KAPERSKY ANTI-VIRUS - FOR SUN SOLARIS MAIL SERVER, User Manual

Page 1: ...KASPERSKY LAB Kaspersky Anti Virus for Sun Solaris Mail Server USERGUIDE...

Page 2: ...K A S P E R S K Y A N T I V I R U S F O R S U N S O L A R I S M A I L S E R V E R User Guide Kaspersky Lab Ltd http www kaspersky com Revision date February 2002 1...

Page 3: ...2 2 Backing up your installation diskettes 16 2 3 Step By Step Installation 16 2 4 Preparing to run 18 2 4 1 Editing the ini file 18 2 4 2 Editing the path to temporary files 19 2 4 3 Customizing sof...

Page 4: ...ked executables 41 5 3 2 5 Archives 42 5 3 2 6 Mail databases and plain mail files 43 5 3 2 7 Embedded OLE objects 44 5 3 3 Defining anti virus actions 44 5 3 4 Defining the advanced scanning tools to...

Page 5: ...2 3 To check or not to check 79 7 6 2 4 Defining after check processing of a message 79 7 6 2 5 Filtering mail by the files attached 84 7 6 2 6 Delivering infected messages to the administrator 85 7...

Page 6: ...onWith page 112 9 9 The Customize page 114 10 WEBTUNER REMOTE ADMINISTRATION PROGRAM 116 10 1 Functions and features 116 10 2 General concept of the program performance 117 10 3 Installing WebTuner Ac...

Page 7: ...52 10 9 WebTuner administering Updater 153 10 10 WebTuner administering Keeper 156 10 10 1 Keeper settings 156 10 10 2 The main page identification settings and communication with Daemon 159 10 10 3 D...

Page 8: ...Updating from an archive 187 11 4 Saving the report to a file 188 12 INSPECTOR MONITORING FILESYSTEM INTEGRITY 189 12 1 Function and Features 189 12 2 Running Inspector 190 12 2 1 The Program Command...

Page 9: ...tor command line switches 228 15 9 Control Centre command line switches 231 15 10 Updater command line switches 235 15 11 Keeper for sendmail configuration file kaspersky av mc 238 15 12 Keeper for Po...

Page 10: ...a software product that is designed to search for and delete viruses1 from Sun Solaris It allows detection and deletion of all currently known types of viruses and malware codes including polymorphic...

Page 11: ...ed by other components when checking for viruses When checking for viruses Kaspersky Anti Virus for Sun Solaris Mail Server uses virus definition databases that contain information allowing detection...

Page 12: ...erver components can be coordinated by means of the kavucc program Control Centre allowing a user to schedule automatic starts of the components and display information about the licensed traffic and...

Page 13: ...the LA 1 2 3 Registration card To register please fill the detachable coupon of your registration card your full name phone e mail address and mail it to the dealer that sold this kit to you If your...

Page 14: ...y Lab does not give advice on the performance and use of your operating system or various other technologies 1 4 Information in the book What is in this documentation and what is not This book contain...

Page 15: ...information To do this 1 Step 1 2 Actions that must be taken Function of the control function of the control Description of the settings tree switch function of the switch Command line switches Strin...

Page 16: ...quirements In order to run Kaspersky Anti Virus for Sun Solaris Mail Server you need a system that meets the following requirements 64 Mb of Ram preinstalled Sun Solaris version 7 or 8 There are speci...

Page 17: ...ll Kaspersky Anti Virus for Sun Solaris Mail Server To install Kaspersky Anti Virus for Sun Solaris Mail Server on a computer follow these steps 1 Copy the archive from the installation CD installatio...

Page 18: ...s on how to launch Updater refer to subchapter 11 2 If required before launching your copy of Updater edit the BasePath value in the file AvpUnix ini The BasePath parameter defines the path to the vir...

Page 19: ...d in one of the following directories 1 AVP a user directory For example root AVP or home user1 AVP 2 opt AVP etc 3 etc AVP When started the program searches for the file AvpUnix ini in the directorie...

Page 20: ...he programs will operate as demo versions i e they will be disabled to delete the viruses detected and to scan for viruses in archives and mail databases It is advisable that you specify an absolute p...

Page 21: ...follow these steps 1 Create the subdirectory AVP e g root AVP in the home directories of those users 2 Copy AvpUnix ini and defUnix prf to those subdirectories 3 If necessary edit the profile see Appe...

Page 22: ...le those objects advanced scanning tools to be used etc The program loads scanning settings from a profile the prf extension file that is define in the DefaultProfile line of your AvpUnix ini or from...

Page 23: ...the same operation in defUnix prf open it in a text editor of your choice and specify the following values Names root RedundantScan Yes CodeAnylyser Yes 3 2 Starting to check How to start checking fo...

Page 24: ...d kavdaemon o home Daemon inherits all functions of Scanner but there are some differences in command line switches that are related to features of the process see chapter 6 To check for viruses in ma...

Page 25: ...your computer from new viruses it s advisable to update your virus definition databases on a regular basis Updater that is supplied with Kaspersky Anti Virus for Sun Solaris Mail Server allows you to...

Page 26: ...cially developed script file If your Scanner when started does not detect the key file the program will function as a demonstration copy i e it will be disabled from scanning for viruses in archives a...

Page 27: ...le it will use its default settings Finally settings from the profile may be redefined by available command line switches If you want to load settings from a profile that is different from that define...

Page 28: ...fter this the anti virus scanner checks for viruses in itself the kavscanner executable module If your anti virus scanner is infected with a virus the program will ask whether you want to disinfect th...

