KAPERSKY ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL... Service manual
KASPERSKY LAB
Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD
Workstation and File Server
ADMINISTRATOR'S GUIDE
KASPERSKY ANTI-VIRUS ®5.5 FOR
LINUX AND FREEBSD WORKSTATION AND FILE SERVER
Administrator's Guide
©Kaspersky Lab Ltd.
http://www.kaspersky.com/
Revision date: September, 2006
Table of Contents
CHAPTER 1. INTRODUCTION ...................................................................................... 6
1.1. Computer viruses and malware............................................................................ 6
1.2. Purpose and major functionality of Kaspersky Anti-Virus .................................... 7
1.3. What's new in version 5.5? ................................................................................... 8
1.4. Licensing procedure .............................................................................................. 9
1.5. Hardware and software system requirements ..................................................... 9
1.6. Distribution kit ...................................................................................................... 11
1.7. Services for registered users .............................................................................. 11
1.8. Conventions used in this document.................................................................... 12
CHAPTER 2. APPLICATION ALGORITHM................................................................. 14
CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS ............................................. 16
3.1. Installing the application on a computer running Linux ...................................... 16
3.2. Installing the application on a computer running FreeBSD................................ 17
3.3. Installation procedure .......................................................................................... 17
3.4. Updating the application to version 5.5............................................................... 18
3.5. Installing the license key...................................................................................... 18
3.6. Locating the application files ............................................................................... 19
3.7. Completing the setup .......................................................................................... 22
CHAPTER 4. POST-INSTALLATION APPLICATION CONFIGURATION ................ 23
4.1. Default application configuration......................................................................... 23
4.2. Installing the anti-virus database......................................................................... 24
4.3. Configuration for using Kaspersky Anti-Virus together with Webmin................ 24
CHAPTER 5. USING KASPERSKY ANTI-VIRUS ....................................................... 26
5.1. Updating the anti-virus database ........................................................................ 26
5.1.1. New capabilities of the updating component ............................................... 27
5.1.2. Automatically updating the anti-virus database ........................................... 28
5.1.3. On-demand updating of the anti-virus database ......................................... 30
5.1.4. Creating a network folder for storing and downloading of the anti-virus
database........................................................................................................ 31
4 Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD Workstation and File Server
5.2. Anti-virus protection of file systems..................................................................... 32
5.2.1. Scan scope ................................................................................................... 33
5.2.2. Objects scan and disinfection mode ............................................................ 34
5.2.3. Actions to be performed with objects ........................................................... 34
5.2.4. On-demand scan of an individual folder ...................................................... 36
5.2.5. Scheduled scan ............................................................................................ 36
5.2.6. Additional capabilities: using script files ....................................................... 37
5.2.6.1. Disinfection of infected objects in the archive ....................................... 37
5.2.6.2. Sending notifications to the administrator ............................................. 38
5.3. Real-time anti-virus protection ............................................................................ 38
5.4. Managing license keys........................................................................................ 39
5.4.1. Viewing license key details........................................................................... 40
5.4.2. Renewing your license ................................................................................. 41
CHAPTER 6. ADDITIONAL SETTINGS....................................................................... 43
6.1. Optimization of Kaspersky Anti-Virus operation................................................. 43
6.2. Moving objects into the quarantine folder........................................................... 45
6.3. Object backup copying mode ............................................................................. 46
6.4. Localization of the date and time format............................................................. 47
6.5. Kaspersky Anti-Virus report generation settings ................................................ 47
CHAPTER 7. UNINSTALLING KASPERSKY ANTI-VIRUS........................................ 50
CHAPTER 8. VERIFYING THE ANTI-VIRUS OPERATION....................................... 51
APPENDIX A. ADDITIONAL INFORMATION ABOUT THE APPLICATION ............. 53
A.1. Kaspersky Anti-Virus configuration file............................................................... 53
A.2. Command line modifiers for component kavscanner ........................................ 60
A.3. Return codes of the kavscanner component ..................................................... 63
A.4. Command line modifiers for component kavmonitor......................................... 64
A.5. Command line modifiers for component licensemanager................................. 64
A.6. Return codes of the licensemanager component.............................................. 65
A.7. Command line modifiers for component keepup2date...................................... 66
A.8. Return codes of the keepup2date component................................................... 67
APPENDIX B. FREQUENTLY ASKED QUESTIONS ................................................. 68
APPENDIX C. KASPERSKY LAB................................................................................. 74
C.1. Other Kaspersky Lab Products ...................................................................... 75
Table of Contents 5
C.2. Contact Us....................................................................................................... 83
APPENDIX D. LICENSE AGREEMENT ...................................................................... 84
CHAPTER 1. INTRODUCTION
The constant growth in the number of computer users and new the possibilities
of data exchange between them via e-mail or internet result in the increased
threat of virus infections and data corruption or theft by malicious computer
programs.
