How it Works
Kaspersky Lab
Loading...
A
D
E
F
I
K
M
N
P
S
W
Loading...
Loading...
KASPERSKY ANTI-VIRUS 5.5
ADMINISTRATOR GUIDE
75 pgs480.76 Kb0

Kaspersky Lab KASPERSKY ANTI-VIRUS 5.5 ADMINISTRATOR GUIDE

KASPERSKY LAB
Kaspersky Anti-Virus 5.5 for Proxy Server
ADMINISTRATOR'S GUIDE
KASPERSKY ANTI-VIRUS 5.5 FOR PROXY SERVER
Administrator's Guide
http://www.kaspersky.com
Revision date: June 2006
Contents
CHAPTER 1. KASPERSKY ANTI-VIRUS FOR PROXY SERVER .............................. 5
1.1. Hardware and software requirements .................................................................. 6
1.2. Licensing policy ..................................................................................................... 7
1.3. Distribution kit ........................................................................................................ 7
1.3.1. License agreement ......................................................................................... 8
1.4. Help desk for registered users .............................................................................. 8
1.5. Conventions........................................................................................................... 9
CHAPTER 2. OPERATION ALGORITHM AND TYPICAL DEPLOYMENT
SCENARIOS .............................................................................................................. 10
2.1. The algorithm of application functioning ............................................................. 10
2.2. Typical deployment scenarios............................................................................. 13
2.2.1. Installing the application to the same server with SQUID proxy ................. 13
2.2.2. Installation on a dedicated server................................................................. 14
CHAPTER 3. INSTALLING THE APPLICATION......................................................... 15
3.1. Installing the application on a server running Linux ........................................... 15
3.2. Installing the application on a server running FreeBSD..................................... 16
3.3. Installation procedure .......................................................................................... 16
3.4. Post-install setup ................................................................................................. 17
3.5. Distribution of the application files in directories................................................. 18
CHAPTER 4. USING KASPERSKY ANTI-VIRUS....................................................... 20
4.1. Updating the anti-virus databases ...................................................................... 20
4.1.1. Automatic updating of the anti-virus databases........................................... 21
4.1.2. Manual updating of the anti-virus databases............................................... 22
4.1.3. Creating a shared directory for storing and sharing database updates...... 23
4.2. Managing license keys........................................................................................ 24
4.2.1. Viewing information about license keys....................................................... 25
4.2.2. Renewing your license .................................................................................26
4.2.3. Removing a license key ............................................................................... 27
4.3. Using a control script ........................................................................................... 28
4 Kaspersky Anti-Virus for Proxy Server
4.4. Ensuring anti-virus protection of HTTP traffic..................................................... 29
4.5. Configuring the anti-virus scan parameters for user groups.............................. 30
CHAPTER 5. ADDITIONAL SETTINGS OF KASPERSKY ANTI-VIRUS .................. 34
5.1. Creating groups ................................................................................................... 34
5.2. Anti-virus scan settings........................................................................................ 36
5.3. The choice of actions over scanned objects ...................................................... 36
5.4. Administrator notifications ................................................................................... 38
5.5. Operation modes................................................................................................. 40
5.6. Modes of interaction with proxy via ICAP........................................................... 41
5.7. Application statistics logging ............................................................................... 41
5.8. Application reporting parameters ........................................................................ 43
5.9. Memory dump creation for detection of errors ................................................... 45
5.10. Work with Internet broadcasting stations.......................................................... 46
CHAPTER 6. UNINSTALLING THE APPLICATION ................................................... 47
APPENDIX A. APPLICATION REFERENCE............................................................... 48
A.1. kav4proxy.conf application configuration file...................................................... 48
A.2. Macros................................................................................................................. 55
A.3. kavicapserver return codes................................................................................. 56
A.4. Command line options for licensemanager ....................................................... 56
A.5. Licensemanager return codes............................................................................ 57
A.6. Keepup2date command line options.................................................................. 57
A.7. Keepup2date return codes ................................................................................. 59
APPENDIX B. KASPERSKY LAB................................................................................. 60
B.1. Other Kaspersky Lab Products .......................................................................... 61
B.2. Contact Us........................................................................................................... 69
APPENDIX C. LICENSE AGREEMENT ...................................................................... 70
CHAPTER 1. KASPERSKY ANTI-
VIRUS FOR PROXY SERVER
Kaspersky Anti-Virus 5.5 for Proxy Server (hereinafter also referred to as
Kaspersky Anti-Virus or the Application) is intended for anti-virus protection of traffic routed via proxy servers based on Squid versions 2.5 and 3.0 with support for the Internet Content Adaptation Protocol (ICAP) in accordance with RFC
3507.
