How it Works
KASPERSKY
Loading...
A
E
I
Loading...
Loading...
Anti-Virus for Linux Workstations 5.7
User Manual
104 pgs1.52 Mb0
User Manual [de]
108 pgs1.58 Mb0
User Manual [ja]
75 pgs1.14 Mb0
User Manual [fr]
110 pgs1.52 Mb0
User Manual [ru]
110 pgs1.16 Mb0

KASPERSKY Anti-Virus for Linux Workstations 5.7 User Manual

KASPERSKY LAB
Kaspersky Anti-Virus ® 5.7 for Linux Workstation
ADMINISTRATOR'S GUIDE
K AS P E RS K Y A N T I- V IR U S ® 5 .7 FO R
L IN U X W O R K S T AT I O N
Administrator's Guide
Kaspersky Lab Ltd.
http://www.kaspersky.com/
Revision date: September, 2008
Contents
CHAPTER 1. INTRODUCTION .................................................................................. 6
1.1. Computer viruses and malware ........................................................................ 6
1.2. Purpose and major functionality of Kaspersky Anti-Virus .................................. 7
1.3. What's new in version 5.7? ............................................................................... 8
1.4. Licensing procedure ......................................................................................... 8
1.5. Hardware and software system requirements ................................................... 8
1.6. Distribution kit ................................................................................................. 10
1.6.1. License Agreement .................................................................................. 10
1.6.2. Services for registered users .................................................................... 10
1.7. Conventions used in this document ................................................................ 11
CHAPTER 2. HOW IT WORKS ................................................................................ 12
CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS ........................................... 14
3.1. Installing the application on a computer running Linux .................................... 14
3.2. Installation procedure ...................................................................................... 14
3.3. Post-install configuration ................................................................................. 15
3.4. Installing Network Agent ................................................................................. 16
3.5. Configuring Network Agent ............................................................................. 16
3.6. Updating the application to version 5.7 ........................................................... 17
3.7. Locating the application files ........................................................................... 17
3.8. Completing the setup ...................................................................................... 19
CHAPTER 4. USING KASPERSKY ANTI-VIRUS .................................................... 20
4.1. Updating the anti-virus database..................................................................... 20
4.1.1. Automatically updating the anti-virus database ......................................... 21
4.1.2. On-demand updating of the anti-virus database ....................................... 23
4.1.3. Creating a network directory to store the anti-virus database.................... 24
4.2. Anti-virus protection of file systems ................................................................. 25
4.2.1. Scan scope .............................................................................................. 26
4.2.2. Object scan and disinfection mode ........................................................... 27
4.2.3. Actions to be performed on objects .......................................................... 28
4.2.4. On-demand scan of an individual directory ............................................... 29
4.2.5. Scheduled scan ....................................................................................... 29
4 Kaspersky Anti-Virus 5.7 for Linux Works tation
4.2.6. Additional capabilities: using script files .................................................... 30
4.2.6.1. Disinfection of infected objects in an archive ...................................... 30
4.2.6.2. Sending notifications to the administrator ........................................... 31
4.3. Real-time anti-virus protection ......................................................................... 32
4.4. Managing license keys ................................................................................... 33
4.4.1. Viewing license key details ....................................................................... 33
4.4.2. Renewing your license ............................................................................. 35
CHAPTER 5. ADDITIONAL SETTINGS ................................................................... 37
5.1. Configuration of product interaction with Webmin ........................................... 37
5.2. Optimization of Kaspersky Anti-Virus operation .............................................. 38
5.3. Moving objects into quarantine ....................................................................... 40
5.4. Backing up infected objects ............................................................................ 41
5.5. Localization of the date and time format .......................................................... 42
5.6. Kaspersky Anti-Virus report generation settings .............................................. 42
CHAPTER 6. ADMINISTERING THE PROGRAM WITH KASPERSKY
ADMINISTRATION KIT ......................................................................................... 45
6.1. Administering the application .......................................................................... 47
6.1.1. Configuring application settings ................................................................ 48
6.1.1.1. Settings tab, Real-time protection: general settings section................ 49
6.1.1.2. Settings tab, Real-time protection: protection scope section............... 50
6.2. Managing tasks .............................................................................................. 50
6.2.1. Creating tasks .......................................................................................... 50
6.2.1.1. Creating local tasks ............................................................................ 52
6.2.1.2. Creating group tasks .......................................................................... 54
6.2.1.3. Creating global tasks ......................................................................... 54
6.2.2. Configuring specific task settings.............................................................. 54
6.2.2.1. On-demand scan task........................................................................ 55
