How it Works
Kaspersky
Loading...
A
E
Loading...
Loading...
ANTI-VIRUS 5.6
User Manual
104 pgs2.85 Mb0
User Manual
75 pgs1.03 Mb0
User Manual
130 pgs1.31 Mb0

Kaspersky ANTI-VIRUS 5.6, ANTI-VIRUS 11.0 User Manual

KASPERSKY LAB
Kaspersky Anti-Virus® 5.6
for Microsoft ISA Server 2000
Enterprise Edition
KASPERSKY ANTI-VIRUS® 5.6
FOR MICROSOFT ISA SERVER 2000
ENTERPRISE EDITION
Administrator’s Guide
© Kaspersky Lab
http://www.kaspersky.com
Edition date: August 2005
Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR MICROSOFT ISA SERVER
2000 ENTERPRISE EDITION..................................................................................... 4
1.1. What’s new in Kaspersky Anti-Virus® 5.6 for Microsoft ISA Server 2000
Enterprise Edition................................................................................................. 5
1.2. Hardware and software requirements .................................................................. 6
1.3. Distribution kit ........................................................................................................ 6
1.4. Help Desk for registered users.............................................................................. 7
1.5. Conventions........................................................................................................... 8
CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS ................................................. 9
CHAPTER 3. INSTALLING THE APPLICATION......................................................... 12
3.1. Configuring ISA Server settings before installing the application ......................12
3.2. Installing Kaspersky Anti-Virus®.......................................................................... 13
3.2.1. First installation ............................................................................................. 14
3.2.2. Reinstalling.................................................................................................... 18
CHAPTER 4. USING KASPERSKY ANTI-VIRUS® FOR ISA SERVER..................... 19
4.1. Default scan settings ........................................................................................... 19
4.2. Managing scans .................................................................................................. 22
4.2.1. Configuring general settings of anti-virus scans.......................................... 23
4.2.1.1. General settings..................................................................................... 24
4.2.1.2. Settings for HTTP scanning................................................................... 27
4.2.1.3. Settings for FTP scanning ..................................................................... 29
4.2.2. Editing application settings for a single server............................................. 30
4.2.3. Managing client groups ................................................................................ 34
4.2.4. Specifying policies for anti-virus scanning ................................................... 39
4.2.4.1. Managing a list of trusted servers.......................................................... 45
4.2.4.2. Creating a list of objects excluded from scans...................................... 46
4.3. Updating the anti-virus database ........................................................................ 47
4.3.1. Scheduled updating of the anti-virus database ........................................... 50
4.3.2. On-demand updating.................................................................................... 51
4.3.3. Configuring database updating on a single server...................................... 51
3 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
4.4. Configuring notifications ...................................................................................... 52
4.5. Testing Kaspersky Anti-Virus® operation............................................................ 53
4.6. Application statistics and diagnostics.................................................................. 53
4.6.1. Recording and viewing statistics .................................................................. 54
4.6.2. Notifying the administrator using ISA Server Alerts..................................... 56
4.6.3. Configuring diagnostics options for the application ..................................... 57
4.7. Managing license keys........................................................................................ 59
4.7.1. Installing a new license key.......................................................................... 60
4.7.2. Renewing your license .................................................................................61
4.7.3. Removing a license key ............................................................................... 63
4.8. Managing the application via Kaspersky Administration Kit .............................. 63
4.8.1. Managing tasks............................................................................................. 64
4.8.1.1. Creating a task....................................................................................... 64
4.8.1.2. Viewing and changing task settings...................................................... 69
4.8.1.3. Starting and stopping tasks ................................................................... 72
4.8.2. Managing application settings...................................................................... 73
CHAPTER 5. FREQUENTLY ASKED QUESTIONS................................................... 83
APPENDIX A. HOW TO CONTACT TECHNICAL SUPPORT ................................... 89
APPENDIX B. GLOSSARY........................................................................................... 91
APPENDIX C. KASPERSKY LAB................................................................................. 92
C.1. Other Kaspersky Lab Products .......................................................................... 93
C.2. Contact Us .......................................................................................................... 97
APPENDIX D. LICENSE AGREEMENT ...................................................................... 98
CHAPTER 1. KASPERSKY ANTI-
VIRUS® FOR MICROSOFT ISA SERVER 2000 ENTERPRISE EDITION

Kaspersky Anti-Virus® for Microsoft ISA Server 2000 Enterprise Edition

(hereafter, also Kaspersky Anti-Virus virus protection of files transferred using the HTTP and FTP protocols via the Microsoft Internet Security and Acceleration Server. It ensures reliable protection of corporate networks from penetration of malicious software.
