Kaspersky ANTI-VIRUS 5.1 User Manual

KASPERSKY LABS
Kaspersky Anti-Virus® 5.1
for Microsoft ISA Server
Administrator’s guide
KASPERSKY ANTI-VIRUS® 5.1 FOR MS ISA SERVER
Administrator’s Guide
Kaspersky Labs Ltd.
http://www.kaspersky.com
Edition date: July 2004
Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR MS ISA SERVER............................. 4
1.1. Hardware and software requirements .................................................................. 5
1.2. Distribution kit ........................................................................................................ 6
1.3. Help Desk for registered users.............................................................................. 6
1.4. Conventions........................................................................................................... 7
CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS ................................................. 8
CHAPTER 3. HOW TO INSTALL THE APPLICATION...............................................11
3.1. Configuring ISA Server before installing the application .................................... 11
3.2. Installing Kaspersky Anti-Virus®.......................................................................... 12
3.2.1. First installation ............................................................................................. 12
3.2.2. Reinstalling.................................................................................................... 16
3.2.3. Troubleshooting installation problems ......................................................... 17
CHAPTER 4. USING KASPERSKY ANTI-VIRUS® FOR ISA SERVER..................... 19
4.1. Default values of scan settings ........................................................................... 19
4.2. Managing scans .................................................................................................. 21
4.2.1. Configuring general settings of anti-virus scanning..................................... 22
4.2.1.1. General settings.....................................................................................23
4.2.1.2. Settings for HTTP scanning................................................................... 25
4.2.1.3. Settings for FTP scanning ..................................................................... 26
4.2.2. Managing groups.......................................................................................... 27
4.2.3. Specifying policies for anti-virus scanning ................................................... 32
4.2.3.1. Managing a list of trusted servers.......................................................... 36
4.2.3.2. Creating a list of objects excluded from scans...................................... 37
4.3. Updating the anti-virus database ........................................................................ 38
4.3.1. Scheduled updating of the anti-virus database ........................................... 40
4.3.2. On-demand updating.................................................................................... 40
4.4. Managing notifications......................................................................................... 40
4.5. Testing Kaspersky Anti-Virus® operation............................................................ 42
4.6. Application statistics and diagnostics.................................................................. 42
3 Kaspersky Anti-Virus for MS ISA Server
4.6.1. Recording and viewing statistics .................................................................. 42
4.6.2. Notifying the administrator using ISA Server Alerts..................................... 45
4.6.3. Configuring diagnostics options for the application ..................................... 46
4.7. Managing license keys........................................................................................ 48
4.7.1. Renewing your license .................................................................................49
4.7.2. Removing a license key ............................................................................... 50
CHAPTER 5. TROUBLESHOOTING ........................................................................... 51
APPENDIX A. GLOSSARY........................................................................................... 54
APPENDIX B. KASPERSKY LABS LTD. ....... ERROR! BOOKMARK NOT DEFINED.
B.1. Other Kaspersky Labs products..........................Error! Bookmark not defined.
B.2. Contact Information..............................................Error! Bookmark not defined.
APPENDIX C. LICENSE AGREEMENT ...................................................................... 61
Chapter 1. Kaspersky Anti-
Virus® for MS ISA Server
Kaspersky Anti-Virus® for Microsoft ISA Server (hereafter, also Kaspersky Anti-Virus
using the HTTP and FTP protocols via the Microsoft Internet Security and Acceleration Server. It ensures reliable protection of corporate networks from penetration by malicious software.
Kaspersky Anti-Virus transferred via the HTTP and FTP protocols, isolates controlled objects from this data, analyzes them for the presence of viruses, and prevents infected files and Web documents from penetrating into a corporate network.
The program includes data stream filters and the anti-virus kernel.
The filters are integrated into MS ISA Server as plug-ins, and the anti-virus kernel is installed into the system as a service.
The anti-virus protection is managed through a special interface built into the ISA administration snap-in for Microsoft Management Console (MMC) as an extension.
The application performs the following functions:
In addition, Kaspersky Anti-Virus® for MS ISA Server allows the user to:
®
for ISA Servers) is a system of anti-virus control for files transferred
®
for MS ISA Server acts as a filter that intercepts packets
Anti-virus protection and processing of data streams received from the Internet.
Generation of data streams from disinfected files and the delivery of these streams to the client upon request.