6.2.2.2. Anti-virus database update task ......................................................... 56
6.2.3. Starting and stopping tasks ...................................................................... 56
6.3. Managing policies ........................................................................................... 57
6.3.1. Creating policies ....................................................................................... 57
6.3.2. Viewing and editing policy settings ........................................................... 59
6.3.2.1. Configuring the protection scope........................................................ 60
6.3.2.2. Specifying object types to be protected .............................................. 61
6.3.2.3. Configuring actions applied to objects ................................................ 61
Contents 5
6.3.2.4. Specifying additional parameters ....................................................... 61
CHAPTER 7. UNINSTALLING KASPERSKY ANTI-VIRUS...................................... 62
CHAPTER 8. VERIFYING THE ANTI-VIRUS OPERATION ..................................... 63
APPENDIX A. ADDITIONAL INFORMATION ABOUT THE APPLICATION............. 65
A.1. Kaspersky Anti-Virus configuration file ............................................................ 65
A.2. Command line parameters for component kavscanner .................................. 73
A.3. Return codes of the kavscanner component .................................................. 76
A.4. Command line parameters for component kavmonitor ................................... 77
A.5. Command line parameters for component licensemanager ........................... 77
A.6. Return codes of the licensemanager component............................................ 78
A.7. Command line parameters for component keepup2date ................................ 79
A.8. Return codes of the keepup2date component ................................................ 80
A.9. Command line parameters for component kavmidware.................................. 80
APPENDIX B. FREQUENTLY ASKED QUESTIONS ............................................... 81
APPENDIX C. KASPERSKY LAB ............................................................................ 87
C.1. Other Kaspersky Lab Products ...................................................................... 88
C.2. Contact Us ..................................................................................................... 98
APPENDIX D. LICENSE AGREEMENT ................................................................... 99
CHAPTER 1. INTRODUCTION
The constant growth in both the number of computer users, and the volume of e­mail and internet traffic, increases the threat of virus infections and data corruption or theft by malicious computer programs (malware).
The most dangerous sources of malware are:
Internet
The global information network is the main conduit for all types of mal­ware. As a rule, viruses and other malicious programs are located on popular internet websites, disguised as useful software or freeware. Malware can also be located within scripts that automatically run when a website is loaded in the user‟s browser.
E-mail messages
E-mail m essages delivered to the user‟s mailbox and stored in e-mail databases may contain viruses. Malware can be located either in the message body, or as a message attachment. Commonly, infected e-mail messages contain viruses or mail worms. When you open an e-mail message or save an attached file to your hard drive, you may infect data stored in your computer.
Software vulnerabilities
In most cases hackers‟ attacks are attempted using "software holes". Such vulnerabilities allow hackers to obtain remote access to your com­puter and, therefore, to your data, your LAN resources and other sources of information.
Viruses targeting Unix-based systems are far less common than those aimed at the Windows Operating System, due to the peculiarities of the two platforms. However, the threat to Unix users is not negligible. Provided below is a detailed description of malware types.
1.1. Computer viruses and malware
In order to be aware of potential threats to your computer, it is helpful to know about the types of malicious software (“malware”) and how they work. In general, malicious programs fall into one of three categories:
Worms – malicious programs which spread themselves using network
resources. These programs are called "worms" due to their ability to tun-
Introduction 7
nel from one computer to another, using networks, e-mail and other channels. This ability allows worms to proliferate extremely quickly.
Worms propagate by penetrating a computer, determining the IP ad­dresses of other nearby computers, and send copies of themselves to these computers. Apart from network addresses, worms often use data contained in the address books of e-mail client applications installed on the infected machine. Sometimes worms create work files on disks, but they also can function without utilizing any resources of the infected computer other than RAM.
Viruses – programs that infect other programs by adding their code to the
infected program's code, to gain control when the infected files are run. This simple definition helps determine that the major action of a virus is infecting computer programs. Viruses spread somewhat slower than worms.
Trojan horses or Trojans – perform unauthorized actions on infected
computers. For instance, depending on the particular conditions, they can erase information on hard drives, "freeze" the system, or steal confidential information. In the strict sense, Trojan Horses are not viruses since they do not infect programs or data; they are unable to sneak independently in­to computers and are often distributed disguised as some "useful" soft­ware. However, Trojans may inflict far greater damages than a regular vi­rus attack.
Recently, worms and Trojans have become the m ost widespread type of malware in the Unix-based systems.
Henceforth in the text of this Guide the term "virus" will be used to refer to viruses, Trojan Horses and worms. A particular type o f malware will be mentioned only when it is required.
1.2. Purpose and major functionality
of Kaspersky Anti-Virus
Kaspersky Anti-virus® for Linux Workstation (hereinafter referred to as
Kaspersky Anti-Virus, or the application) protects workstations running Linux operating systems.
Kaspersky Anti-Virus for Linux allows the user to:
Ensure real-time protection of the file system against malicious code: in-
tercept and analyze attempts to access files, and disinfect or delete i n­fected objects.
8 Kaspersky Anti-Virus 5.7 for Linux Works tation
Scan objects on demand: search infected and suspicious files (including
files within specified scan scopes); analyze files, and disinfect or delete infected objects.
