MORE THAN SECURITY
www.avira.com
User Manual
Avira AntiVir ISA Server
Security for your Internet communication
Contents
Chapter 1. About this Manual ................................................................ 3
1.1 Introduction ............................................................................................................................. 3
1.2 The Structure of the Manual ................................................................................................... 4
1.3 Signs and Symbols.................................................................................................................... 5
1.4 Abbreviations ........................................................................................................................... 6
Chapter 2. Product Information ............................................................ 7
2.1 Mode of Operation................................................................................................................... 7
2.2 Features .................................................................................................................................... 8
2.3 Licensing Concept .................................................................................................................... 8
2.4 System Requirements .............................................................................................................. 9
Chapter 3. Installation/Uninstallation ................................................ 11
3.1 Getting the Installation Files................................................................................................. 11
3.1.1.Downloading the Program File from the Internet .......................................................... 11
3.2 Licensing................................................................................................................................. 11
3.3 Installing AntiVir ISA Server ................................................................................................. 12
3.4 Integrating AntiVir ISA Server with MMC on Microsoft ISA Server................................... 15
3.5 Uninstalling AntiVir ISA Server ............................................................................................ 16
Chapter 4. Operation ........................................................................... 17
4.1 Logfiles.................................................................................................................................... 17
4.2 Configuring Alerts.................................................................................................................. 17
4.3 Testing AntiVir ISA Server..................................................................................................... 21
4.4 Reaction to Detection of Viruses / Unwanted Programs..................................................... 22
Chapter 5. Configuration ..................................................................... 23
5.1 Configuration of Microsoft ISA Server 2000/2004.............................................................. 23
5.2 Configuration of AntiVir ISA Service .................................................................................... 23
5.2.1.Entries in SAVAPI.INI.......................................................................................................24
5.2.2.Entry in SAVAPIDL.INI (optional) ...................................................................................29
5.3 Configuration of AntiVir ISA Server ..................................................................................... 30
Chapter 6. Service ............................................................................... 37
6.1 Support ................................................................................................................................... 37
6.2 Online Shop............................................................................................................................ 38
6.3 Contact.................................................................................................................................... 38
Chapter 7. Appendix ............................................................................ 39
7.1 Glossary .................................................................................................................................. 39
7.2 Further Information .............................................................................................................. 40
7.3 Golden Rules for Protection Against Viruses ....................................................................... 41
Avira GmbH AntiVir ISA Server 1
2 AntiVir ISA Server Avira GmbH
1About this Manual
In this Chapter you can find an overview of the structure and contents of this
manual.
After a short introduction, you can read information on the following subjects:
z The Structure of the Manual – Page 4
z Signs and Symbols – Page 5
z Abbreviations – Page 6
1.1 Introduction
We have included in this manual all the information you need on AntiVir ISA
Server and we will guide you step by step through installation, configuration and
operation of this software.
About this Manual
The appendix contains a glossary, explaining general terms.
For further information and assistance, please refer to our website, to the Hotline
of our Technical Support and to our regular Newsletter (see Service – Page 37).
Your Avira Team
Avira GmbH AntiVir ISA Server 3
About this Manual
1.2 The Structure of the Manual
The manual of your AntiVir software consists of a number of Chapters, providing
the following information:
Chapter Contents
1 About this Manual The structure of the manual, signs and symbols.
2 Product Information Details of the software, its features, system
3 Installation/Uninstallation Instructions for installing AntiVir ISA Server on
4 Operation Information on using logfiles and alerts; testing
requirements and licensing concept.
your system.
AntiVir ISA Server; procedure when viruses or
unwanted programs are detected.
5 Configuration Guidance for setting up AntiVir ISA Server in
your system environment.
6 Service Avira GmbH Support and Service.
7 Appendix Glossary explaining terms and abbreviations,
license terms.
4 AntiVir ISA Server Avira GmbH
1.3 Signs and Symbols
The following signs and symbols appear in this manual:
Symbol Meaning
About this Manual
3
X
For improved legibility and clear marking, the following types of emphasis are also
used in the text:
Emphasis in text Explanation
Ctrl
+Alt Key or key combination
... shown before a condition that must be met prior to
performing an action
... shown before a step you have to perform
... shown before the result that directly follows your action
... shown before a warning if there is a danger of critical data
loss or hardware damage
... shown before a note containing particularly important
information, e.g. on the steps to be followed
... shown before a tip that makes it easier to understand and
use AntiVir ISA Server
Configuration/Add-ins/Web Filters
avisasrv.exe
Choose component
Select all
http://www.avira.com
Abbreviations – Page 4 Cross-reference within the document
Path and filename
Elements of the software interface such
as menu items, window titles and
buttons in dialog windows
URLs
Avira GmbH AntiVir ISA Server 5
About this Manual
1.4 Abbreviations
The following abbreviations appear in the text:
Abbreviation Meaning
EICAR European Institute for Computer Antivirus Research
FAQ Frequently Asked Question
FTP File Transfer Protocol
GUI Graphical User Interface
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
ISA Internet Security and Acceleration
MIME Multipurpose Internet Mail Extensions
MMC Microsoft Management Console
NTFS New Technology File System
PMS Possible Malicious Software
RFC Request For Comment
SMTP Simple Mail Transfer Protocol
VDF Virus Definition File
6 AntiVir ISA Server Avira GmbH
2Product Information
2.1 Mode of Operation
Microsoft ISA Server
Microsoft Internet Security and Acceleration (ISA) Server offers an easy to
configure Internet connection. It integrates an extendible Firewall and a Webcache
(Proxyserver), where Microsoft ISA Server is based on the Windows security
standards and directives.