Scheduled and manual updating of the anti-virus database via the Inter­net, a local folder, or a shared folder.
Logging of statistics about program performance and displaying the results using standard Windows tools.
Management of license keys.
Set parameters for anti-virus protection and for notifications about dan-
gerous events.
Create groups of users in accordance with the adopted network policy. For example, you can use the existing administration division to define
5 Kaspersky Anti-Virus for MS ISA Server
anti-virus policy settings for each of the groups created. This can signifi­cantly speed up the scanning process.
Create a list of trusted servers for one or several groups of users; the traf­fic from these servers will be excluded from scanning for viruses.
Create a list of types of object excluded from anti-virus protection.
®
Kaspersky Anti-Virus
HTTP 1.0 and 1.1 (RFC 2616);
FTP (RFC 959, 2389, Extensions to FTP);
FTP over HTTP.
supports the following data transfer protocols:
1.1. Hardware and software requirements
Kaspersky Anti-Virus® for MS ISA Server operates in integration with Microsoft® Internet Security and Acceleration Server 2000 with Service Pack 1 or higher installed under the following platforms:
Microsoft® Windows 2003 Server.
®
Microsoft
Microsoft
Windows 2000 Server (Service Pack 3 or higher).
®
Windows 2000 Advanced Server (Service Pack 3 or higher).
This version of the program cannot be installed on MS ISA Server com­puters operating as array members.
®
To use Kaspersky Anti-Virus following minimum requirements:
Pentium II processor of 300 MHz or higher.
At least 256 Mb of free RAM.
At least 20 Mb of free hard disk space for installation of the program.
At least 200 Mb of free hard disk space for temporary storage of data cop-
ied from the Internet before scanning for viruses.
for MS ISA Server, your computer must meet the
Kaspersky Anti-Virus® for MS ISA Server 6
1.2. Distribution kit
You can purchase Kaspersky Anti-Virus® for MS ISA Server either from our distributors (retail box) or online at one of our Internet shops (for example,
www.kaspersky.com
The retail box includes:
a sealed envelope with an installation CD containing files for the software product;
administrator's guide;
a license key written on the floppy disk;
license agreement.
Before you unseal the envelope containing the CD, be sure to thor­oughly review the license agreement.
If you buy Kaspersky Anti-Virus installation file of the product from the Kaspersky Labs website. This installation file includes this Administrator’s Guide and the license key. The license key can also be sent to you by e-mail after receiving your payment.
The License Agreement is a legal agreement between you and the manufacturer (Kaspersky Labs Ltd.) describing the terms on which you may employ the anti­virus product which you have purchased.
– select the E store link).
®
for MS ISA Server online, you download the
Make sure you read the License Agreement!
If you do not agree to the terms of this LA, you can return the unused product to your Kaspersky Anti-Virus containing the CD is sealed.
If you unseal the envelope or install the program, you are considered to have agreed to all the terms of the LA.
®
dealer for a full refund, making sure the envelope
1.3. Help Desk for registered users
Kaspersky Labs offers a large service package enabling its registered customers to enjoy all the available features of Kaspersky Anti-Virus
If you register and purchase a subscription you will be provided with the following services for the period of your subscription:
®
.
7 Kaspersky Anti-Virus for MS ISA Server
new versions of this anti-virus software product provided free of charge;
phone or e-mail advice on matters related to the installation, configuration,
and operation of this anti-virus product;
information about new Kaspersky Labs products and about new computer viruses (for those who subscribe to the Kaspersky Labs newsletter).
Kaspersky Labs does not provide information related to the operation and use of your operating system or various other technologies.
1.4. Conventions
In this book we use various conventions to emphasize different meaningful parts of the documentation. The Table below lists the conventions used in this User Guide.
Convention Meaning
Bold font
Note.
Text of information mes­sages and the command line
Attention!
To do this,
1. Step 1.
2. …
Menu titles, commands, window titles, dialog elements, etc.
Additional information, notes
Critical information
Actions that must be taken
Text of configuration files, information messages, and the command line.
Chapter 2. Typical Deployment
scenarios
A typical scenario for deploying ISA Server and most of its services is as follows: the administrator installs the application on the ISA Server computer, and the ISA administration tool on a remote computer (as a rule, an administrator’s workstation).
