Avira ANTIVIR VIRUS SCAN ADAPTER FOR SAP SOLUTIONS User Manual

Download

www.avira.com

User Manual

Virus Scan Adapter (for SAP Solutions)

More Than Security

Contents

1 About this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.2 The Structure of the Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.3 Signs and Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 Product Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.1 Licensing Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.2 Operating Mode of AntiVir VSA (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.3 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1 AntiVir VSA Installation (UNIX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1.1 Getting the Installation Files . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1.2 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1.3 Installing AntiVir VSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

3.1.4 Reinstalling AntiVir VSA . . . . . . . . . . . . . . . . . . . . . . . . . . .12

3.1.5 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3.2 AntiVir VSA Installation (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.2.1 Getting the Installation Files . . . . . . . . . . . . . . . . . . . . . . .13

3.2.2 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

3.2.3 Installing AntiVir VSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

3.2.4 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

4 Configuration (UNIX) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

4.2 Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

4.3 Configuration Script configantivir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

4.4 Configuring Regular Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

5 Configuration (Windows) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.1 Available Entries in SAVAPI.INI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.2 Possible Entry in SAVAPIDL.INI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

5.3 Immediate Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

6 ABAP-Specific Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.1 Setting the Virus Scan Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.1.1 Defining Scanner Groups . . . . . . . . . . . . . . . . . . . . . . . . . .31

6.1.2 Defining Virus Scan Servers . . . . . . . . . . . . . . . . . . . . . . . .33

6.1.3 Defining Virus Scan Profiles . . . . . . . . . . . . . . . . . . . . . . . .43

6.1.4 Implementing a BAdI for Virus Scanners . . . . . . . . . . . . .48

6.2 Problem Analysis for the Virus Scan Server . . . . . . . . . . . . . . . . . . . . . . . . . . 49

6.3 Testing the Installation of the Virus Scan Server . . . . . . . . . . . . . . . . . . . . . 51

6.4 Commented Example Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

7 Java-Specific Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

7.1 Setting Up Virus Scan Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

7.1.1 Define a Scanner Group . . . . . . . . . . . . . . . . . . . . . . . . . . .54

7.1.2 Define a Virus Scan Provider . . . . . . . . . . . . . . . . . . . . . . .54

7.1.3 Define a Virus Scan Profile . . . . . . . . . . . . . . . . . . . . . . . . .56

Avira GmbH Avira AntiVir UNIX Server 1

7.2 Problem Analysis for the Virus Scan Provider. . . . . . . . . . . . . . . . . . . . . . . . 57

7.3 Example Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

8 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

8.1 Reaction to Viruses/ Unwanted Programs Detected . . . . . . . . . . . . . . . . . . . 59

9 Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

9.1 Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

9.2 Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

10 Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

10.1 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

10.2 Further Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

10.3 Golden Rules for Protection Against Viruses . . . . . . . . . . . . . . . . . . . . . . . . .65

Avira GmbH Avira AntiVir UNIX Server 2

1About this Manual

In this Chapter you can find an overview of the structure and contents of this manual.

After a short introduction, you can read information about the following issues:

• The Structure of the Manual – Page 3

• Signs and Symbols – Page 4

1.1 Introduction

We have included in this manual all the information you need about AntiVir UNIX Server (for SAP Solutions) and it will guide you step by step through installation, configuration and operation of the software.

The full name of the program is AntiVir Virus Scan Adapter (for SAP Solutions). For easier reading, we have shortened the name in this manual to AntiVir VSA.

About this Manual

The term "viruses" is used as a general reference to malware, such as worms, Trojans, hoaxes etc.

For further information and assistance, please refer to our website, to the Hotline of our Technical Support and to our regular Newsletter (see Service – Page 61).

Your Avira Team

1.2 The Structure of the Manual

The manual of your AntiVir software consists in a number of Chapters, bringing you the following information:

Chapter Contents

1 About this Manual The structure of the manual, signs and symbols.

2 Product Information General information on AntiVir software, its

3 Installation Instructions to install AntiVir UNIX Server on your

4 Configuration (UNIX) Directions for optimum settings of AntiVir VSA on

5 Configuration (Windows) Directions for optimum settings of AntiVir VSA on

6 ABAP-Specific Configuration Information on specific ABAP configuration of

7 Java-Specific Configuration Information on specific Java configuration of

modules, features, system requirements and licensing.

system – using both the UNIX installation script and the graphical installation routine.

your UNIX system.

your Windows system.

AntiVir VSA.

Avira GmbH AntiVir Virus Scan Adapter

About this Manual

Chapter Contents

8 Operation Reactions when viruses and unwanted programs are

9 Service Avira GmbH Support and Service.

10 Appendix Glossary of technical terms and abbreviations,

1.3 Signs and Symbols

The manual uses the following signs and symbols:

Symbol Meaning

detected.

Golden Rules for Protection against Viruses.

 ... shown before a step you have to perform.  ... shown before the result that directly follows the preceding

For improved legibility and clear marking, the following types of emphasis are also used in the text:

Emphasis in text Explanation

Ctrl+Alt Key or key combination

/usr/lib/AntiVir/antivir Path and file name ls usr/lib/AntiVir User entries

... shown before a condition that must be met prior to performing an action.

action.

... shown before a warning if there is a danger of critical data loss or hardware damage.

... shown before a note containing particularly important information, e.g. on the steps to be followed.

... shown before a tip that makes it easier to understand and use AntiVir VSA.

Choose component Select all

http://www.avira.com URLs

Signs and Symbols – Page 4 Cross-reference within the document

Elements of the software interface such as menu items, window titles and buttons in dialog windows

4 AntiVir Virus Scan Adapter Avira GmbH

2 Product Information

AntiVir Virus Scan Adapter (for SAP Solutions) is the first and until now the only virus scanner for SAP business solutions certified by SAP. It is integrated into the SAP NetWeaver technology platform, monitors the data transfer of SAP applications via SAP Web Application Server and protects them against viruses and unwanted programs.

Using AntiVir VSA, for example, companies whose websites support online job applications and uploads of résumés in Word or PDF format can be certain that there is no malware in their databases. Files such as spreadsheets or pictures that have been processed by various employees can be scanned for malware before they are filed. It is therefore possible to file virus-free objects safely without leaving this important task to the antivirus software on the workstation.

Automatic Internet updates keep the software permanently up to date.

You increase the security of your system by integrating AntiVir VSA into the SAP system with the Virus Scan Interface. In this way, you can scan files or documents processed by applications for viruses and unwanted programs using a high-performance integration solution. This applies both to applications supplied by SAP and to your own processes, for example data transfer via networks or the exchange of documents via interfaces.

The interface has two components:

• an external one, for certification of various antivirus products and

• an internal one, for integrating the virus scanner feature in the application via a Business Add-In.

Product Information

The figure below shows an integrated ABAP-Java installation. You may also use the Virus Scan Interface on a simple ABAP or Java installation.

First, Application A accesses Group X via the Virus Scan Profile A, then Group Y and in the third step Group Z. Every group covers the antivirus software of a certain provider. Within Group X, a Virus Scan Server supplied by SAP is selected via load balance and access to the antivirus software is achieved via the certified Virus Scan Adapter of the external provider. This software scans the files provided by Application A for viruses.

Avira GmbH AntiVir Virus Scan Adapter

Product Information

Group Y has Virus Scan Providers with and without Virus Scan Server, which access the antivirus software via the certified Virus Scan Adapter of the external provider. The Virus Scan Provider in Group Z contains only the certified Virus Scan Adapter of the external provider, which ensures access to the antivirus software.

Alternatively you can implement your current virus scan solution via a Business Add-In (BAdI). This is shown as Group n in the above figure and it is also accessed through a Virus Scan Profile.

2.1 Licensing Concept

You must have a license to use AntiVir VSA. You are required to accept the license terms (see http://www.avira.com/documents/general/pdf/en/avira_eula_en.pdf).

There are different license models for using the various functions of AntiVir VSA:

•Full version

• Convenience Package

The license is contained in a license file named hbedv.key . You will receive it by email from Avira GmbH. It contains certain data such as the programs you will use and the period of your license. The same license file may refer to more than one AntiVir product.

Full Version

Convenience

Package

The range of Full Version features includes:

• Provision of AntiVir Versions by Internet download

•License file by email

• Complete installation instructions (digital)

• PDF manuals available for Internet download

• Four weeks installation support, starting from acquisition date

• Newsletter service (by email)

• Internet update service for program files and VDF

In addition to the Full Version license, the Convenience Package includes:

• Every three months: free delivery of a boot CD-ROM with the AntiVir Rescue System and all updated AntiVir products

• Complete installation manual (printed) on first delivery

• The Users’ Magazine "AntiVir Aktuell" (printed, sent by regular mail)

2.2 Operating Mode of AntiVir VSA (Windows)

The security pack AntiVir VSA consists of 2 modules:

•AntiVir Savapi:

- Savapi Service: it provides the actual scan and repairing features.

- Savapi Update Service: ensures that AntiVir VSA is kept up to date via Internet connection. It checks for available updates and it performs the update if necessary.

• AntiVir Virus Scan Adapter (VSA): Interface for SAP, corresponding to the file ANTIVIRVSA.DLL.

You may save ANTIVIRVSA.DLL to another location, but you will have to specify the full path to the Adapter in the SAP interface to set the environment variable VSA_LIB

6 AntiVir Virus Scan Adapter Avira GmbH

2.3 System Requirements

AntiVir VSA asks for the following minimum system requirements on your computer:

UNIX

• 256 MB RAM (768 MB for Solaris)

• 100 MB on hard disk (1GB recommended)

• CPU: i386 or higher (Linux), SPARC (SunOS)

• Linux (with glibc 2.2, ia32 and x86_64) or SunOS (Version 5.9, SPARC).

Windows

• Pentium III 500 MHz

• 256 MB RAM

• 20 MB hard disk space

• Operating system:

- Windows 2000 Server or Advanced Server

- Windows 2003 Server

- Windows NT Server

• Administrator rights for installation.

Product Information

Avira GmbH AntiVir Virus Scan Adapter

Product Information

8 AntiVir Virus Scan Adapter Avira GmbH

3 Installation

This Chapter describes AntiVir VSA installation for UNIX and Windows systems:

• AntiVir VSA Installation (UNIX) – Page 9

• AntiVir VSA Installation (Windows) – Page 13

3.1 AntiVir VSA Installation (UNIX)

You can find the current version of AntiVir VSA (UNIX) on the Internet. If you have a Convenience Package AntiVir CD-ROM, you may also install the product from it.

AntiVir VSA is supplied as a packed archive.

You will be guided step by step through the installation procedure:

• Getting the Installation Files – Page 9

• Licensing – Page 9

• Installing AntiVir VSA – Page 10

• Reinstalling AntiVir VSA – Page 12

Installation

3.1.1 Getting the Installation Files

Downloading the Installation Files from the Internet

 Download the current version file from our website http://www.avira.com

to your local computer. The file name is antivir-vsa-prof-<version>.tar.gz.

 Save the file in a /tmp folder on the computer on which you want to run AntiVir VSA.

Getting the Installation Files from CD-ROM

 On the AntiVir CD-ROM open

/en/products/unix/server.

 Copy the file antivir-vsa-prof-<version>.tar.gz in a directory, for example in

/tmp.

Unpacking Program Files

 Go to the temporary directory:

cd /tmp

 Unpack the archive containing the AntiVir kit:

tar xzvf antivir-vsa-prof-<version>.tar.gz

 antivir-vsa-prof-<version> will then appear in the temporary directory.