You can find complete information on Microsoft ISA Server in the documentation
and online at http://www.microsoft.com/isaserver.
AntiVir ISA Server
Product Information
AntiVir ISA Server scans the files sent via Microsoft ISA Server for viruses and
unwanted programs. This protects the HTTP traffic. It supports FTP protocol if
processed by HTTP (FTP over HTTP).
HTTPS is not currently supported, so the data sent and received via this protocol
is not scanned for malware. The HTTPS requests are simply forwarded. Therefore,
you can use Microsoft ISA Server for HTTPS, but without scanning by AntiVir ISA
Server!
The software is deeply integrated within AntiVir ISA Server, ensuring high
performance. Due to its modular structure and implementation, the AntiVir ISA
Server does not usually require restarting of the Microsoft ISA Server when its
configuration is changed.
Files are scanned for viruses or unwanted programs by the powerful AntiVir Search
Engine, which supports all known archive types (ZIP, RAR, GZIP, ARJ, LZH, LHA,
ACE, etc.).
The virus definition files (VDF) and for the AntiVir Search Engine are updated
automatically. Chapter Configuration of AntiVir ISA Service – Page 23 contains
more information on this topic.
AntiVir ISA Server supports Microsoft ISA Server 2000 and 2004. There is a single
program pack for both versions. The installation wizard automatically detects the
version of your ISA Server.
You can configure AntiVir ISA Server using a graphical user interface integrated
with MMC on Microsoft ISA Server.
To begin with, two important items of information:
Losing important data often has dramatic consequences. Not even the best antivirus
program can completely protect you from data loss.
X
Back up your files regularly.
Avira GmbH AntiVir ISA Server 7
Product Information
Antivirus programs are reliable only if kept up to date.
X
Schedule regular updates for AntiVir ISA Server (this manual teaches you how).
2.2 Features
An overview of the AntiVir ISA Server features:
• Scanning for viruses and unwanted programs in all known archive types (ZIP,
RAR, GZIP, ARJ, LZH, LHA, ACE etc.)
• Automatic updates for VDF and Search Engine
• Scanning HTTP transfers (downloads, browsing)
• Scanning FTP transfers (ftp over http)
• Specific and configurable warning messages
• Using the Microsoft ISA Server logfile
• Mime Type Filter
• URL filter (excluding certain URLs from scanning)
• URL cache (avoiding repeated scanning)
• Timeout prevention for large file downloads
• Progress messages in browser
• Configuration using the graphical user interface
• Changes in AntiVir ISA Server configuration without restarting the Microsoft
ISA Server
2.3 Licensing Concept
You need a license to use AntiVir ISA Server. With it, you agree to the licensing
terms
(see http://www.avira.com/documents/general/pdf/en/avira_eula_en.pdf
You can use the numerous features of AntiVir ISA Server with one of the following
license modes:
• Full version
• Convenience Package
The license depends on the number of network users that AntiVir ISA Server would
protect. It is supplied in a license file named hbedv.key by email and contains the
exact range of programs you will use and the license period. The license you receive
may refer to more than one Avira solution.
Evaluation
Ver sion
Full Version
You can find details of this version on our website http://www.avira.com.
The full version includes:
• AntiVir version available for download on the Internet
• License file by email, for switching from the demo version to the full version
• Complete installation instructions (digital)
• PDF manuals available for download on the Internet
).
8 AntiVir ISA Server Avira GmbH
Product Information
• Four-weeks installation support, starting with the purchase date
• Newsletter service (by email)
• Update service for the program files and the VDF on the Internet
Convenience
Package
In addition, the Convenience Package includes:
• Every three weeks: free delivery of a bootable CD-ROM with the AntiVir
Rescue System and all current AntiVir programs
• Complete installation manual (printed) on first delivery
• License file on a floppy disk on first delivery
• Newsletter service (printed, by regular mail)
2.4 System Requirements
• You need administrator access rights for the installation
• PC with a Pentium III processor and 500 MHz or more
• Supported platforms:
– Windows 2000 Server or Advanced Server with Service Pack 4 or higher
– Windows 2000 Datacenter Server or Windows Server 2003 Standard Edition
or Enterprise Edition
• 256 MB RAM or more (recommended: 512 MB)
• Local NTFS partition with 150 MB available memory space; additional
memory for web caching
• Supported versions of Microsoft ISA Server:
– Microsoft ISA Server 2000 with Service Pack 2 or higher (Enterprise or
Standard Version)
– Microsoft ISA Server 2004 (Enterprise or Standard Version)
Please note that you can operate more than one virus scanner on Microsoft ISA Server
simultaneously.
