F-secure INTERNET GATEKEEPER FOR LINUX 4.01 ADMINISTRATOR GUIDE
F-Secure Internet Gatekeeper
for Linux
― A Comprehensive Internet and Anti-Virus Solution ―
Version 4
Rev. 20100125
Administrator’s Guide
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
About this Guide
This guide describes the installation and uninstallation, usage, and settings for F-Secure Internet
Gatekeeper for Linux.
Please note that “F-Secure Internet Gatekeeper for Linux” is also referred to as “the product” and
“Internet Gatekeeper" in this guide.
Symbols
Symbol Description
Provides important information that you need to consider.
Provides additional information that you should consider.
Indicates that related information on the topic is available in a different chapter or another
document.
Fonts
Font Description
Arial bold (blue)
Arial italics (blue)
Arial italics (black)
Courier New
Courier New bold
SMALL CAPS (BLACK)
Arial underlined (blue)
Arial italics
Used to refer to menu names and commands, to buttons and other items in a
dialog box.
Used to refer to chapters in the manual, and to book titles of other manuals.
Used for file and folder names, for figure and table captions, and for directory
names.
Used for messages on your computer screen.
Used for information that you must type.
Used for a key or key combination on your keyboard.
Used for user interface links.
Used for windows and dialog names.
2
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
Contents
1. Introduction .............................................................................................. 6
2. Features .................................................................................................. 8
2.1 Overview .................................................................................................................................... 8
2.2 List of Features .......................................................................................................................... 8
3. System Requirements ........................................................................... 11
3.1 Hardware Requirements .......................................................................................................... 11
3.2 Software Requirements ............................................................................................................ 12
4. Installing F-Secure Internet Gatekeeper for Linux ................................. 13
4.1 Installing an rpm Package ........................................................................................................ 13
4.2 Installing a deb Package .......................................................................................................... 14
4.3 Installing a tar.gz Package ....................................................................................................... 15
4.4 Using the Installation Command .............................................................................................. 15
4.5 Uninstalling F-Secure Internet Gatekeeper for Linux ............................................................... 16
4.6 Backup and Restore ................................................................................................................. 16
5. Typical Configurations ........................................................................... 17
5.1 Configuration Overview ............................................................................................................ 17
5.1.1 HTTP Connection ...................................................................................................... 17
5.1.2 SMTP Connection ...................................................................................................... 18
5.1.3 POP Connection ........................................................................................................ 19
5.1.4 FTP Connection ......................................................................................................... 20
5.2 Network Configuration Examples ............................................................................................. 21
5.3 Internet Gatekeeper Server Settings ....................................................................................... 22
5.3.1 Web Console ............................................................................................................. 22
5.3.1.1 Accessing the Web Console ...................................................................... 22
5.3.1.2 Web Console Layout .................................................................................. 23
5.3.2 Typical Settings .......................................................................................................... 24
5.4 Client Settings .......................................................................................................................... 25
6. Checking the Proxy Setup ..................................................................... 26
6.1 Checking the HTTP Proxy ........................................................................................................ 26
6.2 Checking the SMTP Proxy ....................................................................................................... 26
6.3 Checking the POP Proxy ......................................................................................................... 27
6.4 Checking the FTP Proxy .......................................................................................................... 27
7. Advanced Settings ................................................................................ 28
3
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
7.1 Web Console Settings .............................................................................................................. 28
7.1.1 Proxy Settings ............................................................................................................ 28
7.1.1.1 HTTP Proxy ................................................................................................ 28
7.1.1.2 SMTP Proxy ............................................................................................... 35
7.1.1.3 POP Proxy .................................................................................................. 45
7.1.1.4 FTP Proxy ................................................................................................... 52
7.1.1.5 Common Settings ....................................................................................... 56
7.1.2 Virus Definition Database .......................................................................................... 62
7.1.3 Logs ........................................................................................................................... 63
7.1.4 Top Menu ................................................................................................................... 64
7.2 Access Control ......................................................................................................................... 65
7.3 Detection Notification Templates ............................................................................................. 67
7.4 Expert Options ......................................................................................................................... 69
8. Command-line Tools ............................................................................. 70
8.1 Auto-Start ................................................................................................................................. 70
8.2 Proxy Execution ....................................................................................................................... 71
8.3 Virus Definition Updates ........................................................................................................... 72
