Kaspersky Lab KASPERSKY ANTI-VIRUS FOR FIREWALL 1.0 User Manual

KASPERSKY LAB
Kaspersky Anti-Virus for Firewall
USER GUIDE
KASPERSKY ANTI-VIRUS
FOR FIREWALL
Guide
Kaspersky Lab Ltd.
Tel. +7 095 797 87 00 • Fax +7 095 948 43 31
Visit our Web site:
http://www.kaspersky.com/
Contents
1. KASPERSKY™ ANTI-VIRUS FOR FIREWALL............................ 6
1.1. Function And Features
1.2. KAV for Firewall: Protecting Local Network From Viruses
1.3. What’s New…
1.4. Distribution Kit
1.5. Help Desk For Registered Users
1.6. Information In The Book
2. INSTALLING KAV FOR FIREWALL ........................................13
2.1. Software And Hardware Requirements
2.2. Step-By-Step Inst allation
2.3. The *.KEY File
3. PREPARING TO RUN THE PROGRAM.................................... 29
3.1. Binding Firewall With KAV For Firewall
3.2. Adding CVP Server
3.3. Adding Resources
3.4. Creating Rules
3.5. Saving New Settings
4. RUNNING THE PROGRAM.................................................... 48
4.1. Various Methods To Launch The Program
5. CONFIGURING THE PROGRAM............................................. 51
5.1. Anti-Virus Settings
5.2. Various Configuration Methods
5.3. Defining General Anti-Virus Settings
.................................................................................. 8
........................................................... 9
......................................................... 9
........................................................ 28
....................................................... 43
........................................... 6
......................... 11
..................................... 12
............. 13
..................................... 14
.............. 29
................................................ 29
.................................................. 33
............................................. 47
........ 48
................................................. 51
........................... 52
.................. 54
3333
5.4. Defining Setting For Each Protocol Separately
..57
6. ACTIONS TAKEN FOR INFECTED FILES.................................69
7. PERFORMANCE STATISTICS AND OPERATION LOG................71
7.1. Displaying The Performance Statistics
7.2. Log File
7.3. Alerts From Control Centre
....................................................................73
...................................74
...............71
8. KASPERSKY ANTI-VIRUS F O R FIREWALL AGENT ...................76
8.1. General Information
8.2. Configuring The Agent
..............................................76
..........................................76
APPENDIX A. KASPERSKY LAB LTD................................78
APPENDIX B. FREQUENTLY ASKED QUESTIONS .......80
4444
Dear Customer, Thank you for choosing KASPERSKY ANTI-VIRUS to protect your computer from viruses. The best anti-virus experts worked hard to make this product meet the highest possible standards and feel sure that you will find it efficient and effective. By choosing our software, you acquire the unbeatable protection against viruses. Our company always seeks to make the software products more friendly and easy-to-use while keeping their functionality at the highest possible level. KASPERSKY ANTI-VIRUS provides its users with the highly reliable anti-virus protection, heuristic code-analyser, ability to check for viruses in all the commonly used mail formats and compressed files, easy-to-use anti-virus managing tools. Furthermore, the user is provided with round-the-clock technical support, information services, and personal attention to every client and immediate response to new viruses. We highly appreciate your confidence in our product and hope you'll find it fairly efficient and useful.
Kaspersky Lab
5555
Chapter
1
1. Kaspersky™ Anti-Virus For Firewall
What is Kaspersky Anti-Virus for Firewall? Distribution kit.
1.1. Function And Features
Kaspersky™ Anti-Virus for Firewall is a special plug-in module for the centralised filtering of data traffic passing through firewalls supporting Content Vectoring Protocol (CVP).
Kaspersky™ Anti-Virus for Firewall is based on the world's famous anti-virus kernel used in other Kaspersky Lab products. KAV for Firewall allows to protect user workstations from viruses passing via the firewall from the Internet.
KAV for Firewall is installed on any computer running one of the following operating systems: Windows NT Server, Windows 2000 Server, Windows 2000 Advanced Server, Windows NT Workstation, Windows 2000 Professional, and works with Check Point Firewall-1 copies regardless of the operating system they are running under. The firewall transfers incoming data packets to KAV for Firewall via TCP/IP. KAV sorts these packets by the protocols
6666
KASPERSKY ANTI-VIRUS
that have been used to download them, i.e. SMTP, FTP and HTTP, checks for viruses and returns these to the firewall with the banner indicating the check results. To speed up the check procedure you can use different workstations to scan for viruses in different types of traffic (SMTP, FTP and HTTP).
The KAV for Firewall features:
9In real-time, Kaspersky™ Anti-Virus for Firewall checks for and
deletes all types of malicious code from data passing through the firewall and received by HTTP, FTP, SMTP and other protocols.
9The program searches for viruses in archived and packed files
and e-mail.
9A powerful heuristic code analyser and redundant scan feature
will protect your network from even unknown viruses.
9You can define the quarantine directory where the program will
transfer all infected and suspicious objects that have been detected in the Internet traffic. All detected virus attacks are immediately reported by Kaspersky™ Anti-Virus to the pre­defined e-mail addresses.
9Kaspersky™ Anti-Virus for Firewall logs all the program activity
and the virus attack statistics.
9You may change any program setting without needing to restart
it. All changes will be activated right after you have confirmed them.
Content Vectoring Protocol (CVP) was developed by