In this deployment scenario, the Kaspersky Anti-Virus installed on the ISA Server computer, and the Kaspersky Anti-Virus administration console, on the administrator’s workstation. The computer that runs the Kaspersky Anti-Virus have the ISA Server administration tools installed.
You can install separate components of Kaspersky Anti-Virus® by manually installing the application (see Chapter 3 on page 11).
During the installation procedure, the program will automatically detect the ISA Server mode. Below, we consider possible ISA Server modes and any special features of Kaspersky Anti-Virus
The documentation for ISA Server describes three possible modes:
Firewall.
Proxy (Cache).
Integrated.
In Firewall mode, ISA Server protects internal network communications from various types of Internet-borne threats by using various tools, such as IP packet filters, Web filters, and application filters. In this mode, caching of transmitted information is disabled.
In Proxy (Cache) mode, ISA Server acts as a cache server that routes requests and plans data loading for efficient processing of subsequent clients’ requests. In this mode, ISA Server does not function as a firewall.
In Integrated mode, all the features of the firewall and cache server are available. In addition, in this mode, you can set ISA Server to operate separately in the Proxy or Firewall modes.
During the installation of Kaspersky Anti-Virus operates is determined automatically. Depending on the mode, various sets of data stream filters are installed.
®
for ISA Server administration console must only
®
operation for each of these modes.
®
, the mode in which ISA Server
®
application must be
®
9 Kaspersky Anti-Virus for MS ISA Server
The following Kaspersky Anti-Virus® filters can optionally be added to the system:
Kaspersky Anti-Virus FTP Application Filter.
Kaspersky Anti-Virus Web Filter.
Kaspersky Anti-Virus HTTP Application Filter.
Table 1 shows filter options for the three ISA Server modes.
Table 1
Filters Proxy Firewall Integrated
Kaspersky Anti-Virus FTP
No Yes Yes
Application Filter
Kaspersky Anti-Virus Web Filter
Kaspersky Anti-Virus HTTP
Yes Yes
No Yes No
1
Yes
Application Filter
After Kaspersky Anti-Virus® is installed, you will be able to manage the above filters using the ISA Server Administration interface.
When the ISA Server is running in the Firewall mode Kaspersky Anti-Virus Web Filter is installed in disabled state, since it is presupposed that all the clients use the ISA Server as a firewall without accessing the proxy server directly. If the clients do access the proxy server directly (e.g. their browsers are set to work via the proxy), please enable Kaspersky Anti-Virus Web Filter after the application is installed to make sure the traffic passing via the proxy server is scanned for viruses.
If you reinstall ISA Server to change the installed mode, you must also reinstall Kaspersky Anti-Virus® and select only those filters that are compatible with the selected mode.
Fig. 1 shows a scheme of processing the initial data streams that are common for all possible Kaspersky Anti-Virus® deployment scenarios.
1
The filter is disabled by default
Typical Deployment scenarios 10
Figure 1. Processing of data streams by Kaspersky Anti-Virus for MS ISA Server
Chapter 3. How to install the
application
To correctly install the Kaspersky Anti-Virus® application, you should first properly configure HTTP Redirector Filter and FTP Access Filter of the ISA Server and then install the application on your computer.
3.1. Configuring ISA Server before installing the application
The MS ISA Server console provides a number of standard filters for controlling data packets received from the Internet. The HTTP protocols are controlled by the HTTP Redirector Filter. The FTP protocols are controlled by the FTP Access Filter (not used in Proxy mode).
®
Kaspersky Anti-Virus receive the initial data streams and subsequently process them.
Before installing Kaspersky Anti-Virus the standard HTTP Redirector Filter and FTP Access Filter are enabled and are forwarding data streams to pass through the anti-virus filter. Otherwise, disabling these filters can lead to disabling the anti-virus protection of your server!
Data stream filters are controlled from the standard console tree of ISA Management.
for MS ISA Server uses default settings of these filters to
®
for ISA Server, make sure that
To configure HTTP Redirector Filter and FTP Access Filter:
In the console tree of the ISA Management main window, select the Ex­tensions node and click the Application Filters folder.
If one of these filters is disabled, you will see the
To enable a filter:
1. Select the required filter in the list and open the Properties dialog box.
icon in the list of filters.