Kaspersky Anti-Virus packets transferred via the HTTP and FTP protocols, isolates controlled objects from this data, analyzes them for the presence of viruses, and prevents infected files and Web documents from penetrating a corporate network.
The program includes data stream filters and the anti-virus kernel.
The filters are integrated into Microsoft ISA Server as plug-ins, and the anti-virus kernel is installed into the system as a service.
The anti-virus protection is managed through a special interface built into the ISA administration snap-in for Microsoft Management Console (MMC) as an extension.
The interface for managing Kaspersky Anti-Virus for Microsoft ISA Server is an extension of MMC that must be integrated with Microsoft ISA Server. This extension cannot be installed on a separate adminis­trator desktop as an MMC extension.
The application performs the following functions:
Anti-virus protection and processing of data streams received from the Internet.
Generation of data streams from disinfected files and the delivery of these streams to the client upon request.
Scheduled and manual updating of the anti-virus database via the Internet, a local folder, or a shared folder.
Logging of statistics about program performance and displaying the results using standard Windows tools.
®
for Microsoft ISA Server acts as a filter that intercepts
®
for ISA Servers) is a system of anti-
5 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Management of license keys.
In addition, Kaspersky Anti-Virus® for Microsoft ISA Server allows the administrator to:
Set parameters for anti-virus protection and for notifications about dangerous events.
Create groups of users in accordance with the adopted network policy. For example, you can use the existing administration division to define anti-virus policy settings for each of the groups created. This can significantly speed up the scanning process.
Create a list of trusted servers for one or several groups of users; the traffic from these servers will be excluded from scanning for viruses.
Create a list of types of object excluded from anti-virus protection.
The application can be managed from a remote location using Kaspersky Administration Kit, a system for centralized management of the anti-virus protection system (see section 4.8 on page 63).
Kaspersky Anti-Virus
HTTP 1.0 and 1.1 (RFC 2616);
FTP (RFC 959, 2389, Extensions to FTP);
FTP over HTTP.
The application does not protect data transferred by other transfer pro­tocols and VPN connections.
®
supports the following data transfer protocols:
1.1. What’s new in Kaspersky Anti­Virus® 5.6 for Microsoft ISA Server 2000 Enterprise Edition
This application is designed to protect Microsoft ISA Servers installed as enterprise array members. The application allows centralized management of anti-virus protection settings for all servers protected by Kaspersky Anti-Virus and centralized updating of the anti-virus database.
Though this version can be installed on a standalone Microsoft ISA Server, it is advised to use Kaspersky Anti-Virus 5.1 for Microsoft ISA Server on such servers.
Kaspersky Anti-Virus® for Microsoft ISA Server 2000 Enterprise Edition 6
1.2. Hardware and software requirements
Kaspersky Anti-Virus® for Microsoft ISA Server operates in integration with Microsoft® Internet Security and Acceleration Server 2000 Enterprise Edition with Service Pack 2 or higher installed under the following operating systems:
Microsoft® Windows 2003 Server.
Microsoft® Windows 2000 Server (Service Pack 4 or higher).
Microsoft® Windows 2000 Advanced Server (Service Pack 4 or higher).
To use Kaspersky Anti-Virus the following minimum requirements:
Pentium II processor of 300 MHz or higher.
At least 256 MB free RAM.
At least 50 MB hard disk space for installation of the program.
At least 200 Mb hard disk space for temporary storage of data copied
from the Internet before scanning for viruses.
The amount of free disk space required to temporarily store data downloaded from the Internet before an anti-virus scan starts depends on the density of traffic processed by Micro­soft ISA Server. As a rule, 500 MB is enough but if traffic is heavy and files downloaded are too large, more space can be required.