Page 29: ...jects infected with a virus try to disinfect them Unfortunately sometimes it is impossible to do Scanner displays the corresponding message In this case infected objects must be deleted Scanner does n...

Page 30: ...ly disInfect or Delete Action_2 and Action_3 are the other two methods of the three listed above The Cancel and Stop commands are always at the end of the string To select the default method you may p...

Page 31: ...you specified in the previous dialog Results of the check will be logged 4 2 3 Handling corrupted objects As we mentioned already infected objects sometimes cannot be disinfected because some viruses...

Page 32: ...ete viruses from mail messages see chapter 7 The scanner does not disinfect and delete infected objects if they are archived but you may try the following method to disinfect them extract the archive...

Page 33: ...eleted The statistics table is divided into two columns Its left column displays values for objects that have been checked sectors files directories packed files and archives Here you may also see the...

Page 34: ...s about infected objects and general statistics will be logged if you preset the program to do so To process and summarize data within the performance reports and to review details of scanning operati...

Page 35: ...omputer you must define Location to be checked system sectors including Boot Sector Master Boot Record Partition Table files on local network and external disks floppy LS 120 CD The sector check funct...

Page 36: ...the check report and the performance statistics to a file 5 2 How to change settings How to change settings command line switches profile and configuration program Recommendations on use of various se...

Page 37: ...a separate location to be checked Location to be checked Objects to be checked Individual settings for locations to be checked 5 3 1 Defining the location s to be checked Before changing other setting...

Page 38: ...luding or excluding them from the check Now you simply prefix them with or You may also specify the location by command line switches for details see subchapter 4 1 If you do not have rights to access...

Page 39: ...subchapter 5 3 2 5 mail databases and plane mail files see subchapter 5 3 2 6 OLE objects embedded in the examined files see subchapter 5 3 2 7 If you started the program with no predefined objects to...

Page 40: ...ccess and Java applets Thereby this value scans all the files that are capable of containing a virus code 1 scans all the files with extensions bat bin cla cmd com cpl dll doc dot dpl drv dwg eml exe...

Page 41: ...te them by commas or spaces This parameter corresponds to the command line switch XF filemasks where filemasks must be substituted with the file masks to be excluded from the check 3 In the ExcludeDir...

Page 42: ...the most popular utilities DIET PKLITE LZEXE EXEPACK etc to temporary files so the anti virus scanner can check them When the check is completed the temporary files are deleted The unpacking engine ge...

Page 43: ...rs and the virus will be inactive and therefore invisible to you but some day the virus may break loose and ruin your system To enable the extracting engine 1 Type Yes in the Archives line of the prof...

Page 44: ...Express pst and pab files a type of MS Mail archive Microsoft Internet Mail mbx files a type of MS Internet Mail archive Eudora Pro Lite Pegasus Mail Netscape Navigator Mail JSMail SMTP POP3 server us...

Page 45: ...ile Otherwise type No 5 3 3 Defining anti virus actions In the appropriate lines of the Object section of a profile you can define actions that should be taken on infected suspicious and corrupted obj...

Page 46: ...see subchapter 4 2 3 You can preset the anti virus scanner to automatically disinfect infected objects with the command line switch or I2 There are available two more command line switches for this a...

Page 47: ...to a separate directory type Yes in the Backupinfected line of the profile The directory for copies of the infected files must be defined in the appropriate line of the ActionWithInfected section of...

Page 48: ...virus body will be deleted but some of its parts will remain in the file This is the case when you need to run the redundant scan operation that will check not only the file entry points but also the...

Page 49: ...unknown Windows virus Formula the Excel file contains suspicious instructions Of course just like any other of the type the heuristic algorithm may occasionally produce false alarms however Code Analy...

Page 50: ...scanning rate and increases the probability of false alarms 5 4 Settings for the cumulative location to be checked 5 4 1 Cumulative settings Unlike settings for a separate location to be checked that...

Page 51: ...operations are located in the Options and Tempfiles sections of a profile These parameters allow you to define scanning of directories located on removable disks scanning of links and subdirectories g...

Page 52: ...the Deleteallmessage line of the Customize section of a profile If you type No the program will be deleting the objects without the confirmation The setting will be used only for that location to be...

Page 53: ...tions section 0 do not check files and directories available via the symbolic links 0 in the Symlinks line corresponds to the command line switch LP 1 check only files and directories available via th...

Page 54: ...line The temporary files exceeding this size will be created on the hard drive This setting will be used only if you entered a positive value Yes in the UseMemoryFiles line of the Tempfiles section 3...

Page 55: ...d files to a separate folder in the ActionWithInfected section of a profile Type Yes in the InfectedCopy line Define a path to the folder for infected files in the InfectedFolder line The default fold...

Page 56: ...ious files and corr for corrupted files To change the name of the owner of infected suspicious and corrupted files that the program failed to desinfect define the target name in the ChownTo lines of t...

Page 57: ...ll be created in your home directory To limit the size of your log file Type Yes in the ReportFileLimit line Define the maximum size in Kb in the ReportFileSize line To append new reports to the conte...

Page 58: ...to the report heading The program may be enabled to log check reports to the system or the user log To add check results to the system log type Yes in the UseSysLog line Type No to add check results t...

Page 59: ...bles and the switch O disables the messages ShowPack reports packed and archived objects Type Yes to enable these messages or No to disable them This parameter corresponds to the command line switch K...

Page 60: ...e functions of Scanner therefore our description of the Scanner capabilities can be applied to Daemon Unlike the anti virus scanner Daemon loads virus definition databases into the memory just once wh...