8.4 Restarting All Services ............................................................................................................. 73
8.5 Creating Diagnostic Information ............................................................................................... 74
9. Logs ....................................................................................................... 75
9.1 Log Files ................................................................................................................................... 75
9.1.1 Access Logs ............................................................................................................... 75
9.1.2 Virus and Spam Detection Logs ................................................................................ 78
9.1.3 Error Logs .................................................................................................................. 79
9.1.4 Information Logs ........................................................................................................ 89
9.2 Splitting/Rotating Log Files ...................................................................................................... 94
9.3 Time Display Conversion Tool ................................................................................................. 95
9.4 Log Analysis Tools ................................................................................................................... 96
9.5 External Output of Logs ........................................................................................................... 97
10. Other Settings ..................................................................................... 98
10.1 Access Authentication ............................................................................................................ 98
10.1.1 Host Authentication .................................................................................................. 98
10.1.2 Authentication using Virtual Networks ................................................................... 100
10.1.3 Proxy Authentication using Internet Gatekeeper ................................................... 102
10.1.4 Authentication by Mail Servers .............................................................................. 104
10.1.5 Authentication using POP-before-SMTP ............................................................... 105
10.2 Transparent Proxy ................................................................................................................ 107
10.2.1 Transparent Proxy Details ..................................................................................... 108
10.2.2 Transparent Proxy – Router Mode ........................................................................ 109
10.2.3 Transparent Proxy – Bridge Mode ......................................................................... 113
10.3 Coexisting with mail servers ................................................................................................. 117
10.3.1 Changing the Port Number of Internet Gatekeeper ............................................... 117
10.3.2 Changing the Port Number of the Mail Server ....................................................... 118
4
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
10.3.3 Changing the IP Address ....................................................................................... 121
10.3.4 Changing IP Addresses with iptables .................................................................... 123
10.4 Scanning Viruses Before Saving Mail to the Mail Server .................................................... 125
10.5 Reverse Proxy Settings ........................................................................................................ 128
10.5.1 Reverse Proxy – Typical Settings .......................................................................... 128
10.5.2 Coexisting with Web Servers ................................................................................. 129
10.5.3 Implementing a HTTPS (SSL) Server ................................................................... 130
11. Product Specifications ........................................................................132
11.1 Product Specifications .......................................................................................................... 132
11.2 HTTP Proxy Process ............................................................................................................ 134
11.3 SMTP Proxy Process ........................................................................................................... 136
11.4 POP Proxy Process ............................................................................................................. 138
11.5 FTP Proxy Process .............................................................................................................. 140
11.6 HTTP Error Responses ........................................................................................................ 144
11.7 HTTP Request and Response Headers .............................................................................. 146
11.8 SMTP Command Responses ............................................................................................... 148
11.9 SMTP Commands – Operations .......................................................................................... 151
11.10 POP Commands – Operations .......................................................................................... 155
11.11 FTP Commands – Operations ........................................................................................... 157
11.12 Connection Error Messages............................................................................................... 160
11.13 Service Process List ........................................................................................................... 162
11.14 Detection Names ................................................................................................................ 164
11.15 Riskware ............................................................................................................................. 166
12. Copyright Information .........................................................................168
5
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
1. Introduction
F-Secure Internet Gatekeeper for Linux is an Internet Gatekeeper solution designed to protect
corporate networks, Internet Service Provider networks, and home networks against malware.
Computer viruses are one of the most harmful threats to the security of data on computers. Viruses
have become even more widespread due to the trend in standardizing platforms and the continuous
spread of the Internet. In addition to corrupting or falsifying data, viruses can also cause damage by
using the Internet to leak confidential company data or personal information. Even if the leaked
information is not important in itself, viruses can use the computer to spread their infection more,
resulting in harm to others.
With F-Secure Internet Gatekeeper for Linux, you can scan for viruses centrally. You can monitor web
site connections, and the sending and receiving of e-mails from all computers in a LAN (Local Area
Network).
The product can scan communication that is based on HTTP, FTP, SMTP, and POP.
The ability to use the POP protocol means that you do not need to make any changes to the mail
server to check e-mail for viruses. You can simply pass all inbound and outbound e-mail through
F-Secure Internet Gatekeeper for Linux.
The product is very fast, being optimized for performance. This makes it suitable for large-scale
networks, and for networks that support high-speed broadband. It also means that performance is
adequate even when the product is run on less powerful computers.
The product also supports a transparent proxy, various authentication functions, and spam blocking.
