User Manual Avira AntiVir WebGate | WebGate Suite www.avira.
Contents 1 About this Manual ...............................................................................4 1.1 Introduction ....................................................................................................... 4 1.2 The Structure of the Manual .............................................................................. 5 1.3 Signs and Symbols .............................................................................................. 5 1.4 Abbreviations ............................
8 Appendix ..........................................................................................46 8.1 Glossary ............................................................................................................. 46 8.2 Further Information ......................................................................................... 47 8.3 Golden Rules for Protection Against Viruses ..................................................
About this Manual 1 About this Manual In this Chapter you can find an overview of the structure and contents of this manual. After a short introduction, you can read information about the following issues: 1.1 z The Structure of the Manual – Page 5 z Signs and Symbols – Page 5 Introduction We have enclosed in this manual all the information you need about Avira AntiVir WebGate and it will guide you step by step through installation, configuration and operation of the software.
About this Manual 1.
About this Manual For improved legibility and clear marking, the following types of emphasis will also be used in the text: Emphasis in text Explanation Ctrl+Alt /usr/lib/AntiVir/avupdate ls /usr/lib/AntiVir Choose component Select all Key or key combination Path and filename User entries Elements of the software interface such as menu items, window titles and buttons in dialog windows URLs Cross-reference within the document http://www.avira.com Signs and Symbols – Page 5 1.
Product Information 2 Product Information Internet connection is an underestimated invasion doorway for malware on your computer. If you transfer unfiltered data from the Internet on your system, you can spread all types of malware throughout the entire network. Avira AntiVir WebGate is a reliable protection for your computer, by scanning, filtering and if necessary blocking access to all files from the Internet. Furthermore, Avira AntiVir WebGate also scans the entire outgoing traffic.
Product Information 2.1 Features Avira AntiVir WebGate supports a variety of configuration settings for controlling Internet data transfer. The essential features are: • Extended access control, for setting rules to allow tunneling for certain types of requests and responses.
Product Information • • Newsletter Service (per email) Internet Update Service for program files and VDF After installing an AntiVir product, you can read the information on your current license, using the license tool avlinfo: X Change to /usr/lib/AntiVir and call ./avlinfo Use avlinfo -h to get information about using this tool. 2.
Product Information categories, such as Violence, Gambling, Erotic etc. To determine the categories for a certain URL, the Web Access and Content Control library is used. (This module is only activated with the license for Avira WebGate Suite.) To find out more details about the Web Access and Content Control library, please refer to the MANUAL file within the WebGate installation directory. 2.3.
Installation 3 Installation You can find the current version of Avira AntiVir WebGate on our website. Avira AntiVir WebGate is supplied as packed archive. This archive contains the AntiVir Engine and VDF files, the Avira Updater, the WebGate Main Program and the optional SMC plug-in. You are guided through the installation process, step-by-step. This Chapter is composed of the following Sections: 3.
Installation Unpacking Program Files X Go to the temporary directory: cd /tmp X Unpack the AntiVir archive: tar -xzvf antivir-webgate-prof-.tar.gz in the temporary directory will then appear antivir-webgate-prof- . 3.3 Licensing You must have a license for AntiVir WebGate, in order to use the program (see Licensing Concept – Page 8). The license comes in a file named hbedv.key. This license file contains information regarding the range and period of the license.
Installation 3.4 Installing Avira AntiVir WebGate Avira AntiVir WebGate installation is performed automatically using an installation script. This script performs the following tasks: • Checks integrity of the installation files • Checks for the required permissions for installation • Checks for existing installed versions of AntiVir products on the computer • Copies the program files and overwrites the existing obsolete files • Copies the configuration files.
Installation After you type the path to the key file, the installer continues with updates configuration: Enter the path to your key file: [] /root/Desktop/HBEDV.KEY copying /root/Desktop/HBEDV.KEY to /usr/lib/AntiVir/hbedv.key ... done installation of AntiVir Core Components (Engine, Savapi and Avupdate) complete 2) Configuring updates An internet updater is available... ... Would you like to create a link in /usr/sbin for avupdate ? [y] X Type Y.
Installation The program is installed. Then you are asked if you want to create a link to avwebgate and if the Updater should be automatically activated at system start: Would you like to create a link in /usr/sbin for avwebgate ? [y] linking /usr/sbin/avwebgate to /usr/lib/AntiVir/avwebgate ... done Please specify if boot scripts should be set up. Set up boot scripts [y]: X Confirm with Enter. You can change these settings later. The automatic system start is configured: setting up boot script ...