The application allows the user to:
Perform anti-virus scanning of objects transferred via the proxy server.
Cure revealed infected objects and block access to an infected object if
disinfection fails.
Use group settings to define various filtration parameters applied depending upon the address of the user requesting an object and the object's address (URL).
Log activity statistics including, in addition to other data, information about anti-virus scanning and its results, application errors and warnings.
Notify administrators about detection of malicious software.
Update the anti-virus databases. The application uses update servers of
Kaspersky Lab as the source of updates. It can also be configured to update the databases from a local directory.
The anti-virus databases are employed for detection of infected objects and their disinfection. The application uses database records to analyze every object checking it for virus presence: its content is compared with code typical for specific viruses.
Please keep in mind that new viruses appear every day and therefore we recommend maintaining the anti-virus databases in an up-to-date state. New updates are made available on Kaspersky Lab update servers every hour.
6 Kaspersky Anti-Virus for Proxy Server
1.1. Hardware and software requirements
In order to ensure normal functioning of Kaspersky Anti-Virus, the system must meet the following hardware and software requirements:
Minimum hardware requirements
®
Intel Pentium
64 MB RAM
50 MB of disk space for application setup
200 MB of available disk space for temporary files.
The configuration is intended to provide for servicing of at least 10 clients sending at least 20 requests per minute with average request size of 15 Kb.
Optimal hardware requirements:
for a proxy server servicing requests from 50 clients with average load of 900 requests per minute and daily traffic of 250 MB:
Intel Pentium
128 MB RAM.
512 MB of available disk space for temporary files.
for a proxy server servicing requests from 250 clients with average load of
1300 requests per minute and daily traffic of 1 GB:
Intel Pentium
512 MB RAM.
1 GB of available disk space for temporary files.
Software requirements
One of the following operating systems:
RedHat Linux 9.0.
RedHat Fedora Core 5.
RedHat Enterprise Linux Advanced Server 4.
SuSE Linux Enterprise Server 9.0.
SuSE Linux Professional 10.1.
133 MHz processor or higher
:
for product operation:
®
II 300 MHz processor.
®
4 processor.
Kaspersky Anti-Virus for Proxy Server 7
Mandriva 2006.
Debian GNU/Linux version 3.1r2.
FreeBSD version 4.11.
FreeBSD version 5.4 .
FreeBSD version 6.1.
Squid 2.5 or 3.0 proxy server with ICAP support.
Perl 5.0 or higher (www.perl.org
Glibc 2.2.x or higher (for Linux distributions).
).
1.2. Licensing policy
The licensing policy for Kaspersky Anti-Virus includes a system of product use limitations based on the following criteria:
Number of users protected by the application
HTTP traffic processed daily (MB/day).
The licensing policy based on processed traffic takes into account the traffic created by scanned objects only, auxiliary service traffic generated by the application is not included into that volume.
Each type of licensing is also limited by a certain period (typically one year or two years after the date of purchase).
You can purchase a license limited by one of the above criteria (for example, by the daily HTTP traffic volume).
1.3. Distribution kit
You can purchase the product either from our dealers (retail box) or at one of our online stores (for example, www.kaspersky.com
The retail box contains:
sealed envelope containing the installation CD with the product
a copy of this Administrator’s Guide
license key file bundled with the distribution package or recorded to a
special floppy disk
License Agreement.
– follow the E-store link).
8 Kaspersky Anti-Virus for Proxy Server
Before you unseal the envelope containing the CD, make sure you have carefully read the License Agreement.