Check Point Software Technologies within the framework of the Open Platform for Secure Enterprise Connectivity project. CVP allows «coupling» the firewall with other programs.
7777
KAV FOR FIREWALL
Kaspersky™ Anti-Virus for Firewall is developed for Check Point Firewall-1, versions 3.0, 4.0, and 4.1.
1.2. KAV for Firewall: Protecting
Local Network From Viruses
Nowadays more and more large, medium or small companies provide their staff with access to the Internet. Consequently, the probability that one day a virus will pass from the Internet onto your private network increases every day. According to International Computer Security Association (ICSA) practically all the medium and large companies suffered from virus attacks (1998 Virus Prevalence Survey) and in most cases the virus was carried in with email messages.
Today, the corporate Internet-gateway is the main entry point for viruses attempting to penetrate corporate networks. Most network administrators take care to protect their file servers and workstations, but leave Internet gateways unprotected, hoping that their firewall protects them from the Internet viruses. To our regret firewalls monitor just the source of incoming files what makes them weak in the face of a virus attack. Nevertheless, integration of such an anti-virus software as KAV with the OPSEC architecture allows to develop the internal security policy that will stop viruses before they reach user workstations.
The on-line scanner, KAV for Firewall, is used for anti-virus protection. The firewall transfers incoming data packets to KAV for Firewall via TCP/IP. KAV checks these packets for viruses and returns to the firewall with the banner indicating the check results.
KAV for Firewall uses all the features of FireWall-1 to register events, it also records its performance statistics and logs it to a separate file. This data is very important and allows to define the source of incoming viruses. It allows you to increase the protection level by, for example, prohibiting the download of files from this “problem” source.
8888
KASPERSKY ANTI-VIRUS
Different servers require different approaches to their anti-virus protection. The HTTP server, for example, runs ActiveX and Java applets. These elements may contain viruses that must be deleted before they reach the browser. To protect email (SMTP) from viruses the anti-virus program must access each database and find any hidden viruses attached to messages before the recipient reads or readdresses this message. Finally, FTP corresponds to the file transfer protocol enabling you to download applications that can be infected with a virus. KAV for Firewall features enable it to provide protection for the different server types.
KAV for Firewall is a quality product with high scanning speed and reliable check results. The latter quality is guaranteed by the ability to regularly update anti-virus databases via the Internet by means of the KAV for Firewall one-click automatic updating feature.
1.3. What’s New…
In this version, users are provided with the ability to optimise the KAV for Firewall processing of examined files (percentage of a large-size file, transferred to the user without checking).
Besides, we added the feature allowing to view the quantity of simultaneously launched sessions and, if necessary, to terminate them.
The package also includes the Kaspersky Anti-Virus for Firewall Agent module that launches the appropriate support program or restarts KAV for Firewall in case of the program failure.
1.4. Distribution Kit
1.4.1. What is in the distribution kit
Your KAV distribution kit contains the following items:
9999
KAV FOR FIREWALL
license agreement;
sealed envelope with CD containing the program
installation files;
User Guide;
registration card.