The product is available also in Japanese.
6
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
r
Internet
Web Serve
Mail Server
Mail Server
F-Secure Internet Gatekeeper
PC PC PC PC
7
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
2. Features
2.1 Overview
F-Secure Internet Gatekeeper for Linux:
• Protects a range of different networks against viruses:
- Internal company networks
- ISP networks
- Home networks
• Uses a single computer to monitor the network access by all computers on the company, ISP, or
home network.
• Does not use any resources from other computers on the network.
• Is easy to install and administer on an existing network.
• Can be used both on large and small networks. Adequate performance can be obtained also on
less powerful computers.
2.2 List of Features
Monitor Web Browsing and E-mail Traffic
• HTTP
• FTP
• SMTP
• POP
High-Speed Virus Scanning Proxy
• Best performance when compared to any Internet Gatekeeper product (based on research by
F-Secure)
* Pentium III 1GHz Dual, MEM: 1GB, NETWORK: Performance measured on a 1000BaseTX
network
- HTTP : 120Mbps, 640 sessions/sec (Average 23 KB/session)
- SMTP : 110Mbps, 130 sessions/sec (Average 80 KB/session)
- 1000 or more simultaneous connections
→ Adequate performance can be obtained on less powerful computers
→ Operation on a single computer is practical even on large networks
8
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
Simple Installation
• Runs in almost all Linux environments
• Combines all functions in a single computer
• Can be installed as an rpm or deb package. The rpm package complies with Linux Standard Base,
which is used in Red Hat Linux and some other distributions.
• Can be installed as a .tar.gz package (for any Linux distribution)
Simple Configuration
• No configuration changes are required on your mail server
• No changes are required to your network configuration
• Minimal configuration changes for individual users
• All settings can be configured in the web console
• The language of the web console can be changed while using it
Authentication Functions
• Supports POP-before-SMTP authentication
• Supports proxy authentication for various protocols
(HTTP proxy authentication, SMTP authentication, POP/FTP user restrictions)
→ Proxy authentication operates via PAMs (Pluggable Authentication Modules) and can integrate
with other authentication methods such as UNIX accounts, LDAP, NIS, and Radius.
• Access restrictions can be set for all protocols based on the IP address, host name, or domain
name
• The SMTP receive domain can be restricted to prevent relaying through a third party
• Existing SMTP authentication function on a mail server can be used
• Existing APOP function on a mail server can be used
Virus Detection Notifications
• The notification text can be edited and customized freely
• UTF-8 characters (for example, Japanese) can be used in messages
• An e-mail can be sent to the administrator when a virus is detected
• The header and body of the notification e-mail are customizable
Flexible Configuration
• Can use a transparent proxy (HTTP, SMTP, POP, and FTP)
• Individual users can select POP servers independently
• Scans files that are sent by using the HTTP protocol for viruses. Supports POST and PUT
methods.
• Supports sending and receiving from dedicated FTP clients
• Supports multi-level connections using parent proxy settings
• Can monitor all connections to designated web servers by using parent proxy settings (reverse
proxy)
• Can connect to any mail server
• Can use any mail server running on the same computer
• SMTP reception and SMTP transmission can be configured independently
9
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
Anti-Virus
• Uses the award-winning and proven F-Secure engine
• Can handle practically all existing viruses
• Can handle viruses for Windows, DOS, Microsoft Office, VBS, Linux, and other environments
• Combined use of multiple engines (FS-Engine (Hydra) and Aquarius) allows for a quick response
to new types of virus
• Low level of misdetection and false alarms
• Supports various file archive formats (ZIP, ARJ, LZH, CAB, RAR, TAR, GZIP, BZIP2 up to six
levels of nesting)
• Virus definition files can be updated automatically
Spam Blocking
• Supports spam detection for both SMTP and POP
• Uses a prioritized black list and white list to scan designated headers and the e-mail body to detect
spam by using customized conditions
• Uses the Spam detection engine
• Can use a RBL (Realtime Black List) to detect spam from the sender’s e-mail address
• Can use a SURBL (SPAM URL Realtime Black List) to detect spam that contains spam domain
URLs in the e-mail body
• Adds a spam identification header (“X-Spam-Status: Yes”) to spam e-mail to allow easy sorting
• Adds predefined text (such as "[[SPAM]]") to the e-mail subject to allow easy sorting
Other Features
• Can specify whether to block or allow files based on conditions such as the file extension,
User-Agent, and file size
• Can block ActiveX and script (JavaScript or VBScript) content
• Can generate access statistics in a Squid compatible log
• Can output to external logs such as syslog
• Includes an HTTPS (encrypted HTTP) proxy function. However, because communication is
encrypted, HTTPS (SSL) is not scannded for viruses.