Avira GmbH AntiVir ISA Server 9
Product Information
10 AntiVir ISA Server Avira GmbH
Installation/Uninstallation
3 Installation/Uninstallation
3.1 Getting the Installation Files
3.1.1 Downloading the Program File from the Internet
You can find the current version of AntiVir ISA Server on our website, as a selfextracting EXE archive (no additional programs required).
X
Download the program from our website http://www.avira.com . Its current
name is avisasrv.exe.
3.2 Licensing
In order to use AntiVir ISA Server, you need the license file hbedv.key (see Licensing
Concept – Page 8). This license file contains information on the range and period
of the license.
Purchasing the License
X
Contact us by phone or by email (info@antivir.com) to obtain a valid license file
for AntiVir ISA Server.
You will receive the license file by email.
X
You can also obtain the license for AntiVir ISA Server quickly and easily from
our Online Shop (for more details, see http://www.avira.com).
Avira GmbH AntiVir ISA Server 11
Installation/Uninstallation
3.3 Installing AntiVir ISA Server
Premises
X
Please observe these prerequisites to ensure trouble-free software operation:
3 System requirements met (see System Requirements – Page 9)
3 Administrator access
3 Internet user account, user name and password available
3 Valid license file hbedv.key at hand
X
Go to the directory in which you saved the program file avisasrv.exe
X
Double-click on avisasrv.exe.
The setup window appears.
X
Click Setup.
The setup of AntiVir ISA Server starts.
The InstallShield Wizard appears:
X
Click Next.
12 AntiVir ISA Server Avira GmbH
Installation/Uninstallation
The License Agreement is displayed:
The setup does not continue until you agree to the license terms.
X
Confirm with Yes.
Then Choose Destination Location.
X
If the path is correct, click Next
– OR –
click Browse, select another path and then confirm with Next.
Avira GmbH AntiVir ISA Server 13
Installation/Uninstallation
The window for License key file opens:
X
Select the path to the license file hbedv.key and click Next.
The setup program copies the license file, reads it and installs all necessary
files in the target directory.
InstallShield Wizard Complete appears:
X
Click Finish.
The installation of AntiVir ISA Server is completed. It is integrated with Microsoft
ISA Server 2000 or 2004 and ready for use.
The default settings are ideal in most cases.
14 AntiVir ISA Server Avira GmbH
Installation/Uninstallation
3.4 Integrating AntiVir ISA Server with MMC on Microsoft ISA Server
After installation, AntiVir ISA Server appears in MMC on Microsoft ISA Server.
X
Go to Start/Programs/Microsoft ISA Server/ISA Server Management.
Depending on your version of Microsoft ISA Server, one of the following
windows is displayed:
Microsoft ISA
Server 2000
Microsoft ISA
Server 2004
AntiVir ISA Server appears under Extensions/Web Filters:
AntiVir ISA Server appears under Configuration/Add-ins/Web Filters:
You can read more about the configuration in Configuration of AntiVir ISA Server
– Page 30.
Avira GmbH AntiVir ISA Server 15
Installation/Uninstallation
3.5 Uninstalling AntiVir ISA Server
To uninstall AntiVir ISA Server:
X
Go to Start/Programs/AntiVir ISA Server to start the uninstalling routine.
The following window appears:
X
Follow the directions of the AntiVir ISA Server – InstallShield Wizard.
AntiVir ISA Server is removed.
16 AntiVir ISA Server Avira GmbH
4Operation
4.1 Logfiles
To ensure optimum performance, AntiVir ISA Server does not keep its own logfile.
Records of viruses, unwanted programs and other information are saved in the
Microsoft ISA Server logfile (ISALogs folder in the installation directory of
Microsoft ISA Server). The first detected name of a virus or unwanted program is
recorded under "ClientHostName" and the HTTP status code 403 in the field
"HTTP Status".
You can find more details in the Microsoft ISA Server documentation.
If the logfile or the fields "HTTP Status" or "ClientHostName" are deactivated, no
information will be recorded. In this case, the administrator can trace the detected
malware based only on the alerts and the Windows Event Manager (Logger).
Operation
Irrespective of this, the user receives a "Malware Alert Message" in the browser. These
details can be configured (templates folder in the AntiVir ISA Server directory).
4.2 Configuring Alerts
Alerts inform the administrator of the status of AntiVir ISA Server. A total of 9
alerts are used by AntiVir ISA Server.
In Microsoft ISA Server 2000 the alerts are set once only. The administrator has to
reset them manually. Only then can they be set again.
In Windows Event Logger, however, the alerts/events are set every time an
individual event occurs.
3 Microsoft ISA Server is started.
X
Click on Monitoring in the console tree.
X
Open the configuration tab Alerts.
X
In the Tasks tab, select Configure Alert Definitions.
Avira GmbH AntiVir ISA Server 17
Operation
The Alerts Properties window appears:
The following information on the status of AntiVir ISA Server is available:
z AntiVir Web Filter: filter startup
The AntiVir Plug-In for ISA Server Web Filter has started up.
z AntiVir Web Filter: filter shutdown
The AntiVir Plug-In for ISA Server Web Filter has shut down.
z AntiVir Web Filter: engine connection failed
A connection to the AntiVir Search Engine has failed.
z AntiVir Web Filter: error from engine
The AntiVir Plug-In for ISA Server Web Filter has received an error from the
AntiVir Search Engine.
z AntiVir Web Filter: internal error
An internal/unexpected error has occurred in the AntiVir Plug-In for ISA Server
Web Filter.
z AntiVir Web Filter: configuration change
A configuration change has been made to the AntiVir Plug-In for ISA Server
Web Filter.
z AntiVir Web Filter: no engine configured
No AntiVir Plug-In Search Engine has been configured.
z AntiVir Web Filter: cannot load configuration
The AntiVir Plug-In for ISA Server Web Filter configuration cannot be loaded.