Before you unseal the envelope with CD make sure to review thoroughly the license agreement.
1.4.2. License agreement
License Agreement is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab LTD) describing the terms on which you may employ this anti-virus product.

Make sure to peruse this LA!
If you do not agree to terms of this LA, Kaspersky Lab is not willing to license the software product to you and you should return the unused product to your KAV dealer for a full refund, but make sure the envelope with CD is sealed.
By unsealing the envelope, you agree to all the LA terms.
1.4.3. Registration card
To register you must fill the detachable coupon of your registration card (your full name, telephone and e-mail address) and mail it to the Kaspersky Lab legal dealer that sold this kit to you.
If your mail/e-mail address or telephone number changed, please notify the entity to which you mailed the coupon.
10
10
1010
KASPERSKY ANTI-VIRUS
When registered you obtain the status of Kaspersky Lab legal customer and will be provided with the product support and anti­virus database updates for the period of your subscription. Furthermore, Kaspersky Lab provides Kaspersky Anti-Virus registered users with information about the new products released by the company.
1.5. Help Desk For Registered Users
Kaspersky Lab offers a large service package enabling its legal customers to efficiently employ Kaspersky Anti-Virus for Firewall.
If you register and purchase a subscription, you will be provided with the following services for the period of your subscription:
anti-virus database DAILY updates provided by e-mail;
new versions of the Kaspersky Lab anti-virus software
provided on the FREE basis;
PHONE, E-MAIL or IN-OFFICE advising on matters
related to the operation of our anti-virus software;
information about the Kaspersky Lab new products and
about new computer viruses (for those who subscribe to our newsletter ­http://www.kaspersky.com/subscribeNow.asp).

For more information about our services, refer to the file README.TXT.