3.1.2 Licensing

You must have an AntiVir license in order to use the full product (see Licensing Concept – Page 6). The license is contained in a file named hbedv.key.

This license file contains information regarding the scope and period of the license. Without the license file, AntiVir VSA does not run (not even with restricted features).

Avira GmbH AntiVir Virus Scan Adapter

Installation

Purchasing the License

 You may contact us by telephone or by email (info@avira.com) to acquire a license file

for AntiVir VSA.

 You will receive the license file by email.

Copying the License File

 Copy the license file hbedv.key to the installation directory on your system

/tmp/antivir-vsa-prof-<version>.

3.1.3 Installing AntiVir VSA

AntiVir VSA is automatically installed using a script. This script performs the following tasks:

• Checks integrity of the installation files.

• Checks for the required authorizations for the installation.

• Checks for an existing version of AntiVir on the computer.

• Copies the program files. Overwrites existing obsolete files.

• Copies AntiVir configuration files. Existing AntiVir configuration files are inherited.

• Optionally it installs AntiVir Update Daemon.

• Optionally it configures an automatic start for AntiVir Updater on system start-up.

You can also perform the installation without having a license key from the beginning. You will then have to copy the license file into the AntiVir program directory /usr/lib/AntiVir. Without a license, AntiVir will not run.

Preparing Installation

 Login as root. Otherwise you do not have the required authorization for installation

and the script returns an error message.

 Go to the directory in which you unpacked AntiVir:

cd /tmp/antivir-vsa-prof-<version>

Installing AntiVir VSA

 Type:

./install

Please note the dot and slash in the command syntax. Typing the command without this path specification, triggers another command, which is not related to AntiVir installation process and this would result in error messages and unwanted actions. Press q to close the license text view.

10 AntiVir Virus Scan Adapter Avira GmbH

Installation

 The installation script starts and copies the program files, after you accept the

license terms. Optionally, the Installer can read an existing license key:

Do you agree to the license terms? [n] y

creating /usr/lib/AntiVir ... done

1) installing AntiVir Engine copying bin/antivir to /usr/lib/AntiVir/ ... done copying vdf/antivir0.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir1.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir2.vdf to /usr/lib/AntiVir/ ... done copying vdf/antivir3.vdf to /usr/lib/AntiVir/ ... done

Enter the path to your key file: [hbedv.key] copying hbedv.key to /usr/lib/AntiVir/hbedv.key ... done copying script/configantivir to /usr/lib/AntiVir/ ... done linking /usr/bin/antivir to /usr/lib/AntiVir/antivir ... done installation of AntiVir Engine complete

 Then you are asked if you want to install the Internet Update Daemon:

Installation

with Update

Daemon

2) installing internet update daemon An internet update daemon is available ...

Would you like to install the internet update daemon? [n]

You do not necessarily need the Internet Update Daemon to keep AntiVir up to date. You can perform this operation manually via the Internet. However, for the initial installation it is recommended to install the Update Daemon. You can deactivate it later in the configuration settings.

If you choose to install the Internet Update Daemon (recommended):

 Type Y and confirm with Enter.

 The Internet Update Daemon is installed. Then you are asked if the daemon should

start automatically:

Would you like to install the internet update daemon? [n] y copying script/rc.avupdater.SuSE8x to /usr/lib/AntiVir/avupdater ... done checking for existing /etc/avupdater.conf ... not found copying etc/avupdater.conf to /etc/ ... done

Would you like the internet update daemon to start automatically? [y]

 Type Y and confirm with Enter. You can later change this setting manually.

 The automatic system start is configured:

Would you like the internet update daemon to start automatically? [y] y setting up startup script ... done installation of the internet update daemon complete

Installation

without Update

Daemon

If you choose not to install the Internet Update Daemon, or to do this later manually:

 Type N or press Enter.

Avira GmbH AntiVir Virus Scan Adapter

Installation

Installation of

VSA library

Starting

configuration

 The next step installs VSA library:

3) installing VSA library copying lib/libantivirvsa.so.1.1.0 to /usr/lib/AntiVir/ ... done linking libantivirvsa.so to libantivirvsa.so.1.1.0 ... done installation of VSA library complete checking for existing /etc/avsapvsa.conf ... not found copying etc/avsapvsa.conf to /etc/ ... done

 Afterwards, you can configure AntiVir:

4) configuring AntiVir Updater

Your connection to the internet might require special configuration settings (such as HTTP proxy settings). You may also want the updater to log to specific files or send email notification. You now have the opportunity to set these options.

Would you like to configure the AntiVir updater now? [y]

If you answer Y, the configuration script for AntiVir Updater starts. You can make the configuration at any time later. We recommend that you first learn about the configuration options and then perform it.

 End this procedure by answering N.

 You will see a report that indicates the completion of the installation:

Installation of the following features complete: AntiVir Engine AntiVir Internet Update Daemon AntiVir VSA

 Finally, the Installer displays information about the update procedure:

Note: It is highly recommended that you perform an update now to ensure up-to-date protection. This can be done by running:

antivir --update

Be sure to read the README file for additional information. Thank you for your interest in AntiVir VSA.

3.1.4 Reinstalling AntiVir VSA

You can always launch the installation script. There are various possible situations:

• Installation of a new version (upgrade). The installation script checks the previous version and installs the necessary new components. The configuration file settings already made are not overwritten (see Configuration (UNIX) – Page 17), but inherited.

• Later installation of some components, e.g. Internet Update Daemon.

• Activation or deactivation of the automatic start of the Internet Update Daemon.

12 AntiVir Virus Scan Adapter Avira GmbH

Reinstalling AntiVir VSA

The procedure applies to all these cases:

 Open the temporary directory where you unpacked AntiVir VSA:

 Type:

 Make the changes you need during installation procedure.

3.1.5 Background

During the installation, please note the following:

• AntiVir VSA Library is copied.

• The administrator can set the environment variable VSA_LIB (see system

Installation

cd /tmp/antivir-vsa-prof-<version>

./install

 The installation script runs more or less as described in Installing AntiVir VSA –

Page 10.

 AntiVir VSA is installed with the required features.

documentation). Otherwise you have to provide the full path in SAP setup:

/usr/lib/AntiVir/libantivirvsa.so.<version>

• The administrator has to integrate the SAPCAR tool in /etc/avsapvsa.conf (see the given example); without this entry, AntiVir does not scan SAPCAR archives:

SapCarProgram /usr/bin/SAPCAR

3.2 AntiVir VSA Installation (Windows)

3.2.1 Getting the Installation Files

Downloading the Installation Files from the Internet

You can find the current program files for AntiVir VSA on our website. They are packed:

•in ZIP format (you need a program to unpack it, for example WinZip) or

•in EXE format as a self-extracting archive (no unpacking program needed).

 Download the current version file from our website http://www.avira.com

to your local computer. The file name is antivir_vsa_en.exe.

Getting the Installation Files from CD-ROM

 On the AntiVir CD-ROM open

/en/products/vsa/windows

 Save the file to the computer on which you want to run AntiVir VSA. The file is

currently named antivir_vsa_en.exe.

Avira GmbH AntiVir Virus Scan Adapter

Installation

3.2.2 Licensing

You must have an AntiVir license in order to use AntiVir VSA (see Licensing Concept – Page 6). This license file contains information regarding the scope and period of the license.

Purchasing the License

 You may contact us by telephone or by email (info@avira.com) to acquire a license file

for AntiVir VSA.

 You will receive the license file by email.

3.2.3 Installing AntiVir VSA

Requirements

 Please check the following requirements in order for the software to perform

efficiently:

3 Make sure the System Requirements are met. 3 Log in as administrator or as user with administrator rights. 3 Make sure the Internet connection is available and it allows automatic Updates with

the Internet Updater.

3 Be sure to have the hbedv.key license file at hand.

 Open the folder containing the downloaded program file antivir_vsa_en.exe .

 Double-click the file antivir_vsa_en.exe .

 The setup starts in a dialog window.

 Click Setup.

 AntiVir VSA setup starts.

 The welcome window of the Install Shield Wizard appears:

 Click Next.

14 AntiVir Virus Scan Adapter Avira GmbH

 You can read the License agreement:

You must agree to these conditions in order to continue the installation.

Installation

 Confirm with Yes.

 The window for selecting the Destination folder appears:

 Confirm with Next if the path is correct

– OR – Click Browse and select the path, then click Next.

Avira GmbH AntiVir Virus Scan Adapter

Installation

 The License file window follows:

 Select the folder containing the hbedv.key license file and click Next.

 Then you will see Install Shield Wizard completed.

 Click Finish.

 The setup program imports and installs the necessary files in the target folder.

3.2.4 Background

During installation, the following actions have been performed in the background:

• Copying of the Virus Scan Adapter (VSA) file ANTIVIRVSA.DLL to the installation

• Setting of the environment variable VSA_LIB in the absolute path for VSA;

• Searching for the tool to unpack SAP archives (SAPCAR format); searching for the

• Adding a parameter in SAVAPI.INI which activates SAPCAR archive scanning;

 AntiVir VSA installation is completed. You do not need to restart your computer.

folder.

for example:

VSA_LIB=C:\Program Files\Avira GmbH\AntiVir Savapi\ANTIVIRVSA.DLL

environment variable PATH of SAPCAR.EXE file.

for example: SapCarProgram= (empty -> SAPCAR.EXE not found)

- OR SapCarProgram=C:\SAPCAR\SAPCAR.EXE (program found)

16 AntiVir Virus Scan Adapter Avira GmbH

4 Configuration (UNIX)

You can adjust AntiVir VSA for optimum performance. You can make the most important adjustments immediately after installation. The most common settings are suggested.

You can modify these settings at any time to adapt the product to your requirements.

After a short overview, you will be guided step by step through the configuration process:

• Information on the configuration files:

- Parameters in the Configuration File avsapvsa.conf – Page 18 and

- Parameters in the Configuration File avupdater.conf – Page 19. If you wish to use the configuration script, you can skip this Section.

• The procedure for using the configuration script: Configuration Script configantivir – Page 20.

• Specific configuration for AntiVir VSA:

- Configuring Regular Updates – Page 22.

Configuration (UNIX)

4.1 Overview

Configuration

files

Configuration

script

The configuration file avupdater.conf defines automatic software updates; the file avsapvsa.conf defines the scanning parameters and logging rules when viruses or unwanted programs are detected.

You can make these settings directly in the configuration files. This is not very difficult.

A more convenient way is to use the configuration script included in the program. It intercepts possible errors and restarts the necessary processes.

You can use the script configantivir, located in /usr/lib/AntiVir, to edit the settings in avupdater.conf (Updater settings).

4.2 Configuration Files

This section describes the structure of AntiVir VSA configuration files avsapvsa.conf and avupdater.conf. AntiVir reads these files on program start-up. It ignores empty lines and

commented lines beginning with #.

The program is provided with default values which are important for many procedures. Some options can be deactivated with a # at the beginning of the line (commented). These can be activated by removing the # character or by changing the values.

You must restart the Internet Update Daemon if you modify any values manually in avupdater.conf, without using the configuration script. The changes will only take effect after a restart.

 Type:

/usr/lib/AntiVir/avupdater restart

Avira GmbH AntiVir Virus Scan Adapter

Configuration (UNIX)

Parameters in the Configuration File avsapvsa.conf

This section provides a short description of the settings in avsapvsa.conf. These settings affect the scanner’s behavior.

