Kaspersky Lab KASPERSKY ANTI-VIRUS FOR FIREWALL 1.0 User Manual

KASPERSKY LAB

Kaspersky Anti-Virus
for Firewall

USER GUIDE

KASPERSKY ANTI-VIRUS

FOR FIREWALL

User

Guide

 Kaspersky Lab Ltd.

Tel. +7 095 797 87 00 • Fax +7 095 948 43 31

Visit our Web site:

http://www.kaspersky.com/

Contents

1. KASPERSKY™ ANTI-VIRUS FOR FIREWALL............................ 6

1.1. Function And Features

1.2. KAV for Firewall: Protecting Local Network From
Viruses

1.3. What’s New…

1.4. Distribution Kit

1.5. Help Desk For Registered Users

1.6. Information In The Book

2. INSTALLING KAV FOR FIREWALL ........................................13

2.1. Software And Hardware Requirements

2.2. Step-By-Step Inst allation

2.3. The *.KEY File

3. PREPARING TO RUN THE PROGRAM.................................... 29

3.1. Binding Firewall With KAV For Firewall

3.2. Adding CVP Server

3.3. Adding Resources

3.4. Creating Rules

3.5. Saving New Settings

4. RUNNING THE PROGRAM.................................................... 48

4.1. Various Methods To Launch The Program

5. CONFIGURING THE PROGRAM............................................. 51

5.1. Anti-Virus Settings

5.2. Various Configuration Methods

5.3. Defining General Anti-Virus Settings

.................................................................................. 8

........................................................... 9

......................................................... 9

........................................................ 28

....................................................... 43

........................................... 6

......................... 11

..................................... 12

............. 13

..................................... 14

.............. 29

................................................ 29

.................................................. 33

............................................. 47

........ 48

................................................. 51

........................... 52

.................. 54

3333

5.4. Defining Setting For Each Protocol Separately

..57

6. ACTIONS TAKEN FOR INFECTED FILES.................................69

7. PERFORMANCE STATISTICS AND OPERATION LOG................71

7.1. Displaying The Performance Statistics

7.2. Log File

7.3. Alerts From Control Centre

....................................................................73

...................................74

...............71

8. KASPERSKY ANTI-VIRUS F O R FIREWALL AGENT ...................76

8.1. General Information

8.2. Configuring The Agent

..............................................76

..........................................76

APPENDIX A. KASPERSKY LAB LTD................................78

APPENDIX B. FREQUENTLY ASKED QUESTIONS .......80

4444

Dear Customer,
Thank you for choosing KASPERSKY ANTI-VIRUS to protect your
computer from viruses. The best anti-virus experts worked hard to make
this product meet the highest possible standards and feel sure that you
will find it efficient and effective. By choosing our software, you acquire
the unbeatable protection against viruses.
Our company always seeks to make the software products more friendly
and easy-to-use while keeping their functionality at the highest possible
level. KASPERSKY ANTI-VIRUS provides its users with the highly
reliable anti-virus protection, heuristic code-analyser, ability to check for
viruses in all the commonly used mail formats and compressed files,
easy-to-use anti-virus managing tools. Furthermore, the user is provided
with round-the-clock technical support, information services, and
personal attention to every client and immediate response to new
viruses.
We highly appreciate your confidence in our product and hope you'll find
it fairly efficient and useful.

Kaspersky Lab

5555

Chapter

1

1. Kaspersky™ Anti-Virus
For Firewall

What is Kaspersky Anti-Virus for Firewall?
Distribution kit.

1.1. Function And Features

Kaspersky™ Anti-Virus for Firewall is a special plug-in module for
the centralised filtering of data traffic passing through firewalls
supporting Content Vectoring Protocol (CVP).

Kaspersky™ Anti-Virus for Firewall is based on the world's famous
anti-virus kernel used in other Kaspersky Lab products. KAV for
Firewall allows to protect user workstations from viruses passing via
the firewall from the Internet.

KAV for Firewall is installed on any computer running one of the
following operating systems: Windows NT Server, Windows 2000
Server, Windows 2000 Advanced Server, Windows NT
Workstation, Windows 2000 Professional, and works with Check
Point Firewall-1 copies regardless of the operating system they are
running under. The firewall transfers incoming data packets to KAV
for Firewall via TCP/IP. KAV sorts these packets by the protocols

6666

KASPERSKY ANTI-VIRUS

that have been used to download them, i.e. SMTP, FTP and HTTP,
checks for viruses and returns these to the firewall with the banner
indicating the check results. To speed up the check procedure you
can use different workstations to scan for viruses in different types
of traffic (SMTP, FTP and HTTP).