Among the sources of malware penetrating users’ computers the most
dangerous are:
Internet
Global information network is the main source of distribution of all types of
malware. As a rule, viruses and other malicious programs are be located
on popular internet websites disguising themselves as useful software or
freeware. Malware can be located within numerous scripts that automati-
cally run when a website is loaded in the user’s browser.
E-mail messages
E-mail messages delivered to the user’s mailbox and stored in the e-mail
databases may contain viruses. Malware can be located either in the at-
tachments to messages or in the body of a message. As a rule, infected
e-mail messages contain viruses or mail worms. When you open an e-
mail message or save an attached file to your hard drive, you may infect
data stored in your computer.
Software vulnerabilities
In most cases hackers’ attacks are attempted using "software holes".
Such vulnerabilities allow hackers to obtain remote access to your com-
puter and, therefore, to your data, your LAN resources and other sources
of information.
In the Unix-based systems viruses are far less common compared, for example,
to the Windows Operating System due to the peculiarities of the two platforms.
However, this does not mean that Unix users encounter no threat. Provided
below is a detailed description of malware types.
1.1. Computer viruses and malware
In order to be aware of the potential threats to your computer, it is helpful to know
what the types of malicious software (“malware”) are and how they work. In
general, malicious programs fall into one of the following three categories:
Introduction 7
• Worms – malicious programs that belong to this category use network
resources for distribution. These programs were called "worms" due to
their ability to tunnel from one computer to another, using networks, email
and other channels. Due to this ability, worms can proliferate extremely
fast.
Worms penetrate a computer, determine IP addresses of other com-
puters, and send copies of themselves to these computers. Apart from the
network addresses, worms often use data contained in the address books
of e-mail client applications installed on the infected machine. Sometimes
worms create work files on disks, but they also can function without utiliz-
ing any resources of the infected computer except RAM.
• Viruses –programs that infect other programs by adding their code to
the infected program's code in order to gain control when infected files
are run. This simple definition helps determine that the major action a
virus performs is infecting computer programs. Viruses spread somewhat
slower than worms.
• Trojan horses or Trojans – perform unauthorized actions on infected
computers, for instance, depending on the particular conditions, they can
erase information on hard drives, "freeze" the system, steal confidential
information, etc. In the strict sense, Trojan Horses are not viruses as they
do not infect programs or data; they are unable to sneak independently
into computers and therefore are distributed by impostors disguised as
some "useful" software. However, Trojans may inflict far greater damages
compared to a regular virus attack.
Recently, worms and Trojans have become the most widespread type of
malware in the Unix-based systems.
Henceforth in the text of this Guide the term "virus" will be used to refer
to viruses, Trojan Horses and worms. A particular type of malware will
be mentioned only when it is required.
1.2. Purpose and major functionality
of Kaspersky Anti-Virus
Kaspersky Anti-virus ®for Linux and FreeBSD Workstation and File Server
(hereinafter Kaspersky Anti-Virus, the application)is designed to provide
protection of file servers and workstations running Linux or FreeBSD operating
systems.
Kaspersky Anti-Virus for Linux and FreeBSD allows to:
8 Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD Workstation and File Server
• Ensure real-time protection of the file system against malicious code:
intercept and analyze attempts to access files, disinfect and delete
infected objects.
• Scan objects on-demand: search infected and suspicious files (including
files in the specified scan scopes); analyze files; disinfect or delete
infected objects.