Quarantine suspicious and corrupted objects: save suspicious files in the
quarantine directory.
Create a copy of the infected object in the backup storage directory be-
fore attempting to disinfect or deleting the object, allowing a future resto­ration of the object if it contains valuable information.
Update the anti-virus database; the database is updated from Kaspersky
Lab's updates servers. The user can also configure the application so that the database is updated from a local directory.
Control and configure Kaspersky Anti-Virus using the application configu-
ration file, the web-based interface of Webmin or the Kaspersky Adminis­tration Kit.
1.3. What's new in version 5.7?
The following features are new in Kaspersky Anti-Virus 5.7 for Linux Workstation as compared to version 5.5:
Support for Kaspersky Anti-Virus configuration and management using
Kaspersky Administration Kit has been implemented.
1.4. Licensing procedure
Kaspersky Anti-Virus licensing policy imposes restrictions on the use of the application based on the usage period (as a rule, a one-year period since the date when the application was purchased).
1.5. Hardware and software system
requirements
To run Kaspersky Anti-Virus, the system must comply with the following software and hardware requirements:
Hardware requirements:
Processor Intel Pentium® 133 MHz or higher.
64 MB RAM.
Introduction 9
100 MB free hard drive space for installation of the application
and storage of temporary files.
Software requirements:
One of the following operating systems for 32-bit platforms:
o Red Hat Enterprise Linux 5.2 Desktop;
o Fedora 9;
o SUSE Linux Enterprise Desktop 10 SP2;
o openSUSE Linux 11;
o Debian GNU/Linux 4 R4;
o Mandriva Corporate Desktop 4;
o Ubuntu 8.04.1 Desktop Edition;
o Linux XP Enterprise Desktop 2008;
One of the following operating systems for 64-bit platforms:
o Red Hat Enterprise Linux 5.2 Desktop;
o Fedora 9;
o SUSE Linux Enterprise Desktop 10 SP2;
o openSUSE Linux 11.
Webmin program (www.webmin.com) – for remote administration of Kas-
persky Anti-Virus.
Perl interpreter - version 5.0 or higher (www.perl.org).
The which utility must be installed.
Software compilation packages must be installed (gcc, binutils,
glibc-devel, make, ld) and preinstalled operating system kernel source code for compiling the kavmonitor component.
Please note that Kaspersky Anti-Virus does not support systems run­ning SELinux. Use of SELinux may result in various warnings in the system log file generated by the application.
10 Kaspersky Anti-Virus 5.7 for Linux Works tation
1.6. Distribution kit
You can purchase Kaspersky Anti-Virus online (for example, visit
http://www.kaspersky.com and follow the E-Store link).
If you buy Kaspersky Anti-Virus online, you will download the application from Kaspersky Lab's website; in this case, the distribution kit will include this Guide along with the application. The license key will be e-mailed to you upon receipt of your payment.
1.6.1. License Agreement
The License Agreement is a legal contract between you and Kaspersky Lab Ltd., which contains the terms and conditions under which you may use the anti-virus product you have purchased.
Read the License Agreement carefully!
If you do not agree with the terms of the License Agreement, you can return Kaspersky Anti-Virus to your dealer for a full refund.
1.6.2. Services for registered users
Kaspersky Lab Ltd. offers all legally registered users an extensive service package that enables them to use Kaspersky Anti-Virus more efficiently.
After purchasing your license, you become a registered user and, during the period of your subscription, you will receive the following services:
new versions of the purchased software product;
support on issues related to the installation, configuration and use of the
purchased software product. Services will be provided by phone or via e­mail;
information about new Kaspersky Lab products and about new viruses
appearing worldwide (this service is provided to users who subscribe to Kaspersky Lab's newsletter).
Support on issues related to the performance and the use of operating systems or other technologies is not provided.
Introduction 11
1.7. Conventions used in this
document
Various formatting features and icons are used throughout this document, depending on the purpose and the meaning of the text. The table below lists the conventions used in the text.
Format feature
Meaning/Usage
Bold font
Titles of menus, menu items, windows, dialog boxes and their elements, etc.
Note.
Additional information, notes
Attention!
Information requiring special attention
In order to perform...,
1. Step 1.
2.
Description of the user's steps and possible actions
Task, example
Statement of a problem, example of the demonstration of the application's capabilities
Solution
Implementation of the task
[modifier] – purpose of the modifier
Command line modifiers
Information messages and command line text
Text of configuration files, i nformation messages and command line
CHAPTER 2. HOW IT WORKS
To understand how Kaspersky Anti-Virus works, it is useful to know that it comprises a number of application modules, each with a specific function in providing anti-virus protection for your computer.