Page 61: ...s The Daemon command line Command line switches specific to the daemon process The Daemon profile as compared with the anti virus scanner Daemon can be launched from the command line script files and...

Page 62: ...ter the check and disinfecting is completed without starting the daemon process This switch is used only if the daemon process is not started yet k kills the parent daemon process This switch is not r...

Page 63: ...ommand line the daemon process will not be started If the process has been started the Daemon program establishes a data link with it and uses this link to transfer the command string with scanning se...

Page 64: ...e command param substring transfers the file name and parameters of the command line In the simplest case just the file name will be transferred In this case the string can look similar to the followi...

Page 65: ...ns standard exit codes or the value 0x3f in this case the client program must return the operation to be applied by the daemon process to the object The high byte contains flags defining further opera...

Page 66: ...is designed to handle viruses in incoming and outgoing SMTP traffic The program is built into the mail server in order to check for viruses in the traffic passing through Currently there are fours ve...

Page 67: ...For the message recipient notify the recipient about the infected message detected see subchapter 7 6 2 4 1 block the message from being delivered to the recipient mailbox see subchapter 7 6 2 4 2 pa...

Page 68: ...rom your mc file To do this copy the file keeper m4 to the directory sendmail cf mailer go to the directory sendmail cf cf and produce the file sendmail cf listen by entering the following string m4 k...

Page 69: ...subchapter 7 6 5 4 Launch the following two processes usr sbin sendmail bd C etc mail sendmail cf listen usr sbin sendmail q1m C ect mail sendmail cf The installation utility for details see chapter 2...

Page 70: ...ram Before you begin the integration procedure you must know the location of the Qmail system on the server As a rule it is located in the directory var qmail You must also know how to restart the mai...

Page 71: ...subchapter 10 10 3 4 use the Group administrator address text field to specify an e mail address or an alias of the administrator 5 Define the parameters of communication between Keeper and the daemon...

Page 72: ...filter argv opt AVP kavkeeper kavkeeper localhost 10026 inet n n 10 smtpd o content_filter o myhostname hostname 4 Create the filter user by entering the following string adduser filter 5 Create a hom...

Page 73: ...ration Integration of Kaspersky Anti Virus for Sun Solaris Mail Server with the Exim mail system can be implemented by starting the install exim script file or manually To integrate the program manual...

Page 74: ...name where Keeper will be running in the Hostname text field enter the From address for notifications in the Keeper e mail text field On the groups page see subchapter 10 10 3 1 select the required g...

Page 75: ...s groups Every address group has its own name and is defined by the list of incoming and outgoing addresses For example you can preset the program to delete infected messages with the To address user...

Page 76: ...and wants to be informed about the infected messages that have been processed In this case the program must be preset to deliver the disinfected messages to the recipient mailboxes and to forward a c...

Page 77: ...detected the program applies the group processing rules to the message The search for a message s addresses in the address group is performed in compliance with POSIX REGEXP For the program to apply s...

Page 78: ...lt group If the To and the From addresses of a message are detected in several groups the program will apply processing rules defined for the first of these groups 2 If the address is not detected in...

Page 79: ...t of masks for the From addresses to be checked for viruses by the Keeper program in the Sender mask text field of the Group group_name dialog box on your screen 6 Enter the mask or the list of masks...

Page 80: ...program to notify a recipient about an infected message follow these steps 1 On the groups page see subchapter 10 10 3 1 select the required group name and press the properties button 2 On the recipie...

Page 81: ...Remove from the corresponding Object action drop down list The program will send the notification to the recipient without the infected object attached to it Figure 2 The notification as it looks in t...

Page 82: ...send notification of an infected message and the message disinfected if possible and attached to it follow these steps 1 On the recipient page check the Add report check box for the Infected object ty...

Page 83: ...ject action drop down list The program will send notification to the recipient with the disinfected message attached to it If the object could not be disinfected it will be deleted Figure 5 The notifi...

Page 84: ...or details refer to subchapter 10 10 6 4 On the recipient page see subchapter 10 10 3 6 check the Block mail check box for the Infected object type and select Unchanged from the corresponding Object a...

Page 85: ...set the program to pass messages without checking them follow these steps 1 On the masks page uncheck the Check this group check box for the selected group 2 On the recipient page check the Add report...

Page 86: ...d 10 10 3 6 7 6 2 6 Delivering infected messages to the administrator To set the program to forward infected messages detected to the administrator follow these steps 1 On the masks page see subchapte...

Page 87: ...out infected message delivered from his or her mailbox follow these steps 1 On the masks page check the Check this group check box for the selected group 2 On the sender page check the Send notify che...

Page 88: ...to subchapter 10 10 6 7 6 4 Log Keeper might be set to log all the actions applied to the mail messages Use options on the WebTuner log page to define the Keeper reporting settings for details refer...

Page 89: ...witch of the Keeper program If Keeper is started without any switch in the command line the program will load settings from the default settings base defUnix To edit the settings use the WebTuner prog...

Page 90: ...ram The Slogan program is developed to process and summarize data within the performance reports of the Scanner and the Daemon programs Slogan performs the following functions summarizes the scanning...

Page 91: ...ine switch h When starting Slogan you can use the following command line switches s file1 file2 fileN or s filemask where file1 file2 fileN is the list of log files to be parsed by Slogan filemask is...

Page 92: ...mm yyyy The program will summarize the reports generated before and on the date defined by this switch e This switch allows use of the English language in the summary reports By default the Slogan re...

