KAPERSKY ANTI-VIRUS 5.0 - FOR SAMBA SERVERS, Administrator'S Manual

Page 1: ...KASPERSKY LABS Kaspersky Anti Virus 5 0 for Linux FreeBSD and OpenBSD File Server ADMINISTRATOR S GUIDE...

Page 2: ...A S P E R S K Y A N T I V I R U S 5 0 F O R L I N U X F R E E B S D A N D O P E N B S D F I L E S E R V E R Administrator s guide Kaspersky Labs Ltd http www kaspersky com Revision date November 2003...

Page 3: ...earlier version 14 2 1 3 Copying the distribution files 15 2 1 4 License key installation 15 2 1 5 Completing the installation 16 2 1 6 Installation report 16 2 2 Installing the program on a server r...

Page 4: ...Command line syntax for the aveclient client component 43 5 2 3 Additional opportunities for integration with third party software 45 5 3 Localization of the format of time and date display 45 5 4 Par...

Page 5: ...file vox sh for disinfecting tar and zip archives 70 APPENDIX B MALICIOUS PROGRAMS IN THE UNIX ENVIRONMENT 73 B 1 Viruses 73 B 2 Trojan horses 74 B 3 Internet worms 75 APPENDIX C KASPERSKY LABS LTD 78...

Page 6: ...stem For the latter disinfected and password protected files can also be quarantined as well as files that fail to be scanned because of an error Update the program s anti virus database Anti virus da...

Page 7: ...In this connection the configuration of the entire product has been transferred from a binary to a text framework The possibility has been added to configure formats of time and date representation in...

Page 8: ...ons based on product use duration usually limited to one year from the date of purchase 1 3 Hardware and software requirements In order to function properly Kaspersky Anti Virus needs a system complyi...

Page 9: ...ure to thoroughly review the license agreement When purchasing Kaspersky Anti Virus in the Web shop you download the product from Kaspersky Labs website The distribution file contains the product and...

Page 10: ...nu titles commands window titles dialog elements etc Note Additional information notes Attention Very important information To do this 1 Step 1 2 Actions that must be taken Task Example of a user defi...

Page 11: ...ky Anti Virus for Unix is supplied as an archive The archive contains the directory tree with the distribution package files and the installation script install pl hereinafter also referred to as the...

Page 12: ...ribution package archive to the server s file system directory 2 Unpack the archive using the command tar zxvf archive name After this several files will be extracted from the archive including the in...

Page 13: ...vent that an earlier version of the product is detected the administrator will be offered the opportunity to archive the previously installed Kaspersky Anti Virus creating a backup copy and then to de...

Page 14: ...converted file will be assigned the name of Kaspersky Anti Virus version 5 0 configuration file etc kav 5 0 kav4unix conf If you do not want to replace the configuration file included in the distribut...

Page 15: ...d and the files are copied Since the distribution package of Kaspersky Anti Virus includes only the remote administration module of the Webmin package during file copying the installer searches for We...

Page 16: ...installation steps described above are finished successfully the appropriate message will be output to the console The configuration file included in the distribution package contains all the settings...

Page 17: ...rpm package To start the installation of Kaspersky Anti Virus from the rpm package type the following in the command line rpm i distribution_file_name Kaspersky Anti Virus will be installed automatic...

Page 18: ...rib config pl will be launched automatically 2 3 Installing the program on a server running FreeBSD or OpenBSD For servers running the FreeBSD or OpenBSD operating systems the distribution package of...

Page 19: ...d take an in depth look at the configuration required to use the product 3 1 Setting up the program by default All the parameters of Kaspersky Anti Virus for Unix are stored in the file kav4unix conf...

Page 20: ...w viruses appear every day and it is important to maintain up to date status of the product For more information regarding database updating refer to the sections 4 1 1 4 1 2 on pages 23 25 3 3 Settin...

Page 21: ...following 1 Specify the name of the alternative file on the Configuration tab see Figure 1 in the field Full path to KAV config 2 Set the required parameters for file system antiviral protection on th...

Page 22: ...administrator has adjusted the post installation settings see Chapter 3 on page 19 4 1 Anti virus database updating An essential part of comprehensive antiviral protection is anti virus database updat...

Page 23: ...uters to download database updates from this directory We strongly recommend that you update the anti virus database every day Database updating can be carried out using cron see section 4 1 1 on page...

Page 24: ...of program operation to the end of the existing report file system log in this case If no value is entered in the Report file name field then the program s operation results will be saved in the syst...

Page 25: ...the rules of the cron process operation crontab e 3 Input the following line 0 7 opt kav bin kavupdater 4 1 2 One time update of the anti virus database You can start anti virus database updating fro...

Page 26: ...he network directory home base where the database is stored into the first position 2 Turn random selection of update servers off Uncheck the box Random server order on Kaspersky Anti Virus KeepUp2Dat...

Page 27: ...s where the database is stored in the first position 2 Turn random selection of update servers off by setting RandomServerOrder no in configuration file 3 In the command line type kavupdater s etc kav...