Kaspersky Anti-Virus includes:
On-demand anti-virus scan component kavscanner;
Real-time anti-virus scan component kavmonitor;
Anti-virus database update module keepup2date,
License key management utility licensemanager;
Remote administration utility for integration with Kaspersky Administration
Kit kavmidware,
Remote administration module used with Webmin application.
There follows a detailed discussion of the application‟s algorithm, based on an example of real-time protection (that is, using the kavmonitor component).
The component operates as follows:
1. When any application on your computer attempts to access a file system object, whether to open, run or close the file, the call is intercepted by kavmonitor‟s kernel module, and the file is sent for anti­virus scanning.
The ability to intercept the operations of closing a file is not sup­ported:
in 32-bit operating systems: from kernel versions
2.6.21 and above;
in 64-bit operating system: from kernel versions 2.6.18
and above.
2. The intercepted file is processed using a daemon application included in the kavmonitor component. The daemon scans the object for viruses and processes, based on settings specified in the configuration file. The treatment includes, but is not limited to, disinfection using the anti-virus database if this option is selected.
3. After the file has been processed, kavmonitor sends to the kernel module the access code (allowed/prohibited) that defines the file status.
How it works 13
4. Based on the object's status, the kavmonitor component either allows or blocks access to the file. If access is blocked, the application requesting access to the file will receive an error code indicating that access has been denied.
The file status assigned during scanning and processing can be one of the following:
Clean – the object is not infected.
Infected – the object is infected.
Cured – infected object has been successfully disinfected.
CureFailed – the infected object could not be disinfected.
Warning – object code resembles the code of a known virus.
Suspicion – the object is suspected of being infected with an unknown vi-
rus.
Protected – the object cannot be scanned because it is encrypted.
Corrupted– the object is corrupted.
Error – a system error occurred during the object scan.
The actions performed on the object in response to each status are defined by the configuration file settings (details see Appendix A on p. 65).
CHAPTER 3. INSTALLING
KASPERSKY ANTI-VIRUS
We recommend that you perform this system check before installing Kaspersky Anti-Virus:
Make sure that your system meets the hardware and software require-
ments for Kaspersky Anti-Virus (see 1.5 on p. 8).
Configure your internet connection.
Log in as root.
3.1. Installing the application on a
computer running Linux
Kaspersky Anti-Virus for computers running Linux OS is available in the following format:
.rpm – for systems that support RPM Package Manager
.deb – for Debian-based OS distributions.
To start the installation of Kaspersky Anti-Virus from a .rpm package, type the following at the command line:
# rpm –i <distribution_package_filename>
To start the installation of Kaspersky Anti-Virus from a .deb package, type the following at the command line:
# dpkg –i <distribution_package_filename>
3.2. Installation procedure
The installation consists of two parts. The first part includes the following steps:
1. Creation of the kluser user and klusers group.
2. Unpacking of the files from distribution package to target computer.
Installing Kaspersky Anti-Virus 15
3. Registration of required services depending upon the host system.
4. Setting up default parameters in configuration files of the product compo­nents.
3.3. Post-install configuration
Post-install configuration is the second part of Kaspersky Anti-Virus setup. To initiate product configuration, use the postinstall.pl script located in the /opt/kaspersky/kav4ws/lib/bin/setup directory.
During installation to a computer running Debian the post-install confi­guration script will be launched automatically.
After script start, you will be offered to perform the following steps:
1. Specify the path to your license key file.
2. Configure the parameters of the proxy server used for connection to the Internet in the following format:
http://<IP of the proxy server>:<port>
or
http://<user_name>:<password>@<IP of the proxy serv­er> :<port>,
depending upon authorization necessity for the proxy. The updating component of the application (keepup2date) uses the value for connec­tion to the servers of Kaspersky Lab and downloading updates to the an­ti-virus databases.
If you do not use a proxy for connection to the Internet, set the parame­ter to no.
3. Download the anti-virus databases from the servers of Kaspersky Lab. Enter yes or no depending upon your wish to perform the update imme­diately.
4. Configure interaction with Webmin.
5. Start compilation of the kavmonitor module. During the stage your com­puter will compile the libraries required for kavmonitor operation. If the kernel source code is not located in the default directory, enter the follow­ing in the command line to compile the kavmonitor component:
# /opt/kaspersky/kav4ws/src/kavmon.pl –b [PATH]
16 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
where [PATH] stands for the path to the kernel source code.
3.4. Installing Network Agent
If you plan to manage the application remotely using Kaspersky Administration Kit, the Network Agent has to be installed.
To initiate Network Agent installation from its .rpm package, enter the following in the command line:
# rpm –i <distribution_package_filename>
To initiate Network Agent installation from its .deb package, enter the following in the command line:
# dpkg –i <distribution_package_filename>
3.5. Configuring Network Agent
After installation, the Network Agent has to be configured for its proper interaction with Kaspersky Administration Kit. To start configuration, run the postinstall.pl script located in the /opt/kaspersky/klnagent/lib/bin/setup directory.