®
for Microsoft ISA Server, your computer must meet
1.3. Distribution kit
You can purchase Kaspersky Anti-Virus® for Microsoft ISA Server either from our distributors (retail box) or online at one of our Internet shops (for example,
www.kaspersky.com
The retail box includes:
a sealed envelope with an installation CD containing files for the software product;
administrator's guide;
a license key written on the floppy disk;
license agreement.
– select the E store link).
7 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Before you unseal the envelope containing the CD, be sure to thor­oughly review the license agreement.
®
If you buy Kaspersky Anti-Virus the installation file of the product from the Kaspersky Lab website. This installation file includes this Administrator’s Guide and the license key. The license key can also be sent to you by e-mail after receiving your payment.
The License Agreement is a legal agreement between you and the manufacturer (Kaspersky Lab) describing the terms on which you may employ the anti-virus product which you have purchased.
Make sure you read the License Agreement!
If you do not agree to the terms of this LA, you can return the unused product to your Kaspersky Anti-Virus® dealer for a full refund, making sure the envelope containing the CD is sealed.
If you unseal the envelope or install the program, you are considered to have agreed to all the terms of the LA.
for Microsoft ISA Server online, you download
1.4. Help Desk for registered users
Kaspersky Lab offers a large service package enabling its registered customers to enjoy all the available features of Kaspersky Anti-Virus
If you register and purchase a subscription you will be provided with the following services for the period of your subscription:
new versions of this anti-virus software product provided free of charge;
phone or e-mail advice on matters related to the installation,
configuration, and operation of this anti-virus product;
information about new Kaspersky Lab products and about new computer viruses (for those who subscribe to the Kaspersky Lab newsletter).
®
.
Kaspersky Anti-Virus® for Microsoft ISA Server 2000 Enterprise Edition 8
Kaspersky Lab does not provide information related to the operation and use of your operating system or various other technologies.
1.5. Conventions
In this book we use various conventions to emphasize different meaningful parts of the documentation. The Table below lists the conventions used in this User Guide.
Convention Meaning
Bold font
Note.
Text of information mes­sages and the command line
Attention!
To do this,
1. Step 1.
2. …
Menu titles, commands, window titles, dialog elements, etc.
Additional information, notes
Critical information
Actions that must be taken
Text of configuration files, information messages, and the command line.
CHAPTER 2. TYPICAL
DEPLOYMENT SCENARIOS
A typical scenario for deploying ISA Server and most of its services is as follows: the administrator installs the application on the ISA Server computer, and the ISA administration tool on a remote computer (as a rule, an administrator’s workstation).
In this deployment scenario, the Kaspersky Anti-Virus installed on the ISA Server computer, and the Kaspersky Anti-Virus administration console, on the administrator’s workstation. The computer that runs the Kaspersky Anti-Virus
®
for ISA Server administration console must only
have the ISA Server administration tools installed.
®
application must be
®
You can install separate components of Kaspersky Anti-Virus manually installing the application (see Chapter 3 on page 12).
®
by
During the installation procedure, the program will automatically detect the ISA Server mode. Below, we consider possible ISA Server modes and any special features of Kaspersky Anti-Virus
®
operation for each of these modes.
The documentation for ISA Server describes three possible modes:
Firewall.
Proxy (Cache).
Integrated.
In Firewall mode, ISA Server protects internal network communications from various types of Internet-borne threats by using various tools, such as IP packet filters, Web filters, and application filters. In this mode, caching of transmitted information is disabled.
In Proxy mode, ISA Server acts as a cache server that routes requests and plans data loading for efficient processing of subsequent clients’ requests. In this mode, ISA Server does not protect the internal network.
In Integrated mode, all the features of the firewall and cache server are available. In addition, in this mode, ISA Server operates as both Proxy and Firewall.
During Kaspersky Anti-Virus
®
installation, the mode in which ISA Server operates is determined automatically. Depending on the mode, various sets of data stream filters are installed.
Typical deployment scenarios 10
The following Kaspersky Anti-Virus® filters can optionally be added to the system:
Kaspersky Anti-Virus FTP Application Filter.
Kaspersky Anti-Virus Web Filter.
Kaspersky Anti-Virus HTTP Application Filter.