Page 93: ...arting the program in the real time monitoring mode you can use the following command line switches R sec The required refresh rate of the Slogan real time statistics screen For example for the screen...

Page 94: ...Packed packed executable files checked Corrupted corrupted objects detected OK files checked I O Errors input output errors occurred Infected infected objects detected Disinfected objects disinfected...

Page 95: ...you to create and edit profiles i e files containing a certain set of predefined settings of the anti virus scanner and the daemon process the list of objects to be checked for viruses the way infect...

Page 96: ...prf located in the directory opt AVP to be used as a profile ps This switch enables Tuner to manage only the Scanner settings pd This switch enables Tuner to manage only the Daemon settings ua user_na...

Page 97: ...key ESC and then the required hotkey The key combination ALT THE REQUIRED KEY will not function here To move along the menu use arrow keys or the appropriate key combinations Under the menu bar you ma...

Page 98: ...ating editing and saving a profile using the customization program For your anti virus scanner to use values that you defined in the working area of the customization program you must save them to a p...

Page 99: ...3 In the Files list select the directory with the profile you are suppose to edit 4 Select the profile 5 Press the Open button Settings from this profile will be loaded into the main window To cancel...

Page 100: ...can define the list of directories to be scanned for viruses Figure 11 The Location page The Location page corresponds to the Object section of a profile If you started the program with no predefined...

Page 101: ...list the directory tree and the buttons OK Cancel and Revert will appear on your screen 2 Select the required directory To do this you may enter the full path to the directory in the Directory name t...

Page 102: ...e as and Cancel Options on these tabs allow you to define the following settings for the selected directory the objects and the file types to be checked for viruses for details see subchapter 9 5 2 2...

Page 103: ...efixed with Cancel allows to exit the Property for window without saving the changes you made 9 5 2 2 The directory Property window Objects to be checked Options on the Property window Objects page se...

Page 104: ...l formats check this box to check for viruses in plain mail files for details see subchapter 5 3 2 6 The mail databases and especially plain mail files scanning modes noticeably slow down the Kaspersk...

Page 105: ...he directory tree in the Add folder box for details see subchapter 9 5 1 To make sure there is not virus in the location to be checked it is advisable to scan all the files the All files option Exclud...

Page 106: ...infected objects without asking first Figure 13 The Actions page Select one of the following options to define how to handle unrecoverable objects Report only reports unrecoverable objects Messages w...

Page 107: ...nable the advanced checking tool searching for corrupted or modified viruses Code Analyzer check this box to enable the heuristic detecting tool searching for unknown viruses Figure 14 The Options pag...

Page 108: ...ons page Options located on the Options page Options on the Options page of the Tuner main window see Figure 15 allow you to define the scanning settings applied to the entire list of directories to b...

Page 109: ...imit the size of an in memory created temporary file define the maximum size in Kb in this text field The default value is 3000 Kb and it means that the temporary files exceeding this size will be cre...

Page 110: ...the Tuner main window see Figure 16 allow you to define the format and the contents of the program reports The Report page corresponds to the Report section of a profile Figure 16 The Report page On...

Page 111: ...If you feel this way with your text editor check this box and the program will use both separators carriage return and linefeed in your log file Report for each object check this box to be reported o...

Page 112: ...ut saving the changes made Use the below check boxes to define optional information that will be included in the report Show clean object in the log check this box to be reported about the examined vi...

Page 113: ...8 The ActionWith page Options located on the ActionWith page Options on the ActionWith page of the Tuner main window see Figure 18 allow you to define how to handle infected and suspicious files dete...

Page 114: ...Copy with path check this box to copy infected objects together with their paths Change extension to check this box to change extensions of infected files In the text field on the right define the tar...

Page 115: ...stomize page Use the below check boxes to define the program performance settings Sound effect check this box for the program to use sound effects while scanning for viruses Check updates via check th...

Page 116: ...firmation when deleting an infected object This setting will be used only for the directory to be checked with checked Delete objects automatically box on the Actions page see subchapter 9 5 2 3 Exit...

Page 117: ...erver i e to change settings and launch the package components locally or from a remote location Management of the WebTuner program is implemented via the web browser WebTuner allows you to customize...

Page 118: ...This kind of limitation is implemented by creating a file with user passwords For details on creating the file containing user passwords for WebTuner see step 7 in subchapter 10 3 2 Before installing...

Page 119: ...er The sequence of steps to be performed to call up Kaspersky Anti Virus for Sun Solaris Mail Server 1 Refer to the web server using your web browser Communication between the web server and the web b...

Page 120: ...Server on your computer see chapter 2 the WebTuner program will be located in the directory opt AVP httpd The directory structure is as follows bin the directory containing the executable file for the...

Page 121: ...the following INIFILE opt AVP httpd conf _httpd conf HTTPD path to the web server executable file For example HTTPD opt AVP httpd bin _httpd 2 Verify and edit if not correct the following strings of...

Page 122: ...persky Anti Virus for Sun Solaris Mail Server files For example AvpDir opt AVP AvpIni AvpUnix ini the name of the Kaspersky Anti Virus for Sun Solaris Mail Server initialization file 4 Use the htpassw...

Page 123: ...pem You need only the first two of them the rest may be deleted The produced files cert pem and key pem must be placed into the web server root directory that is defined by the DOCROOT parameter of t...

Page 124: ...tion protocol and generate a password file similar to the htpasswd file described for the WebTuner distributive web server see above For details of how to define these settings refer to your web serve...

Page 125: ...ecutable files html cgi bin write and execute files within the directory containing reports log read and execute files within the directory containing the web server configuration file conf execute fi...