You can edit most of these parameters using the SAP GUI. SAP NetWeaver applies them to the scanner, via the VSA. When inserting such a parameter in the file avsapvsa.conf, the scanner starts with the specified value, but the values in SAP GUI will immediately override it. This means that the settings made in SAP GUI for the AV scanner have a higher priority than those made in the configuration file avsapvsa.conf.

EmailTo

Suppress

Notification

Below

LogFile

Detect...

Email messages: AntiVir can send emails, when detecting viruses or unwanted programs. There is no default setting. You must specify a recipient in order to send emails:

EmailTo root@localhost

Filtering email notifications as required: This option can exclude certain messages, when notifications are sent with the EmailTo option, according to their priority level. The recipients will only receive notifications with the selected priority or higher. The possible priority levels (in ascending order) are Notice, Information, Warning, Error and Alert. By default, the scanner does not suppress notifications.

SuppressNotificationBelow Scanner Notice

Logfile: AntiVir logs all important operations via the syslog daemon. It can also create an additional logfile. There is no default setting. You must enter the full path to the logfile in order to use this option:

LogFile /var/log/avsapvsa.log

Detection of other types of unwanted programs: Besides viruses, there are other types of harmful or unwanted software. You can activate their detection using the following options. The virus detection is not optional and you can not deactivate it.

DetectAdspy yes DetectBDC yes DetectDial yes DetectGame no DetectJoke no DetectPck no DetectPhish yes DetectSPR no

You can use the parameter DetectAllTypes, in order to activate all known categories with a single entry.

SapCarProgram

Support for CAR/SAR Archives: AntiVir Virus Scan Adapter includes native support for the most popular archive types, such as ZIP, CAB, TAR, etc. You can also scan archives with SAP-specific extensions CAR/ SAR, if you use an external "sapcar" tool. Write the full path to the binary of this tool. There is no default path.

SapCarProgram /usr/local/bin/sapcar

18 AntiVir Virus Scan Adapter Avira GmbH

Parameters in the Configuration File avupdater.conf

This section provides a short description of the settings in avupdater.conf. These settings apply to AntiVir Updater.

You can conveniently edit this file using Configuration Script configantivir – Page 20, which also restarts the affected processes, if necessary.

Configuration (UNIX)

AutoUpdate...

EmailTo

Suppress

Notification

Below

Update scheduler: The security software can check regularly for updates online using the Internet Update Daemon and, if available, it performs the update. By default, the possible options are deactivated; the program therefore does not start automatic updates. In order to keep AntiVir up to date, please set the appropriate HTTP proxy parameters and use one of the two methods to run the updates: set an update schedule and start the Internet Update Daemon; or create an update job using cron daemon.

For updates every 2 hours, you must activate the following option:

AutoUpdateEvery2Hours

For daily updates, activate the option below:

AutoUpdateDaily

In the case of daily updates, you may also set the time for this action in HH:MM format:

AutoUpdateTime 04:23

Email messages: AntiVir can send email notifications with details regarding the performed updates. There is no default setting. You must specify a recipient in order to send emails:

EmailTo root@localhost

SuppressNotificationBelow Updater Notice

LogFile

LogFile /var/log/avupdater.log

HTTPProxy...

Proxy server: If your computer is connected to the Internet via an HTTP proxy server, you must specify this, so that the automatic Internet Updater functions properly. By default, the settings are deactivated; a direct connection to the Internet is assumed. You must specify:

•HTTP proxy server

•Port

• Username and password for the HTTP proxy server if necessary.

Avira GmbH AntiVir Virus Scan Adapter

Configuration (UNIX)

Example:

HTTPProxyServer proxy.domain.com HTTPProxyPort 8080 HTTPProxyUsername username HTTPProxyPassword password

Updater

Keeps

Backups

GnuPG...

Syslog...

The Internet Updater replaces installed files with newer versions when updates are available. Even if the program is testing the new files, you might want to keep backups of earlier versions.

When activating this option, your existing files will be moved to the newly created subdirectories of /usr/lib/AntiVir, named updater-backup-YYYYmmdd-HHMMSS.

If you activate the backup function of the Internet Updater, you should check this directory regularly and manually delete old versions as the size increases.

UpdaterKeepsBackups

GnuPG settings: The Updater can check the updates for authenticity using GnuPG. For more information, see Verifying Updates Authenticity with GnuPG – Page 26. If you use GnuPG, you have to enter the path to GnuPG executable, for example:

GnuPGBinary /usr/local/bin/gpg

You can also add other options using GnuPGOptions, depending on the specific GnuPG installation. This is usually not necessary. Both settings are deactivated by default.

Syslog settings: AntiVir sends messages for all important operations to the syslog daemon. You may specify the facility and priority for these messages. The default setting is:

SyslogFacility user SyslogPriority notice

These values apply even if the option is not active.

4.3 Configuration Script configantivir

You can conveniently configure AntiVir Internet Updater using the configuration script configantivir, which is able to intercept possible invalid entries and restart the necessary processes.

The script for configuring AntiVir Updater edits the parameters in avupdater.conf.

The procedure for using the script is very easy:  Type:

/usr/lib/AntiVir/configantivir

The script reads the current settings in avupdater.conf and systematically asks if you want to enter new values. It displays all possible parameter values, while the current ones are shown as default.

20 AntiVir Virus Scan Adapter Avira GmbH

Configuration (UNIX)

If you want to keep one of the current settings:  Press Enter. If you want to change a setting:

 Type the new value and confirm with Enter.

 Finally, a summary of the configuration settings is displayed. For example:

AntiVir Configuration ===================== Here are the configuration settings you have specified. Look them over to make sure they are correct.

email notification: no specific logfile: /var/log/avupdater.log update frequency: every 2 hours (if update daemon is running) http proxy server: none

available options: y n

Save configuration settings? [y]

If you do not agree with all displayed options:  Type N to restart the configuration script and correct the values.

If all settings correspond to the configuration you require:

 Confirm with Y or Enter to save the configuration file with the new values.

 The script informs you about saving the configuration file. It displays details about

running the Internet Update Daemon:

* SUCCESS *

Configuration successfully saved to. /etc/avupdater.conf

Press <ENTER> to continue.

Running Internet Update Daemon ============================== In order for the Internet Update Daemon to be active ...

available options: y n

Would you like to apply the new configuration? [y]

 Confirm with Y or Enter, to start the Update Daemon.

 The Internet Update Daemon starts. If already running, it will automatically

restart in order to apply the new settings. Then the configuration is complete.

Starting AntiVir: avupdater ...

AntiVir Status: avupdater running [ running ]

Here are some commands that you should remember...

configure updater: /usr/lib/AntiVir/configantivir start update daemon: /usr/lib/AntiVir/avupdater start stop update daemon: /usr/lib/AntiVir/avupdater stop update daemon status: /usr/lib/AntiVir/avupdater status

Avira GmbH AntiVir Virus Scan Adapter

Configuration (UNIX)

4.4 Configuring Regular Updates

The performance and effectiveness of an antivirus software depends on its being up to date. This is why AntiVir offers the possibility to download current updates via HTTP from the AntiVir webservers and even to schedule them automatically at regular intervals.

These updates ensure that AntiVir components, which provide security against viruses and unwanted programs, are always kept up to date.

There are two methods to configure AntiVir updates:

• You can use the Internet Update Daemon provided with AntiVir, which is easy to configure. This is recommended if you have little UNIX knowledge and if you only want to make small adjustments.

• You may use AntiVir with cron daemon. This is recommended if you have extensive UNIX knowledge. You have to carry out the configuration yourself, but it gives you more flexibility.

Configuring the Internet Connection for Updates

3 Check that your Internet connection is functioning correctly. In most cases, the

connection is already configured. If not, refer to your UNIX documentation for the information you need.

Proxy server

If your AntiVir VSA computer is connected to the Internet via HTTP proxy server, you must make the necessary settings for AntiVir:

 Run configantivir:

/usr/lib/AntiVir/configantivir

 Confirm all settings with Enter until you reach the proxy server option:

HTTPProxyServer/HTTPProxyPort (4 of 4) ============================= If this machine is sitting behind an HTTP proxy server, you will need to configure AntiVir with the appropriate proxy settings. Internet access is required in order to make updates.

available options: y n

Does this machine use an HTTP proxy server? [n]

 Type Y.  You are then asked for the name and the port of the proxy server:

What is the HTTP proxy server name? []

 Type its name (example):

proxy.domain.com

 Then you are asked for the port of the proxy server. Type in the data:

What is the HTTP proxy server name? [] proxy.domain.tld Which port number does the HTTP proxy server use? [] 3128

22 AntiVir Virus Scan Adapter Avira GmbH

Configuration (UNIX)

 You are then asked if you need a username and password for the proxy server:

HTTPProxyUsername/HTTPProxyPassword (4-2 of 4) =================================== Proxy servers may be configured to require a username and password. If the HTTP proxy server for this machine requires a username and password AntiVir needs to be appropriately configured.

available options: y n

Does the HTTP proxy server require a username/password? [n]

If this is the case:

 Type Y.

 Then you are asked for the username and password.

 Enter the username and password.

 The configuration script displays the configuration summary and asks for

confirmation, to write the configuration file.

The Internet update connection is now configured.

Configuring Automatic Updates via Internet Update Daemon

The Internet Update Daemon is a very simple service which performs the following command at fixed intervals:

antivir --update

To enable the following settings, you must first install the Internet Update Daemon, i.e. if you have installed AntiVir VSA with Update Daemon as described in Installing AntiVir VSA – Page 10. Otherwise you have to run the installation script again, see Reinstalling AntiVir

VSA – Page 12.

You can define the following settings:

• Update intervals. It is possible to:

- update every two hours

- update daily

• Time settings for updates (for daily updates). You can:

- set the time yourself

- let the daemon choose a random time. The script chooses the time once and keeps it as the update time. In this case, the computer has to be online at the set hour.

 Run configantivir:

/usr/lib/AntiVir/configantivir

Avira GmbH AntiVir Virus Scan Adapter

Configuration (UNIX)

 Confirm every setting with Enter, until you reach the question about update

frequency:

AutoUpdateEvery2Hours/AutoUpdateDaily (3 of 4) ===================================== AntiVir is equipped with an Internet Update Daemon. At specified intervals, AntiVir will connect to an update server to check for newer versions of the AntiVir engine or the data files. If a newer version is available, AntiVir will automatically download and install the updates without requiring any special attention. This allows AntiVir to be kept current against attacks and problems.

AntiVir can be configured to check for updates every 2 hours (2) or once a day (d). You can also choose to disable the Internet Update Daemon (n).

Note: Updates can also be done manually from the command line: antivir --update You may prefer to disable the Internet Update Daemon and instead perform regular updates using a cron(8) job.

Using the startup script for the Internet Update Daemon when it is disabled will result in an error.

available options: 2 d n

How often should AntiVir check for updates? [2]

 Type:

- n, if you do not want to perform automatic updates

- 2 for updates every two hours

- d for daily updates

 If you select daily updates, you have to set the time:

AutoUpdateTime (3-2 of 4) ============== The AntiVir Updater can be set to always check for updates at a particular time of day. This is specified in a HH:MM format (where HH is the hour and MM is the minutes). If you do not have a permanent connection, you may set it to a time when you are usually online. You may also let AntiVir choose a random time (r).

If you have a permanent connection then a random time may be preferred because it will help to disperse the times when other users are getting updates.

available options: HH:MM r

What time should updates be done? [RANDOM]

 Type the time in HH:MM format

– OR – type R for a random time.

 Confirm all other configuration questions with Enter.

 The automatic updates via the Internet Update Daemon are now configured. The

Daemon will automatically start (if not running already) or it restarts (if already running).