Table 1 shows filter options for the three ISA Server modes.
Table 1
Filter Proxy Firewall Integrated
Kaspersky Anti-Virus FTP Application
No Yes Yes
Filter
Kaspersky Anti-Virus Web Filter Yes Yes1 Yes
Kaspersky Anti-Virus HTTP Application
No Yes No
Filter
After Kaspersky Anti-Virus® is installed, you will be able to manage the above filters through the ISA Server Administration interface.
When the ISA Server is running in the Firewall mode, Kaspersky Anti-Virus Web Filter is installed in disabled state, since it is presupposed that all the clients use the ISA Server as a firewall without accessing the proxy server directly. If the clients do access the proxy server directly (e.g. their browsers are set to work via the proxy), please enable Kaspersky Anti-Virus Web Filter after the application is installed to make sure the traffic passing via the proxy server is scanned for viruses.
If you reinstall ISA Server to change the installed mode, you must also reinstall Kaspersky Anti-Virus compatible with the selected mode.
®
and select only those filters that are
Fig. 1 shows a scheme of processing the initial data streams that are common for all possible Kaspersky Anti-Virus® deployment scenarios.
1
The filter is disabled by default
11 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 1. Processing of data streams by Kaspersky Anti-Virus for Microsoft ISA Server
CHAPTER 3. INSTALLING THE
APPLICATION
To correctly install the Kaspersky Anti-Virus® application, you should first properly configure several standard filters of ISA Server.
3.1. Configuring ISA Server settings
before installing the application
Microsoft ISA Server provides a number of standard filters for controlling data packets received via the HTTP and FTP protocols: HTTP Redirector Filter и FTP Access Filter (the latter is not used in Proxy mode). The settings and statuses of these filters affect the performance of Kaspersky Anti-Virus for Microsoft ISA Server.
To avoid disabling anti-virus protection of servers, make sure that:
FTP Access Filter is activated;
HTTP Redirector Filter is configured to forward HTTP traffic to
the anti-virus filter.
Data stream filters are controlled from the standard console tree of ISA Management.
To configure HTTP Redirector Filter and FTP Access Filter:
In the console tree of the ISA Management main window, select the Ex­tensions node and click the Application Filters folder.
If one of these filters is disabled, you will see the icon in the list of filters.
To enable a filter:
1. Select the required filter in the list and open the Properties dialog
box.
13 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
2. For FTP Access Filter, click Enable this filter in the FTP Access Filter Properties dialog box.
3. For HTTP Redirector Filter, click Enable this filter on the General tab of the HTTP Redirector Filter Properties dialog box. Then, on the Options tab, select Send to requested Web server, if Microsoft ISA Server is operating in Firewall mode. This will allow the data streams flowing through the HTTP protocol to enter the corresponding Kaspersky Anti-Virus® filters.
If you have selected Send to local Web Proxy server when the ISA Server is running in the Firewall mode and have en­abled Kaspersky Anti-Virus Web Filter, it is recommended that you disable Kaspersky Anti-Virus HTTP Application Filter in order to avoid duplication checking of the traffic: when passing through the HTTP Redirector Filter and the local proxy server.
Sometimes, third-party filters are used in conjunction with the standard Microsoft ISA Server filters. However, these additional filters can affect the performance of the anti-virus application if their settings prevent the initial data from entering the Kaspersky Anti-Virus ISA Server might be completely disabled because of these filters.
®
filters. Moreover, in some cases, Kaspersky Anti-Virus® for
3.2. Installing Kaspersky Anti-Virus®
The installation procedure for Kaspersky Anti-Virus® for ISA Server is standard for most Windows applications. The installation application can be run locally on ISA Server or on a remote terminal. You can select complete installation or custom installation and restore an Anti-Virus configuration in the case of an incorrect installation.
To install Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition, the user must have domain administrator rights
During installation of Kaspersky Anti-Virus, several errors might occur. Each of these errors causes termination of Kaspersky Anti-Virus installation. To avoid errors, before installation make sure that your server meets all hardware and software requirements (see section 1.2 on page 6).
If errors occur during installation, please contact the Technical Support service (see Appendix A). Please, attach the log file c:\kav4isa.log to the message.