During Network Agent installation to a computer running Debian the post-install configuration script will be launched automatically.
After script start, you will be offered to perform the following steps:
1. Specify the DNS name or IP address of your Administration Server.
2. Specify the port number for the Administration Server.
3. Specify the SSL port number of the Administration Server.
4. Define whether the SSL connection should be used for data transfer.
5. Specify the default administration group name.
Installing Kaspersky Anti-Virus 17
3.6. Updating the application to
version 5.7
The upgrading procedure works correctly for version 5.5-27.
The k avmonitor service has to be stopped before upgrading. To do that, enter the following in the command line:
# /etc/init.d/kav4ws stop
To initiate Kaspersky Anti-Virus upgrade from its .rpm package, enter the following in the command line:
# rpm –U <distribution_package_filename>
To initiate Kaspersky Anti-Virus upgrade from its .deb package, enter the following in the command line:
# dpkg –i <distribution_package_filename>
Upon completion of the upgrade procedure, the configuration file of product version 5.5 will be replaced with its counterpart for version 5.7. Add necessary modifications to the configuration file manually.
3.7. Locating the application files
The default locations of Kaspersky Anti-Virus files on a workstation run­ning Linux OS are as follows:
/etc/opt/kaspersky/ – directory containing the Kaspersky Anti-Virus configuration
file:
kav4ws.conf – configuration file.
/opt/kaspersky/kav4ws/ – main directory of Kaspersky Anti-Virus, containing:
/bin/ – a directory that contains executable files of all Kaspersky Anti-Virus
components: kav4ws-kavscanner – executable file of the anti-virus protection compo-
nent;
kav4ws-keepup2date – executable file of the anti-virus database update
component;
18 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
kav4ws-licensemanager – executable file of the license keys manage-
ment component.
/lib/ – directory containing auxiliary files of Kaspersky Anti-Virus.
/setup/ – directory containing the scripts required for application configu- ration:
postinstall.pl – script for post-install product configuration.
uninstall.pl – application removal script.
setup.pl – application configuration script.
/sbin/ – directory containing auxiliary services of Kaspersky Anti-Virus:
kav4ws-kavmonitor – executable file of the anti-virus protection compo-
nent.
kav4ws-kavmidware executable file of the remote administration com-
ponent kavmidware.
/src/ – directory containing the application's anti-virus kernel module.
/opt/kaspersky/kav4ws/share/contrib/kav4ws.wbm – plug-in to Webmin applica-
tion. /opt/kaspersky/kav4ws/share/contrib/vox.sh – script used for disinfecting
archives.
/opt/kaspersky/kav4ws/share/doc/LICENSE – license agreement.
/opt/kaspersky/kav4ws/share/man/ – directory containing manual files.
/var/opt/kaspersky/kav4ws/bases/ – directory containing the anti-virus database. /var/opt/kaspersky/kav4ws/bases.backup/ – directory containing the anti-virus
database that was up-to-date before the last update.
/var/opt/kaspersky/kav4ws/licenses directory containing license information.
To connect the help system of Kaspersky Anti-Virus (manual pages), assign the value /opt/kaspersky/kav4ws/share/m an to the MANPATH environment variable.
On a workstation running Linux OS, the default locations of Network Agent files after Kaspersky Anti-Virus installation are as follows:
/opt/kaspersky/klnagent/ – main Network Agent directory containing:
/bin/ – directory where the executable files of Network Agent utility programs
are stored, including:
klmover – this utility manually connects the client computer to the Ad-
ministration Server (see the Kaspersky Administration Kit Refer-
ence Book for more information on using this utility).
Installing Kaspersky Anti-Virus 19
klnagchk – this utility checks the manual connection to the Administra-
tion Server (see the Kaspersky Administration Kit Reference Book
for more information on using this utility).
/lib/ – directory containing auxiliary files of the Network Agent.
/bin/setup – directory containing configuration scripts for Network Agent. /share/man/ – directory containing manual files. /sbin/ – directory containing the executable file of the Network Agent service.
3.8. Completing the setup
If the installation process completed correctly, a confirmation message will be displayed on the screen. The configuration file included in the application distribution kit contains all settings necessary to start using the application.
CHAPTER 4. USING KASPERSKY
ANTI-VIRUS
Kaspersky Anti-Virus allows you to specify the anti-virus protection system of your computer, at the level either of individual files or of the entire file system.
The application‟s functionality can be packaged into tasks that the administrator can perform using the application. Tasks implemented using Kaspersky Anti­Virus can be divided into the following groups:
Updating the anti-virus database, which is used for detecting viruses and
disinfecting infected objects (see 4.1 on p. 20).
Anti-virus protection of the computers file system, using scheduled and/or
on-demand scans (see 4.2 on p. 25).
Real-time anti-virus protection (see 4.3 on p. 31).