If you purchase our application online, you will download it from Kaspersky Lab's website. Your license key is either included in the installation package or will be sent to you by email after payment.
1.3.1. License agreement
The license agreement constitutes a legal agreement between you and Kaspersky Lab Ltd containing the terms and conditions subject to which you may use the purchased software.
Please read the license agreement carefully!
If you do not agree with the terms of the license agreement you may return the box with Kaspersky Anti-Virus to the distributor, where you have purchased it, you will be refunded the amount you've paid for subscription, provided the CD envelope remains sealed.
Opening the sealed envelope of the installation CD or installing the product to a computer means your acceptance of all the terms and conditions of the license agreement.
1.4. Help desk for registered users
Kaspersky Lab offers an extensive service package enabling registered customers to boost the productivity of Kaspersky Mail Gateway.
If you purchase a subscription you will be provided with the following services for the period of your subscription:
new versions of this software product provided free of charge
phone or email support on matters related to the installation,
configuration, and operation of the product you have purchased
notifications about new software products from Kaspersky Lab, and about new virus outbreaks. This service is provided to users who have subscribed to the Kaspersky Lab email newsletter service.
Kaspersky Anti-Virus for Proxy Server 9
Kaspersky Lab does not give advice on the performance and use of your operating system or other technologies.
1.5. Conventions
Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. Table 1 below lists the formatting conventions used.
Table 1. Conventions
Style Meaning
Bold type
Note.
Attention!
In order to perform the action,
1. Step 1.
2. …
Task, example
Solution
[key] – key purpose.
Text of information messages and the command line
Menu titles, menu items, window titles, parts of dialog boxes, etc.
Additional information, notes.
Information requiring special attention.
Procedure description for user's steps and possible actions.
Statement of a problem, example for using the software features.
Solution to a defined problem.
Command line keys.
Text of configuration files, information messages and the command line.
CHAPTER 2. OPERATION
ALGORITHM AND TYPICAL DEPLOYMENT SCENARIOS
This chapter contains essential information necessary for understanding of application functionality, its configuration and integration with an existing network structure.
2.1. The algorithm of application functioning
Kaspersky Anti-Virus scans HTTP traffic using two modes of proxy operation: REQMOD and RESPMOD.
In the RESPMOD mode the application checks objects requested by users via a proxy server. In the REQMOD mode it scans objects transmitted from users through the proxy. REQMOD is applied, for instance, for anti-virus scanning of e­mail messages sent by users via a web-based mail server interface. Kaspersky Anti-Virus scans message attachments transferred by users to mail servers.
The application performs anti-virus scanning of Internet traffic in the RESPMOD mode in accordance with the following procedure (see Fig. 1):
1. User requests an object through a Squid proxy via HTTP.
2. If the requested object is available within the Squid proxy cache, it will be returned to the user. If the object has not been found in cache, Squid proxy accesses a remote server and downloads the requested object from it.
3. Squid uses ICAP to transfer the retrieved object to Kaspersky Anti­Virus for an anti-virus check.
4. Kaspersky Anti-Virus verifies correspondence of request parameters (user IP address, URL of the requested object) to any of its groups (please refer to section 5.1 on p. 34 for details about groups). If it finds such group, then the application scans and processes the object as necessary in accordance with the rules specified for that group. If a request does not match any of the
Operation algorithm and typical deployment scenarios 11
existing groups, the application will use the default group rules for anti-virus scanning and processing.
5. The application uses the results of anti-virus scanning to assign to a scanned object a specific status, which is employed to grant users access to that object or block access attempts (please refer to section 5.3 on p. 36 for details about available statuses and actions performed by the application). Access to objects with a specific status is granted or blocked according to the processing group parameters (please refer to section 5.1 on p. 34 for details about groups).
6. If access to an object has been granted, Kaspersky Anti-Virus allows Squid proxy to cache the object and transmit it to users. If access to an object is blocked, Kaspersky Anti-Virus prohibits Squid proxy to cache the object and deliver it to users. Instead of the requested object, the user will receive a notification informing that access to that object has been blocked.