• A virus identification header (X-Virus-Status: infected) can be added to virus detection notification
e-mails to allow easy sorting
10
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
3. System Requirements
F-Secure Internet Gatekeeper for Linux has the following system requirements.
3.1 Hardware Requirements
Minimum Hardware Requirements
CPU Intel Pentium compatible CPU
MEMORY 512 MB RAM or more
DISK 5 GB or more free space (adequate space for temporary file storage)
NETWORK TCP/IP connection
Recommended Hardware
CPU Intel Pentium compatible CPU 2GHz or faster
MEMORY 1 GB or more
DISK 20 GB or more free space
NETWORK 100BaseT or better
11
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
3.2 Software Requirements
Required Components
• Linux kernel 2.4/2.6
• glibc 2.3.2 or later
• perl 5.8 or later
Supported Distributions
32-bit:
• Asianux Server 3
• Asianux 2.0 (MIRACLE LINUX 4.0)
• Asianux 1.0 (MIRACLE LINUX 3.0)
• CentOS 4/5
• Debian GNU/Linux 5.0
• Red Hat Enterprise Linux 3/4/5
• SuSE Linux Enterprise Server 9/10/11
• Turbolinux 10 Server/11 Server
• Ubuntu 8.04
64-bit(x86_64):
• Asianux Server 3
• Asianux 2.0 (MIRACLE LINUX 4.0)
• CentOS 5
• Debian GNU/Linux 5.0
• Red Hat Enterprise Linux 4/5
• SuSE Linux Enterprise Server 9/10/11
• Turbolinux 10 Server/11 Server
• Ubuntu 8.04
* On x86_64 platforms, the product requires 32-bit libraries to be installed, and it runs in 32-bit mode.
12
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
4. Installing F-Secure Internet
Gatekeeper for Linux
Use either the rpm package, deb package or tar.gz package to install F-Secure Internet Gatekeeper
for Linux.
■ Use the rpm package for installation if possible.
■ You can install updates by following the same steps. The existing configuration settings are not
changed.
4.1 Installing an rpm Package
This section explains how to install F-Secure Internet Gatekeeper for Linux on a server, which runs
one of the Red Hat family of Linux distributions.
In a Red Hat distribution, you can easily install the software by using the rpm package. The Red Hat
family of distributions include the following:
■ Red Hat
■ Turbolinux
■ SUSE Linux
■ MIRACLE LINUX / Asianux
* Please refer to the related installation guides for instructions on how to install each distribution.
You can install the package by double clicking the rpm package, or executing the following command
with root privileges:
# rpm -Uvh fsigk-XXX.i386.rpm
This installs the whole product and makes the web console available for use.
Next, see “Typical Configurations”, 15.
13
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
4.2 Installing a deb Package
This section explains how to install F-Secure Internet Gatekeeper for Linux on a server, which runs
one of the Debian or Ubuntu based Linux distributions.
In a Debian or Ubuntu distribution, you can easily install the software by using the deb package.
You can install the package by double clicking the deb package, or executing the following command
with root privileges:
# dpkg –i fsigk-xxx_all.deb
This installs the whole product and makes the web console available for use.
Next, see “Typical Configurations”, 15.
14
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
4.3 Installing a tar.gz Package
If you cannot use the rpm or deb package to install F-Secure Internet Gatekeeper for Linux, you can
install it by using a tar.gz package.
Execute the following command with root privileges:
# tar -zxvf fsigk-XXX.tar.gz
# cd fsigk-XXX/
# make install
This installs the whole product and makes the web console available for use. To specify the
installation options, see “Using the Installation Command”, 13.
Next, see “Typical Configurations”, 15.
4.4 Using the Installation Command
When you use the tar.gz package to install the software, you can specify installation options during
the installation. Run the installation command as described below. You can omit the options if needed.
make [options]... target
Although you can specify the installation options, we recommend that you use the "make
install" command for installation.
Target
install Install. We recommend that you specify this target.
In addition to installing the files, this also installs the startup script and PAM
setup files and starts the web console service.