How to install the application 12
2. For FTP Access Filter, click Enable this filter in the FTP Access Filter Properties dialog box.
3. For HTTP Redirector Filter, click Enable this filter on the General tab of the HTTP Redirector Filter Properties dialog box. Then, on the Options tab, select Send to requested Web server, if MS ISA Server is operating in Firewall mode. This will allow the data streams flowing through the HTTP protocol to enter the corresponding Kaspersky Anti­Virus® filters.
If you have selected Send to local Web Proxy server when the ISA Server is running in the Firewall mode and have en­abled Kaspersky Anti-Virus Web Filter, it is recommended to disable Kaspersky Anti-Virus HTTP Application Filter in order to avoid duplication checking of the traffic: when pass­ing through the HTTP Redirector Filter and the local proxy server.
Sometimes, third-party filters are used in conjunction with the standard MS ISA Server filters. However, these additional filters can affect the performance of the anti-virus application if their settings prevent the initial data from entering the Kaspersky Anti-Virus ISA Server might be completely disabled because of these filters.
®
filters. Moreover, in some cases, Kaspersky Anti-Virus® for
3.2. Installing Kaspersky Anti-Virus®
The installation procedure for Kaspersky Anti-Virus® for ISA Server is standard for most Windows applications. You can select complete installation or custom installation and restore an Anti-Virus configuration in the case of an incorrect installation.
3.2.1. First installation
Step 1. Welcome and License Agreement dialog boxes
During the initial stages, the Kaspersky Anti-Virus® setup wizard presents the Welcome and License Agreement dialog box that contains the License Agreement. To proceed with the installation, read the agreement thoroughly and accept its terms.
Step 2. User data and selecting installation options
At this stage, the program automatically detects user information by using data from the operating system registry, and offers two installation options: complete
13 Kaspersky Anti-Virus for MS ISA Server
installation or custom installation (Fig. 2). If you are installing the entire Kaspersky Anti-Virus
®
application (anti-virus kernel, administration tools, etc.) on
an MS ISA Server computer, select complete installation.
If you want to install a separate component of Kaspersky Anti-Virus
®
, select custom installation. For example, if you want to remotely manage Kaspersky Anti-Virus®, install only the administration console on the administrator’s workstation.
If you want to install Kaspersky Anti-Virus console on a computer, make sure that ISA administration tools are installed on this computer!
®
for ISA Server administration
Figure 2. Setup Type
Step 3. Selecting the application components to be installed
In this stage, you select the Kaspersky Anti-Virus® components to be installed on your computer (Fig. 3).
As a rule, these are administration tools for managing Kaspersky Anti-Virus® that come together with the Microsoft Management Console.
You can also change the location of the administration console.
How to install the application 14
Figure 3. Custom Setup. Installing the administration console
Step 4. Anti-virus kernel settings
In this installation step, you must define the anti-virus protection settings that will be used as default values (Fig. 4). The following settings can be adjusted:
File system folder for storing the scan queue.
It is recommended that you locate this folder on a disk that has at least 200 Mb of available disk space.
Number of queued objects.
Folder for storing the anti-virus database that is used to detect and disin-
fect viruses.
Folder for storing temporary files created by the program during its opera­tion.
Number of anti-virus kernels run simultaneously.
To speed up anti-virus scanning and handling objects, we rec­ommend that you install four anti-virus kernels on one physical processor. Thus, for example, the recommended number of anti-virus kernels running on two physical processors is eight.
Each of the above parameters has a default value. To change the current default values, click the corresponding buttons or enter data into the corresponding fields.
15 Kaspersky Anti-Virus for MS ISA Server
Figure 4. Default settings for the program
Immediately after this stage is completed, the program will start copying files to your computer.
Step 5. Completing the setup
The last step of Kaspersky Anti-Virus® installation is restarting MS ISA Server. The server must be restarted in order to load the anti-virus filters included in the package. You can restart the server from either the MS ISA Server console or the setup wizard window if you check the corresponding checkbox (Fig. 5).
Note that anti-virus protection of your ISA server will be activated only after you restart MS ISA Server services.
After the application is installed, it is recommended that you restart the server to finish registration of all the necessary Kaspersky Anti-Virus
®
services.
How to install the application 16
Figure 5. Complete the setup
3.2.2. Reinstalling
Kaspersky Anti-Virus for ISA Server must be reinstalled if the first installation of the application was incorrect or if you want to install a component of Kaspersky Anti-Virus®.
To correctly install the anti-virus application, select Repair in the dialog box that appears on your screen (Fig. 6).