Page 126: ...remote administration of Kaspersky Anti Virus for Sun Solaris Mail Server In this connection you are able to call up WebTuner from a computer with a preinstalled web browser To launch WebTuner the re...

Page 127: ...screen This window allows remote administration of the Kaspersky Anti Virus for Sun Solaris Mail Server components 10 5 Interface Discussing the interface When you start the program the main window ap...

Page 128: ...selected the required list item the corresponding set of buttons will appear at the bottom of the window These buttons allow you to define settings of the selected program to start the program and to...

Page 129: ...ion If you enter incorrect values for any parameter using WebTuner it may result in the abnormal performance of the program When using the WebTuner program you can define its own configuration The con...

Page 130: ...ains the list of software modules that can be administrated from WebTuner and the buttons allowing you to edit the list and properties of the list items for details refer to subchapter 10 6 3 Figure 2...

Page 131: ...irus for Sun Solaris Mail Server components that can be remotely administrated from WebTuner The default path is opt AVP httpd html cgi bin 2 Enter the full path to the Kaspersky Anti Virus for Sun So...

Page 132: ...ules page see Figure 25 Edit the list of modules to be administrated from WebTuner and their properties only if you are sure and have appropriate knowledge since it may result in the abnormal performa...

Page 133: ...n the Name text field of the Add new module window on your screen 3 Press the add button The new module will appear in the list To remove an item from the list follow these steps 1 Select the required...

Page 134: ...The above setting is used in the definition of the Run exec str parameter Configure exec str the string defining availability and the address of the config hyperlink that appears in the WebTuner main...

Page 135: ...ls on the macroinstructions that are used in the above text field values refer to subchapter 15 13 of Appendix B By omitting any of the above values and leaving the corresponding text field blank you...

Page 136: ...edit the program profile to launch it and to review the performance report When you select the Daemon program from the list of controllable programs in the WebTuner main window the following hyperlink...

Page 137: ...rofile follow these steps 1 Click the config hyperlink 2 Select the required profile from the drop down list in the window on your screen and press the open button 3 Edit the daemon settings using app...

Page 138: ...to subchapter 10 7 2 2 The options page items allow you to define the scanning settings for details refer to subchapter 10 7 2 3 The actions page items allow you to define how to handle infected and...

Page 139: ...g settings for the selected directory follow these steps 1 Press the properties button 2 Edit settings for the selected directory in the window on your screen The window contains tabs allowing you to...

Page 140: ...ear on your screen Use the window to add the required directory to the list of directories on the objects page The directory will be added to the list and prefixed with cancel allows you to go back to...

Page 141: ...ngs to be applied to the entire list of directories to be checked for details see subchapter 10 7 2 2 The page options and their functions are similar to those described in subchapter 9 6 The followin...

Page 142: ...ptions and their functions are similar to those described in subchapter 9 8 for infected objects To move between the subpages use the arrow buttons and located in the upper right corner of the page Fi...

Page 143: ...databases are loaded into the memory just once when the program is started for the first time Therefore when you start the daemon process using the run hyperlink in the WebTuner main window see Figure...

Page 144: ...he daemon process for the second third fourth time In this case the Daemon starter window see Figure 33 on your screen contains information about the existing daemon process Pid the daemon process ide...

Page 145: ...W E B T U N E R Figure 31 Daemon start parameters Figure 32 Daemon starting log 144...

Page 146: ...o avoid conflicts that may arise between two or more simultaneously existing processes In this case if a client program calls up a daemon process it will be impossible to identify the target process c...

Page 147: ...ocesses run previously To review the log of the existing daemon process press the view log button in the WebTuner main window with the Daemon item selected in the list see Figure 27 The Daemon log win...

Page 148: ...d the amount for each of the types List of all found suspicion viruses a list of virus types that seem to be present within the location checked but the process is not sure and the amount for each of...

Page 149: ...tes used by the program when generating the log for details of the templates see subchapter 15 7 of Appendix B The two templates for performance reports web_new_template tm and web_template tm are sup...

Page 150: ...to edit the program profile to launch it and to review the performance report When you select the Scanner program from the list of controllable programs in the WebTuner main window the following hype...

Page 151: ...wn list in the window on your screen Edit the Scanner settings using appropriate pages in the window on your screen To launch Scanner click the run hyperlink For more details on launching your Scanner...

Page 152: ...e is equal to 0 there will be no interval between the loops 10 8 3 Launching Scanner from a Remote Location WebTuner allows you to remotely launch the Scanner program To start the Scanner program clic...

Page 153: ...h option button To launch Scanner press the run button the Scanner status window that may display messages listed in the subchapter 15 5 of Appendix B will appear on your screen Figure 37 The Scanner...

Page 154: ...s scanning operation 10 9 WebTuner administering Updater WebTuner for Updater Defining Updater settings launching the program and reviewing the log WebTuner allows you to remotely administer the Updat...

Page 155: ...This is the default option The Update path text field above contains the following path ftp ftp kasperskylab com updates The web location of the database updates may be manually edited From folder upd...

Page 156: ...ng information about the updating progress will appear on your screen see Figure 40 To review the status of the last updating operation press the view log button The program will display a window with...

Page 157: ...Keeper Changing Keeper settings 10 10 1 Keeper settings Keeper is designed to process and transfer mail messages to the Daemon program that subsequently checks for viruses and disinfects them WebTuner...

Page 158: ...in the Keeper address groups for details refer to subchapter 10 10 2 The groups page contains the list of address groups and allows you to define rules for handling messages for a separate address gro...