There are three statuses: Information, Warning and Error.
Unused alerts can be deleted or deactivated.
18 AntiVir ISA Server Avira GmbH
Deleting Alerts
If you delete an alert, you can reactivate it only when restarting AntiVir ISA Server. It is
recommended to deactivate unused alerts instead of deleting them.
To delete an alert:
X
Select the alert in the Alerts Properties window.
X
Click Remove.
The selected alert is deleted without confirmation.
Deactivating Alerts
To deactivate an alert:
X
Select the alert in the Alerts Properties window.
Operation
X
Click Edit....
The corresponding Properties window appears.
X
In the General tab, deactivate the Enable check box and press OK.
The selected alert is deactivated (it is disabled in the Alerts Properties
window).
Avira GmbH AntiVir ISA Server 19
Operation
Configuring Alert Actions
Microsoft ISA Server 2004 displays an alert message with specific information
every time it detects a virus or unwanted program. For example, when the test
virus Eicar is detected, the program shows the following alert:
An alert can trigger various actions, for example send an email or start a program.
X
Select the alert in the Alerts Properties window.
X
Click Edit....
The corresponding Properties window appears.
X
Open the Actions tab.
X
Make the required settings and click OK.
The next alert will trigger the specified actions.
For more details about the possible settings, refer to the Microsoft ISA Server
documentation.
20 AntiVir ISA Server Avira GmbH
4.3 Testing AntiVir ISA Server
After installation and configuration, you should test AntiVir ISA Server. For
example, you can use the EICAR test virus from the "European Institute for
Computer Antivirus Research" (EICAR). This test file is not a virus but is reported
and treated by all antivirus programs as malware.
X
Download the test virus from the website http://www.eicar.org
A record is made in the logfile of Microsoft ISA Server.
The user receives a warning about the detection of a virus or unwanted
program, as below:
Operation
Problems
X
Also check the entry in the Windows Event Logger.
If AntiVir ISA Server does not run correctly:
X
Check that the installation and configuration have been performed correctly.
X
Read the "Known issues" section in the Online Help. It may contain the
solution to your problem.
X
Contact our support team.
We cannot offer support for problems which do not directly concern the AntiVir ISA
Server.
Avira GmbH AntiVir ISA Server 21
Operation
4.4 Reaction to Detection of Viruses / Unwanted Programs
If correctly configured, AntiVir has already automatically carried out all the
important tasks on your computer: deleted any detected viruses or unwanted
programs, made logfile records, sent alerts etc. These actions depend on the
Configuration of AntiVir ISA Server – Page 30.
You should do the following:
X
Try to detect the way the virus / unwanted program infiltrated your system.
X
Perform specific scanning on possibly infected data carriers.
X
Inform your team, superiors or partners.
X
Inform your system administrator and security provider.
Submit Infected Files to Avira GmbH
X
Please send us the viruses, unwanted programs and suspicious files that our
product does not yet recognize or detect. The same applies to any other
suspicious files. Send us the virus or unwanted program packed in a passwordprotected archive (PGP, gzip, WinZIP, PKZip, Arj), attached to an email, to
virus@antivir.com.
When packing, use the password virus. In this way, the file will not be deleted by virus
scanners on email gateways.
22 AntiVir ISA Server Avira GmbH
5 Configuration
5.1 Configuration of Microsoft ISA Server 2000/2004
Please refer to your Microsoft ISA Server documentation.
5.2 Configuration of AntiVir ISA Service
AntiVir ISA Server (SAVAPI 2) consists of two components: AntiVir ISA Service
(Savapi Service) and SAVAPI.DLL. Both can be configured in a configuration file (INI
file).
Please note that you do not usually need a special configuration of AntiVir ISA Service.
The default settings are usually sufficient.
Configuration
Changing
Parameters
AntiVir ISA Service first starts with safe default values and the SAVAPI.INI file is
automatically created.
You can modify most of the parameters while AntiVir ISA Service is running. Only
the following parameters require a restart:
• Port number
• Temporary files directory
• Updates directory
• Name of the license file
• Name of the logfile
If you want to change one of the above parameters:
X
Start the Service Applet in Services (Start\Control Panel\Administrative
Tools\Ser vices
X
Select AntiVir ISA Service.
X
Stop AntiVir ISA Service.
X
Change the parameters.
X
Restart AntiVir ISA Service.
).
X
Restart the program to change the SAVAPI.DLL.
Avira GmbH AntiVir ISA Server 23
Configuration
5.2.1 Entries in SAVAPI.INI
You can change the following parameters in the configuration file SAVAPI.INI:
Port Number
This indicates the TCP/IP port for the communication between AntiVir ISA service
and SAVAPI.DLL . If this port is already assigned, you can change the value.