24 AntiVir Virus Scan Adapter Avira GmbH

Starting and Stopping Internet Updater Manually

If you want to start Internet Update Daemon manually:  Type:

/usr/lib/AntiVir/avupdater start

If you want to stop Internet Update Daemon manually:  Type:

/usr/lib/AntiVir/avupdater stop

If you want to check the current status of the Internet Update Daemon:  Type:

/usr/lib/AntiVir/avupdater status

Performing Cron Updates

Performing updates with cron is recommended!

Configuration (UNIX)

If you are an experienced UNIX user, you can use cron daemon to perform automatic AntiVir updates.

Cron daemon is used to run regular system processes. For more details, refer to your UNIX documentation.

Using cron for updates, you have more configuration possibilities than with the Internet Updater.

Example:

Starting Internet Updater Automatically

 Enter the following cron job in /etc/crontab:

45 */2 * * * root /usr/lib/AntiVir/antivir --update -q

 This command activates updates every 2 hours, but performs them 15 minutes

ahead of the set time: 0:45, 2:45, 4:45 and so on. The -q parameter states that no report will be given.

If you do not want to use cron, you can work with the Internet Update Daemon. If you have performed the installation as described in Installing AntiVir VSA – Page 10, your system is correctly configured.

If the Internet Update Daemon has not yet been automatically activated on system startup:

 Reinstall AntiVir with the necessary settings (see Reinstalling AntiVir VSA –

Page 12).

Avira GmbH AntiVir Virus Scan Adapter

Configuration (UNIX)

Verifying Updates Authenticity with GnuPG

GnuPG is a free alternative to the encryption program PGP (Pretty Good Privacy). Using GnuPG you can verify the authenticity of the AntiVir Updates.

Follow these steps to activate GnuPG support:

 Download GnuPG from the website http://www.gnupg.org. Here you can also find

 Generate your own PGP key pair, as described in the documentation.  Import the AntiVir public PGP key to your key-ring:

 Display the fingerprint of the key to check if it really is the AntiVir PGP key:

 Check whether the fingerprint corresponds with the one on the AntiVir website

 Sign the AntiVir public key in order to certify its validity:

 Change to the /bin sub-directory of the AntiVir installation directory (example):

 Check the signature with:

 Activate GnuPG for AntiVir. In /etc/avupdater.conf enter the path to GnuPG binaries,

It is highly recommended to use GnuPG. However, this procedure requires extensive knowledge of UNIX and

GnuPG. In the event of configuration errors, there is the danger of deactivating AntiVir updates.

The user running updates on the computer has to perform these steps. Usually it has to be a user with administrator rights.

You can find more details of GnuPG at http://www.gnupg.org

the manual with further information on GnuPG and its features.

gpg --import antivir.gpg

– OR – Import the AntiVir public key directly from the key server:

gpg --keyserver=wwwkeys.pgp.net --recv-keys 0F821C2E

gpg --fingerprint build@avira.com

 The 40-character fingerprint is displayed.

(http://www.avira.com).

gpg --sign-key build@vira.com

cd /tmp/antivir-vsa-prof-<version>/bin

 Here you can find the files antivir and antivir.asc.

gpg --verify antivir.asc antivir

 If you do not get any error message, you can use GnuPG for AntiVir updates.

using the option GnuPGBinary:

GnuPGBinary /usr/local/bin/gpg

You can only edit this option in avupdater.conf manually. Setting in the configuration script is not possible in order to avoid the danger of configuration errors.

 Restart Internet Update Daemon to activate the new settings in avupdater.conf:

/usr/lib/AntiVir/avupdater restart

 From now on, GnuPG authenticates the updates.

26 AntiVir Virus Scan Adapter Avira GmbH

5 Configuration (Windows)

Savapi 2 has two components: Savapi Service and SAVAPI.DLL. You can configure both using their .INI files.

Please note that you do not normally need to carry out any special configuration for SAVAPI 2. The default settings are usually sufficient.

The Savapi Service initially runs with secure default values. It automatically creates the file SAVAPI.INI .

You can change most of the parameters while Savapi Service is running. A restart is only necessary for the following parameters:

•Port number

• Temporary directory

•Updates directory

•License file name

•Logfile name

If you want to stop Savapi Service:  Start the services applet under

Start\Administrative Tools\Services

 Select Savapi Service.  Stop Savapi Service.  Change the parameters.  Restart Savapi Service.  If necessary, restart the program that uses SAVAPI.DLL .

Configuration (Windows)

5.1 Available Entries in SAVAPI.INI

You can change the following parameters of SAVAPI.INI:

Port Number

This value indicates the number of the TCP/IP port used for communication between Savapi Service and SAVAPI.DLL . If this port is already assigned, you can change it. Do not forget to specify it in SAVAPIDL.INI (see Possible Entry in SAVAPIDL.INI – Page 30).

Example

Temporary Directory

Example

PortNumber=18370

It specifies the directory to which Savapi Service writes its temporary files. The location is usually the sub-folder \temp of the installation directory. You may, however, use another location – but ensure there is enough memory space.

TempDirectory=C:\Program Files\Avira GmbH\AntiVir SAVAPI\temp\

Avira GmbH AntiVir Virus Scan Adapter

Configuration (Windows)

Update Directory

Savapi Service saves the downloaded updates to this directory. It is a so-called working directory for the Updater (Savapi Update Service). The directory should not be modified. Ensure that Savapi Update Service has write access to this directory.

Example

UpdateDirectory=C:\Program Files\Avira GmbH\AntiVir SAVAPI\update\

License File Name

This parameter defines the name of the license file to be copied to the SAVAPI installation folder.

Example

KeyFileName=C:\Program Files\Avira GmbH\AntiVir SAVAPI\hbedv.key

Logfile Name

This value indicates the name of the Savapi Service logfile. You can move the logfile to another location on your hard disk. The Service requires write access to this directory.

The default logfile is located in the installation directory and its name is SAVAPI.LOG.

Example

LogFileName=C:\Program Files\Avira GmbH\AntiVir SAVAPI\savapi.log

Maximum Logfile Size

It sets the maximum size of the logfile (in kB). When this value is exceeded, the oldest entries are deleted automatically.

If the value is 0, there is no restriction for the logfile size.

Example

Updates Server Name

Example

LogFileSize=1000

Savapi Service downloads its updates (new virus signatures) form the specified URL. If you want to use another server (e.g. via Internet Update Manager), you can change the URL.

UpdateUrl=http://dl.antivir.de

If you want to perform updates from a shared directory, you must specify the path to this directory for UpdateUrl. In the case of authentication, you have to write the username and password for NetworkUserName and NetworkPassword. Please note that Savapi Update Service must run under a user account (default, Local System Account) and access the shared directory through it.

UpdateUrl=file://computername/sharedfolder NetworkUserName=fmeier NetworkPassword=password

Updates Interval

This value sets the time interval for the Internet Updater to search for available updates on the server specified as UpdateURL. The value is given in minutes. Default: every 120 minutes. Savapi Service automatically performs an update of the engine and virus

28 AntiVir Virus Scan Adapter Avira GmbH

Configuration (Windows)

signatures after the first action (scan for viruses and other malware). The zero value deactivates the search for updates.

Example

Proxy Server for Updates

Example

Proxy Server Address

Example

Username and Password for Proxy Server

(Proxy Authentication)

Example

UpdateInterval=120

If the option is activated (1), Savapi Service downloads the updates via the specified proxy server. By default, the Updater does not use a proxy.

ProxyEnabled=0

Type the full name or IP address of the server you use for updates. This value is applied only if ProxyEnabled is active.

ProxyUrl=proxy.mydomain.com

Type the username and password that the Internet Updater should use to access the proxy server. These values are applied only if ProxyEnabled is active.

ProxyUserName=fmeier ProxyPassword=password

Email Notifications

If SmtpMailEnabled is active (1), Savapi Service sends email notifications to the address specified for SmtpRecipientAddress. The notifications can be sent in the event of errors or successful updates.

Make sure that the parameters SmtpMailMode, SmtpHostName,

SmtpSenderAddress and SmptReceipientAddress are correctly set. SmtpMailEnabled is by default inactive.

SmtpMailMode parameter sets the case for sending emails.

Example

SmtpMailEnabled=0 SmtpMailMode=0

0 = sending emails only by update errors.

1 = sending emails in every case (Update successful or not).

SMTP Server Name

Type the full name or IP address of your SMTP server. This value is used only if SmtpMailEnabled is active.

Example

SmtpHostName=smtp.domain.net

Avira GmbH AntiVir Virus Scan Adapter

Configuration (Windows)

Sender Email Address

Type the email address you want to use when sending notifications. This value is used only if SmtpMailEnabled is active.

Example

Recipient Email Address

Example

SmtpSenderAddress=sender@domain.net

Type the email address to which you want to send the notifications. This value is used only if SmtpMailEnabled is active.

SmtpRecipientAddress=recipient@domain.net

5.2 Possible Entry in SAVAPIDL.INI

The .INI file for SAVAPI.DLL is SAVAPIDL.INI. It enables the communication between AntiVir VSA and the engine. This file is not available by default and the program runs with default settings.

In order to change the default port for communication with Savapi Service, you have to create a file named SAVAPIDL.INI in the directory of SAVAPI.DLL .

It only contains the following entries:

[SAVAPI2DLL] PortNumber=18370

Port Number

This is the number of the TCP/IP port used for communication between Savapi Service and SAVAPI.DLL . If this port is already assigned, you can change it.

Do not forget to change this value in the corresponding entry of the Savapi Service .INI file (SAVAPI.INI) (see Available Entries in SAVAPI.INI – Page 27).

Example

PortNumber=18370

5.3 Immediate Updates

AntiVir VSA is set by default to perform automatic updates every two hours.

Updates can be carried out via the Internet, via Intranet from any computer in your network or from a shared directory.

Using StartUpdate.exe Savapi Service searches immediately for updates. This does not depend on the update interval settings. In the event of errors, the application returns the Errorlevel 1 (very useful for batch files). Successful updates are logged in SAVAPI.LOG . The application itself has no output.

Background

Immediate updates are useful, for example, to test the settings in SAVAPI.INI .

You can also control updates entirely via the SAP environment (if supported). In this case, you should set the update interval to 0.

30 AntiVir Virus Scan Adapter Avira GmbH

6 ABAP-Specific Configuration

This Chapter describes the Virus Scan Interface configuration for ABAP systems. The texts are taken from the SAP website.

6.1 Setting the Virus Scan Interface

In order to use the SAP Virus Scan Server, you have to observe the implementation guide (IMG) files. Follow these steps:

• Defining Scanner Groups – Page 31

• Defining Virus Scan Servers – Page 33

• Defining Virus Scan Profiles – Page 43

• Implementing a BAdI for Virus Scanners – Page 48

6.1.1 Defining Scanner Groups

A scanner group combines multiple virus scanners of the same type to allow load balancing. Since you select the virus scan server using the scanner group when maintaining the virus scan profile, you must assign each virus scan server to a scanner group.

Maintain a scanner group for each product class of virus scanners that are connected to the system using the virus scan server. If you include your own virus scanners with the BAdI VSCAN_INSTANCE, create a scanner group for each implementation of your own scanner and identify these as BAdI implementations.

You can store configuration parameters for each scanner group. These are divided into initialization parameters and scan parameters:

• Initialization parameters are transferred to the virus scan server when it is started, and are required to be able to start the virus scan server. If you use the Business AddIn, these parameters for the method of creating the scan instance are transferred. The parameters contain, for example, the path to the virus signatures.