Kaspersky Lab does not provide information related to operation and use of your operating system, and various technologies.
11
11
1111
KAV FOR FIREWALL
1.6. Information In The Book
This book contains information on how to install, configure and manage the software product, explains its basic concepts and the way they can be applied, recommends how to manage and change settings.
12
12
1212
Chapter
2
2. Installing KAV for
Firewall
Step-by-step in stallation. File *.KEY.
2.1. Software And Hardware Requirements
In order to run KAV for Firewall you need:
an IBM PC or a 100%-compartible computer with
Processor Pentium 133 MHz;
64 MB RAM;
100 MB of hard disk space (for the server to work
efficiently 500 MB of hard disk space is recommended);
CD-ROM (for the KAV distribution kit that includes
CDs);
One of the following operation systems: Windows NT
Server, Windows 2000 Server, Windows NT Workstation, Windows 2000 Professional, and Windows 2000 Advanced Server.
13
13
1313
INSTALLING KAV FOR FIREWALL
KAV for Firewall is installed on any computer of your local network and works with Check Point Firewall-1 copies regardless of the operating system they are running under. To speed up the check procedure you can use different workstations to scan for viruses in different types of traffic (SMTP, FTP and HTTP).
2.2. Step-By-Step Installation
2.2.1. Installing the first time
)
To install KAV for Firewall on a computer, follow the steps:
1. Insert the supplied CD into the CD-ROM drive of your computer.
2. Start the installation wizard setup.exe.
3. The installation wizard will start (see figure 1). Follow instructions on your screen.
Figure 1. The installation wizard welcome window
14
14
1414
KASPERSKY ANTI-VIRUS
4. Read the wizard window information and click Next to proceed. The License Ag reement wizard window will appear on your screen (see figure 2).
Figure 2. The License Agreement wizard window
5. Review all the agreement terms. If they are acceptable click Yes to proceed. Click No to abort the installation if the terms are not acceptable. If you accepted the terms, the Customer Information wizard window will appear on your screen (see figure 3).
15
15
1515
INSTALLING KAV FOR FIREWALL
Figure 3. The Customer Information wizard window
6. Type in the required information in the User Name and the Company Name fields. Then click Next to proceed. The Choose Destination Location wizard window will appear on your screen (see figure 4).
Figure 4. The Choose Destination Location wizard window
16
16
1616
KASPERSKY ANTI-VIRUS
7. In this wizard window, you must choose a directory where your KAV for Firewall will be installed:
To do this, press the Browse button and select
the required directory (see figure 5).
Then click OK.
In the Choose Folder wizard window on your
screen, click Next to proceed.
Figure 5. The Choose Folder wizard window
8. The Select Program Folder wizard window will appear on your screen (see figure 6). In this window, select the name of the program folder under which your KAV for Firewall software will appear on the Windows Start menu. Click Next to proceed.
17
17
1717
INSTALLING KAV FOR FIREWALL
Figure 6. The Select Program Folder wizard window
9. The Setup Type wizard window will appear on your
screen (see figure 7). In this window, you must choose the type of installation you want the installation wizard to perform. The choices are:
Figure 7. The Setup Type wizard window
18
18
1818
KASPERSKY ANTI-VIRUS
Custom — allows you to choose exactly which
components to install;
Typical — installs all the program components.
This option skips the steps 11 and 12 described below.
10. Click Next to proceed.
11. If you choose Custom in the Setup Type wizard window, the Select Components wizard window will appear on your screen (see figure 8). In this window, you must choose the required components. By default, all the components are selected. You can choose not to install any of the components by unchecking the box alongside it. When done, click Next to proceed. If you choose not to install Kaspersky Anti-Virus for Firewall, the steps 13 and 14 described below will be skipped.
Figure 8. The Select Components wizard window
19
19
1919
INSTALLING KAV FOR FIREWALL
12. The Report Files Location wizard window will
appear on your screen (see figure 9). In this window, you must select a directory where KAV for Firewall will place its log files. When done, click Next to proceed.
Figure 9. The Report Files Location wizard window
13. The Start Copying Files wizard window will appear
on your screen (see figure 10). Read the installation information and click Next to proceed. The installation wizard will start copying files on your computer (see figure 11).
20
20
2020
KASPERSKY ANTI-VIRUS
Figure 10. The Start Copying Files wizard window
Figure 11. The Setup status wizard window
14. When the wizard is done, the Configuration wizard window will appear on your screen (see figure 12). In
21
21
2121
INSTALLING KAV FOR FIREWALL
the Local IP Address field on this wizard window, you must specify the local IP address of the computer where you installing the program, and in the CVP Port field — the required port number. If in order to work with the firewall the program needs additional authentication, you must check the Authentification box and specify the required port number in the Authentification CVP Port field. Then click Next to proceed.

If you leave these fields blank, the program by default will use the appropriate settings of your workstation.
Figure 12. The Configuration wizard window
15. The Temporary Files Location wizard window will
appear on your screen (see figure 13). Here you must choose the directory where KAV for Firewall will generate its temporary files. Click Next to proceed.
22
22
2222
KASPERSKY ANTI-VIRUS
Figure 13. The Temporary Files Location wizard window
16. The Key File wizard window will appear on your screen (see figure 14). In this window, you must define the key file and its location (see subchapter 2.3). If the file is located in the folder from which you are running the installation wizard, it will be automatically displayed in the List of key files to install list. If the key file is located in some other directory, you must press the Add button and choose this file in the directory tree. If necessary, you can use several key files simultaneously. After you selected all required key files, click Next to proceed.
23
23
2323
INSTALLING KAV FOR FIREWALL
Figure 14. The Key File wizard window
17. When the installation procedure is completed the
Completing the Kaspersky Anti-Virus for Firewall Setup Wizard wizard window will appear on your
screen (see figure 15). Check the KAV components that you want to start immediately after the installation and press the Next button.
24
24
2424
KASPERSKY ANTI-VIRUS
Figure 15. The Completing the Kaspersky Anti-Virus for
Firewall Setup Wizard wizard window
2.2.2. Reinstalling the program
If when started the installation wizard will detect a previous installation of the program on your computer, the Program Maintenance wizard window will appear on your screen (see figure 16). In this window, you must choose the re-installation type. The choices are:
Modify — adds new KAV components to the previous
installation;
Repair — reinstalls all the KAV components;
Remove — removes the KAV copy from your computer
(see subchapter 2.2.3).
Choose the required option button and click Next to proceed.
25
25
2525
Loading...
+ 58 hidden pages