Remember to modify the corresponding entry in SAVAPIDL.INI (see Entry in
SAVAPIDL.INI (optional) – Page 29).
Example
PortNumber=18371
Update Directory
In this directory, AntiVir ISA service temporarily saves the updates downloaded
from the Internet. It is a so-called working directory for the Internet Updater and
it should not be changed. Make sure AntiVir ISA update service has write access to
this directory.
Example
UpdateDirectory=C:\Programs\AntiVir\AntiVir ISA
Server\update\
Name of the License File
This parameter refers to the license file name which has been copied to the
installation directory.
Example
KeyFileName=C:\Programs\AntiVir\AntiVir ISA Server\
hbedv.key
Name of the Logfile
It specifies the name of the logfile. You can move the logfile to another location on
your hard disk. AntiVir ISA service needs write access for this location.
By default, the logfile is placed in the installation directory and it is named
SAVAPI.LOG.
Example
LogFileName=C:\Programs\AntiVir\AntiVir ISA Server\
savapi.log
Maximum Logfile Size
This value is the maximum size of the logfile (in kB). When the file size exceeds the
limit, the oldest entries are deleted automatically.
The file has no size limit if the value is 0.
Example
24 AntiVir ISA Server Avira GmbH
LogFileSize=1000
Scan Archive
Configuration
If the value is 1 (activated), AntiVir ISA service also scans for malware in archives.
The parameter is "deactivated" (0) by default.
Example
ScanArchives=0
Maximum Recursion for Archive Scanning
This value sets the maximum nesting level for scanned archives. AntiVir ISA
service unpacks the archived files down to this level and scans them for viruses and
other types of malware. Usually, the default value (2) is sufficient. The parameter
applies only when ScanArchives is active.
Example
ArchiveMaxRecursion=2
Automatic Archive Detection
Archives can be identified in two modes: based on the file extension or on the
contents.
The detection based on the contents ("SmartDetection") is a safer method, but it
takes longer. If this option is active (1), AntiVir ISA service tries to identify the
archives by means of content; otherwise by file extension. The parameter applies
only when ScanArchives is active.
Example
ArchiveSmartDetection=1
Blocking "mail bombs"
It blocks so-called "mail bombs" with a very high compression ratio. You can specify
up to which ratio AntiVir should unpack archives, between archived and unpacked
file size.
The value 0 deactivates this option, but it is not recommended. The default is 150.
Example
ArchiveMaxRatio=150
Maximum Size of Unpacked Files
There are compressed folders which do not contain any significant information but which
are intentionally created to expand to an "absurd size" and to slow down the computer.
This parameter avoids unpacking such archives.
If the value is 0 Bytes, all files are unpacked, irrespective of their size.
If the value is >0 Bytes, the program only scans archives with unpacked size smaller
than the set value.
The default is 300 MB.
Example
ArchiveMaxSize=300 (max. 300 MB)
Avira GmbH AntiVir ISA Server 25
Configuration
Scanning Mailboxes
When the value is 1, AntiVir ISA service also scans mailboxes for viruses and
unwanted programs.
By default, the parameter is deactivated (0).
Example
ScanMailboxes=0
Macro Viruses Heuristics
AntiVir ISA service also detects macro viruses. When activating this option, you
can also set the reaction to detection of macro viruses.
Example
OLEHeuristicEnabled=1
RemoveSuspiciousMacros=0
0 = Delete all suspicious or infected macros
1 = Delete all macros, if one is suspicious or
infected
Win32 Heuristics
You can activate Win32 heuristics for better virus detection and even set the
detection level.
By default, this option is deactivated.
Example
Win32HeuristicEnabled=1
Win32HeuristicScanMode=0
0 = Low detection level
1 = Medium detection level
2 = High detection level
Server Name for the Updates
The AntiVir ISA service downloads the updates (new virus signatures) from the
specified URL. If you want to use another server (e.g. the Internet Update
Manager), you can change the URL.
Example
Example
26 AntiVir ISA Server Avira GmbH
UpdateUrl=http://dl.antivir.de
If you want to download the updates from a shared directory, you have to type the
path for UpdateUrl and if necessary specify the username and password for
NetworkUserName and NetworkPassword.
Note that the AntiVir ISA update service has to run under a user account (default:
local system account) with access rights to the given directory.
UpdateUrl=file://computername/sharedfolder
NetworkUserName=fsmith
NetworkPassword=password
Update Interval
It sets the interval for the Internet Updater to search for new versions on the
specified UpdateURL. The value is given in minutes; default: every 120 minutes.
After the first action (scan for viruses and other malware) AntiVir ISA Server
automatically performs an update of the Search Engine and virus signatures.
The value 0 deactivates the automatic updates.
Configuration
Example
UpdateInterval=120
With the task StartUpdate.exe you can ask the Search Engine to perform an update
immediately – regardless of the update interval settings. In the event of errors, the
application returns the Errorlevel 1 (useful for batch files). If successful, the update
is logged in SAVAPI.LOG. The application has no output.
Using Proxy Server for Updates
If this value (1) is activated, AntiVir ISA service tries to download the updates via
the specified proxy server. By default, the program does not use a proxy server, i.e.
a direct Internet connection is assumed.