This chapter describes these typical tasks. Within the context of a specific companys network, the administrator may combine these tasks and make them more appropriate to business needs.
4.1. Updating the anti-virus database
Updating the anti-virus database is performed by the keepup2date component, and is an integral factor in full-fledged anti-virus protection. The default source used for updating the anti-virus database is Kaspersky Labs updates servers. The list of these servers includes:
http://downloads1.kaspersky-labs.com/
http://downloads2.kaspersky-labs.com/
ftp://downloads1.kaspersky-labs.com/, etc.
The list of URLs from which you can download the updates is contained in the updcfg.xml file, included in the applications distribution kit. To view the list of update servers, enter the following in the command line:
# /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date -s
During the update process, the keepup2date component selects the first address from this list and attempts to download the anti-virus database from the server. The current computer location (as the two-lettered code of the country according to the ISO 3166-1 standard) can be specified via the RegionSettings parameter
Using Kaspersky Anti-Virus 21
in the [updater.options] section of the application configuration file. In this case the keepup2date component starts choosing the update servers, marked as belonging to the specified region.If the update cannot be performed from the address selected, the component switches to the next URL and makes another attempt.
Updates to the anti-virus database are uploaded to Kaspersky Lab's updates servers on an hourly basis.
You can use a server that does not belong to Kaspersky Lab as an u p­date source. Databases of Kaspersky Anti-Virus on the server can be released earlier than the ones installed on your computer. In case of an update from such server, the outdated databases will replace m ore cur­rent records.
After a successful update, a command, specified by the PostUpdateCmd parameter of the configuration file‟s [updater.options] section, is executed. By default this command automatically reloads the anti-virus database. If an invalid change is made to this setting, the application may fail to use the updated database or will function improperly.
All settings of the keepup2date component are grouped in the [upda- ter.*] section of the configuration file.
If the structure of your local area network is complex, you are advised to download updates to the anti-virus database from the updates servers every hour, place them in a network directory, and configure local computers throughout the network to use this directory as their update source. For details on the creation of a network directory, see 4.1.3 on p. 24.
The update may be scheduled using the cron utility (see 4.1.1 on p. 21) or it may be performed on-demand by the administrator who can run this task manually from the command line (see 4.1.2 on p. 23).
We strongly recommend that you configure the anti -virus database up­dates to be performed every hour!
4.1.1. Automatically updating the anti-virus
database
You can schedule regular automatic updates of the anti-virus database by modifying the configuration file.
22 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
Task: configure automatic anti-virus database updates to be performed every hour. Only record application errors in the system log. Maintain the general log for all tasks started, and do not print any information to the screen.
Solution: to perform this task, do the following:
1. Specify these values in the application's configuration file, for example:
[updater.options]
KeepSilent=yes
[updater.report]
Append=yes
ReportLevel=1
2. Edit the configuration file for the cron (crontab -e) process by entering the following line:
0 0-23/1 * * * /opt/kaspersky/kav4ws/bin/kav4ws­keepup2date
Task: configure the downloading of anti-virus database updates from Kaspersky Lab's updates servers to automatically select the URL of the updates server from the list included in the keepup2date component.
Solution: to perform this task, do the following:
Assign the value No to the UseUpdateServerUrl setting in the [upda- ter.options] section of the application‟s configuration file.
Task: configure the component to download updates to the anti-virus database from the URL specified by the administrator. If the download cannot be performed from this URL, abort the downloading process.
Solution: to perform this task, do the following:
Assign the value Yes to both the U seUpdateServerUrl and UseUpda- teServerUrlOnly settings of the [updater.options] value. Additionally, the UpdateServerUrl setting must contain the URL of the updates serv­er.
Using Kaspersky Anti-Virus 23
Task: configure the component to download updates to the anti-virus database from a specified URL. If the download cannot be performed from this URL, update the database from the URLs specified in the list included in the keepup2date component.
Solution: to perform this task, do the following:
Assign the value Yes to the UseUpdateServerUrl setting of the [upda- ter.options] section, and the value No to the UseUpdateServerUrlOnly setting. Additionally, the UpdateServerUrl setting must contain the URL of the updates server.
4.1.2. On-demand updating of the anti-virus
database
You can start the update of the anti-virus database from the command line at any time. To do that, type the following command:
# /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date
Task: start the update of the anti-virus database and record the results in the file /tmp/updatesreport.log.
Solution: to implement this task enter at the command line:
# /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date –l
/tmp/updatesreport.log
The most convenient way to update the anti-virus database on several computers is to download the updates once from the updates servers, place the updates in a network directory and then direct the computers to treat this directory as their update source.
Task: arrange updating of the anti-virus database from the network di­rectory /home/bases and only if this directory is not accessible or emp­ty, update the database from Kaspersky Lab's updates servers. Print the results in the report.txt report file.
