KASPERSKY LAB Kaspersky Anti-Virus® 5.
KASPERSKY ANTI-VIRUS® 5.6 FOR SENDMAIL WITH MILTER API Administrator's manual © Kaspersky Lab http://www.kaspersky.
Contents CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR SENDMAIL WITH MILTER API....... 6 1.1. What’s new in version 5.6 ..................................................................................... 7 1.2. Hardware and software system requirements ..................................................... 7 1.3. Licensing policies................................................................................................... 9 1.4. Distribution kit ...............................................................
Kaspersky Anti-Virus® for Sendmail with Milter API 5.3. Optimal operation profile ..................................................................................... 35 5.4. Top performance mode....................................................................................... 35 CHAPTER 6. USING KASPERSKY ANTI-VIRUS FOR SENDMAIL WITH MILTER API................................................................................................................ 37 6.1.
Contents 5 7.16. Localization of displayed date and time format ................................................ 77 7.17. Additional informational header fields in messages......................................... 78 7.18. Troubleshooting................................................................................................. 78 7.19. Application control via SNMP............................................................................ 79 CHAPTER 8. USING LICENSES................................
CHAPTER 1. KASPERSKY ANTIVIRUS® FOR SENDMAIL WITH MILTER API Kaspersky Anti-Virus® for Sendmail with Milter API (hereinafter also referred to as Kaspersky Anti-Virus, application) provides anti-virus protection for e-mail traffic handled by Sendmail with Milter API running on a Linux/Unix server. Kaspersky Anti-Virus running on a mail server will… • Intercept incoming and outgoing e-mail messages handled by the server. • Scan e-mail traffic for viruses using the anti-virus engine.
Kaspersky Anti-Virus® for Sendmail with Milter API 1.1. What’s new in version 5.6 Kaspersky Anti-Virus 5.6 for Sendmail with Milter API has these additional features, compared to version 5.0: • Simple processing rules for e-mails can be grouped, depending upon the message’s senders and recipients, to provide complex processing. • Additional options have been added for processing messages containing suspicious objects • Additional statistics are recorded for all messages processed by the application.
Kaspersky Anti-Virus® for Sendmail with Milter API • 100 MB of available space on your hard drive (for Kaspersky Anti-Virus operation). Optimal hardware requirements: • • For a mail server with about 800 MB of traffic per day (250-300 mail accounts (addresses)): • 2xPentium Xeon 1,8 GHz processor • 1 GB RAM • 8 GB of available space on your hard drive (this amount does not include space necessary for storing backup message copies).
Kaspersky Anti-Virus® for Sendmail with Milter API • The following utilities should be installed in your system: bc, sed, tr, cut, du, grep, awk. 1.3. Licensing policies Kaspersky Anti-Virus’ licensing policies limit product use based on one of these criteria: • number of users protected by the application. • e-mail traffic processed daily (MB/day). Each type of licensing is also time-limited, typically for one or two years from the date of purchase.
Kaspersky Anti-Virus® for Sendmail with Milter API describing the terms under which you may use the anti-virus product which you have purchased. Make sure to read the terms of the License Agreement! If you do not agree to the terms of this LA, Kaspersky Lab is not willing to license the software product to you and you should return the unused product to your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope with CD (or diskettes) is sealed.
Kaspersky Anti-Virus® for Sendmail with Milter API Table 1. Conventions Style Bold type Purpose Menu titles, menu items, window titles, parts of dialog boxes, etc. Note. Additional information, notes. Attention! Information that should be paid special heed. In order to perform the action, Description of procedure for user's steps and possible actions. 1. Step 1. 2. … Task, example Solution Statement of problem, example for using the software features. Solution to a defined problem.
CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS Kaspersky Anti-Virus can be rolled out using the following methods, depending on the initial configuration of your mail system and specific needs of your organization: • on the same server your mail system is on: this scenario is used by default if you have a configured Sendmail system on your server (see section 2.1 on page 13). • on a dedicated server: use this method if your mail server is under a high load (see section 2.2 on page 16).
Typical deployment scenarios 13 Kaspersky Anti-Virus processes incoming and outgoing mail as follows: 1. Email traffic forwarded from other servers or from users arrives at Sendmail. 2. The mail system then forwards messages to Kaspersky Anti-Virus through Milter API for anti-virus processing. 3. Kaspersky Anti-Virus scans and handles email messages and, depending on the settings, sends them back through Milter API to the mail system.