Installing the application 14
3.2.1. First installation
Step 1. Welcome and License Agreement dialog boxes
The Kaspersky Anti-Virus® setup wizard starts with the Welcome and License Agreement dialog boxes. The License Agreement dialog box contains the text
of the License Agreement. To proceed with the installation, read the agreement thoroughly and accept its terms.
Step 2. User data and selecting installation options
At this stage, the program automatically detects user information by using data from the operating system registry, and offers two installation options: complete installation or custom installation (Fig. 2). If you are installing the entire Kaspersky Anti-Virus an Microsoft ISA Server computer, select complete installation.
If you want to install a separate component of Kaspersky Anti-Virus custom installation. For example, if you want to remotely manage Kaspersky Anti-Virus
®
, install only the administration console on the administrator’s
workstation.
If you want to install Kaspersky Anti-Virus console on a computer, make sure that Microsoft Windows 2000 (with Service Pack 4 and higher) and ISA administration tools are installed on this computer!
®
application (anti-virus kernel, administration tools, etc.) on
®
, select
®
for ISA Server administration
Figure 2. Setup Type
15 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Step 3. Selecting the application components to be installed
In this stage, you select the Kaspersky Anti-Virus® components to be installed on your computer (see Fig. 3).
®
As a rule, these are administration tools for managing Kaspersky Anti-Virus come together with the Microsoft Management Console.
You can also change the location of the administration console.
Figure 3. Custom Setup. Installing the administration console
that
Step 4. Anti-virus protection settings
In this installation step, you must define the anti-virus protection settings that will be used as default values (Fig. 4). The following settings can be adjusted:
File system folder for storing the scan queue. This directory should meet the requirements for free disk space for temporarily storing data copied from the Internet before anti-virus scanning (see section 1.2 on page 6).
Number of queued objects.
Folder for storing the anti-virus database that is used to detect and
disinfect viruses.
Folder for storing temporary files created by the program during its operation.
Number of anti-virus kernels running simultaneously.
Installing the application 16
To speed up anti-virus scanning and handling objects, we rec­ommend that you install four anti-virus kernels on one physical processor. Thus, for example, the recommended number of anti-virus kernels running on two physical processors is eight.
Each of the above parameters has a default value. To change the default values, click the corresponding buttons or enter data into the corresponding fields.
Figure 4. Default settings for the program
Immediately after this stage is completed, the program will start copying files to your computer.
Step 5. Completing the setup
The last step of Kaspersky Anti-Virus® installation is restarting Microsoft ISA Server. The server must be restarted in order to load the anti-virus filters included in the package. You can restart the server from either the Microsoft ISA Server console or the setup wizard window if you check the corresponding checkbox (Fig. 6).
Note that anti-virus protection of your ISA server will be activated only after you restart Microsoft ISA Server services.
17 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 5. Complete the setup
In this stage, you can run automatic installation of application license keys by selecting the corresponding box. If this check box is selected, after the installation completes, a dialog box opens (see Figure 6) in which you can add/install a license key file.
Figure 6. Selecting the license key
Installing the application 18
It is possible to install license keys after the application is installed (see section 4.7 on page 59).
Without an installed license key, Kaspersky Anti-Virus will not scan traf­fic and the anti-virus database will not be updated.
3.2.2. Reinstalling
Kaspersky Anti-Virus for ISA Server must be reinstalled if the first installation of the application was incorrect or if you want to install a component of Kaspersky Anti-Virus®.
To correctly install the anti-virus application, select Repair in the dialog box that appears on your screen (Fig. 7).
In this case, the setup wizard will repeat the previous installation procedure. Thus, if the previous installation was a custom type, after you select Repair, the reinstallation procedure will also be performed in custom mode.
Figure 7. Selecting the reinstallation mode
To install an individual component of the anti-virus application on your computer, select Modify.
After this, the custom installation dialog box will appear (Fig. 3). To con­tinue with setup, follow the steps described for the first installation.