Figure 1. Anti-virus scanning of traffic in the RESPMOD mode
12 Kaspersky Anti-Virus for Proxy Server
The application performs anti-virus scanning of Internet traffic in the REQMOD mode in accordance with the following procedure (see Fig. 2):
1. User sends an object using HTTP via Squid proxy.
2. Squid proxy uses ICAP to transfer the received object to Kaspersky Anti-Virus for an anti-virus scan.
3. Kaspersky Anti-Virus checks if the request parameters match any of the existing groups (please refer to section 5.1 on p. 34 for details about groups). If it finds such group, then the application scans and processes the object as necessary in accordance with the rules specified for that group. If a request does not match any of the existing groups, the application will use the default group rules for anti-virus scanning and processing.
Figure 2. Anti-virus scanning of traffic in the REQMOD mode
4. The application uses the results of anti-virus scanning to assign to a scanned object a specific status, which is employed as a criterion to allow transfer of that object or prohibit it (please refer to section 5.3 on p. 36 for details about available statuses and actions performed by the application). Permission or denial of transfer for objects with a specific
Operation algorithm and typical deployment scenarios 13
status defined according to the processing group parameters (please refer to section 5.1 on p. 34 for details about groups).
5. If transfer is allowed, the proxy will transmit the object sent by the user. If transfer is prohibited, Squid will not transmit the object. Instead, it will send to the user a notification informing that the transfer has been blocked.
2.2. Typical deployment scenarios
This section contains a description of two main methods available for application deployment:
Application setup on the same server with Squid proxy
Application setup on a dedicated server.
General guidelines described in the examples will allow you to configure the application in accordance with your existing network structure.
2.2.1. Installing the application to the same server with SQUID proxy
Further in this document we shall use this variant of Kaspersky Anti­Virus setup (on the same server with SQUID proxy) to describe its operation and configuration.
Application setup on the same server with Squid allows higher speed of processing as data transfers between Squid and Kaspersky Anti-Virus occur locally and do not involve the network. Such deployment scheme is efficient in case of low load on the proxy server. If the proxy is used to serve a large number of user requests, you are advised to install the application to a dedicated server since anti-virus scanning and processing are most resource-intensive procedures, which can therefore influence negatively the general proxy performance. Please refer to section 2.2.2 on p. 14 for application setup on a dedicated server. During application setup the installer automatically configures the following aspects:
1. Kaspersky Anti-Virus will be set up to run automatically at the operating system start and listen for requests from Squid proxy using port 1344 for all network interfaces of the server.
2. The following lines will be added to the ICAP OPTIONS section in the Squid configuration file specified during application setup:
14 Kaspersky Anti-Virus for Proxy Server
icap_enable on icap_send_client_ip on icap_service is_kav_resp respmod_precache 0
icap://localhost:1344/av/respmod icap_service is_kav_req reqmod_precache 0
icap://localhost:1344/av/reqmod icap_class ic_kav is_kav_req is_kav_resp icap_access ic_kav allow all
They will make the proxy transmit all requested objects to Kaspersky Anti­Virus via port 1344 of the local interface.
2.2.2. Installation on a dedicated server
Installing the application to a dedicated server is recommended in case of high load on the proxy server and in situations when Kaspersky Anti-Virus is used to process the traffic of several proxy servers.
Since such deployment scheme does not allow automatic configuring of the application, you should set it up manually in accordance with the following procedure:
1. After application setup use the ListenAddress parameter in the [icapserver.network] section of the kav4proxy.conf configuration file to specify the IP address of the network interface and port that Kaspersky Anti-Virus will use to wait for proxy requests to process necessary objects. By default Kaspersky Anti-Virus waits for requests to all network interfaces of the server on port 1344.