Kaspersky Anti-Virus® for Sendmail with Milter API O InputMailFilters=KAVMilter O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr} O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer} O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} O Milter.macros.
Typical deployment scenarios 15 define(`_FFR_MILTER', `true')dnl INPUT_MAIL_FILTER(`KAVMilter', `S=unix:, F=T,T=S:10m;R:15m;E:15m')dnl dnl kav-end dnl where is the path to the socket file. • In the [kavmilter.global] section of the kavmilter.conf configuration file, make the following changes: ServiceSocket=unix: or ServiceSocket=local: where is a path to the socket file.
Kaspersky Anti-Virus® for Sendmail with Milter API O InputMailFilters=KAVMilter O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr} O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer} O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mail_addr} O Milter.macros.
Typical deployment scenarios 17 2.3. Installing Kaspersky Anti-Virus as a filter (single or additional) Kaspersky Anti-Virus can be installed as either a single filter or together with other filters. If other mail filters have been installed on your system, you should carefully define their sequence based on filter settings.
Kaspersky Anti-Virus® for Sendmail with Milter API mail servers. If the license policy is based on e-mail traffic volume, the total mail traffic of all servers must be less than the maximum specified by the license. In this scenario, mail will be processed as follows: 1. The email traffic arrives at several mail servers with Sendmail installed. 2. Each server forwards its messages to Kaspersky Anti-Virus for anti-virus processing, via a network socket. 3.
Typical deployment scenarios • 19 If you use sendmail.mc, add the following lines to this file: dnl kav-begin: KAVMilter dnl define(`_FFR_MILTER', `true')dnl INPUT_MAIL_FILTER(`KAVMilter', `S=inet:@, F=T,T=S:10m;R:15m;E:15m')dnl dnl kav-end dnl where is the IP address of the network socket used for interaction with Kaspersky Anti-Virus, and is the network socket port.
CHAPTER 3. INSTALLATION AND UNINSTALLATION OF KASPERSKY ANTI-VIRUS Prior to beginning the installation of Kaspersky Anti-Virus for Sendmail with Milter API, we recommend the following preparations for your system: • Make sure that your system meets the hardware and software requirements for installation of the Kaspersky Anti-Virus (please see section 1.2 on page 7). • Enter the system as superuser (root). 3.1.
Installation and Uninstallation of Kaspersky Anti-Virus 21 3.2. Software installation on a server running FreeBSD or OpenBSD The installation package for Kaspersky Anti-Virus is supplied in a .tar.gz package for servers running FreeBSD or OpenBSD operating systems. In order to start installing Kaspersky Anti-Virus from a .tar.gz package, enter the following text in the command line: # pkg_add 3.3.
Kaspersky Anti-Virus® for Sendmail with Milter API After making configuration changes, Sendmail should be restarted so that the changes take effect. If Sendmail is not rebooted during the installation, the configuration changes will not be applied. The corresponding information will be displayed on the console. You will need to change the Sendmail configuration after Kaspersky Anti-Virus installation. Otherwise, the mail traffic will not be filtered on the server. 6.
Installation and Uninstallation of Kaspersky Anti-Virus 23 where - is a license key file name, and restart the application (for details see section 7.14 on page 75). 2. Configure the Sendmail system to integrate it with the anti-virus filter (if this has not been done during the installation) (see section 7.1 on page 47) and restart Sendmail. 3.
Kaspersky Anti-Virus® for Sendmail with Milter API /opt/kav/5.6/kavmilter/web – directory containing the kavmilter.wbm remote management module for the Webmin program. /var/db/kav/5.
Installation and Uninstallation of Kaspersky Anti-Virus 25 3.6.
Kaspersky Anti-Virus® for Sendmail with Milter API 8. Removing the links to the reference information about the application. 9. Deleting temporary files or directories created during Kaspersky Anti-Virus performance. 10. Deleting the Kaspersky Anti-Virus package: all directories, files of the application, and the anti-virus database included in the distribution kit, are removed. Reports, configuration files and backup directories will not be removed. 11.
CHAPTER 4. THE PRINCIPLES OF APPLICATION OPERATION This chapter explains how the application functions, the interaction between its components, and how to correctly configure it. 4.1. General message processing algorithm When a server with Sendmail and Kaspersky Anti-Virus installed receives an email message, it processes the message using this algorithm: 1. Sendmail passes the message to Kaspersky Anti-Virus via the Milter API. 2.