CHAPTER 4. USING KASPERSKY
ANTI-VIRUS® FOR ISA SERVER
The installation package installs Kaspersky Anti-Virus® according to the current mode of your ISA Server. After the application is installed and the Microsoft ISA Server services are restarted, Kaspersky Anti-Virus is ready to start scanning data streams because all the parameters necessary for the scan have been already set by default. Kaspersky Anti-Virus can be managed:
Locally, if the server part (anti-virus kernel, anti-virus database and filters for Microsoft ISA Server) and administration tools (Administration Console) for the application are installed on the same computer;
Remotely, if the server part and administration tools are installed on different computers.
In addition, if the computer is included into the centralized management system using Kaspersky Administration Kit, you can remotely manage Kaspersky Anti­Virus through the Kaspersky Administration Kit Administration Console section 4.8 on page 63).
The installed application automatically creates the user default, the group default, and the policy default because Kaspersky Anti-Virus work only when at least one group and one policy have been created.
Remember that you cannot delete the default user, group, or policy!
2
(see
®
can
4.1. Default scan settings
You can configure scan settings on the tabs of the Properties of Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition dialog box. The
following are the default scan settings:
2
Hereafter, the Administration Console of Kaspersky Anti-Virus for Microsoft ISA Server is referred to as the Administration Console. The Administration Console of Kaspersky Administration Kit is referred to by its full name.
Using Kaspersky Anti-Virus® for ISA Server 20
The HTTP tab displays settings that regulate the application performance
(see section 4.2.1.2 on page 26 for more detail) and messages sent to the client (see section 4.4 on page 51):
Cure HTTP traffic – enabled
Maximum scan time for the first chunk of data, sec – 30 sec-
onds.
Maximum time span between chunks of data sent to the client,
sec – 10 seconds.
Data not sent to the client before scan completes, % – 10 %.
Enable partial content download – enabled.
Error messages sent to the client.
<html> <head> <title>Kaspersky Anti-Virus for Microsoft ISA Server</title> </head> <body> <h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1> <p>Internal Scanner Error "%ERR_TEXT%" (%ERR%)</p> </body> </html>
Message sent to the client about detection of a malicious object:
<html> <head> <title>Kaspersky Anti-Virus for Microsoft ISA Server</title> </head> <body> <h1>Kaspersky Anti-Virus for Microsoft ISA Server</h1> <p>The requested URL "%URL%" is infected with %VIRUSNAME% virus</p> </body> </html>
The FTP tab (see section 4.2.1.3 on page 29 for more detail) contains
information about data received by the server before the first chunk of
data is sent to the client, KB – 128 KB.
21 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
The Anti-Virus tab (see section 4.2.1.1 on page 24) displays scan
settings:
Disinfect objects if possible
Scan archives
Scan compressed executable files
The Licensing tab (see section 4.7 on page 59) displays the number of
days the administrator will be notified about the license expiry. The number of days is set in the Notify about license expiration field and it is seven days by default. The administrator is notified by messages displayed in the system log on the computer running Kaspersky Anti­Virus® for ISA Server.
The Updating tab (see section 4.3 on page 47) contains settings for
updating the anti-virus database and the frequency of its updating. By default, updating is performed every three hours. The update server is randomly selected from the list.
For each server, the Anti-Virus tab (see section 4.2.2 on page 30) in the server properties dialog box lists a set of folders for Kaspersky Anti-Virus
®
for ISA
Server working data:
Folder for storing anti-virus databases: …/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA Server/bases
Folder for scan queue: …/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA Server/TaskQueue
Folder for temporary files: …/Program Files/Kaspersky Lab/Kaspersky Anti-Virus for ISA Server/Temp
Number of queued objects cashed in memory – 128 objects.
Buffer size for a cashed object – 128 KB.
Number of anti-virus kernels run simultaneously – 4 kernels.
Number of anti-virus kernel instances reserved for scanning
"fast" objects – 0 objects.
Scan queue size – 1024 objects.
Maximum scan time – 1800 seconds.
Using Kaspersky Anti-Virus® for ISA Server 22
4.2. Managing scans
During installation, the Kaspersky Anti-Virus® administration console is built into ISA Management in the Extensions section.
The scanning process is managed using the Kaspersky Anti-Virus Servers main window shown in Fig. 8.
The tree consists of three branches: Servers, Groups and Policies.