• Scan parameters are transferred for each scan process and control the behavior of the individual request, such as yes/no for activating the scanning of macros.

SAP does not supply any scanner groups.

ABAP-Specific Configuration

 Type the transaction number spro (upper-left field).

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

 In the Implementation Guide, choose (IMG) SAP Web Application Server/System

Administration/Virus Scan Interface:

 Choose the Execute option next to Define Scanner Groups.

 The screen Change View "Scanner Groups": Overview appears

 Choose New Entries.

32 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

 The screen New Entries: Overview of Added Entries appears.

 Specify the data for the scanner group (see table below).

Field Notes

Scanner Group Freely definable name of the scanner group.

Business Add-In If this indicator is set, the program transfers the request for a virus

scan instance for this scanner group to the Business Add-In VSCAN_INSTANCE, with which customers can include their own virus scanners.

If this option is not set, the program searches for a suitable virus scan server among the set of virus scan servers maintained in Customizing that have this scanner group.

Group Text Explanation of the scanner group.

 Save your entries.

6.1.2 Defining Virus Scan Servers

The SAP Virus Scan Server is an executable program that includes virus scanners from certified vendors using an interface and provides scan services to the application servers of the system as a registered RFC server.

The application server controls tasks such as starting, stopping and monitoring the virus scan server. You configure the data required to do this in this step.

 Use this procedure to create an entry for each virus scan server

that you want to set up. For performance reasons, we recommend that you set up at least one virus scan server on each application server. SAP does not provide any configuration data for virus scan servers.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

3 You have created at least one scanner group. 3 You have decided whether you are creating the virus scan server as an application-

server-starter or as a self-starter (see Application-Server-Starter or Self-Starter – Page 38).

 In transaction SM59, create an RFC connection with the connection type T.

Possible names would therefore be: VSCAN_HOST123, VSCAN_HOST345-1, VSCAN_HOST345-2, and so on.

 Choose the activation type Registered Server Program.  Use the name of the RFC destination as the program ID.  Enter the address of the gateway of the system as the gateway host and gateway

service. If you are starting the virus scan server on an application server using the Computing Center Management System, choose the gateway of that application server.

 In the Implementation Guide, choose (IMG) SAP Web Application Server/System

Administration/Virus Scan Interface.

 Choose the Execute option next to Define Virus Scan Servers.

 The screen View: Change "Virus Scan Servers": Overview appears.

Since the configuration of the virus scan server requires the following naming convention, you must use it for the RFC destination of a virus scan server:

• VSCAN_<host name>, if you only want to start one virus scan

server on the host.

• VSCAN_<host name>-<number>, if you want to start

multiple virus scan servers on the host. The number is a sequence number, which is separated from the host name with a hyphen.

 Choose New Entries.

 The screen New Entries: Details of Added Entries appears.

34 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

 In the Scan Server field, enter the name of the virus scan server. The name must be

the same as the name of the RFC destination that contains the technical connection to the virus scan server.

 Under Virus Scan Server Definition, enter the data for the virus scan server (see

table below).

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

Field Possible Values Comment

Scanner Group All previously created scanner groups,

which you can display using the input help.

Status -ACTS (Active as a self-starter):

Although the CCMS monitors the virus scan server (if it is not available, an error status is triggered), it does not start or stop the virus scan server. This status is suitable for virus scan servers that are, for example, started as a service at operating system level.

-ACTV: Active (Application Server) The CCMS monitors the virus scan server and, if necessary, starts it on the specified application server.

-INAC (Inactive on an Application Server) The CCMS monitors the virus scan server and, if necessary, stops it on the specified application server.

-NONE: No monitoring: The CCMS does not monitor the virus scan server.

Server The input help provides a list of the

existing servers. Do not specify a different server name.

Trace Level -Errors only

-Errors and warnings

-Errors, warnings and information

-Maximum output

The scanner group combines multiple virus scan servers or allows the use of a BAdI implementation.

If you create multiple virus scan servers in a scanner group, you achieve load balancing.

All of the virus scan servers of a scanner group have the same set of configuration parameters and will therefore use the same scan engine.

Monitoring status of the virus scan server in the CCMS.

If the status is NONE or INAC, the system’s automatic server selection can no longer find this virus scan server.

Application server on which the virus scan server is to be started and/or monitored.

Specifies the trace level for the virus scan server, which is to be transferred to the CCMS at operating system level when the virus scan server is started. We recommend that you only use one of the first two levels Errors Only or Errors and Warnings in production systems. The two other trace levels are available for finding errors during test operation in the test system.

36 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

Field Possible Values Comment

Codepage Enter the codepage valid for the virus scan

server. It must correspond to the codepage of the application server that is communicating with the virus scan server:

-If you are only using one codepage in your application servers, enter this codepage.

-If you have application servers in different codepages, set up a virus scan server on each application server and specify the valid codepage in each case.

-If your system uses UNICODE, do not enter anything.

Init.Interv. 0 or <empty>: no automatic

reinitialization

If the vendor of your virus scanner uses the interface provided by SAP with which an initialization from outside the system can be performed, you can leave the field empty. This interface is available to certified vendors of virus scanners. <n>: Interval in hours

Max. Instances Specifies the maximum number of scan

Codepage that the CCMS sets when the virus scan server is started.

Specifies the number of hours after which the virus scan server is to be regularly reinitialized.

For the virus scan server to load new virus definitions from the virus scan server, you must reinitialize it.

The automatic reinitialization is performed during the periodic monitoring of the virus scan servers by the CCMS.

instances provided by the virus scan server.

A virus scan server may provide multiple scan instances.

You can use the maximum number specified here to determine how many of these instances are provided. If this number is exceeded, the virus scanner is no longer available for scan requests. The number of instances should correspond to the number of work processes.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

Field Possible Values Comment

Adapter Path Full path of the library that contains the

virus scan adapter.

Configuration Full path to the configuration file of the

virus scan server.

 Save your entries.

Application-Server-Starter or Self-Starter

When configuring a virus scan server for ABAP systems, instead of an application-serverstarter (started by the application server) you can install a self-starter (for example, started externally as a service under Microsoft Windows NT or a daemon under UNIX). In the case of application-server-starters, all components are on the same host. On the other hand, in the case of self-starters, the virus scan server and the SAP Web AS can be on different hosts. This means that you can use a virus scan server that is only available for a particular platform, even if the SAP Web AS is installed on a different platform.

Virus Scan Server on One or Two Hosts:

Specifies the full path of the virus scan adapter.

If you do not fill the field, the virus scan server uses the content of the environment variable VSA_LIB.

Specifies the full path to the configuration file of the virus scan server.

The configuration file can contain optional parameters of the virus scan server.

For externally-started virus scan servers, the configuration file has already been defined at the virus scan server command line and you cannot therefore change it here.

During operation, this division into application-server-starters and self-starters primarily affects the Computing Center Management System (CCMS). You can monitor the virus scanners in the CCMS (transaction RZ20), in the monitor Virus Scan Servers in the monitor set SAP CCMS Monitors for Optional Components (for more details see SAP Website). The following differences exist in this case:

• Application-Server-Starters: In this case, the CCMS data collector automatically checks whether a configured virus scan server is available. If this is not the case, the CCMS triggers an alert, and starts the virus scan server again as an auto-reaction.

•Self-Starters: In this case, although the processes are monitored by CCMS, they are not

38 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

automatically stopped or started. There is, however, a separate MTE class in CCMS for these self-starters. You can assign an auto-reaction method to this MTE class yourself to react to alerts. You can, for example, use the MTE class CCMS_OnAlert_Email to send an e-mail or an SMS (see "Defining Automatic Alert Notification" and "Forwarding Alerts to Alert Management (ALM)" on the SAP website).

Ensure that you safeguard your RFC connections with Secure Network Communications (SNC) as described in the SNC manual. You can find the SNC manual on the SAP Service Marketplace under http://service.sap.com/security Security in Detail/Secure System Management.

For more information about application-server-starters and self-starters, see:

• Virus Scan Server as an Application Server Starter

• Installing a Virus Scan Server as a Self-Starter

Virus Scan

Server as an

Application-

Server-Starter

Installing a

Virus Scan

Server as a Self-

Starter

With this use of the virus scan server, all required components are in the working directory of the SAP Web AS kernel on one host. The virus scan server is included in the standard system. This means that you only have to ensure that the prerequisites for the operation of the application-server-starter are fulfilled:

• You have installed the external anti-virus product and the associated virus scan adapter in accordance with the instructions provided by the vendor.

• The kernel directory contains the following components:

- vscan_rfc.exe (Microsoft Windows NT) or vscan_rfc (UNIX)

- The current RFC library or LIBRFC (see SAP Note 413708)

- sapcpp45.dll (Microsoft Windows NT) or sapcpp45.<shared ext.> (UNIX)

- xml63d.dll (Microsoft Windows NT) or xml63d<shared ext> (UNIX)

The self-starter is available to you as an alternative if you cannot use the applicationserver-starter, for example in the following cases:

• The SAP Web AS kernel uses 64 bits and the external anti-virus product or the external virus scan adapter (VSA) uses 32 bits.

• The SAP Web AS and the external anti-virus product support different architectures. For example, the SAP Web AS is installed on an AIX platform, but the anti-virus product is only available for Microsoft Windows.

3 The self-starter starts the virus scan engine using a local XML configuration file. This

is usually the file vscan_rfc.xml, which contains the parameters required by the virus scan adapter. The server must be started, or, if necessary, restarted using operating system resources.

 Copy the relevant variant of the virus scan server from the CD or the SAP Service

Marketplace to a start directory.

 Create the configuration file using the commands listed in the table below, with

which you can later also change the existing configuration.

Example

The following call generates both the server and the VSA configuration for savapi.dll (Windows) or libantivirvsa.so.<version> (UNIX):

To set new parameters to overwrite existing parameters, execute additional commands and options in a new call. These are then set in the XML configuration.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

Windows: vscan_rfc get_config –V <drive:>\vsa\savapi.dll –cfg <drive:>\vsa\vscan_rfc.xml

UNIX: vscan_rfc get_config –V <drive:>/usr/local/AntiVir/libantivirvsa.so.<version> –cfg <drive:>/usr/local/AntiVir/vscan_rfc.xml

In this example, you can change the call as follows:

Windows: vscan_rfc get_config –V <drive>:\vsa\savapi.dll –cfg <drive:>\vsa\vscan_rfc.xml –a VSCAN_LOCAL –g <Hostname of SAP Gateway> –x <Servicename of SAP Gateway> –c <SAP Codepage>

UNIX: vscan_rfc get_config –V <drive>:/usr/local/AntiVir/libantivirvsa.so.<version> –cfg <drive:>/usr/local/AntiVir/vscan_rfc.xml –a VSCAN_LOCAL –g <Hostname of SAP Gateway> –x <Servicename of SAP Gateway> –c <SAP Codepage>

Configuration commands for the Self-Starter:

Command Platform Notes

help all Calls the online help for the commands and options. regonly all Registers the virus scan server only at the gateway without starting

the underlying engine. The CCMS uses this command to then call the RFC function VSCAN_RFC_INIT.

Note that if you use this command outside the CCMS, the server is not ready for use.

get_config all Receives the CSA and separate server configuration and stores them

in a local XML configuration. (Option -cfg <file> is mandatory for this). The options received using the command line are stored as the server configuration in this case. If you do not specify any command line options, the predefined values are set.

Use this command to start the setup of a self-starter. If the file specified using the option -cfg does not exist, a new file is created.

install NT Installs a “new” VSCAN_XX service in the Microsoft Windows NT

Service Control Manager (SCM).