Page 28: ...therefore running any other processes at the same time is not recommended To avoid these problems we advise that you scan individual directories instead 4 2 1 Launching directory scan from the command...

Page 29: ...following line 0 path to kavscanner c etc kav scanhome conf home 4 2 3 Moving objects to a separate directory quarantine You can set up Kaspersky Anti Virus so that it will move all infected objects...

Page 30: ...fection For this purpose make the following settings in the Scan settings section Cure Disable cleaning of infected objects Use heuristic Enable heuristic code analyzer Recursion Disable recursive sca...

Page 31: ...t statuses thus extending the functionality of Kaspersky Anti Virus 4 2 4 1 Cleaning infected objects in archives Kaspersky Anti Virus does not disinfect archived files it only detects suspicious and...

Page 32: ...he Kasperksy Anti Virus Scanner tab of the Webmin program see Figure 4 exec tmp kavscanner test vox sh FULLPATH FILENAME 2 Press the Start button for the Kaspersky Anti Virus On Demand Scanner compone...

Page 33: ...Working with Kaspersky Anti Virus 33 Other KAV for Unix AV File Check Figure 4 Kaspersky Anti Virus On Demand Scanner Other KAV for Unix AV Run Start Figure 5 Scan area definition tab or...

Page 34: ...ted file systems The object set up administrator notification if any infected files or archives are detected in the mounted file systems during each scan of the server carried out with the parameters...

Page 35: ...nformation dealing with the license you have purchased including type of license expiration date and information about distributors etc Besides the rights to use the product during the licensed period...

Page 36: ...network that has access to the Webmin program In order to view the information about all the license keys do the following On the Kaspersky Anti Virus for Unix tab of the Webmin program select Key In...

Page 37: ...3 Serial 0038 000419 0003D3EA Kaspersky Anti Virus for Personal Linux expires 04 07 2003 in 28 days 4 3 2 Renewing the license Renewal of the license for Kaspersky Anti Virus will give you the right t...

Page 38: ...ppropriate form on our web site www kaspersky com in the section Buy on line For Linux users After your payment is received we shall send you the license key using the e mail address specified in the...

Page 39: ...39 File check and disinfection mode see section 5 1 2 on page 40 Actions to be taken to the files see section 5 1 3 on page 41 Parameters of generating work results report see section 5 3 on page 45...

Page 40: ...meter or r key You can set file and directory masks or disable the recursive scanning remotely using the Webmin program on the tab Kaspersky Anti Virus On Demand Scanner see Figure 4 Create an alterna...

Page 41: ...canner tab of the Webmin program see Figure 4 5 1 3 Actions taken with the files Depending on the status of the file see section 5 1 2 on page 40 different actions can be taken with it By default noti...

Page 42: ...e actions remotely using the Kaspersky Anti Virus On Demand Scanner tab of the Webmin program see Figure 4 Specify the actions in the alternative configuration file and use it when launching the compo...

Page 43: ...the object in accordance with its current settings During the procedure it does not waste time loading anti virus databases This is in contrast with the kavscanner component which terminates after eac...

Page 44: ...g in the command line aveclient p var run aveserver c As a result a message telling whether aveserver is running will be displayed together with information on installed anti virus databases and licen...

Page 45: ...t SDK Integration can be achieved using the command line an interface implemented in the C programming language or directly through a protocol supported by the daemon via Unix sockets or TCP IP Kasper...

Page 46: ...e results of antiviral processing of the server s file system are also output to the console By default the same information is displayed and output to the report If you want to have different informa...

Page 47: ...ess of the set level of detail The optimal level of detail is 3 which is set by default The general format used to output information according to any of the above levels of detail is as follows date...

Page 48: ...ile_name result virus_name Short message format ShowObjectResultOnly yes file_name result where virus_name is the name of the virus for the events CURED INFECTED CUREFAILED WARNING and SUSPICION For o...

Page 49: ...R The file cannot be checked due to an error e g if a corrupted archive was processed PROTECTED The file cannot be checked because it is encrypted CORRUPTED The file is corrupted 5 4 2 Format of other...

Page 50: ...the console is governed by the presence of the q key in the command line when launching the component If the key is added the information will not be output to the console Output of messages regarding...

Page 51: ...Advanced settings 51 The scanning report detail level is adjusted by the key x option in the command line on condition that the display section is present...

Page 52: ...rating system please refer to section 1 3 on page 8 If your distribution is 100 compatible with a supported one e g ASPLinux is compatible with Red Hat Linux then it is very unlikely that you will exp...

Page 53: ...te using the kavupdater component Even if you download the database without using kavupdater Kaspersky Anti Virus will not use it Therefore we will no longer be able to guarantee protection against ne...

Page 54: ...inux Webmin cannot access settings of the licensed users list 2 Compose your mails in plain text format Avoid sending HTML messages 3 At the beginning of the message specify the exact versions of the...

Page 55: ...to a file text_file Full path to the file where the information will be saved For example kavupdater updater log 2 1 In this case all the standard output messages and error messages of the kavupdater...

Page 56: ...ave to log on as the root user Installation log file Names and sizes of the files installed as part of Kaspersky Anti Virus must be exactly the same as specified in the installation log file In order...