Example
ProxyEnabled=0
Proxy Server Address
Type the full name or IP address of the proxy server used for updates.
This value applies only if ProxyEnabled is activated.
Example
ProxyUrl=proxy.mydomain.com
Proxy Server Port
Type the port of the proxy server used for updates.
Example
This value applies only if
ProxyPort=3128
ProxyEnabled is activated.
Username and Password for Proxy Server (Proxy Authentication)
Type the username and password for the Internet Updater to connect to the proxy
server.
This value applies only if ProxyEnabled is activated.
Example
ProxyUserName=fsmith
ProxyPassword=password
Avira GmbH AntiVir ISA Server 27
Configuration
Sending Email Notifications
If you activate SmtpMailEnabled (1), AntiVir ISA service sends email
notifications to the recipients specified in SmtpRecipientAddress. Email
notifications can be sent if updates are successful or unsuccessful.
Make sure that the parameters SmtpMailMode, SmtpHostName,
SmtpSenderAddress and SmptReceipientAddress are correctly set.
SmtpMailEnabled is deactivated by default.
SmtpMailMode specifies when emails are to be sent.
Example
SmtpMailEnabled=0
SmtpMailMode=0
SMTP Server Name
Type the full name or the IP address of your SMTP server.
This value only applies if SmtpMailEnabled is active.
Example
SmtpHostName=smtp.domain.net
Sender’s Email Address
Type the email address you want to appear as the sender of the email notification.
This value only applies if SmtpMailEnabled is active.
Example
SmtpSenderAddress=sender@domain.net
0 = Emails are sent in the case of update error
1 = Emails are always sent
(Update successful or not)
Recipient’s Email Address
Type the email address to which email notifications will be sent.
This value only applies if SmtpMailEnabled is active.
Example
28 AntiVir ISA Server Avira GmbH
SmtpRecipientAddress=recipient@domain.net
5.2.2 Entry in SAVAPIDL.INI (optional)
The configuration file for communication between SAVAPI.DLL and the AntiVir ISA
service is SAVAPIDL.INI. By default, this file does not exist. Default values are used.
In order to change the default port for communication between AntiVir ISA service
and SAVAPI.DLL, you have to create the SAVAPIDL.INI file in the directory of
SAVAPI.DLL.
It only contains this entry:
[SAVAPI2DLL]
PortNumber=18371
Port Number
This value defines the TCP/IP port between AntiVir ISA service and SAVAPI.DLL. If
this port is already assigned, you can specify another one.
Remember to change the corresponding entry in SAVAPIDL.INI (see Entries in
SAVAPI.INI – Page 24).
Configuration
Example
PortNumber=18371
Avira GmbH AntiVir ISA Server 29
Configuration
5.3 Configuration of AntiVir ISA Server
After installation, AntiVir ISA Server appears in ISA MMC under Extensions Web
Filter
(ISA Server 2000) or Configuration/Add-ins/Web Filters (ISA Server 2004).
This is the procedure for AntiVir ISA Server configuration:
To open the Properties window:
X
Double-click on AntiVir Web Filter
– OR –
select Properties in the context menu.
AntiVir Web Filter Properties appear:
General Tab
Description
Vendor
Ver sion
Relative Path
Direction
Enable this
filter
30 AntiVir ISA Server Avira GmbH
Details of the Plug-In
Vendor’s name: Avira GmbH
Plug-In version
Relative path to the Plug-In DLL
Direction of incoming and outgoing connections (both)
Activate AntiVir Web Filter
Settings Tab
Configuration
AntiVir Search
Engine
Do not scan
these URL
types
If the Search Engine is not accessible (e. g. because of an invalid license file), access
to all files is blocked. The user receives an error message for every page selected.
This parameter must be deactivated if Microsoft ISA Server should run even though files
cannot be scanned. For security reasons, however, we recommend that this parameter is
always activated!
If you want AntiVir to exclude certain URLs from scanning for viruses or unwanted
programs, you can specify them for the AntiVir Web Filter – for example, company
URLs, which are already scanned elsewhere.
This parameter helps to increase performance, as not all files have to be scanned.
However, you should only use it with great caution and only for URLs that are deemed to
be virus-free.
You can make the following entries:
• Type specific pages of a web server. For example, the AntiVir business terms
can be downloaded without scanning:
http://www.avira.com/documents/general/pdf/en/
avira_agb_en.pdf
• Type only an URL address, all its pages will be excluded from scanning:
http://www.avira.com
• The line below will forward all files from the downloads directory without scanning:
http://www.avira.com/en/downloads/
Default: no entries (empty)
Avira GmbH AntiVir ISA Server 31
Configuration
Do not scan
these MIME
types
Interval to clear
the temp
directory
Set to default
This list is similar to the URL list, but in this case the MIME types are scanned. As
the entry in the HTTP header is optional, it does not mean that every response has
an entry of this type. If this entry is missing, the MIME type is not assessed and
AntiVir Web Filter skips this parameter.
It should also be noted that an attacker can easily change an HTTP header.
Default: no values (empty)
This parameter helps to increase performance, as not all files have to be scanned.
However, it should be used with great caution.