The -cfg option with a specification of a local configuration is mandatory for this command. The service is installed if the VSA is successfully initialized. If you specify additional options, these are only stored in the XML file used. The -srvc option specifies the number of the service; that is, you can install up to 100 services on a host. The default value for -srvc is 00.

remove NT Deletes an existing VSCAN_XX service in the Microsoft Windows

NT Service Control Manager (SCM).

You can specify the service more exactly using the -srvc option. Example: vscan_rfc remove -srvc 1 deletes the existing service VSCAN_01.

start NT Starts an installed VSCAN_XX service. This command starts the

service with the specified options.

The Microsoft Windows NT command "net start VSCAN_XX“ starts the previously installed service only if the local configuration is used.

stop NT Stops a running VSCAN_XX service. This command corresponds to

the Microsoft Windows NT command “net stop ...”.

40 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

In addition to the commands, you can specify the following options:

Option Platform Notes

-a all Program ID of the RFC destination, such as VSCAN_LOCAL.

-g all Host name of the SAP gateway.

-x all Service name of the SAP gateway, such as sapgw00.

-cfg all Complete path specification of the XML configuration file.

-f all Path specification of the trace file to be used.

-l all Trace level of the trace file:

0 := Errors

1 := Errors and warnings (such as virus infections)

2 := Errors, warnings, and virus scan engine calls

3 := Additional information, all RFC calls, and memory operations.

-c all SAP codepage for NON-UNICODE virus scan servers.

-V all Path specification of the virus scan adapter to be used. If you do not

set this option, the environment variable VSA_LIB is used.

-p all Profile name (Default: VSA_CONFIG) for the current VSA

configuration. This option allows differentiation if you are using multiple (different) VSA configurations in one XML file.

-T all Maximum number of threads that the server can use. Possible

values: 1 to 999.

-m all Minimum number of threads that the server should use.

Note: The mean value of -m and -T is always used for the number of threads that are held open.

-L all Path specification for an SNC library.

-S all The SNC name of this instance.

Note: Setting -L, -S, or -Q activates SNC for the server.

-Q all SNC security level Possible values

1:=Authentication

2:=Integrity protection

3:=Encryption

7:=Minimum level

8:=DEFAULT

9:=Maximum level.

-P all The SNC name of the SAP instance.

Caution: If you set this name, only requests from SAP instances with this SNC identity are accepted.

-I all Timeout in seconds for the internal instances operations RELOAD

and SHUTDOWN.

-n all Maximum number of trace lines for the memory trace. Default

value: 10000

-h all Retention period in seconds for the memory trace: Default value:

86400 seconds.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

Option Platform Notes

-srvc NT Service number of the Microsoft Windows NT commands install |

remove | start | stop

-daemon UNIX Starts the virus scan server as a daemon process with fork().

Operating the Self-Starter

You can operate the self-starter as a service under Microsoft Windows NT or as a daemon under UNIX.

Operation as a

Service:

Example

Operation as a

Daemon

(UNIX):

Example

You can use the Microsoft Windows Service Control Manager (SCM) to install the virus scan server as a service. You can install up to 100 services of this type (numbered from 00 to 99).

Operating the virus scan server as a service means that operating system resources such as the Event Log are available to you for monitoring. You can also use the SCM to restart the virus scan server service after a termination. You can also use the Microsoft Management Console (MMC) to remotely monitor and control the installed service.

 Installation of a service:

vscan_rfc install -cfg <drive:>\vsa\vscan_rfc.xml

 Installation of additional services (VSCAN_<xx>):

vscan_rfc install -cfg <drive:>\vsa\vscan_rfc.xml -srvc 1

You must specify the local configuration file (option -cfg). The service is only installed after successful initialization of the virus scan adapter and checking of the SAP gateway.

You can start the virus scan server as a daemon directly on operating system start-up.

 Starting a daemon:

vscan_rfc -cfg /vsa/vscan_rfc.xml –daemon

You can monitor the daemon with operating system resources (CRONTAB, INITTAB).

Configuring the Self-Starter

You have the following options for configuring the self-starter:

• Call get_config again and use additional commands and options as in Installing a

Virus Scan Server as a Self-Starter – Page 39.

• Edit the XML configuration file directly.

• Synchronize the settings using the IMG activity Define Virus Scan Servers (transaction VSCAN) (see Defining Virus Scan Servers – Page 33). With this configuration option, the parameters for trace level (option -I), codepage (option -c), max. threads or max. instances (option -T), and VSA_LIB (option -V) are saved to the specified configuration using the Local button. If you leave the

42 AntiVir Virus Scan Adapter Avira GmbH

Configuration field empty for a self-starter, the values are saved to the XML configuration in use.

6.1.3 Defining Virus Scan Profiles

Application programs use virus scan profiles to check data for viruses. A virus scan profile contains a list of scanner groups that check a document. You can also use a virus scan profile to assign configuration parameters for the virus scanner. If you scan for viruses with this virus scan profile, the virus scanner receives the parameters.

A virus scan profile specifies steps that are to be run during a virus scan. A step is either a virus scanner, which is found using the scanner group, or a step specifies, in turn, a virus scan profile, which is then performed as part of the enclosing virus scan profile.

A virus scan is performed under the name of a virus scan profile. The system administrator can use the profile to activate or deactivate the virus scan for each component.

By default, each SAP application that integrates a virus scan provides a virus scan profile. The names of these virus scan profiles are constructed as follows /<Name of the package of the application>/<Name of the function>. Check the virus scan profiles provided by SAP and determine for which components you are activating or deactivating the virus scan.

ABAP-Specific Configuration

The values are only saved if an XML file already exists.

If you want to create your own virus scan profiles, you can use the namespaces Y* and Z*.

3 You have created scanner groups.

 In the Implementation Guide, choose (IMG) SAP Web Application Server/System

Administration/Virus Scan Interface.

 Choose the Execute option next to Define Virus Scan Profiles.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

 The screen Change View "Virus Scan Profile": Overview appears.

 Choose New Entries.

 The screen New Entries: Overview of Added Entries appears.

44 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

 Specify the data for the scanner profile (see the table below):

Field Possible Values Note

Scan Profile Specifies the name of a virus scan profile.

Profile Text Explanatory text for a virus scan profile.

Active Specifies that this virus scan profile is active.

The virus scan profile can only be used if this indicator is set.

SAP applications can use fixed profile names that are delivered. By default, these profiles are not active, meaning that the application program works without a virus scan.

You can activate the virus scan for each application by setting this indicator.

Default Profile Indicator that this virus scan profile is the default

profile.

You can set this indicator for a maximum of one virus scan profile. This virus scan profile is used in the following cases:

-If an application requests a virus scanner without specifying a virus scan profile.

-If a virus scan profile is requested for which the

Use Reference Profile indicator is set, and the Reference Profile is empty.

Use Reference To operate multiple applications using the same virus

scan profile, set the Use Reference indicator and specify the reference profile.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

Field Possible Values Note

Reference Profile The input help provides a list

of all of the profiles that have already been defined.

If you leave the field empty, the system uses the default profile.

Relationship All steps

successful: The virus scan must have performed all steps without errors.

At least one step successful: It is

sufficient if one step of the virus scan was successfully performed.

Specifies the name of the reference profile.

Since a virus scan profile can use another virus scan profile as a reference profile, you can operate multiple applications using the same virus scan profile.

If the Use Reference Profile indicator is set in the virus scan profile, this field specifies the name of the reference profile to be used. Instead of the settings of the current virus scan profile, the settings of the reference profile are then used. This means that several virus scan profiles can use the settings of a shared reference profile, such as the scanner groups to be used.

Specifies the type of logical linkage for the steps in the virus scan profile.

If multiple steps that are to be performed during the virus scan with a virus scan profile are defined for a profile, you can use this field to control how the overall result of the virus scan is to be evaluated.

Using multiple steps allows you to scan documents with scan engines from different vendors at the same time.

The program interprets a virus scan as error-free only if the scan engine returns the value Check performed

successfully or (in the case of cleanups) Cleanup performed successfully.

All other return values are regarded as unsuccessful virus scans. This also includes situations such as:

-The program did not check the document because the file name extension is categorized as noncritical.

-The program could not check the document because the document is a password-protected archive.

-The scan engine is obsolete.

 Save your entries.  To define steps for the profile, select the Steps node in the dialog structure by

double-clicking it.

46 AntiVir Virus Scan Adapter Avira GmbH

 Choose New Entries.

ABAP-Specific Configuration

 Enter the following data for the definition of the step:

Field Possible Values Notes

Position <integer

value>

Type Group or

Profile

Scanner Group The input help

provides a list of all existing scanner groups.

Virus Scan Profile

The input help provides a list of all existing profiles.

Specifies the position of the scanner group in the virus scan profile.

If a virus scan profile uses multiple scanner groups, place these in the desired sequence by assigning a position number.

Specifies whether a step in the virus scan profile refers to a scanner group or another virus scan profile.

If you choose Group, the system uses a virus scan server from this group (or a BAdI implementation) for the virus scan. If you choose Profile, the program processes the specified virus scan profile instead of this step.

You can define any conditions by combining the steps of the virus scan profile with the linkage type of the steps (AND/OR).

Combines multiple virus scan servers or allows the use of a BAdI implementation.

All of the virus scan servers of a scanner group have the same set of configuration parameters and will therefore use the same scan engine.

Specifies the name of a virus scan profile that you can include as a step in the profile that you are currently processing.

 Save your entries.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

 To create configuration parameters for a step, double-click the Configuration

Parameters node.

 Choose New Entries.  Enter the following data for the definition of the configuration parameters:

Field Possible Values Notes

Parameters The input help

provides a list of all existing constants.

Value <Value> Specifies the value given by the vendor for a configuration

 Save your entries.

 You have defined a virus scan profile and therefore performed the last

configuration step for the virus scan server. Finally you can check the configuration (see Problem Analysis for the Virus Scan Server – Page 49).

Specifies the key of a configuration parameter.

A virus scanner requires configuration data. The set of possible configuration parameters is defined by SAP as a predetermined set of symbolic constants.

parameter.

6.1.4 Implementing a BAdI for Virus Scanners

You can use the Business Add-In VSCAN_INSTANCE to include your own virus scanners in the virus scan interface.

To integrate the BAdI implementation, use the BAdI Implementation indicator when creating the scanner group. If you then perform a virus scan with this scanner group, the program calls your implementation of the BAdI as a filter value for the group name and you can transfer an instance of your scanner implementation.

Create an implementation for each scanner group that is to use the BAdI implementation. You can use an implementation for multiple filter values (group names).

SAP does not provide a default implementation. Instead, with the virus scan server, there is a separate component available that integrates the scan engines of certified vendors into the virus scan interface.

48 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

3 You have created a scanner group that is to address your implementation.

 In the Implementation Guide, choose (IMG) SAP Web Application Server/System

Administration/Virus Scan Interface.

 Choose the Execute option next to Implement BAdI for Virus Scanners.

 The dialog screen BAdI Builder: All Implementations for Definition

VSCAN_INSTANCE appears.

 Choose Create.

 The dialog screen BAdI Builder: Create Implementation appears.

 Enter a name in the Implementation Name field.

 The screen BAdI Builder: Change Implementation <Implementation Name>

appears.

 Enter a short description in the Short Text for Implementation field. To specify filter characteristics:  Choose the Insert Row button under Defined Filters and specify your group using

the input help.

 Save your entries.

 You have created an implementation for the scanner group. For the rest of the

procedure, see the documentation for the interface IF_EX_VSCAN_INSTANCE.