Page 57: ...files with settings are stored kav4unix conf The configuration file servers lst The file containing the list of anti virus database update servers locations The installation result report This file i...

Page 58: ...that define the paths to critical files without these the program will not work BasesPath var db kav 5 0 kav4unix bases Full path to the anti virus database BackUpPath var db kav 5 0 kav4unix bases ba...

Page 59: ...n text format message scanning mode To disable the mode set the parameter to no Heuristic yes This mode defines whether or not to use the heuristic code analyzer during scanning To disable the mode se...

Page 60: ...ENAME File name without its path The scanner container section includes parameters that define the actions to be taken to archives during antiviral protection of the server s file systems OnInfected a...

Page 61: ...set the parameter to no ShowContainerResultOnly yes The mode in which the results of archive scanning are shown in the report in short format In order to display extended report set the parameter to...

Page 62: ...o no ReportLevel 10 Level of detail of the report The aveserver options section contains the parameters of aveserver functioning that come into effect immediately after the component start DetachFromT...

Page 63: ...tion file parameters can be redefined using command line keys Below is a detailed explanation Help options h Output help on the kavscanner component to the console v Display the version of the program...

Page 64: ...nformation contained in it The following levels of detail can be used as the option 1 Enable disable messages regarding other errors 2 Enable disable informational messages 3 Enable disable messages r...

Page 65: ...d objects to the file file_name s Save the list of suspicious objects to the file file_name c Save the list of corrupted objects to the file file_name w Save a list of objects the code of which is sim...

Page 66: ...ed 20 Suspicious files were detected 21 Files with code similar to that of known viruses were detected 25 Infected files were detected 30 System error during file scanning 50 Unable to load the anti v...

Page 67: ...led license keys to the console c C file_path Use alternative configuration file file_path k file_path Display on the console the information regarding the key file_path Report generation options q Do...

Page 68: ...file_path A 7 The kavupdater component return codes During its work the kavupdater component can return the following codes 0 No anti virus database updating is required 1 The anti virus database was...

Page 69: ...Scan task is running p Path to the local aveserver socket required parameter A 9 The aveclient component return codes The aveclient component may return the following codes while running the Query tas...

Page 70: ...fully 6 Indefinite scanning result the file is either password protected or encrypted 7 A system error occurred during the start of the aveclient component file not found file inaccessible for reading...

Page 71: ...zxf name KAVKAVSCANNER c CONF i3 TEMP cd TEMP tar czf sname tgz for i in list do j i rm j done mv TEMP sname tgz SPWD sname tgz cure rm rf TEMP zip elif suf zip then list unzip l name unzip name d TE...

Page 72: ...Virus 5 0 for Linux FreeBSD and OpenBSD File Server elif suf rar then list rar l name rar x name TEMP KAVKAVSCANNER c CONF i3 TEMP cd TEMP zip sname zip r echo SPWD mv TEMP sname zip SPWD sname zip c...

Page 73: ...iruses reveals that it is usually file viruses that target Unix systems They write their code into executable files or create duplicates According to the operation algorithm viruses can be divided int...

Page 74: ...uter Linux Diesel Not dangerous non resident Linux virus that infects Linux executable files The virus operation algorithm Having started the virus reads its binary code from the carrier file searches...

Page 75: ...is flooded until the computer reaches a certain bandwidth limit Then this user is also disconnected from the IRC channel Root kit This is a program package used by the intruder to get root access to...

Page 76: ...tion the IP address logins and passwords writes it to a file named mail log and sends it to the address 1i0nsniffer china com In addition the worm attempts to connect to the Internet site www 51 net t...

Page 77: ...ads the rest of its code and runs it Source of spreading Via the network It spreads its copies infects remote Linux systems exploiting a loophole in the Linux security system the so called buffer over...

Page 78: ...uter virus activities enables the company to deliver comprehensive protection from current and even future threats Resistance to future attacks is the basic policy implemented into all of Kaspersky La...

Page 79: ...cious ActiveX and Java applets etc The program constantly controls all possible sources of virus penetration such as e mail Internet floppy disks CDs etc Kaspersky Anti Virus Personal is supplied with...

Page 80: ...ssing the network This helps deliver enhanced privacy and 100 security of confidential data stored on your computer The product s SmartStealth technology prevents hackers from detecting your computer...

Page 81: ...i Virus Business Optimal distribution kit includes Kaspersky Administration Kit a unique tool for automated deployment and administration You are free to choose from any of these anti virus programs a...

Page 82: ...analysis with all modern methods of e mail filtration including RBL lists and formal letter features Its unique combination of services allows users to identify and wipe out up to 95 of unwanted traf...

Page 83: ...Appendix C 83 General information WWW http www kaspersky com http www viruslist com E mail sales kaspersky com...

Page 84: ...t Buy offline 9 Buy online 9 File system scanning 6 27 Administrator notification 34 Scripts use 31 Installation CD 9 License agreement 9 License key 8 15 35 36 37 53 Quarantine 6 29 60 Technical supp...