Installation It is highly recommended that you perform an update after installation, to ensure up-todate protection. This can be done by running: /usr/lib/AntiVir/avupdate --product=WebGate For more details on updating, see Updates – Page 42. 3.5 Reinstalling and uninstalling AntiVir You can re-launch the installation script anytime. There are more situations possible: • Installing a new version (upgrade). The installation script checks the previous version and installs the necessary new components.
Installation ./uninstall --product=Webgate The script starts uninstalling the product, asking you step by step, if you want to keep backups for the license file, for the configuration files and logfiles; it can also remove the cronjobs you made for WebGate and Scanner. X Answer the questions with y or n and press Enter. AntiVir WebGate is removed from your system.
Configuration 4 Configuration You can configure Avira AntiVir WebGate for optimum performance. The most common settings are suggested in this Chapter. You can modify these settings anytime, to adjust WebGate to your requirements. You will be guided step by step through the configuration process: 4.1 z In Monitoring HTTP Traffic – Page 18 you can read about the different possibilities for WebGate’s network setting.
Configuration WebGate without Proxy Server (Network Configuration 0) If there is no proxy server, WebGate stands between Clients and the Internet. It can be installed directly on Clients or on another computer. WebGate directs the Clients’ enquiries to the Internet and scans the answer from the Internet. The access to infected files from a Website is blocked and only not infected files are forwarded to the Client. From the Client’s point of view, WebGate is functioning as a proxy server.
Configuration The real settings can differ from those given in the example, but for a correct configuration, the settings in avwebgate.conf must be compatible with the Client’s browser configuration. WebGate between Client and Proxy Server (Network Configuration 1) In this configuration, the other proxy server can be attacked by malicious software. If you want complete protection for your proxy server (normally), network configuration 2 is recommended.
Configuration X Make the following settings in avwebgate.conf (example): HTTPPort 3128 Now, the Clients will communicate through WebGate for HTTP and FTP inquiries, not directly through the original proxy server. The browser settings on the Client computers must not be changed. X Enter the following values in avwebgate.conf (example): HTTPProxyServer 127.0.0.1 HTTPProxyPort 8080 WebGate forwards the HTTP and FTP inquiries to localhost port 8080.
Configuration The example assumes the following configuration of the proxy server: host proxy.mycompany.com serverport 3128 So the proxy server responds on port 3128. X Make the following settings in avwebgate.conf (example): HTTPPort 8080 X Configure the other proxy server, so that it does not directly serve inquiries to the Internet, but directs them to WebGate (e. g. port 8080). This port must correspond to the value of HTTPPort in avwebgate.conf .
Configuration If you modify the proxy server’s port, you have to adapt the settings of the Clients’ browsers, which access the proxy. It is usually easier to keep the proxy settings and to adapt the WebGate settings, just like in the above example. 4.2 Monitoring FTP Traffic WebGate can also be set as real FTP proxy, so that it can scan the files transferred through an FTP Client and even block them. It scans both downloads and uploads. X In avwebgate.
Configuration On login, the FTP Client should be used just as before, i. e. when it was not using WebGate. WebGate acts as proxy between FTP Client and FTP server and scans the transferred data. Many FTP Clients allow FTP proxy configuration. This enables a certain transparency of WebGate towards the user, i. e. the user senses no difference at login, when using the FTP Client with or without proxy. Optionally, WebGate allows a parent FTP proxy. For example, it can be set in avwebgate.
Configuration Scanning Outgoing Data Traffic (Request Modification) The ICAP Client sends an HTTP request to WebGate (ICAP-Server) for scanning. If the data is not infected, it is returned to the ICAP Client and from there it is sent to the destination server. If the request is blocked (i. e. in case of a virus detection), WebGate generates an HTML page, based on the corresponding HTML template, and sends this to the ICAP Client. In this case, the original request is not sent to the server anymore.
Configuration 4.4 Configuration Files This part describes the contents of Avira AntiVir WebGate configuration files: • /etc/avwebgate.conf - Product configuration • /etc/avwebgate-scanner.conf - Scanner configuration • /etc/avira/avupdate.conf - Updater configuration • /etc/avwebgate.acl - Access Control List configuration The program is provided with default values, which are important for many procedures.