Page 159: ...W E B T U N E R Figure 41 The WebTuner main window Keeper is selected Figure 42 The main page 158...

Page 160: ...ine the From address for the virus detected notifications that will be sent to administrators senders and recipients included in the address groups 3 In the Recipient hosts text field define the desti...

Page 161: ...temporary files Make sure to include this directory in the location to be checked by Daemon see subchapter 10 7 2 2 Otherwise the Keeper program will not be able to detect viruses in mail messages To...

Page 162: ...mailer parameter 10 10 3 Defining processing rules for a separate group 10 10 3 1 The groups page defining the group The groups page see Figure 43 contains the list of address groups and allows you t...

Page 163: ...hich it belongs i e the first group that includes both the message addresses From and To for details refer to subchapter 7 6 2 1 properties allows you to define properties of the selected group add al...

Page 164: ...upname window on your screen The window contains hyperlinks allowing you to switch to the following pages The group window masks page allows you to define address masks for senders and recipients incl...

Page 165: ...rs The masks page see Figure 44 allows you to define address masks for senders and recipients included in the address group An e mail message is processed following the rules defined for the group to...

Page 166: ...he Recipient mask text field If both the fields Recipient mask and Sender mask are blank no messages will be processed according to the processing rules of this group You may do this to disable the pr...

Page 167: ...ng conditions Keeper follows processing rules defined on the administrator sender and recipient pages for the Filtered object type The following attachment filtering settings are available for message...

Page 168: ...ield the Filters frame For example image text richtext To limit the size of attachments to be processed enter the maximum and the minimum attachment sizes in the Min attach size Kb and Max attach size...

Page 169: ...corrupted objects Filtered objects meeting the filtering conditions defined on the filters page On this page you may define the following settings what object types and in what form objects must be de...

Page 170: ...e object i e remove it from the message Cured deliver the cured object The Cured value can be found only in the Object action drop down for cured objects To copy the required object type to the isolat...

Page 171: ...t your Keeper to perform the required tasks switch to the administrator page and follow the steps 1 Check the Isolator and Send notify check boxes for the Infected object type 2 Enter the e mail addre...

Page 172: ...onding object type When sending notifications to the senders the Keeper program does not attach the original messages to them If you want a sender of the required object type to be added to the list o...

Page 173: ...the Object action drop down list for the Infected object type Enter the full path to the isolation directory in the Isolator path text field You can do this manually or by using the Browse button 2 S...

Page 174: ...ects must be delivered to the recipients select one of the following values from the Object action drop down list for every object type listed Unchanged deliver the object unchanged If you select Unch...

Page 175: ...eliver to the recipient mailbox together with the appropriate report If the program fails to disinfect the object you want it to lock this message in the isolation directory notify the administrator a...

Page 176: ...0 10 4 The users page the list of legal users The users page see Figure 49 allows you to define a list of legal users of the Kaspersky Anti Virus for Sun Solaris Mail Server copy To edit the list you...

Page 177: ...may enter the required path manually or by using the Browse button In the text field you can use the system instruction date switches e g d m y for the day the month and the year respectively To do th...

Page 178: ...e system log check the Use sys log check box To define the detail level for the log data select one of the following values from the Log level drop down list Tiny Simple Medium Advanced Expert To log...

Page 179: ...enable the program to broadcast notifications you must also define the appropriate settings for the following Group window pages the administrator the sender the Send notify check box and recipient th...

Page 180: ...To do this you must check the Send notify check box on the administrator page for details refer to subchapter 10 10 3 4 and define attributes of the notifications The notification options window see F...

Page 181: ...add the infected message From address to the notification press the sender button The macroinstruction f will be inserted in the notification text on the cursor place If the notification text is to b...

Page 182: ...to those described for the administrator notifications in subchapter 10 10 6 2 10 10 7 The restricts page restrictions for the Keeper The restricts page see Figure 53 allows you to limit some perform...

Page 183: ...in the Out timeout text field Enter the maximum period in seconds for the program to receive an instruction in the Input timeout text field Enter the addresses address masks not to be notified in the...

Page 184: ...ed DATA timeout after the DATA instruction is transmitted Enter the maximum period of waiting for the DATA instruction to be transmitted in the Send data timeout text field Enter the maximum waiting p...

Page 185: ...n databases via the Internet from an archive or from a network location The wget program is a software requirement for updating virus definition databases and programs via the Internet Therefore befor...

Page 186: ...you may redefine the values of these options with the command line switches b and s respectively for details see Appendix B If when you start Sun Solaris or Daemon the program cannot find the set file...

Page 187: ...o the database directory For example kavupdater uik http www kasperskylab com updates To upgrade the Kaspersky Anti Virus for Sun Solaris Mail Server components from an FTP or a web server launch the...

Page 188: ...irus definition databases from the network directory to the directory on your computer For example kavupdater ud home bases To upgrade your Kaspersky Anti Virus for Sun Solaris Mail Server components...

Page 189: ...ts You may define the name of your log file If this file is not defined in the switch the program will use the log file pre defined in defUnix prf To append reports to the defined file enter a string...

Page 190: ...in the corresponding databases The program identifies viruses in an object with respect to the methods that have been used by a virus to penetrate the file removes the detected virus including the unk...

Page 191: ...his is necessary because when started for the first time your Inspector copy collects data about the location to be checked that is defined by the command line parameter pathN and saves this data to t...

Page 192: ...abase with the new one if the database defined in the switch already exists If you specify the switch g database_name in the command line the newly collected data will not be saved to the correspondin...