• Quarantine suspicious and corrupted objects: save suspicious files in the
quarantine folder.
• Create a copy of the infected object in the backup storage before
attempting to disinfect or deleting such object for the possible restoration
of the object if it contains valuable information.
• Update the anti-virus database; the database is updated from the
Kaspersky Lab's updates servers. The user can also configure the
application so that the database is updated from the local folder.
• Control and configure Kaspersky Anti-Virus using the application
configuration file and web-based interface Webmin.
1.3. What's new in version 5.5?
The following changes have been introduced to Kaspersky Anti-Virus 5.5 for
Linux an FreeBSD Workstation and File Server as compared to version 5.0:
• A new component kavmonitor that ensures anti-virus protection of files in
the real-time mode has been added to the application.
• New technologies for receiving updates of the anti-virus database and
application modules have been introduced, including integrity check and
check of the usability of the downloaded database. This helps
considerably save the network traffic.
• The ability to select the type of the anti-virus database to download
(standard or extended database set) has been added. Using this option
you can individually select the database set to be used by each individual
component.
• The application installation and removal procedure have been simplified.
• Importing of the settings of the previous Anti-virus version (5.0) has been
made available. This allows to considerably accelerate the process of
creating an operational configuration.
• A possibility to create a backup storage to store copies of suspicious and
infected objects before such objects are disinfected or deleted. This helps
Introduction 9
avoid the loss of the original data if the object is corrupted during the
disinfection.
• In order to reduce the load on the processor when performing the anti-
virus scan a database usage iChecker™ technology and double-level
caching of scanned objects have been introduced.
• The ability to limit the number of objects scanned at a time in the
background mode, which allows to optimize load on the computer has
been added.
• The ability to generate lists of viruses detected has been added.
• The set of possible actions performed when objects of various statuses
are detected has been extended.
• 64-bit platform support by the application has been implemented.
• On-demand anti-virus scan options have been enhanced.
1.4. Licensing procedure
Kaspersky Anti-Virus licensing policy imposes restrictions on the use of the
application based on the usage period (as a rule, a one-year period since the
date when the application was purchased).
1.5. Hardware and software system
requirements
In order to run Kaspersky Anti-Virus the system must comply with the following
software and hardware requirements:
• Hardware requirements:
• Processor Intel Pentium®133 MHz or higher;
• 64 MB RAM.
• 100 MB free hard drive space for installation of the application
and storage of temporary files.
• Software requirements:
• For 32-bit platform - one of the following operating systems:
o RedHat Linux 9.0.
10 Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD Workstation and File Server
o RedHat Enterprise Linux Advanced Server 4 UPD3.
o RedHat Fedora Core 5.
o SUSE Linux Enterprise Server 9.0 SP3.
o Novell Linux Desktop 9.
o SUSE Linux Professional 10.1.
o Debian GNU/Linux version 3.1 R2.
o Mandriva 2006.
o FreeBSD version 4.11.
o Mandriva 2006 FreeBSD version 4.11.
o FreeBSD version 5.4.
o FreeBSD version 6.1.
• For 64-bit platform - one of the following operating systems:
o RedHat Enterprise Linux Advanced Server 4 UPD3.
o RedHat Fedora Core 5.
o SUSE Linux Professional 10.1.
o SLES 9 SP3.
• Webmin program (www.webmin.com) – for remote administra-
tion of Kaspersky Anti-Virus.
• Perl interpreter - version 5.0 or higher (www.perl.org).
• The which utility installed.
• Software compilation packages installed (gcc, binutils, glibc-
devel, make, ld) and preinstalled operating system kernel code
for using the kavmonitor component.
Please note that Kaspersky Anti-Virus does not support operation under
SE Linux. The use of SE Linux may cause various warnings to appear
in the application report system file.
Introduction 11
1.6. Distribution kit
You can purchase Kaspersky Anti-Virus either from our dealers (retail box) or
online (for example, visit http://www.kaspersky.com and follow the E-Store link).
The retail box package includes:
• A sealed envelope with the installation CD containing the application
files;
• User's Guide.