In this case, the setup wizard will repeat the previous installation procedure. Thus, if the previous installation was a custom type, after you select Repair, the reinstallation procedure will also be performed in custom mode.
17 Kaspersky Anti-Virus for MS ISA Server
Figure 6. Selecting the reinstallation mode
To install an individual component of the anti-virus application on your computer, select Modify.
After this, the custom installation dialog box will appear (Fig. 3). To con­tinue with setup, follow the steps described for the first installation.
3.2.3. Troubleshooting installation problems
During installation of Kaspersky Anti-Virus®, you might face a number of software problems. Each of these problems results in termination of the Kaspersky Anti­Virus® installation.
Let us consider the most typical errors and the most common reasons for them.
How to install the application 18
This error occurs when the program fails to register performance counters during the installation of Kaspersky Anti-Virus®. These performance counters are used in the Windows 2000 operating system to view the statistics of application performance.
Figure 7. Counter registration error
This error occurs when the ISA Server computer on which you install the anti-virus application is an array member. The application cannot be installed on such a server because Kaspersky Anti-Virus® for ISA Server does not support this ISA Server mode.
Figure 8. Error installing the anti-virus application on
an ISA Server that is an array member
If you see this notification on your screen, make sure that the server satisfies the software requirements for installing Kaspersky Anti-
®
Virus
.
Figure 9. Required Software not Found error
The above-listed errors are just a few that can occur during the installation of Kaspersky Anti-Virus installation procedure. To avoid errors, before installing Kaspersky Anti-Virus
®
. Any critical error usually leads to termination of the
®
take a moment to review the hardware and software requirements listed in section 1.1, on page 5.
,
Chapter 4. Using Kaspersky
Anti-Virus® for ISA Server
The installation package installs Kaspersky Anti-Virus® according to the current mode of your ISA Server. After the application is installed, you can immediately start scanning data streams because all the parameters necessary for the scan have been already set by default.
The installed application automatically creates the user default, the group default, and the policy default because Kaspersky Anti-Virus work only when at least one group and one policy have been created. Remember that you cannot delete the default user, group, or policy!
4.1. Default values of scan settings
You can configure scan settings on the tabs of the Properties of Kaspersky Anti-Virus for ISA Server dialog box. The following are the default scan
settings:
The HTTP tab displays settings that regulate the application performance
(see section 4.2.1.2 on page 25 for more detail) and messages sent to the client (see section 4.4 on page 40):
Maximum scan time for the first chunk of data, sec – 300 sec-
onds.
Maximum time span between chunks of data sent to the client,
sec – 60 seconds.
Data not sent to the client before scan completes, % – 10 %.
Enable partial content download – enabled.
Error messages sent to the client.
<html> <head> <title>Kaspersky Anti-Virus for Microsoft ISA Server</title> </head> <body> <h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1> <p>Internal Scanner Error "%ERR_TEXT%"
®
can
Using Kaspersky Anti-Virus® for ISA Server 20
(%ERR%)</p> </body> </html>
Message sent to the client about detection of a malicious object:
<html> <head> <title>Kaspersky Anti-Virus for Microsoft ISA Server</title> </head> <body> <h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1> <p>The requested URL "%URL%" is infected with %VIRUSNAME% virus</p> </body> </html>
The FTP tab (see section 4.2.1.3 on page 26 for more detail) contains
information about data received by the server before the first chunk of data is sent to the client, Kb – 8 Kb.
The Anti-Virus tab (see section 4.2.1.1 on page 23) lists a set of folders
for storing Kaspersky Anti-Virus
®
for ISA Server working data:
Folder for storing anti-virus databases:
C:/Program Files/Kaspersky Lab/KAV for ISA/bases
Folder for scan queue:
C:/Program Files/Kaspersky Lab/KAV for ISA/TaskQueue
Folder for temporary files:
C:/Program Files/Kaspersky Lab/KAV for ISA/Temp
Number of anti-virus kernels run simultaneously – 4 kernels.
Scan queue size – 1024 objects.
Scanning settings:
o Disinfect objects if possible
o Scan archives
o Scan compressed executable files
The Licensing tab (see section 4.7 on page 48) displays the number of
days the administrator will be notified about the license expiry. The num­ber of days is set in the Notify about license expiration field and it is seven days by default. The administrator is notified by messages displayed in
Loading...
+ 46 hidden pages