mycompany com PATH bin sbin usr bin usr sbin usr local bin usr local sbin HOME usr local ap mailfilter3 run 7 27 47 usr local ap mailfilter3 bin sfupdates q 5 usr local ap mailfilter3 control bin sfmonitoring q usr local ap mailfilter3 control bin dologs sh q 5 usr local ap mailfilter3 ...

Page 118: ...r messages using automatic methods and decrease dramatically the time needed for Kaspersky Anti Spam to efficiently recognize the newest methods of spam distribution Address for sending spam messages spam kaspersky com Address for sending messages erroneously recognized as spam notspam kaspersky com Examples of spam messages must be sent as attachments Mail applications have different methods of h...

Page 119: ...k Alternative Forward This command is located in the Specials menu on the toolbar To configure automatic forwarding of spam messages set up sorting rules in the message handler as follows 3 Clear the Do not send attachments check box 4 Select the Use MIME standard check box 3 To forward spam using the Microsoft Outlook Express mail client select one or several messages and apply the command Messag...

Page 120: ...comprehensive protection from current and future threats Resistance to future attacks is the basic policy implemented in all Kaspersky Lab s products The company s products consistently remain at least one step ahead of many other vendors in delivering extensive anti virus coverage for home users and corporate customers alike Years of hard work have made the company one of the top security softwar...

Page 121: ... be bundled with various integrated solutions offered by Kaspersky Lab Ltd Kaspersky OnLine Scanner This program is a free service provided to the visitors of Kaspersky Lab s corporate website The service delivers an efficient online anti virus scan of your computer Kaspersky OnLine Scanner runs directly from your browser This way users receive quick responses to questions regarding potential infe...

Page 122: ... and start up objects of Microsoft Windows Proactive protection offers the following features Controls modifications within the file system The program allows users to create a list of applications which it will control on a per component basis It helps protect application integrity against the influence of malicious software Monitors processes in random access memory Kaspersky Anti Virus 6 0 in a...

Page 123: ...ishing attacks thereby preventing confidential data leaks above all passwords bank account and credit card numbers and blocking execution of dangerous scripts on web pages pop up windows and advertisement banners The autodialer blocking feature helps identify software that attempts to use your modem for hidden unauthorized connections to paid phone services and blocks such activity Kaspersky Inter...

Page 124: ...Microsoft Windows Novell NetWare Linux and Samba from all types of malware The suite includes the following Kaspersky Lab applications Kaspersky Administration Kit Kaspersky Anti Virus for Windows Server Kaspersky Anti Virus for Linux File Server Kaspersky Anti Virus for Novell Netware Kaspersky Anti Virus for Samba Server Features and functionality Protects server file systems in real time All se...

Page 125: ...users The suite includes four programs Kaspersky Work Space Security Kaspersky Business Space Security Kaspersky Enterprise Space Security Kaspersky Total Space Security Specifics on each program are given below Kaspersky WorkSpace Security is a program for centralized protection of workstations inside and outside of corporate networks from all of today s Internet threats viruses spyware hacker at...

Page 126: ... Kaspersky Business Space Security provides optimal protection of your company s information resources from today s Internet threats Kaspersky Business Space Security protects workstations and file servers from all types of viruses Trojans and worms prevents virus outbreaks and secures information while providing instant access to network resources for users Features and functionality Remote admin...

Page 127: ...for users Features and functionality Protection of workstations and file servers from viruses Trojans and worms Protection of Sendmail Qmail Postfix and Exim mail servers Scanning of all e mails on Microsoft Exchange Server including shared folders Processing of e mails databases and other objects for Lotus Domino servers Protection from phishing attacks and junk mail preventing mass mailings and ...

Page 128: ...ternet and ensures secure e mail communications Features and functionality Comprehensive protection from viruses spyware hacker attacks and spam on all levels of the corporate network from workstations to Internet gateways Proactive Defense for workstations from new malicious programs whose signatures are not yet added to the database Protection of mail servers and linked servers Scans Internet tr...

Page 129: ...tic database updates Kaspersky Security for Mail Servers This program is for protecting mail servers and linked servers from malicious programs and spam The program includes application for protecting all standard mail servers Microsoft Exchange Lotus Notes Domino Sendmail Qmail Postfix and Exim and also enables you to configure a dedicated e mail gateway The solution includes Kaspersky Administra...

Page 130: ... organization s employees automatically deleting malware and riskware from the data incoming on HTTP FTP The solution includes Kaspersky Administration Kit Kaspersky Anti Virus for Proxy Server Kaspersky Anti Virus for Microsoft ISA Server Kaspersky Anti Virus for Check Point FireWall 1 Its features include Reliable protection from malicious or potentially dangerous programs Scans Internet traffic...

Page 131: ...filtration database adding samples provided by the Company s linguistic laboratory specialists Databases are updated every 20 minutes Kaspersky Anti Virus for MIMESweeper Kaspersky Anti Virus for MIMESweeper provides high speed scanning of traffic on servers running Clearswift MIMEsweeper for SMTP Clearswift MIMEsweeper for Exchange Clearswift MIMEsweeper for Web The program is a plug in and scans...