While scanning data for viruses and unwanted programs, Antivir ISA Server saves
temporary files to the hard disk. It is possible that AVWebFilter.dll cannot correctly
delete so-called "file remains" from the temporary directory. These remains are
regularly deleted by threads. The interval has to be between 300 (5 minutes ) and
86400 (1 day ).
Default: 1800 seconds (= 30 minutes)
Resets the settings in the configuration tab to default values.
Unwanted Programs Tab
Selection of
Unwanted
Programs
AntiVir ISA Server protects you not only against computer viruses but also against
unwanted programs. These are:
• Backdoor Control Software (BDC)
• Dialers
•Games
• Jokes
32 AntiVir ISA Server Avira GmbH
Timeouts Tab
Configuration
• Possible Malicious Software (PMS)
You can select all unwanted programs or the ones suggested by Avira GmbH as
default settings.
For more information about unwanted programs, please read the Glossary –
Page 39.
Timeout
prevention
Enable progress
messages
AntiVir ISA Server temporarily saves all downloaded files to the hard disk before
the Search Engine scans them for viruses and unwanted programs. If these files are
too large, a browser timeout may occur and the download is then aborted with an
error message.
As with Enable progress messages, the option Timeout prevention can prevent
browser timeouts. The user receives no status information ("Progress Message").
The program simply sends parts of the HTTP header, resetting the browser timer
and preventing timeouts.
The user receives no progress message (not even in the browser) until the files are
completely scanned for malware. This is problematic when downloading very large files,
as the user does not see any action for a long time. For security reasons, no HTTP body
data is sent to the user.
If this option is activated (default setting), a progress message is displayed with
download status information. It is especially important for very large files.
The progress message of AntiVir ISA Server replaces the browser message until the files
are scanned. The browser message will appear afterwards.
A progress message may contain:
Avira GmbH AntiVir ISA Server 33
Configuration
If the browser does not support automatic forwarding, the user has to manually
click the here link in order to update the progress message.
If the automatic forwarding of the browser is deactivated, the user receives a
message stating that the requested files are located elsewhere. This type of
message may appear as follows:
The following window appears when a file is downloaded and the scanning result
is negative (no malware found):
34 AntiVir ISA Server Avira GmbH
Configuration
The user may now access the file with a click on the link Get the File. The usual
progress message of the browser is then displayed.
If you press Cancel during download, the display shows the status Aborted after
the refresh interval:
Disabled
The link Repeat refers to the previously requested link. So when you click Repeat,
a new download begins.
This feature does not work with a right-click on Repeat and "Save target as" or "Save link
as": in the event of malware detection, the warning message is saved to the corresponding
file instead of saving the original file.
If a download is interrupted without clicking Cancel, Microsoft ISA Server continues to
download the files from the Internet.
Timeouts are not prevented. This may result in browser timeout when
downloading very large files, so the download is aborted with an error message.
Avira GmbH AntiVir ISA Server 35
Configuration
URL Cache Tab
Enable
URL cache
URL
cache size
URL
cache refresh
Interval
to clear the
URL cache
AntiVir Web Filter has a so-called URL Cache, which can considerably enhance the
performance of your system. It stores all URLs with negative scanning results, thus
avoiding repeated scanning of already checked URLs.
This option is deactivated by default.
URL Cache also involves risks and attackers may take advantage of this. URL Cache has
been implemented with the greatest care and dangers have been minimized.
If the contents of an URL change, AntiVir ISA Server scans the files again for malware.
You can set the size of the URL Cache. It is recommended to change this value only
if the computer on which Microsoft ISA Server runs has very little internal
memory.
The size range is between 1 and 65536 bytes. The higher the value, the better the
performance of the URL Cache.
Default (max.): 65536 (bytes).
You can set the time for keeping an URL in URL Cache.
The possible values are between 60 and 86400 seconds.
Default: 600 seconds.
You can set the interval for deleting the entries in URL Cache.
If an entry is old (comparing the one saved in URL time-entry with the current
time), URL Cache is deleted. This task is carried out by a separate thread, started at
certain intervals.
The possible values are between 60 and 86400 seconds.
Default: 500 seconds.
Set to defaults
36 AntiVir ISA Server Avira GmbH
Activates the default values.
6Service
6.1 Support
Service
Support Service
Forum
Our website http://www.avira.com contains all the necessary information on our
extensive support service.
The expertise and experience of our developers is available to you. The experts
from Avira answer your questions and help you with difficult technical problems.
During the first 30 days after you have purchased a license, you can use our
AntiVir Installation Support by phone, email or by online form.
In addition we recommend that you also purchase our AntiVir Classic Support,
with which you can contact and obtain advice from our experts during business
hours when technical problems are encountered. The annual fee for this service,
which includes eliminating viruses and hoax support, is 20 % of the list price of
your purchased AntiVir program.
Another optional service is the AntiVir Premium Support, which in addition to
the scope of the AntiVir Classic Support enables you to contact expert partners at
any time - even after business hours in the event of an emergency. When virus
alerts occur, you will receive an SMS on your cellphone.
Before you contact our Hotline, we recommend that you visit our user forum at
http://forum.antivir.de.
Your questions may already have been answered for another user and posted on
the forum.
Email Support
Support via email can be obtained at http://www.avira.com.