• A license key written on a special disk;
• A registration card (containing the serial number of the product);
• License Agreement.
Before you open the envelope with the CD make sure that you have
carefully read the License Agreement.
If you buy Kaspersky Anti-Virus online, you will download the application from the
Kaspersky Lab's website; in this case, the distribution kit will include this Guide
along with the application. The license key will be e-mailed to you upon the
receipt of your payment.
License Agreement
License Agreement is a legal contract between you and Kaspersky Lab Ltd.,
which contains the terms and conditions, on which you may use the anti-virus
product you have purchased.
Read the License Agreement carefully!
If you do not agree with the terms of the License Agreement, you can return
Kaspersky Anti-Virus to your dealer for a full refund. In this case, the envelope
with the installation CD (or floppy disks) must remain sealed.
By opening the sealed envelope containing the installation CD (or floppy disks)
you accept all terms and conditions of the License Agreement.
1.7. Services for registered users
Kaspersky Lab Ltd. offers to all legally registered users an extensive service
package that enables them to use Kaspersky Anti-Virus more efficiently.
After purchasing your license, you become a registered user and, during the
period of your subscription, you will be provided with the following services:
12 Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD Workstation and File Server
• you will be receiving new versions of the purchased software product;
• support on issues related to the installation, configuration and use of the
purchased software product. Services will be provided by phone or via
email;
• information about new Kaspersky Lab products and about new viruses
appearing worldwide (this service is provided to users who subscribe to
the Kaspersky Lab's newsletter).
Support on issues related to the performance and the use of operating
systems or other technologies is not provided.
1.8. Conventions used in this
document
Various formatting features and icons are used throughout this document
depending on the purpose and the meaning of the text. The table below lists the
conventions used in the text.
Format feature Meaning/Usage
Bold font Titles of menus, menu items, windows,
dialog boxes and their elements, etc.
Note.
Additional information, notes
Attention!
Information requiring special attention
In order to perform...,
1. Step 1.
2. …
Description of the successive user's
steps and possible actions
Task, example
Statement of a problem, example of the
demonstration of the application's
capabilities
Introduction 13
Format feature Meaning/Usage
Solution
Implementation of the task
[modifier] – purpose of the modifier Command line modifiers
Information messages and command
line text Text of configuration files, information
messages and command line
CHAPTER 2. APPLICATION
ALGORITHM
Before reviewing the functional capabilities of Kaspersky Anti-Virus, a detailed
discussion of its internal architecture is required. This will help obtain a
comprehensive understanding of the algorithm used in the Anti-Virus operation.
Kaspersky Anti-Virus includes:
• On-demand anti-virus scan component kavscanner;
• Real-time anti-virus scan component kavmonitor;
• Anti-virus database update module keepup2date,
• License key management utility licensemanager;
• Remote administration module used with Webmin application.
Provided below is a detailed discussion of the application operation algorithm
based on an example of real-time protection (that is, using the kavmonitor
component).
The operation procedure provides as follows:
1. When any application on your computer attempts to access an object of
the file system (request to open, run or close a file) such call will be
intercepted by the kavmonitor component kernel module and sent for
anti-virus scanning.
2. The intercepted file will then be processed using a daemon application
included into the kavmonitor component. The daemon scans the object
for viruses and processes it based on the settings specified in the
configuration file (including, but not limited to, disinfection using the anti-
virus database if this option is selected).
3. After the file has been processed, the kernel module will send to
kavmonitor the access code (allowed/prohibited) that defines the file
status.
4. Based on the object's status the kavmonitor component allows access
to the file or blocks it (in this case the application requesting access to
such file will receive an error code (Access denied)).
The file status assigned during the scan (and processing) can be one of the
following:
• Clean – the object is not infected.
APPLICATION ALGORITHM 15
• Infected – the object is infected.
• Cured – infected object has been successfully disinfected.
• CureFailed – could not disinfect infected object.
• Warning – object code resembles the code of a known virus.
• Suspicion – the object is suspected of being infected with an unknown
virus.
• Protected – the object cannot be scanned because it is encrypted.
• Corrupted– the object is corrupted.
• Error – a system error occurred during the object scan.