The KAV for Firewall features:

9In real-time, Kaspersky™ Anti-Virus for Firewall checks for and

deletes all types of malicious code from data passing through
the firewall and received by HTTP, FTP, SMTP and other
protocols.

9The program searches for viruses in archived and packed files

and e-mail.

9A powerful heuristic code analyser and redundant scan feature

will protect your network from even unknown viruses.

9You can define the quarantine directory where the program will

transfer all infected and suspicious objects that have been
detected in the Internet traffic. All detected virus attacks are
immediately reported by Kaspersky™ Anti-Virus to the pre­defined e-mail addresses.

9Kaspersky™ Anti-Virus for Firewall logs all the program activity

and the virus attack statistics.

9You may change any program setting without needing to restart

it. All changes will be activated right after you have confirmed
them.

Content Vectoring Protocol (CVP) was developed by



Check Point Software Technologies within the framework
of the Open Platform for Secure Enterprise Connectivity
project. CVP allows «coupling» the firewall with other
programs.

7777

KAV FOR FIREWALL

Kaspersky™ Anti-Virus for Firewall is developed for Check Point
Firewall-1, versions 3.0, 4.0, and 4.1.

1.2. KAV for Firewall: Protecting

Local Network From Viruses

Nowadays more and more large, medium or small companies
provide their staff with access to the Internet. Consequently, the
probability that one day a virus will pass from the Internet onto your
private network increases every day. According to International
Computer Security Association (ICSA) practically all the medium
and large companies suffered from virus attacks (1998 Virus
Prevalence Survey) and in most cases the virus was carried in with
email messages.

Today, the corporate Internet-gateway is the main entry point for
viruses attempting to penetrate corporate networks. Most network
administrators take care to protect their file servers and
workstations, but leave Internet gateways unprotected, hoping that
their firewall protects them from the Internet viruses. To our regret
firewalls monitor just the source of incoming files what makes them
weak in the face of a virus attack. Nevertheless, integration of such
an anti-virus software as KAV with the OPSEC architecture allows
to develop the internal security policy that will stop viruses before
they reach user workstations.

The on-line scanner, KAV for Firewall, is used for anti-virus
protection. The firewall transfers incoming data packets to KAV for
Firewall via TCP/IP. KAV checks these packets for viruses and
returns to the firewall with the banner indicating the check results.

KAV for Firewall uses all the features of FireWall-1 to register
events, it also records its performance statistics and logs it to a
separate file. This data is very important and allows to define the
source of incoming viruses. It allows you to increase the protection
level by, for example, prohibiting the download of files from this
“problem” source.

8888

KASPERSKY ANTI-VIRUS

Different servers require different approaches to their anti-virus
protection. The HTTP server, for example, runs ActiveX and Java
applets. These elements may contain viruses that must be deleted
before they reach the browser. To protect email (SMTP) from
viruses the anti-virus program must access each database and find
any hidden viruses attached to messages before the recipient
reads or readdresses this message. Finally, FTP corresponds to
the file transfer protocol enabling you to download applications that
can be infected with a virus. KAV for Firewall features enable it to
provide protection for the different server types.

KAV for Firewall is a quality product with high scanning speed and
reliable check results. The latter quality is guaranteed by the ability
to regularly update anti-virus databases via the Internet by means
of the KAV for Firewall one-click automatic updating feature.

1.3. What’s New…

In this version, users are provided with the ability to optimise the
KAV for Firewall processing of examined files (percentage of a
large-size file, transferred to the user without checking).

Besides, we added the feature allowing to view the quantity of
simultaneously launched sessions and, if necessary, to terminate
them.

The package also includes the Kaspersky Anti-Virus for Firewall
Agent module that launches the appropriate support program or
restarts KAV for Firewall in case of the program failure.

1.4. Distribution Kit

1.4.1. What is in the distribution kit

Your KAV distribution kit contains the following items:

9999

KAV FOR FIREWALL

• license agreement;

• sealed envelope with CD containing the program

installation files;

• User Guide;

• registration card.