2. Add the following lines to the ICAP OPTIONS section of the Squid proxy configuration file
icap_enable on icap_send_client_ip on icap_service is_kav_resp respmod_precache 0
icap://<ip_address>:<port>/av/respmod icap_service is_kav_req reqmod_precache 0
icap://<ip_address>:<port>/av/reqmod icap_class ic_kav is_kav_req is_kav_resp
icap_access ic_kav allow all
where <ip_address> Kaspersky Anti-Virus is installed; <port> is the port that Kaspersky Anti­Virus uses to wait for proxy requests for anti-virus processing. Restart Squid as soon as the changes are entered.
stands for the IP address of the server where
CHAPTER 3. INSTALLING THE
APPLICATION
Before installing Kaspersky Anti-Virus, you are advised to:
1. Make sure that your system meets the hardware and software requirements (see section 1.1 on p. 6).
2. Log on to the system as root.
3. Make sure that your installed Squid proxy server supports ICAP.
Unlike Squid 3.0, Squid 2.5 does not support ICAP by default. Please see the README-SQUID.txt file in the /opt/kav/5.5/kav4proxy/share/doc/ directory for information about available Squid distributions, correct compilation and proxy configuration for ICAP support.
3.1. Installing the application on a server running Linux
Kaspersky Anti-Virus for servers running the Linux operating system is distributed in two different installation packages:
.rpm – for systems that support RPM Package Manager.
.deb – for Debian distributions.
To initiate installation of Kaspersky Anti-Virus from the rpm package, enter the following in the command line:
# rpm –i kav4proxy-linux-<version_number>.i386.rpm
To initiate installation of Kaspersky Anti-Virus from the deb package, enter the following in the command line:
# dpkg –I
During the setup process you will have to specify additional information necessary for connection to the Internet, downloading of the anti-virus databases
kav4proxy-linux-<version_number>.deb
16 Kaspersky Anti-Virus for Proxy Server
and the settings for interaction with the proxy server. Please refer to section 3.4 on p. 17 for details.
3.2. Installing the application on a server running FreeBSD
The distribution file for installation of Kaspersky Anti-Virus on servers running the FreeBSD operating system is supplied as a .tgz package.
To initiate installation of Kaspersky Anti-Virus from a tgz-package enter the following in the command line (depending on the version of FreeBSD distributive):
# pkg_add kav4proxy-freebsd4-<distributive version >.tgz
or
# pkg_add
or
# pkg_add kav4proxy-freebsd6-< distributive version >.tgz
During the setup process you will have to specify additional information necessary for connection to the Internet, downloading of the anti-virus databases and the settings for interaction with the proxy server. Please refer to section 3.4 on p. 17 for details.
kav4proxy-freebsd5-< distributive version >.tgz
3.3. Installation procedure
Algorithms described in this section and in section 3.4 suggest that the target server already has Squid 2.5 or 3.0 with ICAP support installed.
Kaspersky Anti-Virus must be installed in two stages. The first stage will be performed automatically after execution of the commands described in sections
3.1, 3.2, it comprises the following steps:
1. Creation of the klusers group and the kluser account with the
necessary privileges that Kaspersky Anti-Virus will use to start and operate.
2. Copying of the files from distribution package to computer.
3. Registration of services necessary for Kaspersky Anti-Virus functioning.
Installing the application 17
3.4. Post-install setup
Post-install setup of Kaspersky Anti-Virus is the second stage of its installation including configuration of the application and Squid proxy server. To initiate the configuration process, use the postinstall.pl script located in the /opt/kav/5.5/kav4proxy/setup/ directory. After script start you will be offered to perform the following actions:
The postinstall.pl script should be launched manually for RPM-based systems. In other systems (for example, such as FreeBSD) the script will run automatically during the installation procedure.
1. Specify the path to the license key file.
2. Configure the parameters of the proxy server used for connection to the Internet in the following format:
http://<proxy server IP address>:<port>
or
http://<user_name>:<password>@<proxy server IP address>:<port>
depending upon the necessity to authenticate users logging on to that proxy. The value will be used by the application updater component (keepup2date) for connection to Kaspersky Lab's servers and downloading of updates to the anti-virus databases.
If you are not using a proxy for Internet connection, specify no as the value for that parameter.
3. Download updates to the anti-virus databases from update servers of Kaspersky Lab. Specify yes or no depending upon your wish to update immediately or later.
4. Specify full path to the configuration file of the Squid proxy transferring the HTTP traffic, which Kaspersky Anti-Virus is supposed to scan. The settings necessary to enable interaction via ICAP between the proxy and the application will be added to the configuration file.