Solution: to perform this task, do the following:
24 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
1. Specify the corresponding values for the settings in the application's configuration file:
[updater.options]
UpdateServerUrl=/home/bases
UseUpdateServerUrl=yes
UseUpdateServerUrlOnly=no
2. Enter at the command line:
# /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date –l /tmp/report.txt
4.1.3. Creating a network directory to store
the anti-virus database
To ensure that the anti-virus database is correctly updated from the network directory, the directory must contain the same file structure as Kaspersky Lab's updates servers. Provided below is a detailed discussion of this task.
Task: create a network directory from which anti-virus database up­dates can be copied to local computers within the network.
Solution: to perform this task, do the following:
1. Create a local directory.
2. Start the keepup2date component as follows:
# /opt/kaspersky/kav4ws/bin/kav4ws-keepup2date –u <dir>
where <dir> is the full path to the local directory.
3. Grant local computers read-only network access to this catalog.
Task: configure the anti-virus database update to be performed via a proxy server.
Solution: to perform this task, do the following:
1. Assign the value Yes to the U seProxy setting of the
[updater.options] section.
Using Kaspersky Anti-Virus 25
2. Make sure that the ProxyAddress setting in the [updater.options]
section of the configuration file contains the URL of the proxy server. The address must be specified in the format
http://usernam e:password@ip_address:port. The values ip address and port are mandatory, while username and password
are necessary only if the proxy server requires authorization.
or:
1. Assign value Yes to the UseProxy setting of the [updater.options]
section.
2. Specify the environment variable http_proxy using format http://usernam e:password@ip_address:port. Note that the environment variable will be considered only if the UseProxy setting of the [updater.options] section is missing or is assigned value Yes.
4.2. Anti-virus protection of file
systems
The kavscanner component provides anti-virus protection of the computer's file systems, by scanning files and processing infected and suspicious objects according to its settings.
All settings of the kavscanner component are grouped in the [scan- ner.*] options of the application's configuration file.
By default, only the root user can launch an on-demand scan.
You can scan the entire file system, an individual directory or a single file. All protection settings may be divided into groups that define:
Scan scope (see 4.2.1 on p. 26).
How objects are to be scanned and disinfected (see 4.2.2 on p. 27 ).
Actions to be performed on objects (see 4.2.3 on p. 28).
Settings used to generate the report on the operation‟s outcome (see 5.6
on p. 42).
26 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
The scan of your computer's file systems may be started:
As a one-time task - from the command line (see 4.2.4 on p. 29).
According to the schedule using the cron application (see 4.2.5 on p. 29).
An anti-virus scan of the entire computer is a process that requires considerable resources. It should be noted that when you start this task, your computer's efficiency will be reduced: therefore we recom­mend that no other heavy application should run at the same time. To avoid such problems, we recommend that you scan individual selected catalogs.
4.2.1. Scan scope
The scan scope can be roughly divided into two parts:
scan path – the list of directories and objects to be searched for viruses;
scan objects – types of objects to be scanned for viruses (archives, etc.)
By default all objects of all available file systems are scanned, starting with the current directory.
To scan all file systems of the computer, you have to switch to the root directory, or specify the scan scope at the command line as “/.
You can redefine the scan path by the following methods:
Listing at the command line (using a space as a separator) all directories
and files to be scanned, using absolute or relative (relative to the current directory) paths.
List the scan paths in a text file, and specify this file to be used by using
the parameter -@<filename> in the command line. Each object in this file should be entered on a new line, using its absolute path only.
If you specified at the command line both scan paths and a text file containing a list of the scan objects, only the paths indicated in the file will be scanned. The paths entered at the command line will be ignored.
Restrict paths which are accepted by default (all, starting with the current
directory) or listed in the command line, by entering in the kav4ws.conf configuration file masks of files and directories that will be excluded from the scan scope ([scanner.options] section, settings ExcludeMask and ExcludeDirs).
Using Kaspersky Anti-Virus 27
Turn off the recursive scan of the catalogs ([scanner.options] section,
the Recursion setting or command line parameter -r).
Create an alternative configuration file and specify this file to be used us-
ing the command line parameter -c <filename> at component startup.
The default scan objects are specified in the kav4ws.conf configuration file ([scanner.options] section) and they can be redefined.
directly in this file;
using command line parameters at component startup;
by using an alternative configuration file.
4.2.2. Object scan and disinfection mode
The settings of this mode are very important, because they determine whether the application will cure infected files when they are detected.
By default disinfection is turned off: the default behaviour is to scan objects and to notify about detected viruses and other suspicious or corrupted files by printing messages to the screen and in the report (see 5.6 on p. 42).
As a result of an anti-virus scan, each object will be assigned a status from those listed below:
Clean – no viruses detected (the object is not infected).
Infected – the object is infected.
Warning – object code resembles the code of a known virus.
Suspicious – the object is suspected of being infected with an unknown
virus.