Page 132: ...ing features or use of this software must display the following acknowledgement This product includes software developed by the University of California Berkeley and its contributors Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REG...

Page 133: ...are or portions thereof for any purpose without fee subject to these conditions 1 If any part of the source code for this software is distributed then this README file must be included with this copyright and no warranty notice unaltered and any additions deletions or changes to the original files must be clearly indicated in accompanying documentation 2 If only executable code is distributed then...

Page 134: ... patents owned by IBM AT T and Mitsubishi Hence arithmetic coding cannot legally be used without obtaining one or more licenses For this reason support for arithmetic coding has been removed from the free JPEG software Since arithmetic coding provides only a marginal gain over the unpatented Huffman mode it is unlikely that very many implementations will support it So far as we are aware there are...

Page 135: ...rmitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The name of the...

Page 136: ...ECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SU...

Page 137: ...UTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE libpatricia library can be used on the following terms and conditions Copyright c 1997 1998 1999 Th...

Page 138: ...s PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language Release 5 of PCRE is distributed under the terms of the BSD licence as specified below The documentation for PCRE supplied in the doc directory is distributed under the same terms as the software itself Written by Philip Hazel ph10 cam ac uk University...

Page 139: ...ricted use provided that this legend is included on all tape media and as a part of the software program in whole or part Users may copy or modify Sun RPC without charge but are not authorized to license or distribute it to anyone else except as part of a product or program developed by the user SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE WARRANTIES OF DESIGN MERCHANTIBI...

Page 140: ...moved or altered from any source distribution Jean loup Gailly Mark Adler jloup gzip org madler alumni caltech edu The data format used by the zlib library is described by RFCs Request for Comments 1950 to 1952 in the files ftp ds internic net rfc rfc1950 txt zlib format rfc1951 txt deflate format and rfc1952 txt gzip format expat library can be used on the following terms and conditions Copyright...

Page 141: ...hereby granted without fee provided the above notices are retained on all copies Permission to modify the code and to distribute modified code is granted provided the above notices are retained and a notice that the code was modified is included with the above copyright notice libmilter library can be used on the following terms and conditions The following license terms and conditions apply unles...

Page 142: ...t c 1998 2004 Sendmail Inc All rights reserved 4 Neither the name of Sendmail Inc nor the University of California nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission The name sendmail is a trademark of Sendmail Inc 5 All redistributions must comply with the conditions imposed by the University of Calif...

Page 143: ...SSL toolkit stays under a dual license i e both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please contact openssl core openssl org OpenSSL License Copyright c 1998 2004 The OpenSSL Project All rights reserv...

Page 144: ...QUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptogra...

Page 145: ...ryptographic can be left out if the rouines from the library being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES...

Page 146: ...BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE mcpp front end program can be used on the following terms ...

Page 147: ...AL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE ...

Page 148: ...HE CD s SLEEVE DOWNLOAD INSTALL OR USE THIS SOFTWARE IN ACCORDANCE WITH THE LEGISLATION REGARDING KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS KASPERSKY ANTI VIRUS PERSONAL KASPERSKY ANTI VIRUS PERSONAL PRO KASPERSKY ANTI HACKER KASPERSKY ANTI SPAM PERSONAL KASPERSKY SECURITY SUITE PERSONAL KASPERSKY SECURITY FOR PDA PURCHASED ON LINE FROM THE KASPERSKY LAB INTERNET WEB SITE CUSTOMER SHALL...

Page 149: ...ware is in use on a Client Device when it is loaded into the temporary memory i e random access memory or RAM or installed into the permanent memory e g hard disk CD ROM or other storage device of that Client Device This license authorizes you to make only as many back up copies of the Software as are necessary for its lawful use and solely for back up purposes provided that all such copies contai...

Page 150: ...you have obtained then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the license you have obtained This license authorizes you to make or download such copies of the Documentation for each Client Device or seat that is licensed as are necessary for its lawful use provided that each such copy contains all of the Do...

Page 151: ... transfer of data to other countries outside your own as set out in the Privacy Policy iv Support Services means a Daily updates of the anti virus database b Free software updates including version upgrades c Extended technical support via e mail and phone hotline provided by Vendor and or Reseller d Virus detection and disinfection updates 24 hours per day 4 Ownership Rights The Software is prote...

Page 152: ...e item v The warranty in i shall not apply if you a make or cause to be made any modifications to this Software without the consent of Kaspersky Lab b use the Software in a manner for which it was not intended or c use the Software other than as permitted under this Agreement vi The warranties and conditions stated in this Agreement are in lieu of all other conditions warranties or other terms con...

Page 153: ... prior understandings undertakings and promises between you and Kaspersky Lab whether oral or in writing which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the matters aforesaid shall cease to have effect as from the Effective Date Save as provided i...