Actions performed with the object of each particular status are defined by the
configuration file settings (details see Appendix A on page 53).
CHAPTER 3. INSTALLING
KASPERSKY ANTI-VIRUS
We recommend that you perform a system check as described below before
installing Kaspersky Anti-Virus.
• Make sure that your system meets the hardware and software
requirements for the installation of Kaspersky Anti-Virus (see section 1.5
on page 9). If any of the applications, for example Perl are not installed,
we recommend that you install them, otherwise a part of the Anti-Virus
functionality will not be available.
• Configure your internet connection.
• Log in as root.
3.1. Installing the application on a
computer running Linux
Kaspersky Anti-Virus for computers running Linux OS is available in either of the
two formats:
• .rpm – for systems that support RPM Package Manager;
• .deb – for Debian distribution packages.
In order to start the installation of Kaspersky Anti-Virus from a rpm
package, enter the following in the command line:
# rpm –i <distribution_package_filename>
In order to start the installation of Kaspersky Anti-Virus from a deb-
package, enter the following in the command line:
# dpkg –i <distribution_package_filename>
Installing Kaspersky Anti-Virus 17
3.2. Installing the application on a
computer running FreeBSD
For computers running FreeBSD operating system the distribution package of
Kaspersky Anti-Virus is supplied in the form of a pkg package.
In order to start the installation of Kaspersky Anti-Virus from a pkg
package, enter the following in the command line:
pkg_add <package_name>
3.3. Installation procedure
The application installation is performed automatically and includes the following
steps:
1. Copying the distribution files to the computer.
2. Installing the license key.
If the license key is not installed, your copy of Kaspersky Anti-Virus will
not work.
If the key is temporarily not available (for example, if you purchased the
application online and the e-mail with the license key has not been yet
received), you can install the license key later, before you start using the
application (details about installation of the license key see section 5.4
on page 39).
3. Configuring the anti-virus database update component keepup2date;
4. Installing (updating) the anti-virus database.
Do not forget to install the anti-virus database before you start us-
ing the application. Scanning and processing files is impossible
without the anti-virus database!
5. Installing the Webmin module.
The remote administration module will be installed only if the default
paths were used during the installation of the Webmin package. After
the installation of the module you will receive the corresponding
recommendations regarding its configuration for the joint operation with
the application.
18 Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD Workstation and File Server
When working under Linux operating system you must remember that
during the update of the operating system kernel module you also must
update the kavmonitor component's kernel module.
3.4. Updating the application to
version 5.5
After the installation of the application the system will be inspected to check if
any versions of Kaspersky Anti-Virus below 5.5 are installed on your computer.
If an application of a previous version has been detected, some existing version's
settings will be imported into the configuration file of version 5.5.
The distribution package of the previous version of Kaspersky Anti-
Virus will not be removed during the installation process. This must
be done by the administrator.
A part of standard parameters of the configuration file (for example, path to the
anti-virus database storage folder) will not be exported but will be defined during
the installation.
Additionally, some changes have been introduced to the logics of some
components' operation and some options have been added to version 5.5 as
compared with version 5.0. Therefore we recommend that you verify whether the
configuration file is filled out correctly before you start using the application.
3.5. Installing the license key
During this stage of the installation the current folder will be searched for a
license key - a file (with .key extension) that is required for Kaspersky Anti-Virus
to operate. This file allows access to the full functionality of the application. You
cannot use Kaspersky Anti-Virus before you install the license key.
If the license key was found, corresponding information will be displayed on the
screen and the installation process will proceed to the next stage - installation of
the anti-virus database.
If the license key was not found, the administrator will be prompted to specify full
path to it. If you do not have the key, you have to cancel the prompt to specify
the path to it and proceed with the installation.
Once you receive the license key, install it immediately (details see section 5.4
on page 39).
Installing Kaspersky Anti-Virus 19
3.6. Locating the application files
After the installation of Kaspersky Anti-Virus onto a workstation running
Linux OS the distribution package files by default will be located as fol-
lows:
/etc/opt/kaspersky/ – a folder that contains Kaspersky Anti-Virus configuration
file:
kav4ws.conf – configuration file.