Configuration WebGate should assume after start (and thus turning in the root permissions). User 65534 Group antivir WebGate must first start as root. If you do not want this, you must specify the values for User and Group in the file /etc/avwebgate.conf . ScannerListen Address WebGate no longer starts the SAVAPI daemon. Instead it connects to a running instance using a UNIX socket.
Configuration • • KeepaliveMode • If the option RefreshInterval is deactivated or the Client is not a browser, (temporary) HTTP redirects are sent to the Client. Thus, the Client is cyclically redirected to a dynamic-generated URL, intercepted by WebGate in order to avoid the timeout. Default: RedirectInterval 0 The above method does not work for all Clients. When encountering problems, use the KeepaliveInterval option, to make WebGate send messages to the Client at certain intervals.
Configuration directory contains for example, the files during scanning. TemporaryDir /tmp (/var/tmp for Solaris binaries) ArchiveScan Scanning archives: By default, all files in archives are unpacked on access and scanned, according to the settings for ArchiveMaxSize, ArchiveMaxRecursion and ArchiveMaxRatio. It is recommended not to deactivate these options.
Configuration Block Extensions Blocking certain file extensions: WebGate can block files that have certain extensions. It will also apply for file names in archives. BlockExtensions exe scr pif Move Concerning FilesTo Quarantine directory: By default, blocked files are deleted. But you can specify a quarantine directory to store them. For example, MoveConcerningFilesTo /home/quarantine LogFile Path and name of the logfile: All important WebGate operations are logged through a syslog daemon.
Configuration direct communication partners’ and not the address of the computer issuing the request. If the AddXForwardedForHeader option is active, WebGate adds a header field (X-Forwarded-For) to the HTTP request or adds the IP address of the Client it received the request from. In this way WebGate can forward the Client IP address to the downstream proxy servers.
Configuration Block Categories URL filtering: First, the access control (ACL) rules are evaluated, which means a rule allowing tunneling for a request will not be blocked by URL filters. Connections that are not tunneled would still pass through the URL filter module, similar to the scanning behavior. Then, the Avira URL Filtering library (LocalFilter) applies. The library tries to determine if an URL is dangerous based on a list of known URLs.
Configuration Heuristics Macro Macrovirus Heuristics: Activates the heuristics for macroviruses in documents. This option is activated by default: HeuristicsMacro yes Heuristics Level Win32-Heuristics: Sets the detection level of Win32-Heuristics. available values are 0 (off), 1 (low), 2 (medium) and 3 (high). Default: HeuristicsLevel 1 GUI... SSL parameters for secure communication with Avira SMC : These options must be activated, for a secure communication with SMC.
Configuration In /etc/avwebgate.conf: • Change the option User/Group Socket Permissions ListenAddress The owner and permissions of the scanner backend's socket. SocketPermissions 0600 ListenAddress (in avwebgate-scanner.conf) and ScannerListenAddress (in avwebgate.conf) specify how the scanner backend can be reached.
Configuration kept up to date. With Avira Updater you can update Avira software on your computers, using Avira update servers. To configure the update process, use the options in /etc/avira/avupdate.conf described below. All parameters from avupdate.conf can be passed to the Updater via command line. For example: - parameter in avupdate.conf: temp-dir=/tmp - command line: /usr/lib/AntiVir/avupdate.bin --temp-dir=/tmp internet-srvs The list of Internet update servers. internet-srvs=http://dl1.pro.antivir.
Configuration notify-when= email-to The recipient of notification emails. email-to=root@localhost Setting proxy configuration for updates proxy... If the machine uses a HTTP proxy server, proxy configuration settings must be specified in order to make Internet updates. proxy-host= proxy-port= proxy-username= proxy-password= Logfile settings log Specify a full path with a filename to which AntiVir Updater will write its log messages. log=/var/log/avupdate.
Configuration 4.5 Templates Configuration If you have a valid license file, you may customize various notification web pages and emails generated by Avira AntiVir WebGate. WebGate will send these for example, in case of detecting viruses or unwanted programs: alert, blocked, error or progress template. These templates are usually created and saved in /usr/lib/AntiVir/templates. You may also set another directory, using the following entry in /etc/avwebgate.