6.2 Problem Analysis for the Virus Scan Server

The virus scan server either outputs errors, warnings or additional information to a file or writes them on the server’s memory. You can use the VSCANTRACE analysis tool to query and output this memory content to analyze all registered virus scan servers for errors during their production operation.

When the server is started, the trace is deactivated for memory output. Activate it only if problems occur, since it affects the performance of the server. The settings for memory output are only valid for a particular length of time (the default value is 24 hours). They are then deactivated.

3 For you to be able to use the memory trace, at least one virus scan server must be

active.

 Start transaction VSCANTRACE.  Choose the server either using the input help that displays all defined virus scan

servers from table VSCAN_SERVER, or specify it directly. To do this, it must have been started at the SAP gateway using an RFC destination defined in transaction SM59.

 Confirm your entry with ENTER.

 The connection to the virus scan server is created. If the connection to the server

is made, the traffic light is green.

 Choose Memory.

Otherwise the trace is output to a file, which you can display using the developer traces (transaction ST11, file name dev_VSCAN_<Hostname>.trc).

 The current trace level is displayed.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

 To set a new value for the trace level, select the desired trace components and then

choose Activate.

If you change the selection from Memory to File or vice versa, you can display the trace level already selected for this option for the individual components with the Copy button. The selection option is activated for each active component when you do this.

 To display the memory trace, choose the Execute option.

 The overview appears. It shows the availability of the anti-virus engine used, the

utilization of the virus scan server, the current trace level for the memory and an HTML output of the current trace information.

You have the following options in the overview:

• Refresh: Refreshes the list.

• Delete: Deletes the trace output.

• Export: Exports the list to a local file.

• Status: Displays the current status of the virus scan server used, even if the memory trace is deactivated. In addition to technical information on the virus scan server, this output also contains the configuration of the virus scan server and information on the loaded virus scan adapter including the anti-virus engine.

• Stop: Stops the virus scan server.

• Configuration: Branches to the display mode of the IMG activity Define Virus Scan Servers.

• Test: Branches to the transaction VSCANTEST.

You can completely deactivate the memory trace with the Deactivate button, but not the error output to the trace file. You can therefore not suppress the output of errors by setting the trace level for the file to the value 0.

50 AntiVir Virus Scan Adapter Avira GmbH

ABAP-Specific Configuration

6.3 Testing the Installation of the Virus Scan Server

You can use this procedure to check that your configured virus scan server is functioning correctly.

 Start transaction VSCANTEST.  Specify the object to be checked, using either the test data provided or your own local

file.

 Select the virus scan profile, scanner group, or the virus scan server to be tested.  Select an action.

Avira GmbH AntiVir Virus Scan Adapter

ABAP-Specific Configuration

- If you choose Check Only, the anti-virus product that you specified scans the data for viruses and displays a result:

- If you choose Check and Clean, the product also attempts to clean the data if a virus infection is diagnosed.

6.4 Commented Example Program

You can also find a Commented Example Program on the SAP website.

52 AntiVir Virus Scan Adapter Avira GmbH

7 Java-Specific Configuration

This Chapter describes the Virus Scan Interface Configuration for Java systems. The texts were taken from the SAP website.

7.1 Setting Up Virus Scan Providers

The virus scan provider is the service of the J2EE Engine that makes the tc/sec/vsi/ interface available to the SAP applications of the Engine.

Select an installation type for the virus scan provider, depending on your system prerequisites:

• Virus scan adapter for a purely-Java installation: This procedure describes the normal case in which you are using a local virus scan adapter. The virus scan adapter is a native dynamic library from a third-party vendor, which can be loaded directly into the process environment of the J2EE Engine. This means that you can check memory contents directly for viruses, which enables higher performance.

• Virus scan server for a purely-Java installation: This procedure describes the special case in which the platform or process architecture does not allow the direct inclusion of a virus scan adapter. This is the case, for example, if the required operating system for SAP NetWeaver is not compatible with the external anti-virus product. In this case, use a virus scan server. The virus scan server communicates with the J2EE Engine using TCP/IP (SAP RFC protocol) and accesses the external anti-virus product using a virus scan adapter.

• Virus scan adapter or virus scan server for an integrated installation (Java and ABAP):

Both purely-Java installations provide the same interface to instancejava from the package com.sap.security.core.server.vsi.api.

The configuration of the virus scan provider service is stored in the Configuration Manager of the J2EE Engine. You can use the Visual Administrator for graphical administration.

Prerequisites: You are an administrator of the J2EE Engine.

Java-Specific Configuration

Virus Scan Adapter for a Purely-Java Installation

After you have installed an external anti-virus product including a certified adapter, you only need to enter the path to the adapter specified in the documentation for the partner product in the VSA_LIB field.

Virus Scan Server for a Purely-Java Installation

 Start the standalone gateway.  Start the virus scan server with the options -a, -x, and -g, as described in

Installing a Virus Scan Server as a Self-Starter – Page 39. For option -a, specify the

program ID using the naming convention (case-sensitive; prefix VSCAN_).

 In the Visual Administrator, set up the virus scan provider as a virus scan server, as

described in Define a Virus Scan Provider – Page 54.

- Specify exactly the program ID that you defined above under option –a as the name. However, you must omit the name prefix VSCAN_, since this is added automatically.

Avira GmbH AntiVir Virus Scan Adapter

Java-Specific Configuration

- Specify server settings that match those of the provider defined above. Specify -g and -x as defined under step 2.

Virus Scan Adapter or Virus Scan Server for an Integrated Installation (Java and ABAP)

Follow these steps:

• Define a Scanner Group – Page 54

• Define a Virus Scan Provider – Page 54

• Define a Virus Scan Profile – Page 56

7.1.1 Define a Scanner Group

A scanner group combines multiple virus scanners of the same type. You require the groups to specify virus scan profiles later.

SAP does not supply any scanner groups.

 In the Visual Administrator, choose the cluster Virus Scan Provider.  On the Groups tab page, create a scanner group by choosing the New button.

- Specify the name of the new group in the dialog box and confirm your entry with OK.

- Select the node for the newly created group.

- On the Settings tab page, enter a description of the group in the Description field.

- To save your entries, choose Set.

 On the Parameters tab page, set the configuration parameters required for the

product that you are using.

- Use the input help to specify the parameter in the Parameter name field.

- Use the input help to specify the parameter type in the Parameter type field.

- Enter the value of the parameter in the Parameter value field.

- To save your entries, choose Set.

 You have created a scanner group with the associated parameters.

 As the next step, Define a Virus Scan Provider – Page 54.

7.1.2 Define a Virus Scan Provider

You can use either a virus scan adapter or a virus scan server as a virus scan provider. The virus scan server is an alternative if you cannot use the higher performance virus scan adapter, such as in the following cases:

• The SAP Web AS kernel uses 64 bits and the external anti-virus product or the external virus scan adapter (VSA) uses 32 bits.

In these cases, use the virus scan server as a self-starter.

 In the Visual Administrator, choose the cluster Virus Scan Provider.  On the Provider tab page, create a virus scan provider either under the Virus Scan

Adapter node or the Virus Scan Server node by choosing the New button.

If you are creating a virus scan adapter, specify the following data on the Settings tab page:

54 AntiVir Virus Scan Adapter Avira GmbH

Java-Specific Configuration

Settings for the

Virus Scan

Adapter

Field Entry

Name Name of the virus scan adapter. The name entered is

automatically saved with the prefix “VSA_”.

Description Description of the current adapter.

Group The input help provides a list of the available groups to

which you can assign the current adapter.

Instance timeout The time in seconds for which an instance remains in

the instance pool.

Default value: 3600 (1 hour).

Instance pool size The size of instances pool delivered by an application

inquiry. In case there are more inquiries than authorized instances, this pool can also increase but it is reduced again as soon as possible.

Adapter Path Complete path to the storage location of the adapter, as

specified in Installing a Virus Scan Server as a Self-

Starter – Page 39. If you leave this field empty, the

environment variable VSA_LIB is set.

If you are creating a virus scan server, select it from the list of available entries (see prerequisites). Then specify the data listed in the table on the Settings tab page. In the case of an integrated installation (Java and ABAP), you have to define the RFC destination (see Defining Virus Scan Servers – Page 33, Steps 1 to 4).

Settings for the

Virus Scan

Server

Field Entry

Name Name of the virus scan server and also the destination

under which the virus scan server has registered itself at the SAP Gateway or the name of the RFC destination in the Destinations service.

Description Description of the current server.

Group The input help provides a list of the available groups to

which you can assign the current server.

Gateway host Host name of the gateway computer on which the Virus

Scan Server is registered.

Gateway service Service name of the registered Virus Scan Server on the

gateway.

Default: sapgw<instanceNo.>

Instance pool size The size of the instance pool delivered by an application

inquiry. If there are more inquiries than authorized instances, this pool can also increase but it is reduced again as soon as possible.

Avira GmbH AntiVir Virus Scan Adapter

Java-Specific Configuration

Locale A selection of all available locales (country-specific

RFC trace on Shows when an RFC internal trace is active. Possible

Max. Connections

Max. Wait time

Connection timeout

Field Entry

language versions) with which the country setting and language are specified.

Enter the locale of the operating system user under which the virus scan server runs. Under UNIX, you can query this with the command “locale”, under Microsoft Windows you can determine it from the Regional Options system settings.

Default value: en_US, that is, English and USA.

values: true, false.

Default: false

 To save your entries on the Settings tab page, choose Set.  To activate a trace output for this virus scan provider, set the desired indicator on the

Trace tab page.

 On the Parameters tab page, set the parameters required for the product that you

are using.

- Use the input help to specify the parameter in the Parameter name field.

- Use the input help to specify the parameter type in the Parameter type field.

- Enter the value of the parameter in the Parameter value field.

- To save your entries, choose Set.

 To activate the virus scan provider, select it and choose Activate. You have defined a virus scan provider and can define virus scan profiles in the next step.

7.1.3 Define a Virus Scan Profile

Application programs use virus scan profiles to check data for viruses. A virus scan profile contains a list of scanner groups that check a document. You can also use a virus scan profile to assign configuration parameters for the virus scanner. If you check for viruses with this virus scan profile, the virus scanner receives the parameters.

A virus scan profile specifies steps that are to be run during a scan. A step is either a virus scanner, which is found using the scanner group, or it specifies in turn a virus scan profile, which is then performed as part of the enclosing virus scan profile.

A virus scan is performed under the name of a virus scan profile. The system administrator can use the profile to activate or deactivate the virus scan for each component.

You define the RFC destinations required by the servers in the Destinations service.

56 AntiVir Virus Scan Adapter Avira GmbH

Java-Specific Configuration

By default, a virus scan profile is provided for each SAP application that integrates a virus scan.

3 You have created scanner groups.

 In the Visual Administrator, choose the cluster Virus Scan Provider.  On the Profiles tab page, create a virus scan profile by choosing the New button.  You have the following options on the Settings tab page:

- Use a reference profile Since a virus scan profile can use another virus scan profile as a reference profile, it is possible to operate multiple applications using the same virus scan profile. To create a link to an existing reference profile, proceed as follows:

- Set the Use reference indicator.

- Use the input help to select a reference profile.

- Define a new profile. To do this, specify the following data:

Data for a Self-

Configured

Profile

Field Comment

Name Name of the new profile

Description Description of the new profile

Use Reference This indicator must not be set, since the other input fields would

otherwise be hidden

Linkage Linkage of the steps of this profile:

All steps successful: AND linkage, with which every step must be successful for the overall result to be successful.