/opt/kaspersky/kav4ws/ – main folder of Kaspersky Anti-Virus that contains:
/bin/ – a folder that contains executable files of all Kaspersky Anti-Virus compo-
nents:
kav4ws-kavscanner – executable file of the anti-virus protection compo-
nent;
kav4ws-keepup2date – executable file of the anti-virus database update
component;
kav4ws-licensemanager – executable file of the license keys manage-
ment component.
/lib/ – folder that stores auxiliary files of Kaspersky Anti-Virus.
/man/ – folder that stores man files.
/sbin/ – folder that stores auxiliary services of Kaspersky Anti-Virus:
kav4ws-kavmonitor – executable file of the anti-virus protection compo-
nent.
/src/ – folder that stores the application's anti-virus kernel module.
/opt/kaspersky/kav4ws/share/contrib/kav4ws.wbm – plugin to Webmin appli-
cation.
/opt/kaspersky/kav4ws/share/contrib/vox.sh – script vox.sh, used for disinfecting
archives.
/opt/kaspersky/kav4ws/share/doc/LICENSE – license agreement.
/var/opt/kaspersky/kav4ws/bases – folder that stores the anti-virus database.
/var/opt/kaspersky/kav4ws/bases.backup – folder that stores the anti-virus data-
base that was up-to-date before the last update.
In order to connect the help system of Kaspersky Anti-Virus (manual
pages), assign value /opt/kaspersky/kav4ws/man to the MANPATH
environment variable.
20 Kaspersky Anti-Virus ® 5.5 for Linux and FreeBSD Workstation and File Server
After the installation of Kaspersky Anti-Virus onto a workstation running
FreeBSD operating system the distribution package files by default will
be located as follows:
/usr/local/etc/kaspersky/ – folder that contains Kaspersky Anti-Virus configura-
tion file:
kav4ws.conf – configuration file.
/usr/local/bin/ – folder that contains executable files of all Kaspersky Anti-
Virus components:
kav4ws-kavscanner – executable file of the anti-virus protection compo-
nent;
kav4ws-keepup2date – executable file of the anti-virus database update
component;
kav4ws-licensemanager – executable file of the license keys manage-
ment component.
/usr/local/sbin/ – folder that stores auxiliary services of Kaspersky Anti-Virus:
kav4ws-kavmonitor – executable file of the anti-virus protection compo-
nent.
/usr/local/man/ – folder that stores man files.
/usr/local/src/kav4ws/ – folder that stores the application's anti-virus kernel mod-
ule.
/usr/local/share/kav4ws/contrib/kav4ws.wbm – plugin to Webmin application.
/usr/local/share/kav4ws/contrib/vox.sh –script vox.sh, used for disinfecting ar-
chives.
/usr/local/share/doc/kav4ws/LICENSE – license agreement.
/var/db/kaspersky/kav4ws/bases – folder that stores the anti-virus database.
/var/db/kaspersky/kav4ws/bases.backup – folder that stores the anti-virus data-
base that was up-to-date before the last update.
After the installation of Kaspersky Anti-Virus onto a server running Linux
OS the distribution package files by default will be located as follows:
/etc/opt/kaspersky/ – a folder that contains Kaspersky Anti-Virus configuration
file:
kav4fs.conf – configuration file.
/opt/kaspersky/kav4fs/ – main folder of Kaspersky Anti-Virus that contains:
/bin/ – a folder that contains executable files of all Kaspersky Anti-Virus compo-
nents:
kav4fs-kavscanner – executable file of the anti-virus protection compo-
nent;
Other manuals for ANTI-VIRUS 5.5 - FOR LINUX-FREEBSD MAIL...
2
Table of contents
Popular Server manuals by other brands
IBM
IBM x3200 - System M3 - 7328 Specifications
TYAN
TYAN Transport GX18 specification
Supermicro
Supermicro SuperBlade SBA-4119SG user manual
Netscape
Netscape NETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENT Deployment guide
Quest Engineering
Quest Engineering KACE E45S Series Setup guide
Bull
Bull NovaScale T820 F2 manual