Page 193: ...r the check is completed In this case the general format of this switch is filname To define the location to be checked directly in the command line specify all the full paths to the directories to be...

Page 194: ...detects modified or new files Inspector may perform one of the following actions prompt for disinfection of infected objects display a report about the modified and new files detected automatically h...

Page 195: ...switches da2d and a socket_directory in the Inspector command line The switch a socket_directory must define the path to the directory containing the Daemon socket file To set the program to transfer...

Page 196: ...e performance report to the defined file the default file is report txt If the character a is defined in the switch the report will be appended to the contents of filename the character t overwrites t...

Page 197: ...Anti Virus for Sun Solaris Mail Server components This program allows you to create change and schedule performance of package component based tasks review information about the package s legal users...

Page 198: ...sk scheduling command line is kavucc instruction1 task_parameters instructionN task_parameters Before you begin scheduling performance of the Kaspersky Anti Virus for Sun Solaris Mail Server tasks you...

Page 199: ...truction ca The character may be substituted for the following letters d w m o or l These are the letters defining how often the task must be performed Therefore the complete task scheduling instructi...

Page 200: ...ask to be performed weekly enter the following strings in the command line kavucc caw prgname a arg arg1 u username st hour min fs day month year ls day month year re delay sd sun mon tue wed thu fri...

Page 201: ...bed for a task to be performed daily To schedule a task to be performed once enter the following strings in the command line kavucc cao prgname a arg arg1 u username st hour min sd day month year e ho...

Page 202: ...ommand line The complete list of created tasks with their descriptions will be displayed on your screen Every task in the list is assigned an ID The ID s general format is IdN where N is the serial nu...

Page 203: ...to the contents of filename the character t overwrites the report with a new one If the character is defined extra information will be included in the report heading The character disables the extra i...

Page 204: ...key file If your Scanner and Daemon can not find this file they will function as demonstration copies i e they will check for viruses but will not delete them The default file has an alphanumeric name...

Page 205: ...rmat of a section is Section_name Parameter_name Value Parameter_name Value Parameter_name Value The first string of a section introduces its name enclosed with square brackets Other lines list parame...

Page 206: ...ur set file the file containing settings for your virus definition databases BasePath the path to your virus definition databases Scanner is able to load virus definition databases from any read acces...

Page 207: ...ernet rar ExcludeDir home user mydoc Packed Yes Archives Yes SelfExtArchives Yes MailBases Yes MailPlain Yes Embedded Yes InfectedAction 0 BackupInfected No IfDisinfImpossible 0 Warnings Yes CodeAnaly...

Page 208: ...ActionWithCorrupted CorruptedCopy No CorruptedFolder corrupted CopyWithPath Yes ChangeExt None NewExtension Corr ChownTo None ChModTo No TempFiles UseMemoryFiles Yes LimitForMemFiles 6000 MemFilesMax...

Page 209: ...type No The sector check function under your operating system may be not available Files to scan files within the selected location type Yes in this line Otherwise type No The file types to be checke...

Page 210: ...separated by commas or spaces this parameter is valid only if the value for ExcludeFiles is 1 or 3 ExcludeDir here you may define directories separated by commas or spaces this parameter is valid only...

Page 211: ...sible here you must define one of the values listed below 0 reports unrecoverable objects 1 deletes unrecoverable objects Warnings Yes in this line enables the advanced checking tool to search for cor...

Page 212: ...ram to scan for viruses in several files simultaneously No disables this feature The number of simultaneously scanned files must be defined in the LimitForProcesses line LimitForProcesses the maximum...

Page 213: ...the log file attributes mask UseCR Yes in this line enables the program to use both the carriage return and the linefeed characters to separate records in a log file Otherwise type No By default recor...

Page 214: ...gram to report password protected archives No disables this feature ShowSuspicion Yes in this line enables the program to report suspicious objects No disables this feature ShowWarning Yes in this lin...

Page 215: ...ActionWithSuspicion section parameters define the actions to be taken by the program when it detects suspicious objects SuspiciousCopy Yes in this line enables the program to copy suspicious files to...

Page 216: ...Yes in this line enables the program to create temporary files in the memory but not on your hard disk Type No to create temporary files on the hard disk LimitForMemFiles the maximum size in Kb of tem...

Page 217: ...RedundantScan Yes No disables this feature DelleteAllMessage Yes in this line enables the program to ask for confirmation when deleting an infected object valid only if InfectedAction 3 No disables t...

Page 218: ...is the optional command line switch path is the optional Sun Solaris path filemasks are the optional file masks defining Sun Solaris files to be checked for viruses By default the program checks all...

Page 219: ...n only one filename to be checked with the full path to it If the optional character is specified in the switch filename will be deleted on completion of the task XD directory excludes directory from...

Page 220: ...prohibits the check from being interrupted p enables parallel scanning p number enables parallel scanning of the defined number of files i enables loop scanning i number enables loop scanning with th...

Page 221: ...isinfected If the boot sector is not repairable Scanner will replace it with a standard DOS 6 0 boot sector I3 or E deletes infected objects automatically K skips reporting packed and archived files F...

Page 222: ...on to be checked for viruses but for Daemon it assigns the path value to the list of locations enabled to be checked i e to the Names parameter of the profile The objects to be checked are defined by...

Page 223: ...cess to log check results In this version when you launch the daemon process it automatically initiates the following two processes the primary process handles calls from client programs the secondary...

Page 224: ...not detected If you see a lot of these messages the probability that your computer is infected by a new modification of the defined virus is very high Suspicion TYPE the heuristic detection tool Code...