At least one Step successful: OR linkage, with which only one step needs to be successful for the overall result to be successful.

Group Use the input help to select a group

Profile Use the input help to select a profile

- To transfer the selection for the Group and Profile fields, choose Add.

- Configure the list with the keys MOVE UP, MOVE DOWN, and DELETE. When checking for viruses, the list is processed from top to bottom with the linkage from the Linkage field.

 To save the profile, choose Set.

 The new profile appears in the tree display.

 To activate the profile, select it and choose Activate.

You have defined a virus scan profile and therefore performed the last configuration step for the virus scan provider. Finally you can check the configuration (see Problem Analysis

for the Virus Scan Provider – Page 57).

7.2 Problem Analysis for the Virus Scan Provider

You define data for the log output of the virus scan provider with trace indicators. You can use this data to investigate any errors that occur.

3 You have defined at least one virus scan provider.

 In the Visual Administrator, choose the cluster Virus Scan Provider.

Avira GmbH AntiVir Virus Scan Adapter

Java-Specific Configuration

 On the Provider tab page, select the virus scan adapter or virus scan server for which

you want to display the trace.

 Set the desired indicators on the Trace tab page.

Since there are no RFC connections for the virus scan adapter, the two RFC indicators are grayed out for virus scan adapters.

Trace

Indicators

Indicator Meaning

Errors Serious errors in the virus scan server or within the

Virus Scan Interface.

Virus Infections Virus infections reported by the external adapter.

These are displayed for scan and also for clean calls. Therefore, if a virus was successfully removed, the trace also specifies the infection.

Virus Scan Adapter Functions Function calls within the Virus Scan Interface. Contains

the parameters with which the internal API was called and, at the end of each function, the return values.

Virus Scan Interface API Native Functions

Warnings Possible errors or warnings in the virus scan server or

Information Additional information about the virus scan server or

Parameter Operations in the Adapter

Thread Operations Thread operations (generation or termination) within

Memory Operations Memory reservation or release of the virus scan server.

Function calls within the Virus Scan Interface. Contains the parameters with which the internal API was called and, at the end of each function, the return values.

within the Virus Scan Interface.

the Virus Scan Interface.

Additional information about the virus scan server or the Virus Scan Interface.

the virus scan server.

 Choose Set.

 You have activated the trace output that is in the Engine trace for the virus scan

provider.

- For Microsoft Windows NT, the path is

\usr\sap\<SAP system name>\<instance name>\work\<serverID>

such as C:\usr\sap\C11\JC00\work\server0.

- For UNIX, the path is

/usr/sap/<SAP system name>/<instance name>/work/dev_<node name>

7.3 Example Program

You can find an example program for the Virus Scan Provider on the SAP website.

58 AntiVir Virus Scan Adapter Avira GmbH

8Operation

8.1 Reaction to Viruses/ Unwanted Programs Detected

If correctly configured, AntiVir has automatically completed all important tasks on your computer.

In the case of detection of viruses or unwanted programs, you should do the following:

 Try to detect the way the virus/ unwanted program infiltrated your system.

 Perform targeted scanning on the data storage supports you used.

 Inform your team, superiors or partners.

Submit Infected Files to Avira GmbH

 Please send us the viruses, unwanted programs and suspicious files that our product

does not yet recognize or detect and also any suspicious files. Send us the virus or unwanted program packed in a password-protected archive (PGP, gzip, WinZIP,

PKZip, Arj), attached to an email message, to virus@avira.com.

Operation

When packing, use the password virus. In this way the file will not be deleted by virus scanners on an email gateway.

Avira GmbH AntiVir Virus Scan Adapter

Operation

60 AntiVir Virus Scan Adapter Avira GmbH

9Service

9.1 Support

Service

Support Service

Email Support

Our website http://www.avira.com contains all the necessary information on our extensive support service.

The expertise and experience of our developers is available to you. The experts of Avira answer your questions and help you with difficult technical problems.

During the first 30 days after you have purchased a license, you can use our AntiVir Installation Support by phone, email or by online form.

In addition we recommend that you also purchase our AntiVir Classic Support, with which you can contact and obtain advice from our experts during business hours when you encounter technical problems. The annual fee for this service, which includes eliminating viruses and hoax support, is 20 % of the list price of your purchased AntiVir program.

Another optional service is the AntiVir Premium Support which, in addition to the scope of the AntiVir Classic Supports, allows you to contact expert partners at any time - even outside business hours in the event of an emergency. When virus alerts occur, you will receive an SMS on your cell phone.

Support via email can be obtained at http://www.avira.com.

We cannot provide support for configuration problems which do not directly concern AntiVir VSA.

To answer your questions or to solve your problems, we can direct you to an SAP consultant with technical security know-how.

9.2 Contact

Address

Internet

Avira GmbH Lindauer Strasse 21 D-88069 Tettnang Germany

You can find further information on us and our products by visiting http://www.avira.com.

Avira GmbH AntiVir Virus Scan Adapter

Service

62 AntiVir Virus Scan Adapter Avira GmbH

Appendix

10 Appendix

10.1 Glossary

Item Meaning

ABAP Advanced Business Application Language:

the SAP programming language, for application logic.

Backdoor (BDC) A backdoor is a program that infiltrates the system in order to steal data

from the computer without the user’s knowledge. This program is manipulated by third parties using remote backdoor control software via the Internet or network.

CCMS Computing Center Management System

cron (daemon) A daemon which starts other programs at specified times.

Daemon A background process for administration on UNIX systems. On average,

there are about a dozen daemons running on a computer. These processes usually start up and shut down with the computer.

Dialer Paid dialing program. When installed on your computer, this program sets

up a premium rate number Internet connection, charging you at high rates. This can lead to huge phone bills. AntiVir detects Dialers.

Engine The scanning module of AntiVir software.

Heuristics The systematic process of solving a problem using general and specific rules

drawn from previous experience. However, solution is not guaranteed. AntiVir uses a heuristic process to detect unknown macro viruses. When typical virus-like functions are found, the respective macro is classified as "suspicious".

Kernel The basic component of a UNIX operating system, which performs

elementary functions (e.g. memory and process administration).

Logfile also: Report file. A file containing reports generated by the program during

run-time when a certain event occurs.

Malware Generic term for "foreign bodies" of any type. These can be interferences

such as viruses or other software which the user generally considers as unwanted (see also Unwanted Programs).

PMS (Possibly Malicious Software)

root The user with unlimited access rights (such as system administrator on

Avira GmbH AntiVir Virus Scan Adapter

Software that does not usually harm the computer. It is programmed to harm other users. For example, mail bombs: with such a program, the victim can be attacked by thousands of emails. AntiVir detects PMS.

Windows).

Appendix

Item Meaning

SAVAPI Secure AntiVirus Application Programming Interface:

AntiVir SAVAPI ensures quick and simple integration of the latest Avira technology for detection and protection against malware in third-party programs and applications.

Signature A bytes-combination used to recognize a virus or unwanted program.

Script A text file containing commands to be executed by the system (similar to

batch files in DOS).

SMP (Symmetric Multi Processing)

SMTP Simple Mail Transfer Protocol: protocol for email communication on the

syslog daemon A daemon used by programs for logging various information. These reports

Unwanted programs The name for programs that do not directly harm the computer, but are not

VDF (Virus Definition File)

VFS Virtual File System

Computer architecture with multiple similar CPUs working in parallel.

Internet.

are written in different logfiles. The syslog daemon configuration is in /etc/syslog.conf.

wanted by the user or administrator. These can be backdoors, dialers, jokes and games. AntiVir detects various types of unwanted programs.

A file with known signatures for viruses and unwanted programs. In many cases it is sufficient for an update to load the most recent version of this file.

10.2 Further Information

You can find further information on viruses, worms, macro viruses and other unwanted programs at http://www.avira.com .

64 AntiVir Virus Scan Adapter Avira GmbH

10.3 Golden Rules for Protection Against Viruses

 Always keep boot disks for your network server and for your workstations.  Always remove floppy disks from the drive after finishing work. Even if they have no

executable programs, disks can contain program code in the boot sector and these can serve to carry boot sector viruses.

 Regularly back up your files.  Limit program exchange: particularly with other networks, mailboxes, the Internet

and acquaintances.

 Scan new programs before installation and the disk after this. If the program is

archived, you can detect a virus only after unpacking and during installation.

If there are other users connected to your computer, you should define the following rules for protection against viruses:

 Use a test computer to check downloads of new software, demo versions or virus-

suspicious media (floppies, CD-R, CD-RW, removable drives).

 Disconnect the test computer from the network!  Appoint a person responsible for virus infection operations and establish all steps for

virus elimination.

 Draw up an emergency plan as a precaution for preventing damage due to

destruction, theft, failure or loss/change due to incompatibility. You can replace programs and storage devices, but not your vital business data.

 Draw up a plan for data protection and recovery.  Your network must be correctly configured and the access rights must be wisely

assigned. This represents good protection against viruses.

Appendix

Avira GmbH AntiVir Virus Scan Adapter

www.avira.com

Avira GmbH

Lindauer Str. 21 88069 Tettnang Germany Telephone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-525 10 Email: info@avira.com Internet: http://www.avira.com

This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira GmbH.

Errors and technical subject to change.

Issued May 2007

AntiVir® is a registered trademark of the Avira GmbH. All other brand and product names are trademarks or registered trademarks of their respective owners.

More Than Security

Protected trademarks are not marked as such in this manual. However, this does not mean that they may be used freely.

Avira ANTIVIR VIRUS SCAN ADAPTER FOR SAP SOLUTIONS User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

1.1 Introduction

1.2 The Structure of the Manual

1 About this Manual The structure of the manual, signs and symbols.

1.3 Signs and Symbols

2 Product Information

2.1 Licensing Concept

2.2 Operating Mode of AntiVir VSA (Windows)

2.3 System Requirements

3 Installation

3.1 AntiVir VSA Installation (UNIX)

3.1.1 Getting the Installation Files

3.1.2 Licensing

3.1.3 Installing AntiVir VSA

3.1.4 Reinstalling AntiVir VSA

3.1.5 Background

3.2 AntiVir VSA Installation (Windows)

3.2.1 Getting the Installation Files

3.2.2 Licensing

3.2.3 Installing AntiVir VSA

3.2.4 Background

4 Configuration (UNIX)

4.1 Overview

4.2 Configuration Files

4.3 Configuration Script configantivir

4.4 Configuring Regular Updates

5 Configuration (Windows)

5.1 Available Entries in SAVAPI.INI

5.2 Possible Entry in SAVAPIDL.INI

5.3 Immediate Updates

6 ABAP-Specific Configuration

6.1 Setting the Virus Scan Interface

6.1.1 Defining Scanner Groups

6.1.2 Defining Virus Scan Servers

6.1.3 Defining Virus Scan Profiles

6.1.4 Implementing a BAdI for Virus Scanners

6.2 Problem Analysis for the Virus Scan Server

6.3 Testing the Installation of the Virus Scan Server

6.4 Commented Example Program

7 Java-Specific Configuration

7.1 Setting Up Virus Scan Providers

7.1.1 Define a Scanner Group

7.1.2 Define a Virus Scan Provider

7.1.3 Define a Virus Scan Profile

7.2 Problem Analysis for the Virus Scan Provider

7.3 Example Program

8Operation

8.1 Reaction to Viruses/ Unwanted Programs Detected

9Service

9.1 Support

9.2 Contact

10 Appendix

10.1 Glossary

10.2 Further Information

10.3 Golden Rules for Protection Against Viruses