Options
prefix=[dir] Specifies the installation directory. We recommend that you install the product
in the default installation directory (/opt/f-secure/fsigk).
suffix=[name] Specifies a suffix. Use this option if you install multiple copies of the software
on the same server.
Adds a suffix to the executable file and other command names (fsigk) to
distinguish between each copy. The suffix must be less than two characters.
adminport=[num] Specifies a port number other than the default port (9012) for the F-Secure
Internet Gatekeeper for Linux web console. Use this option when you install
multiple copies of the software on the same server.
lang=[ja|en] Specifies the language of the product. The available languages are "ja"
(Japanese) and "en" (English). If no language is specified, the language is
selected automatically. Automatic selection selects Japanese if the time zone
is JST or the LANG environment variable starts with "ja". Otherwise, English
is selected. This setting determines the default language for the web console
and the default templates for virus detection messages.
15
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
Command examples
To install the whole product, use this command:
# make install
To install multiple copies of the software, use this command:
# make prefix=/opt/f-secure/fsigk2 suffix=2 adminport=10012 install
4.5 Uninstalling F-Secure Internet Gatekeeper for Linux
Follow the steps below to uninstall the software. This removes the files installed on the system,
deletes the configuration settings, and shuts down the service.
Execute the following command with root privileges:
# cd /opt/f-secure/fsigk
# make uninstall
# rm -rf /opt/f-secure/fsigk
If you use the rpm package, execute the following command:
# rpm -e fsigk
If you use the deb package, execute the following command:
# dpkg –r fsigk
4.6 Backup and Restore
Follow these steps to back up and restore F-Secure Internet Gatekeeper for Linux.
To back up the product, save the contents of the following directories as needed:
/opt/f-secure/fsigk : Entire system state
/opt/f-secure/fsigk/conf : Configuration files
/opt/f-secure/fsigk/log : Log files
(Note that the settings for definition file updates are saved separately by using crontab.)
To restore the software to its previous state, restore the files and then (forcibly) reinstall the package.
For rpm package:
# rpm -Uvh --force fsigk-xxx-0.i386.rpm
For deb package:
# dpkg –r fsigk
# dpkg –i fsigk-xxx_all.deb
16
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
5. Typical Configurations
Once the installation has completed, locate the appropriate Internet Gatekeeper server and modify the
settings as required. The next step is to configure client computers.
5.1 Configuration Overview
The following section describes how HTTP, SMTP, POP, and FTP connections operate in these
cases:
• virus scanning is not used
• Internet Gatekeeper performs virus scanning
5.1.1 HTTP Connection
• Without virus scanning
The web browser connects to the web server directly and fetches the page.
• With virus scanning
When virus scanning is used, Internet Gatekeeper stands between the web server and client and
operates as a proxy server for the web browser. The web browser connects to the web server
through Internet Gatekeeper. The web browser retrieves pages after they have been scanned for
viruses. Internet Gatekeeper connects to the appropriate web server based on the URL that has
been requested from the web browser.
HTTP Connection example
Without virus scanning With virus scanning
WEB server (www1)
WEB server (www2)
WEB server (www2) WEB server (www1)
Anti-Virus Gateway
(virusgw)
URL: ht tp:/ /www1/ URL: http://www2/
Client
URL: ht tp:/ /www 1/ URL: ht tp:/ /www 2/
Client
Proxy setting:
http://fsigk:9080/
17
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
r
5.1.2 SMTP Connection
• Without virus scanning
The e-mail client sends e-mail to mail servers on the Internet through an SMTP server for
outbound e-mail.
• With virus scanning
When virus scanning is used, Internet Gatekeeper stands between the client and mail server and
operates as the SMTP server for the e-mail client. The client connects to the SMTP server through
Internet Gatekeeper. The client sends outbound e-mail to mail servers on the Internet. Internet
Gatekeeper forwards the mail through the outbound mail server.
SMTP Connection example
Without virus scanni ng With virus scanning
Mail server (mail2)
To: foo@mail2
SMTP server settings: mail1
Mail server (mail3)
Mail server (mail1) Mail server (mail1)
To: foo@mail3
Client
To: foo@mail2
Client
SMTP server settings:
Mail server (mail3) Mail server (mail2)
Internet Gatekeepe
(fsigk)
Parent server:
To: foo@mail3
fsigk
mail1
18
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
r
5.1.3 POP Connection
• Without virus scanning
To retrieve e-mail, the e-mail client connects to the mail server directly by using the POP protocol.