We cannot provide support for problems which do not directly concern AntiVir ISA
Server.
Avira GmbH AntiVir ISA Server 37
Service
6.2 Online Shop
Would you like to buy our products by mouse-click?
You can visit Avira Online Shop at http://www.avira.com and buy, upgrade or
extend AntiVir licenses quickly and safely. The Online Shop guides you step by step
through the order menu. A multi-lingual Customer Care Center explains the
order process, payment transactions and delivery. Resellers can order by invoice
and use a reseller panel.
6.3 Contact
Address
Internet
Avira GmbH
Lindauer Strasse 21
D-88069 Tettnang
Germany
You can find further information about us and our products by visiting
http://www.avira.com.
38 AntiVir ISA Server Avira GmbH
Appendix
7 Appendix
7.1 Glossary
Term Me ani ng
Backdoor (BDC) A backdoor is a program that infiltrates the system in order to steal data
without the user’s knowledge. This program is manipulated by third
parties using remote backdoor control software via the Internet or
network.
AntiVir detects backdoor control programs (Unwanted programs
configuration tab).
Demo version Without a license file, AntiVir ISA Server runs only as a demo version
and scans for viruses and unwanted programs only on the local drive C:
The repair function is also deactivated.
Dialer Paid dialing program. When installed on your computer, this program
sets up a Premium Rate Number Internet connection, charging you at
high rates. This can lead to huge phone bills.
AntiVir detects Dialers (Unwanted programs configuration tab).
Service System administration process running in the background on Windows.
About a dozen services can run on a computer simultaneously. They
start when the computer is switched on. The AntiVir ISA Server is such
a program type.
Service program Program component of AntiVir ISA Server which scans for viruses and
unwanted programs. Also known as "AntiVir service", it has to run on
the server.
It runs in the background and monitors all file operations carried out by
the user on the server (On-Access), such as: starting programs, loading
documents. AntiVir ISA Server automatically scans the corresponding
files when these operations occur.
On access scanning Automatic scanning of a file when it is accessed (e.g. opened).
Engine AntiVir Search Engine. AntiVir software module, controlling the virus
scanning.
Jokes Usually harmless and not self-spreading (Unwanted programs
configuration tab).
Avira GmbH AntiVir ISA Server 39
Appendix
Term Me ani ng
Heuristics The systematic process of solving a problem using general and specific
rules drawn from previous experience. However, solution is not
guaranteed.
AntiVir uses a heuristic process to detect unknown macro viruses, as
well as file viruses, worms and Trojans.
Logfile also: Report file. A file containing reports generated by the program.
Malware Generic term for "foreign bodies" of any type. These can be interferences
such as viruses or other software, which the user generally considers as
unwanted (see also Unwanted Programs).
PMS (Possible Malicious
Software)
Remote ability Remote operation of AntiVir ISA Server, when the control program is
Signature A bytes-combination used to recognize a virus or unwanted program.
SMTP (Simple Mail
Transfer Protocol)
Unwanted programs The name for programs that do not directly harm the computer, but are
Software that does not usually harm the computer. It is programmed to
harm other users.
For example, mail bombs: with such a program, the victim can be
attacked by thousands of emails.
AntiVir detects PMS (Unwanted programs configuration tab).
installed on a computer other than the AntiVir ISA service.
Protocol for email communication on the Internet.
not wanted by the user or administrator. These can be backdoors,
dialers, jokes and games. AntiVir detects various types of unwanted
programs (Unwanted programs configuration tab).
VDF
(Virus Definition File)
A file with known signatures for viruses and unwanted programs. In
many cases it is sufficient for an update to load the most recent version
of this file.
7.2 Further Information
You can find further information on viruses, worms, macro viruses and other
unwanted programs at http://www.avira.com .
40 AntiVir ISA Server Avira GmbH
7.3 Golden Rules for Protection Against Viruses
X Always keep boot floppy disks for your network server and for your
workstations.
X Always remove floppy disks from the drive after finishing work. Even if they
have no executable programs, disks can contain program code in the boot
sector and these can serve to carry boot sector viruses.
X Regularly back up your files.
X Limit program exchange: particularly with other networks, mailboxes, Internet
and acquaintances.
X Scan new programs before installation and the disk after this. If the program is
archived, you can detect a virus only after unpacking and during installation.
If there are other users connected to your computer, you should establish the
following rules for protection against viruses:
Appendix
X Use a test computer to check downloads of new software, demo versions or
virus-suspicious media (floppies, CD-R, CD-RW, removable drives).
X Disconnect the test computer from the network!
X Appoint a person responsible for virus infection operations and establish all
steps for virus elimination.
X Draw up an emergency plan as a precaution to prevent damage due to
destruction, theft, failure or loss/change due to incompatibility. You can replace
programs and storage devices, but not your vital business data.
X Draw up a plan for data protection and recovery.
X Your network must be correctly configured and the access rights must be wisely
assigned. This represents good protection against viruses.
Avira GmbH AntiVir ISA Server 41
MORE THAN SECURITY
www.avira.com
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Telephone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Email: info@avira.com
Internet: http://www.avira.com
All rights reserved. Subject to change.
© Avira GmbH
Loading...