During the process of post-install configuration the task for hourly updates of the anti-virus databases will be registered with the cron service.
If you have not installed a license key during post-install product configuration, then after launch Kaspersky Anti-Virus will start functioning in the unlicensed mode. If you have not downloaded the anti-virus databases during post-install configuration, then after launch Kaspersky Anti-Virus will start functioning
18 Kaspersky Anti-Virus for Proxy Server
without the anti-virus databases. Please see section 5.5 on p. 40 for details on the application modes.
3.5. Distribution of the application files in directories
After the installation of Kaspersky Anti-Virus on a server running Linux is complete, the application files will be located in the following directories, provided that the default paths have been accepted during the installation:
/etc/kav/5.5/kav4proxy/kav4proxy.conf – configuration file containing
application parameters.
/opt/kav/5.5/kav4proxy/bin – directory containing executable files of the
application components:
avbasestest – utility validating downloaded updates to the anti-virus
databases used by the keepup2date component.
kavicapserver – executable file of the main application component.
keepup2date – utility updating the anti-virus databases.
licensemanager – utility for management of license keys.
/opt/kav/5.5/kav4proxy/init.d/kav4proxy – service script for application
control.
/opt/kav/5.5/kav4proxy/contrib/kavproxy.wbm – Webmin plug-in module for
Kaspersky Anti-Virus management.
/opt/kav/5.5/kav4proxy/man – directory containing application manual pages.
/opt/kav/5.5/kav4proxy/share/doc/kav4proxy.groups.conf.sample – sample
file containing group-based application configuration.
/opt/kav/5.5/kav4proxy/share/doc/README-SQUID.txt – file containing
information about available Squid distributions, correct compilation and proxy configuration for ICAP support.
/opt/kav/5.5/kav4proxy/setup – directory containing scripts used for post-
install setup and removal of the application:
keepup2date.sh – script that configures the keepup2date component.
icap_squid_setup.pl – script that configures Squid for work with Kaspersky Anti-Virus.
postinstall.pl – post-install application setup script.
Installing the application 19
uninstall.pl – application removal script.
/var/db/kav/5.5/kav4proxy/ – application directory including:
backup/ – directory where the updater saves backup copies of the anti-
virus databases and application modules prior to an update.
bases/ – directory containing the anti-virus databases and core
modules.
licenses/appinfo.dat – file that contains information about the current
license.
patches/ – directory where the updates for the anti-virus core modules are stored.
/var/log/kav/5.5/kav4proxy/ – directory containing the application log files.
CHAPTER 4. USING KASPERSKY
ANTI-VIRUS
This chapter contains solutions for typical tasks related to work with Kaspersky Anti-Virus, such as application updating, management of license keys, anti-virus protection of HTTP traffic, and configuration of different anti-virus scanning parameters for various user groups. The tasks described in this section reflect basic features of Kaspersky Anti-Virus. Their implementation in a specific configuration will depend upon the organizational peculiarities of your network and the existing security policy. Please refer to Chapter 5 on p. 34 for a detailed explanation of application settings used in description of these tasks.
4.1. Updating the anti-virus databases
Kaspersky Anti-Virus uses the anti-virus databases while processing the objects requested by users through Squid proxy.
The anti-virus databases are employed during scanning and disinfection of infected objects; they contain descriptions of all currently known viruses and the methods of disinfection for objects affected by those viruses.
The keepup2date component is included into the application to provide for software updates. The updates are retrieved from the update servers of Kaspersky Lab, e.g.:
http://downloads1.kaspersky-labs.com/
http://downloads2.kaspersky-labs.com/
ftp://downloads1.kaspersky-labs.com/
The updcfg.xml file included in the installation package lists the URLs of all available update servers.
etc.
The keepup2date component supports Basic authentication for connections through a proxy server.
To update the anti-virus databases, the keepup2date component selects an address from the list of update servers and tries to download updates from that server. If the server is currently unavailable, the application connects to another server, trying to download updates.
Using Kaspersky Anti-Virus 21
We strongly recommend that you set up the keepup2date component to update the databases every hour!