Configuration Email Templates Template Meaning alert.mail Used when an alert is found by AntiVir WebGate. Used when AntiVir WebGate has blocked a suspicious file (using various block-settings in avwebgate.conf) blocked.mail 4.6 Testing Avira AntiVir WebGate After completing the installation and configuration, you can test the functionality of AntiVir WebGate using a test virus. This will not cause any damage, but it will force the security program to react when the computer is scanned.
Operation 5 Operation After concluding installation and configuration and Avira AntiVir WebGate is running, WebGate guarantees continuous monitoring of your system. During operation you might have to make occasional changes in settings, as described in Configuration – Page 18. This Chapter is divided in the following parts: 5.1 z Starting and Stopping Avira AntiVir WebGate manually – Page 39, describing the start and stop procedure of WebGate from the console.
Operation Restarting AntiVir WebGate This is used, for example, after making changes in configuration scripts. X Type: /usr/lib/AntiVir/avwebgate restart The program restarts after showing the following message: Stopping AVIRA AntiVir WebGate ... Stopping: avwebgate.bin Stopping: savapi Starting AVIRA AntiVir WebGate ... Starting: savapi Starting: avwebgate.
Operation Submitting Infected Files to Avira GmbH X Please send us the malware or suspicious files that our product does not yet recognize or remove. Send us the virus or file packed (gzip, WinZIP, PKZip, Arj) in the attachment of an email to virus@antivir.de. When packing, use the password virus. This way, the file will not be deleted by virus scanners on email gateway.
Updates 6 Updates With Avira Updater you can update Avira software on your computers, using Avira update servers. The program can be configured either by editing the configuration file (see Updater Configuration in avupdate.conf – Page 34), or by using parameters in the command line. It is recommended to run the Updater as root. If the Updater does not run as root, it does not have the necessary rights to restart AntiVir daemons, so the restart has to be made manually, as root.
Updates As [product], you can use: • Scanner - (recommended) to update the scanner, engine and vdf files. • WebGate - complete update (WebGate, scanner, engine and vdf files). X Start the update process to test the settings: /usr/lib/AntiVir/avupdate --product=[product] where [product] takes the same values as above. If successful, a report will appear in the logfile /var/log/avupdate.
Service 7 Service 7.1 Support Support Service Our Webpage http://www.avira.com contains all the necessary information on our extensive support service. The competence and experience of our developers is at your disposal. The experts from Avira answer your questions and help you with difficult technical problems. During the first 30 days after you have purchased a license, you can use our AntiVir Installation Support by phone, email or by online form.
Service 7.3 Contact Address Avira GmbH Lindauer Strasse 21 D-88069 Tettnang Germany Internet You can find further information about us and our products by visiting http://www.avira.com.
Appendix 8 Appendix 8.1 Glossary Item Meaning Backdoor (BDC) A backdoor is a program infiltrated in order to steal data from the computer, without the user’s knowledge. This program is manipulated by third-parties using a remote backdoor-control software, over the Internet or network. AntiVir detects backdoor-control programs. cron (daemon) A daemon which starts other programs on specified times. Daemon A background process for administration on Unix systems.
Appendix Item Meaning Script A text file containing commands to be executed by the system. (similar to batch files in DOS) SMP (Symmetric Multi Processing) Unix SMP: Unix version for computers with parallel processors. SMTP Simple Mail Transfer Protocol: protocol for email transport on the Internet. syslog daemon A daemon used by programs for logging various information. These reports are written in different logfiles. The syslog daemon configuration is in /etc/syslog.conf.
Appendix 8.3 Golden Rules for Protection Against Viruses X Always keep boot floppy-disks, for your network server and for your workstations. X Always remove floppy-disks from the drive after finishing the work. Even if they have no executable programs, disks can contain program code in the boot sector and these can serve to carry boot sector viruses. X Regularly backup your files. X Limit program exchange: particularly with other networks, mailboxes, Internet and acquaintances.
Avira AntiVir WebGate | Avira AntiVir WebGate Suite Avira GmbH Lindauer Str. 21 88069 Tettnang Germany Telephone: +49 (0) 7542-500 0 Fax: +49 (0) 7542-525 10 Internet: http://www.avira.com © Avira GmbH. All rights reserved. This manual was created with great care. However, errors in design and contents cannot be excluded. The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira GmbH. Errors and technical subject to change.