The view of branches on the right side of the main window can be customized. By default, all application branches and possible manipulations with them are displayed as Taskpad view. You can change the view to Advanced by selecting the corresponding item from the shortcut menu. To open the shortcut menu, right-click the Kaspersky Anti-Virus
To configure scanning settings, use the following capabilities of Kaspersky Anti-
®
for ISA Server. With these you can:
Virus
3
tree branch (Fig. 9).
Edit the general parameters for the entire array of servers affecting Kaspersky Anti-Virus® performance, including all anti-virus scanning policies (see section 4.2.1 on page 23).
Change anti-virus protection settings for individual servers on which the Kaspersky Anti-Virus is installed (see section 4.2.2 on page 30);
Create and manage groups of clients and apply group policies to them (see section 4.2.3 on page 34);
Set up new rules for anti-virus protection that differ from the default rules. The new rules are added by creating new policies (see section 4.2.4 on page 39). In the new policy, you can redefine the settings for traffic filtering and then assign a group of users to the policy created.
®
for ISA
As Active Directory is used to store application settings, changes will take effect after a while. As a rule, they take effect 2-3 minutes after the new settings are saved in the Administration Console.
3
Below, the description of the main window elements refers to their Taskpad view.
23 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
Figure 8. The Kaspersky Anti-Virus for Microsoft ISA Server main window
Figure 9. Shortcut menu
4.2.1. Configuring general settings of anti­virus scans
The administrator may need to change general settings of anti-virus protection.
To edit general settings of anti-virus scanning:
Using Kaspersky Anti-Virus® for ISA Server 24
In the Kaspersky Anti-Virus® main window, select Edit Kaspersky Anti­Virus settings to open the Properties of Kaspersky Anti-Virus for Microsoft ISA Server 2000 Enterprise Edition dialog box.
The general settings of anti-virus scanning are available on the Anti-Virus, HTTP, and FTP tabs.
4.2.1.1. General settings
The General tab (see Figure 10) displays general information about Kaspersky Anti-Virus: Administration Console version and brief information about the license (license owner, license expiration date, and the license key status).
The license key status displayed on the General tab (see Figure 10) can differ from its real status if this license key is blocked by Kaspersky Lab. The real status of the license key is displayed in the server proper­ties dialog box. On each server, the license key status can be different, depending on the database version installed on this server.
Figure 10. The General tab
25 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
On the Anti-Virus tab (see Figure 11), you can make Kaspersky Anti-Virus® changes common for the entire array of servers.
Figure 11. The Anti-Virus tab
In the upper part of the tab, you can see the following scan settings (Fig. 11):
If you want your Kaspersky Anti-Virus® to disinfect an infected file upon
detection, check the Disinfect objects if possible box.
Only files transferred via the HTTP protocol can be disinfected. An in­fected file sent by the FTP protocol will not be disinfected; the program will block access to the infected object.
If you want to enable extracting and scanning of archives, check the
Scan archives box.
If the tool for extracting archives is disabled, the archives will be scanned as normal files. In this case, the program will detect only those viruses that have penetrated the archived file.
Using Kaspersky Anti-Virus® for ISA Server 26
When scanning multi-volume archives, Kaspersky Anti-Virus iscans each of the volumes as a separate object. In this case, the application can detect malicious code only if one of the volumes contains the entire piece of code. If a virus is divided into separate parts, during partial data loading, the anti-virus application will be unable to detect it. In this case, there is a possibility that malicious code can propagate after the object restores its integrity. Multi-volume archives can be scanned after they are saved on the hard disk by, for example, other Kaspersky Lab applications are installed on the computer.
Kaspersky Anti-virus does not scan password protected archives!
If you want to scan compressed executable files, check the Scan compressed executable files box.
As for archives, if this option is disabled, executable files will be scanned as uncompressed. The program will detect only those viruses that have penetrated the compressed file.
Since all these modes increase the load on your computer resources during anti­virus scans, this can delay sending files to the client.
In the lower part of the tab, you can select the anti-virus database that will be used to detect viruses:
Standard databases (viruses only) – the application will use the database containing descriptions of all currently known viruses and methods of their detection and eradication. This is a default option.