After a successful update, a command specified as the value of the PostUpdateCmd parameter in the [updater.options] section of the configuration file will be executed. By default, this command will automatically initiate reloading of the anti-virus databases. Incorrect modification of that parameter may prevent the application from using the updated databases or cause it to function erroneously.
All settings of the keepup2date component are stored in the [updater.*] sections of the configuration file.
If your network has a complicated structure, we recommend that you download updates from Kaspersky Lab’s update servers every hour and place them in a network directory. To keep other networked computers constantly updated, configure the local computers to copy the updates from that directory. For detailed instructions on creation of a public directory, see section 4.1.3 on p. 23.
The updating process can be scheduled to run automatically using the cron utility (see section 4.1.1 on p. 21) or started manually from the command line (see section 4.1.2 on p. 22). Starting the keepup2date component requires root or kluser user privileges.
4.1.1. Automatic updating of the anti-virus databases
You can schedule regular automatic updates for the anti-virus databases using the cron service. You can configure cron either manually or using the keepup2date.sh script located in the /opt/kav/5.5/kav4proxy/setup/ directory.
In order to create a сron task updating the anti-virus databases every hour, enter the following in the command line:
# /opt/kav/5.5/kav4proxy/setup/keepup2date.sh –install
To delete the cron task for hourly updating of the anti-virus databases, enter the following in the command line:
# /opt/kav/5.5/kav4proxy/setup/keepup2date.sh –uninstall
22 Kaspersky Anti-Virus for Proxy Server
Task
: Configure the application to update automatically your anti-virus databases every hour. An update server should be selected from the updcfg.xml file by default. Only errors occurring in the component operation should be recorded in the system log. Keep a general log of all task starts. Output no information to the console.
Solution
1. In the application configuration file, specify the following values for
2. Edit the file that sets the rules for the cron process (crontab –e) by
: to perform the above task, do the following:
the parameters below:
[updater.report] Append=true ReportLevel=1
entering the following string for the root or kluser user, add, for example, the following line:
In Linux:
23 * * * * /opt/kav/5.5/kav4proxy/bin/keepup2date
-q
In FreeBSD:
23 * * * * /usr/local/share/kav/5.5/ kav4proxy/bin/keepup2date -q
The specified time setting for the cron task start is just an example. You are advised to specify your own settings for the start time to avoid overloading the updating servers.
4.1.2. Manual updating of the anti-virus databases
You can start updating your anti-virus databases from the command line at any time.
Task
: start updating of the anti-virus databases, save updating results in the updatesreport.log file within the /var/log/kav/5.5/kav4proxy/ directory.
Solution privileged user) and enter in the command line:
: to accomplish the task, log in as the root (or any other
Using Kaspersky Anti-Virus 23
# keepup2date –l /var/log/kav/5.5/kav4proxy/updatesreport.log
If you need to update the anti-virus databases on several servers, it may be more convenient to download the updates from an update server once, save them to a shared directory, and mount the directory within the file system of every server running Kaspersky Anti-Virus. Then it will be sufficient to launch the update script having specified first the mounted directory as the source of updates. FTP and HTTP can also be used for sharing of the anti-virus databases. Please see section 4.1.3 on p. 23 for details related to creation of a shared directory for updates.
Task
: initiate updating of the anti-virus databases using the local
/home/kluser/bases directory as the source. Output the results to the /tmp/updatesreport.log file.
Solution privileged user) and perform the following steps:
1. Mount the shared directory containing updates to the anti-virus
2. Enter the following in the command line:
You can also update the application remotely using the appropriate Webmin plug-in.
: to accomplish the task, log in as the root (or any other
databases, to the local /home/kluser/bases directory.
# keepup2date –l /tmp/updatesreport.log –g /home/kluser/bases
4.1.3. Creating a shared directory for storing and sharing database updates
To update the anti-virus databases correctly on local computers from the shared directory, you need to reproduce in that directory a file system structure that is similar to that of Kaspersky Lab’s update servers. This task deserves a detailed explanation.
: create a shared local directory, which the local computers will use
Task as the source to update their anti-virus databases.
Solution: to accomplish the task, log in as the root (or any other privileged user) and do the following:
Loading...
+ 52 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use