• With virus scanning
When virus scanning is used, Internet Gatekeeper stands between the client and mail server and
operates as the POP server for the e-mail client. The client connects to the mail server through
Internet Gatekeeper. The client retrieves e-mail that has been scanned for viruses. Although
Internet Gatekeeper usually connects to the designated parent server, you can specify that the
connection is created to any POP server. To do this, specify the POP user name in the format
"<POP server user name>@<POP server name>".
POP Connection example
Without virus scanning With virus scanning
POP user: user2
POP server: mail2
Mail server (mail3) Mail server (mail2)
POP user: user3
POP server: mail3
Client Client
POP user: user2
POP server: fsigk
Mail server (mail3) Mail server (mail2)
Internet Gatekeepe
(fsigk)
Parent server: mail2
POP user: user3@mail3
POP server: fsigk
19
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
r
5.1.4 FTP Connection
• Without virus scanning
To send and receive files, the FTP client connects to an FTP server directly by using the FTP
protocol.
• With virus scanning
When virus scanning is used, Internet Gatekeeper stands between the client and server and
operates as a proxy server for the FTP client. The client connects to the FTP server through
Internet Gatekeeper. The client sends and receives files that have been scanned for viruses. If the
FTP client does not support a proxy server, Internet Gatekeeper usually connects to the
designated parent server. However, you can specify that the connection is created to any FTP
server. To do this, specify the FTP user name in the format "<FTP server user name>@<FTP
server name>".
FTP Connection example
Without virus scanni ng With virus scanning
FTP server(ftp1)
FTP user: user1
FTP server: ftp1
FTP server (ftp2)
FTP user: user2
FTP server: ftp2
Client Client
FTP user: user1
FTP server:
fsigk
FTP server (ftp2) FTP server (ftp1)
Internet Gatekeepe
(fsigk)
Parent server:
FTP user
FTP server:
: user2@ftp2
fsigk
ftp1
20
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
5.2 Network Configuration Examples
F-Secure Internet Gatekeeper for Linux operates as a proxy server, which is located between the
client and the web and mail servers. The scenarios described here assume that Internet Gatekeeper
is installed in a typical network configuration like the one shown below.
The network configuration below shows that the gateway is located in a DMZ network. However,
installation in a DMZ is not necessary if connections from the Internet are not required.
mail.provider.com:External mail server (SMTP,POP)
Internet
DMZ(192.168.0.0/255.255.255.0)
mail.foo. com:Internal ma il ser ver (SMTP,POP)
External router
dns.foo.com:DNS server ( 192.168.0.2)
fsigk.foo.com(192.168.0.99)
:Internet Gatekeeper server
Intern al router
Client Client Client
21
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
5.3 Internet Gatekeeper Server Settings
To use F-Secure Internet Gatekeeper for Linux for virus scanning, configure the Internet Gatekeeper
server in which the product is installed as follows.
Always specify the following settings:
■ Service On/Off
5.3.1 Web Console
Use the web user interface to change the product settings. The web user interface is called the "web
console".
5.3.1.1 Accessing the Web Console
1 Access the following URL from your web browser.
http://<hostname>:9012/
(Where <hostname> is the domain name or IP address of the server where Internet
Gatekeeper is installed.)
Use the On and Off buttons in the web console for each proxy to enable or disable the service.
■ Port number to use for each service
■ Parent servers for SMTP and POP
Specify the [host name] and [port number] for your existing mail server.
2 To log in, enter your user name and password in the connection dialog box.
The default account is: User name: admin, Password: admin
The Home page of the web console opens.
22
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
If you cannot connect to the web console, view the error log
(/opt/f-secure/fsigk/log/admin/error.log) from the command line.
5.3.1.2 Web Console Layout
The web console consists of a menu on the left of the screen and a work area on the right.
The example below shows the screen when you select Proxy settings from the main menu, and
HTTP from the sub-menu.
Field Description
Main menu Select the category of settings you want to specify. A sub-menu appears under the main
menu. The sub-menu is different for each item in the main menu.
Sub-menu Click a menu item to show the corresponding settings page in the work area.
Work area Area that contains the default settings. You can change them as required.
On and Off buttons
Save and restart
buttons
To enable a service, click On.
To disable a service, Click Off.
To save the settings and start the enabled services, click the Save and Restart button.
To discard unsaved settings, click the Cancel button.