Extended databases (viruses + RiskWare) – in addition to virus signatures, the database contains descriptions of the so-called riskware, i.e. the applications that known to be potentially vulnerable to hacker attacks, nonauthorized access, etc.
Redundant database (viruses + RiskWare, SpyWare, AdWare) – the application will use the most extended version of the database. In addition to the above-described database, this version contains descriptions of spy applications (SpyWare) and applications used to broadcast unsolicited advertisements (AdWare).
Spy application allow unauthorized users to get access to personal infor­mation, such as web browser history, passwords, bank accounts, etc., and send it to interested parties.
The so-called AdWare installed together with other software displays ad­vertisements in new browser windows, thereby impelling the user to visit the website of the advertiser. This software may irritate users and lead to increasing the company’s total traffic.
27 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
The use of the extended and redundant databases may cause false alarms, i.e. when the anti-virus application warns the user about the software installed to protect the PC. These can be remote administra­tion programs that have no installer.
®
The default option for Kaspersky Anti-Virus
is to use the standard anti-virus database. The extended and redundant databases are used to provide the highest-level protection for data. The use of these databases increases the load on your server resources.
4.2.1.2. Settings for HTTP scanning
On the HTTP tab (Fig. 12), you can modify settings for scanning HTTP traffic and set restrictions for processing data transferred via the HTTP protocol. Here you can also edit messages sent to the clients.
Figure 12. The HTTP tab
In the upper three fields, specify the settings for HTTP scanning:
Select the Cure HTTP traffic check box if you want Kaspersky Anti-Virus
to cure an infected file upon its detection;
Using Kaspersky Anti-Virus® for ISA Server 28
Kaspersky Anti-Virus can disinfect only the files transferred via HTTP protocol. When an infected file is detected trans­ferred via the FTP protocol, Kaspersky Anti-Virus blocks ac­cess to the infected object without attempts to disinfect it.
Enter the maximum delay time for a chunk of data scanned by the
application in the Maximum scan time for the first chunk of data, sec field. This field specifies the time limit for scanning data. After the limit is reached, scanning is converted into a stream and sent to the client upon request. This parameter affects the way infected files are treated after they are detected:
If an infected file has been detected and disinfected before the first chunk of data containing a part of this file was sent to the client, the client receives the disinfected file.
If an infected file was detected after the first chunk of data con­taining a part of this infected file had been sent to the client, the program terminates the connection. Upon the second request for this file, the client will be immediately notified that the re­quested file is infected.
Upon the second request for this file, the client will be notified that the requested file is infected only if the time span between the first and the second requests does not exceed 100 sec. This value cannot be changed in this version of the program.
Specify the time span for sending the next chunk of data to the client
upon request in the Maximum time span between chunks of data sent to the client, sec field.
The value of this field cannot exceed the value of the Maximum scan time for the first chunk of data, sec field.
Set the percentage of data accumulated by Kaspersky Anti-Virus® for
subsequent analysis and scanning in the Data not sent to the client before scan completes, % field.
The Enable partial content download checkbox enables/disables partial downloading of data in cases, for example, of an Internet connection failure when downloading a file.
However, note that Kaspersky Anti-Virus if the entire code is present in any part of the downloaded file. If the viral code is divided into separate parts, Kaspersky Anti-Virus
®
is able to detect a malicious code only
®
might fail to detect it. In such a case, after the integrity of the downloaded object is restored, the virus might penetrate your system.
29 Kaspersky Anti-Virus 5.6 for MS ISA Server 2000 Enterprise Edition
For more information about the fields for editing messages sent to the client, see section. 4.4 on page 52.
At any time during editing the current settings, you can return to default settings by clicking the Set default values button.
4.2.1.3. Settings for FTP scanning
On the FTP tab (Fig. 13), you can modify settings for scanning ISA Server data transmitted via the FTP and FTP over HTTP protocols.
In addition to the anti-virus protection mode, you can specify the amount of data transmitted via the FTP protocol and collected by the server for subsequent analysis. After the server receives the specified amount of data, the data is sent to the client. The maximum value of this field is 1024 Kb.
At any time during editing the current settings, you can return to default settings by clicking the Set default values button.
Figure 13. The FTP tab
Loading...
+ 74 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use