Page 225: ...jects were detected 4 one or more viruses were detected 5 all infected objects were disinfected 6 infected objects were deleted 7 the kavscanner or kavdaemon file is corrupted 8 files are corrupted or...

Page 226: ...esac exit 0 15 7 Slogan report templates Details of the templates that are used when displaying performance reports of Scanner and Daemon The Kaspersky Anti Virus for Sun Solaris Mail Server distribu...

Page 227: ...hives checked PACKED the number of packed executable files checked INFECTED the number of infected objects detected DESINFECTED the number of objects disinfected DESFAILED the number of unrecoverable...

Page 228: ...virus pieces detected For example the file template tm2 may look similar to the following Start date DATELO End date DATEHI Total statistic Request REQUEST Archives ARCHIVE Packed PACKED Infected INFE...

Page 229: ...spector command line switches and their functions The general format of the Inspector command line is kavinspector switch1 switchN path1 pathN where switchN is the optional command line switch of Insp...

Page 230: ...Every line in this text file must contain only one filename to be checked with the full path to it If the optional character is specified in the switch filename will be deleted on completion of the t...

Page 231: ...ialogs to be used in script files ki skips loading the ini file z prohibits the check from being interrupted da 0 1 2 d allows you to define one of the following methods of handling modified and new f...

Page 232: ...ation will be included in the report heading The character disables the extra information in the report heading ws logs the performance report in the system log m logs additional information h or disp...

Page 233: ...path defines the path to the directory with the files AvpCtl and AvpPid g base defines the path the master database containing performance parameters to be used by Control Centre gu base path to the d...

Page 234: ...for Sun Solaris Mail Server legal users cr displays information about the current volume of the licensed traffic cp prgname a arg arg1 u username e hour min loads a task with the following parameters...

Page 235: ...here re delay is the interval between two starts in weeks sd sun mon tue wed thu fri sat is the weekday when the task must be performed cam prgname a arg arg1 u username st hour min fs day month year...

Page 236: ...ble the suffix defines the inverse meaning of the switch ui k server_and_path downloads virus definition updates from the defined location If the optional character k is used in the switch only new up...

Page 237: ...fined location on the defined server without upgrading the installed programs g base saves information about the last upgrade in the defined database The default value is base defUnix vb directory fil...

Page 238: ...file During the optimization the file names are formatted into lowercase letters name of the set file within AvpUnix ini name of the set file itself names of virus definition database files within the...

Page 239: ...ig file used to generate the etc sendmail cf dnl file If you modify thei file you will have to regenerate the dnl etc sendmail cf by running this macro config through the m4 dnl preprocessor dnl dnl m...

Page 240: ...cklist_recipients 15 12 Keeper for Postfix configuration file master cf An example of the Keeper for sendmail configuration file master cf service type priv ate upriv yes chroo t yes Wakeup yes Maxpro...

Page 241: ...o content_filter o myhostname anton avp ru 15 13 WebTuner the configuration file loader cfg Let s review an example of loader cfg the WebTuner configuration file Main Modules Daemon Updater Scanner K...

Page 242: ...inCgi scanner_prf cgi Configure scanner_prf cgi avp_d AVP_DIR avp_p rf AVP_PRF start_dir AVP_DIR ConfigureDefault scanner_prf cgi avp_d AVP_DIR avp_prf AVP_PRF op v sec ob prf DEFAULT_KAV_ PROFILE Run...

Page 243: ...t_name section parameters define the administrated program dependent settings of WebTuner The section heading must contain a name of the Kaspersky Anti Virus for Sun Solaris Mail Server software packa...

Page 244: ...d in the Programs list Run defines launching of the package component from a remote location by using WebTuner where EXEC the macroinstruction defining the name of the package component executable fil...

Page 245: ...owing types file viruses infect executable files the most widespread virus type create twin files companion viruses or use features of the operating system arrangement link viruses boot viruses occupy...

Page 246: ...n resident viruses that place small resident programs into RAM However unlike with the memory resident viruses these programs do not distribute virus copies Macro viruses also can be considered as mem...

Page 247: ...re generally harmless though they may be extremely annoying harmful viruses may seriously interfere with the computer s performance hot viruses may corrupt programs cause data loss damage files and sy...

Page 248: ...uct line includes Kaspersky Inspector and Kaspersky WEB Inspector whose unique capabilities allow users full control over any unauthorized alteration to the file system and content of a Web server Upc...

Page 249: ...on demand anti virus monitor automatically checks in real time all used files module for checking MS Outlook Express mail databases for viruses on demand Kaspersky Anti Virus Personal Personal Pro Th...

Page 250: ...ning a Windows operating system It protects the computer against unauthorized access to its data and external hacker attacks from the Internet or an adjacent local network Kaspersky Anti Hacker monito...

Page 251: ...ness Optimal The package has been developed to provide full scale data protection for small and medium size corporate networks Kaspersky Anti Virus Business Optimal includes full scale anti virus prot...

Page 252: ...a cutting edge software suite designed to help organizations with small and medium size networks wage war against the onslaught of undesired e mail spam The product combines revolutionary technology...

Page 253: ...be glad to advise you on any matters related to our product by phone or e mail and all your recommendations and suggestions will be thoroughly reviewed and considered Technical support Please find th...

Page 254: ...x 11 23 Keeper for Qmail 11 23 69 Keeper for sendmail 11 23 Key file 19 206 License agreement 11 12 Location to be checked 28 38 39 Objects to be scanned 38 Path to the temporary files directory 19 Pr...