23
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
5.3.2 Typical Settings
In a typical product setup, the following settings are specified in the web console.
Proxy Settings
After editing the settings, click the Save and Restart button. The enabled services are started and the
changed settings are applied.
Proxy Settings
HTTP proxy: On
Proxy port: 9080
SMTP proxy: On
Proxy port: 25
Global settings
Parent server
Host name: mail.example.com
Port number: 25
POP proxy: On
Proxy port: 110
Parent server:
Host name: mail.example.com
Port number: 110
FTP proxy: On
Proxy port: 9021
Common settings
Settings to notify the administrator
E-Mail address: fsigkadmin@example.com
SMTP server: (Host name: mail.example.com, Port number: 25)
Other Settings
Specifies the other required settings.
Virus definition database
Automatic Updates
Update frequency: Hourly
Other
Administrator password
New password: Enter password
This is the password used to log into the web console.
License
License key: License key that you received when you purchased the software
24
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
5.4 Client Settings
To use F-Secure Internet Gatekeeper for Linux for virus scanning, you need to change the proxy
server setting in your web browser and the mail server setting in your e-mail client.
Web Browser Settings
Proxy server
Host name: fsigk.example.com
Port number: 9080
Mail Client Settings
Internal mail box
SMTP server: fsigk.example.com
POP server: fsigk.example.com
External mail box
SMTP server: fsigk.example.com
POP server: fsigk.example.com
POP user name: username@mail.provider.com
25
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
6. Checking the Proxy Setup
After configuring the settings, follow the steps below to confirm that the software is working correctly.
If the software is not working correctly, use one of the following methods to view the error log.
■ From the web console, select “HTTP”, “SMTP”, “POP”, or “FTP” from the “Log” menu and then
view the "Error log".
■ View the error log from the command line
(/opt/f-secure/fsigk/log/{http,smtp,pop,ftp}/error.log).
If you cannot connect to the Internet, run the “make eicar” command from the
“/opt/f-secure/fsigk” directory to create a test virus file (eicar.com).
6.1 Checking the HTTP Proxy
Do the following and confirm that a virus detection warning appears:
Start your web browser and download the test virus (eicar) from the following location:
http://www.eicar.org/anti_virus_test_file.htm
6.2 Checking the SMTP Proxy
Do the following and confirm that the virus does not reach the e-mail recipient:
1 Start your web browser and download the test virus (eicar) from the following location:
http://www.eicar.org/anti_virus_test_file.htm
Clear the proxy setting in the browser. This prevents the test virus from being detected and
deleted when it is downloaded.
2 Send an e-mail with eicar as an attachment.
26
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
6.3 Checking the POP Proxy
Do the following and confirm that the virus is detected:
1 Start your web browser and download the test virus (eicar) from the following location:
http://www.eicar.org/anti_virus_test_file.htm
Clear the proxy setting in the browser. This prevents the test virus from being detected and
deleted when it is downloaded.
2 Send an e-mail with eicar as an attachment.
Set the e-mail client to send the e-mail directly rather than through the Internet Gatekeeper
server. This prevents the test virus from being detected and deleted when it is sent.
3 Receive the e-mail.
6.4 Checking the FTP Proxy
Do the following and confirm that the virus is detected:
1 Start your web browser and download the test virus (eicar) from the following location:
http://www.eicar.org/anti_virus_test_file.htm
Clear the proxy setting in the browser.This prevents the test virus from being detected and
deleted when it is downloaded.
2 Use FTP to send and receive the eicar file.
27
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
7. Advanced Settings
7.1 Web Console Settings
You can use the web console to change the settings as required. The settings are described below.
For information on the web console, see “Web Console”, 20.
7.1.1 Proxy Settings
The name in parentheses ( ) is the item name in the settings file (conf/fsigk.ini).
Proxy settings
Proxy Settings
Specifies how the virus scanning proxy works.
Click the Save and Restart button to apply the settings and restart the specified services. You can
also use the chkconfig command to change the automatic startup settings.
7.1.1.1 HTTP Proxy
HTTP Proxy
HTTP Proxy (http_service)
Click the On and Off buttons to start or stop the HTTP proxy service.
Proxy port
Proxy Port (svcport)
Specifies the port number used by the proxy service.