Corrupted– the object is corrupted.
Protected – the object cannot be scanned because it is encrypted (pass-
word-protected).
Error – an error has occurred while scanning the object.
With the disinfection mode turn on (section [scanner.options], setting Cure = yes) only objects with the Infected status will be sent for anti-virus processing. As a result of the disinfection, the object will be assigned a status from those listed below:
Cured the object has been successfully disinfected.
28 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
CureFailed – the object could not be disinfected. Files with this status will
be processed according to rules specified for infected objects.
Error – error occurred during the object scan.
4.2.3. Actions to be performed on objects
The actions to be performed on an object depend on the object's status (see Chapter 2, on p. 12). The default action is only to provide notification about the detection of infected or suspicious objects. However, for objects with Infected, Suspicious, Warning, Error, Protected and Corrupted status you can configure further responses, including:
moving to a directory – moving objects with the given status to a directory;
simple and recursive moving is available.
deleting object from the file system;
performing a command – processing of files using standard Unix script
files, or similar.
Please note that Kaspersky Anti-Virus discriminates between simple objects (files) and container objects (consisting of several objects, for example, an archive). Actions performed with such objects are also discriminated; in the configuration files these actions are located in different sections, with section [scanner.object] for simple objects, and section [scanner.container] for container objects.
Actions performed with self-extracting archives can be differentiated: if the archive itself is infected, it will be viewed as a simple object, while if objects within the archive are infected, the archive will be viewed as a container. Therefore actions to be performed on archives, depending on the case, will be determined by the settings specified in different sections of the configuration file.
You can select actions to be performed on an object using several methods as follows:
You can specify them in the kav4ws.conf configuration file if you plan to
use these actions as default actions (sections [scanner.object] and [scanner.container]).
Specify actions in the alternative configuration file and use this file at
component startup.
Using Kaspersky Anti-Virus 29
If no configuration file is specified in the command line at the component startup, the operating settings will be taken from the kav4ws.conf file. The use of this file at startup does not have to be specified!
You can specify them for the current work session using command line
parameters when starting the kavscanner component.
Actions for both simple and container objects use the same syntax (sections [scanner.object] and [scanner.container]).
4.2.4. On-demand scan of an individual
directory
One of the commonest tasks implemented by Kaspersky Anti-Virus is the anti­virus scan and disinfection of an individual directory.
Task: start an anti-virus scan of the /tmp directory with automatic disinfection of all infected objects detected. Delete all objects that cannot be disinfected.
Create the files infected.lst, suspicion.lst, corrupted.lst and warning.lst to record the filenames of all infected, suspicious and corrupted objects detected during the scan.
The results of the component operation (starting date, information about all files, except clean files) will be printed in the report file kav4ws-kavscanner-current_date-pid.log that will be created in the current directory.
Solution: to implement this task, enter at the command line:
# /opt/kaspersky/kav4ws/bin/kav4ws-kavscanner -rlq ­pi/tmp/infected.lst -ps/tmp/suspicion.lst – pc/tmp/corrupted.lst -pw/tmp/warning.lst -o /tmp/kav4ws-kavscanner-`date "+%Y-%m-%d-$$"`.log -i3
-ePASBMe –j3 -mCn /tmp
4.2.5. Scheduled scan
Kaspersky Anti-Virus tasks can be scheduled to run using the cron application.
30 Kaspersky Anti-Virus ® 5.7 for Linux Workstation
Task: Run an anti-virus scan of the /home directory every day at 0:00, using the scan settings specified in the configuration file /etc/kav/scanhome.conf.
Solution: to perform this task, do the following:
1. Create the configuration file /etc/kav/scanhome.conf and specify the required scan settings in this file.
2. Edit file that defines the rules for the operation of the cron (crontab-e) process by entering the following line:
0 0 * * * /opt/kaspersky/kav4ws/bin/kav4ws­kavscanner -c /etc/kav/scanhome.conf /home
4.2.6. Additional capabilities: using script
files
Kaspersky Anti-Virus offers additional processing of objects during anti-virus analysis by using standard Unix commands and script files. Using these tools, experienced administrators can define actions to be performed on objects of different statuses, and thus expand the functionality of Kaspersky Anti-Virus.
4.2.6.1. Disinfection of infected objects in an
archive
Kaspersky Anti-Virus detects, but does not disinfect, suspicious and infected files packed in archives. However, infected files packed in archives can be disinfected by using an additional script file. The next example shows how to disinfect tar and zip archives using the script file vox.sh, which is included in the Kaspersky Anti-Virus distribution package.
When started, the scripts unpacks the archive being scanned, runs an anti-virus scan and processes the individual objects, and then repacks the scanned files. It assumes that the necessary archiving utilities have been installed on the system.
Task: scan all tar and zip archives, using script vox.sh.
Loading...
+ 74 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use