Before you unseal the envelope with CD make sure to
review thoroughly the license agreement.

1.4.2. License agreement

License Agreement is a legal agreement between you (either an
individual or a single entity) and the manufacturer (Kaspersky Lab
LTD) describing the terms on which you may employ this anti-virus
product.



Make sure to peruse this LA!

If you do not agree to terms of this LA, Kaspersky Lab is not willing
to license the software product to you and you should return the
unused product to your KAV dealer for a full refund, but make sure
the envelope with CD is sealed.

By unsealing the envelope, you agree to all the LA terms.

1.4.3. Registration card

To register you must fill the detachable coupon of your registration
card (your full name, telephone and e-mail address) and mail it to
the Kaspersky Lab legal dealer that sold this kit to you.

If your mail/e-mail address or telephone number changed, please
notify the entity to which you mailed the coupon.

10

10

1010

KASPERSKY ANTI-VIRUS

When registered you obtain the status of Kaspersky Lab legal
customer and will be provided with the product support and anti­virus database updates for the period of your subscription.
Furthermore, Kaspersky Lab provides Kaspersky Anti-Virus
registered users with information about the new products released
by the company.

1.5. Help Desk For Registered
Users

Kaspersky Lab offers a large service package enabling its legal
customers to efficiently employ Kaspersky Anti-Virus for Firewall.

If you register and purchase a subscription, you will be provided
with the following services for the period of your subscription:

• anti-virus database DAILY updates provided by e-mail;

• new versions of the Kaspersky Lab anti-virus software

provided on the FREE basis;

• PHONE, E-MAIL or IN-OFFICE advising on matters

related to the operation of our anti-virus software;

• information about the Kaspersky Lab new products and

about new computer viruses (for those who subscribe
to our newsletter ­http://www.kaspersky.com/subscribeNow.asp).



For more information about our services, refer to the file
README.TXT.



Kaspersky Lab does not provide information related to
operation and use of your operating system, and various
technologies.

11

11

1111

KAV FOR FIREWALL

1.6. Information In The Book

This book contains information on how to install, configure and
manage the software product, explains its basic concepts and the
way they can be applied, recommends how to manage and change
settings.

12

12

1212

Chapter

2

2. Installing KAV for

Firewall

Step-by-step in stallation. File *.KEY.

2.1. Software And Hardware
Requirements

In order to run KAV for Firewall you need:

• an IBM PC or a 100%-compartible computer with

Processor Pentium 133 MHz;

• 64 MB RAM;

• 100 MB of hard disk space (for the server to work

efficiently 500 MB of hard disk space is recommended);

• CD-ROM (for the KAV distribution kit that includes

CDs);

• One of the following operation systems: Windows NT

Server, Windows 2000 Server, Windows NT
Workstation, Windows 2000 Professional, and Windows
2000 Advanced Server.

13

13

1313

INSTALLING KAV FOR FIREWALL

KAV for Firewall is installed on any computer of your local network
and works with Check Point Firewall-1 copies regardless of the
operating system they are running under. To speed up the check
procedure you can use different workstations to scan for viruses in
different types of traffic (SMTP, FTP and HTTP).

2.2. Step-By-Step Installation

2.2.1. Installing the first time

)

To install KAV for Firewall on a computer, follow the
steps:

1. Insert the supplied CD into the CD-ROM drive of your
computer.

2. Start the installation wizard setup.exe.

3. The installation wizard will start (see figure 1). Follow
instructions on your screen.

Figure 1. The installation wizard welcome window

14

14

1414

KASPERSKY ANTI-VIRUS

4. Read the wizard window information and click Next
to proceed. The License Ag reement wizard window
will appear on your screen (see figure 2).

Figure 2. The License Agreement wizard window

5. Review all the agreement terms. If they are
acceptable click Yes to proceed. Click No to abort
the installation if the terms are not acceptable. If you
accepted the terms, the Customer Information
wizard window will appear on your screen (see
figure 3).

15

15

1515

INSTALLING KAV FOR FIREWALL

Figure 3. The Customer Information wizard window

6. Type in the required information in the User Name
and the Company Name fields. Then click Next to
proceed. The Choose Destination Location wizard
window will appear on your screen (see figure 4).