Usually, you need to specify only the port number. To specify the port number, IP address, and
interface name all together, use the following format:
Syntax: [A.A.A.A%EEE:PPP|A.A.A.A:PPP|%EEE:PPP|PPP]
(PPP: Port number, A.A.A.A: Address, EEE: Interface)
Examples: 9080, 1.2.3.4:9080, %eth0:9080, 1.2.3.4%eth0:9080
■ You can specify only one inbound port number. To listen for connections on more
than one port, use the REDIRECT setting in the iptables function of Linux.
For example, to listen for connections on both port 9080 and port 12345, set 9080
as the inbound port number. Use iptables to redirect port 12345 to port 9080. In
this case, use the following command to set up iptables:
# iptables -t nat -A PREROUTING -p tcp -dport 12345 -j REDIRECT -to-port
9080
After specifying the setting, save the iptables configuration:
# /etc/init.d/iptables save
■ See your Linux distribution documentation for information about using and saving
28
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
iptables on your system.
Parent server
Parent Server (self_proxy / parent_server_h ost / pare nt _server_port)
All connections are forwarded to the specified server.
If you use more than one level of proxies, specify the parent proxy.
If the parent server is used as a reverse proxy, specify the web server.
Virus scanning
Do Virus Check (virus_check)
Enables or disables virus scanning.
We recommend that you enable this setting.
Virus scanning is not performed for HTTPS (SSL) because communication is encrypted.
What to do when a virus is detected
Action on Viruses
Delete
Delete (action={pass,delete})
Specifies whether to delete viruses. The detection event is recorded in the log, and a
notification is sent to the administrator even if the virus is not deleted.
We recommend that you enable this setting.
Notify the administrator by e-mail
Notify Admin (notify_admin)
Sends a notification to the administrator by e-mail. Specify the e-mail address, mail server,
and detection message in Settings to notify the administrator under “Common
settings”.
To separate notifications from standard e-mails, "X-Admin-Notification-Id: [number]" is added to
the header. This also prevents the notification from being detected as a virus. “Number” is a
random number, which is set as admin_notification_id in the settings file during the installation.
Quarantine
Quarantine(keep) (quarantine)
Quarantines viruses. The viruses are quarantined in the directory that you can set in
Quarantine directory under “Common settings”.
Specify this setting only if sufficient disk space is available.
Edit the virus detection message
Detection message
Edits the message that is shown when a virus is detected.
Enter the message by using the UTF-8 character set. The maximum length of the message
is 9000 bytes.
For information on variables and options, see “Detection Notification Templates”, 67.
■ If you edit the message from the command line, you need to restart the service
afterwards.
■ If you edit the virus detection message by using the web console, the
29
following file is updated: /opt/f-secure/fsigk/conf/template_http.html.
HTTP proxy authentication
Proxy authentication (proxyauth_pam_auth)
Authenticates the proxy by using PAMs (Pluggable Authentication Modules). You can change
the authentication method in the /etc/pam.d/fsigk_http file.
For more information, see " Proxy authentication using Internet Gatekeeper", 102.
Add or remove users
User DB
Edits the database of users who are permitted to connect. You can add, delete, and modify
users and passwords.
Maximum number of simultaneous connections
Maximum connections (pre_spawn)
Specifies the maximum number of simultaneous connections from clients. The specified
number of processes listen for connections from clients.
You can check the number of connections in “Internal process ID” in the access log
(access.log).
F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
■ If you increase the maximum number of connections, more connections are allowed, but
it requires more memory. Approximately 500 KB of memory is used per process.
■ A warning is output to the error log if the maximum number of connections is reached.
■ We recommend that you set an initial value of approximately 200 and then monitor the
performance. The value of the setting is usually less than 2000. (The setting itself
permits values up to 9999.)
Access control
Access Control
From these hosts
From: (acl_from)
Only accepts connections from the designated list of hosts.
If [DNS Reverse Lookup] is enabled, you can also specify <host name>.<domain name>.
For examples, see “Access Control”, 65.
If you edit the “From these hosts” setting in the web console, the http from field
is updated in /opt/f-secure/fsigk/conf/hosts.allow.
See man page hosts_access(5) for more information on the syntax used in the
file.
To these hosts
To: (acl_to)
Only accepts connections to the designated list of hosts.
For examples, see “Access Control”, 65.
If you edit the “To these hosts” setting in the web console, the http to field is
upated in /opt/f-secure/fsigk/conf/hosts.allow.
See man page hosts_access(5) for more information on the syntax used in the
file.
Exclude these targets from the virus scan
Skip scanning for:
User-Agent
30
Loading...