Figure 4. The Choose Destination Location wizard window

16

16

1616

KASPERSKY ANTI-VIRUS

7. In this wizard window, you must choose a directory
where your KAV for Firewall will be installed:

• To do this, press the Browse button and select

the required directory (see figure 5).

• Then click OK.

• In the Choose Folder wizard window on your

screen, click Next to proceed.

Figure 5. The Choose Folder wizard window

8. The Select Program Folder wizard window will
appear on your screen (see figure 6). In this window,
select the name of the program folder under which
your KAV for Firewall software will appear on the
Windows Start menu. Click Next to proceed.

17

17

1717

INSTALLING KAV FOR FIREWALL

Figure 6. The Select Program Folder wizard window

9. The Setup Type wizard window will appear on your

screen (see figure 7). In this window, you must
choose the type of installation you want the
installation wizard to perform. The choices are:

Figure 7. The Setup Type wizard window

18

18

1818

KASPERSKY ANTI-VIRUS

• Custom — allows you to choose exactly which

components to install;

• Typical — installs all the program components.

This option skips the steps 11 and 12 described
below.

10. Click Next to proceed.

11. If you choose Custom in the Setup Type wizard
window, the Select Components wizard window will
appear on your screen (see figure 8). In this window,
you must choose the required components. By
default, all the components are selected. You can
choose not to install any of the components by
unchecking the box alongside it. When done, click
Next to proceed.
If you choose not to install Kaspersky Anti-Virus for
Firewall, the steps 13 and 14 described below will be
skipped.

Figure 8. The Select Components wizard window

19

19

1919

INSTALLING KAV FOR FIREWALL

12. The Report Files Location wizard window will

appear on your screen (see figure 9). In this window,
you must select a directory where KAV for Firewall
will place its log files. When done, click Next to
proceed.

Figure 9. The Report Files Location wizard window

13. The Start Copying Files wizard window will appear

on your screen (see figure 10). Read the installation
information and click Next to proceed. The
installation wizard will start copying files on your
computer (see figure 11).

20

20

2020

KASPERSKY ANTI-VIRUS

Figure 10. The Start Copying Files wizard window

Figure 11. The Setup status wizard window

14. When the wizard is done, the Configuration wizard
window will appear on your screen (see figure 12). In

21

21

2121

INSTALLING KAV FOR FIREWALL

the Local IP Address field on this wizard window,
you must specify the local IP address of the
computer where you installing the program, and in
the CVP Port field — the required port number.
If in order to work with the firewall the program needs
additional authentication, you must check the
Authentification box and specify the required port
number in the Authentification CVP Port field. Then
click Next to proceed.



If you leave these fields blank, the program by default will
use the appropriate settings of your workstation.

Figure 12. The Configuration wizard window

15. The Temporary Files Location wizard window will

appear on your screen (see figure 13). Here you
must choose the directory where KAV for Firewall will
generate its temporary files. Click Next to proceed.

22

22

2222

KASPERSKY ANTI-VIRUS

Figure 13. The Temporary Files Location wizard window

16. The Key File wizard window will appear on your
screen (see figure 14). In this window, you must
define the key file and its location (see
subchapter 2.3). If the file is located in the folder from
which you are running the installation wizard, it will
be automatically displayed in the List of key files to
install list. If the key file is located in some other
directory, you must press the Add button and choose
this file in the directory tree. If necessary, you can
use several key files simultaneously. After you
selected all required key files, click Next to proceed.

23

23

2323

INSTALLING KAV FOR FIREWALL

Figure 14. The Key File wizard window

17. When the installation procedure is completed the

Completing the Kaspersky Anti-Virus for Firewall
Setup Wizard wizard window will appear on your

screen (see figure 15). Check the KAV components
that you want to start immediately after the
installation and press the Next button.

24

24

2424

KASPERSKY ANTI-VIRUS

Figure 15. The Completing the Kaspersky Anti-Virus for

Firewall Setup Wizard wizard window

2.2.2. Reinstalling the program

If when started the installation wizard will detect a previous
installation of the program on your computer, the Program
Maintenance wizard window will appear on your screen (see
figure 16). In this window, you must choose the re-installation type.
The choices are:

• Modify — adds new KAV components to the previous

installation;

• Repair — reinstalls all the KAV components;

• Remove — removes the KAV copy from your computer

(see subchapter 2.2.3).

Choose the required option button and click Next to proceed.

25

25

2525