Kaspersky Anti-Virus® for Sendmail with Milter API 4.2. Creating groups for message processing A group is a set of processing rules to be applied to certain messages. Each group contains a list of senders and / or recipients defining which messages are processed according to the group rules. When a message is received, the application searches through the list of addresses for each group.
The principles of application operation 2. Specify comma-separated lists of sender and recipient addresses using the Senders and Recipients parameters. For example: [group.definition] Senders=re:.*@other\.domain\.com Recipients=user1@site1.local Recipients=re:.*@site2\.local means that the rules of this group will be applied to all messages, which were send from any user of other.domain.com domain to any user of site2.local domain or to user1@site1.local email address.
Kaspersky Anti-Virus® for Sendmail with Milter API 2. If the message addresses are not found in any group created by the administrator, the message will be processed according to the rules of the Default group, contained in the default.conf file. 4.3. Message status Following an anti-virus scan a status is assigned to the message which may have one of the following values: • clean – no malicious code was found in the message (or part of it).
The principles of application operation 31 • drop – delete the message without delivering it to the recipient; • reject – reject the message and return the corresponding error code to the sender; • skip – deliver the message to the recipient without treatment; • delete – delete the infected object and add a corresponding notification to the message. • noscan – do not scan message for viruses. Setting the noscan value will turn off anti-virus protection.
CHAPTER 5. PRESET PROTECTION PROFILES The Kaspersky Anti-Virus distribution kit includes four additional configuration profiles which ensure different protection levels for your mail server. In Linux and OpenBSD distributions you will find these profiles in the /etc/kav/5.6/kavmilter/profiles directory, and in FreeBSD they are in the /usr/local/etc/kav/5.6/kavmilter/profiles directory. Each profile is stored in a separate directory and contains two configuration files, kavmilter.conf and default.
Preset protection profiles 33 • The application scans e-mail messages using a combined scan policy: each message is first scanned for viruses as a whole and then each message object is scanned separately, regardless of whether infected objects are found or not. • E-mail messages are filtered by MIME type.
Kaspersky Anti-Virus® for Sendmail with Milter API • Notifications about the actions applied to the message or its objects are sent to the recipient and administrator. • All application messages and events, except for debugging information, are logged in the report. 5.3. Optimal operation profile This profile provides the optimal balance between anti-virus protection level and scan speed.
Preset protection profiles 35 • A backup copy is created for every message that undergoes anti-virus processing, but no information file is created. • All messages containing infected objects are deleted. • All suspicious objects of mail messages, and also objects which scan returned an error, are deleted. • Protected objects are skipped during scanning. • Notifications about the actions applied to the message or its objects are sent only to the recipient, and not to the administrator or sender.
CHAPTER 6. USING KASPERSKY ANTI-VIRUS FOR SENDMAIL WITH MILTER API The main function of Kaspersky Anti-Virus is to secure the mail traffic on your mail server against viruses. However, you can significantly extend the application functionality to better meet the needs of your company by using it for filtering email by attachments, backing up e-mail traffic, etc. This chapter describes the most important tasks that can be implemented using the application.
Using Kaspersky Anti-Virus for Sendmail with Milter API 37 To perform the task, configure the application as follows: 1. Set the following parameters in the default.conf configuration file: [group.settings] ScanPolicy=combined [group.actions] DefaultAction=cure [group.notifications] EnableNotifications=on NotifyRecipients=infected MessageDir=/var/db/kav/5.6/kavmilter/templates/ MessageSubject=Anti-virus notification message 2. Set the following parameters in the kavmilter.
Kaspersky Anti-Virus® for Sendmail with Milter API 6.2. Blocking infected messages You can block messages using several methods: the administrator can either delete an infected message without notifying the recipient beforehand or return an error code to the sender as if it were sent by the mail agent. Task: Block infected e-mail messages, delete them, and notify the administrator of such events. To perform the task, configure the application as follows: 1. Set the following parameters in the default.
Using Kaspersky Anti-Virus for Sendmail with Milter API 39 To perform the task, set the following parameters in the default.conf configuration file: [group.settings] ScanPolicy=message [group.actions] DefaultAction=reject [group.notifications] EnableNotifications=on SendmailPath=/usr/sbin/sendmail NotifyAdmin=infected AdminAddresses=admin@localhost UseCustomTemplates=on AdminSubject=Anti-virus notification message 6.3.
Kaspersky Anti-Virus® for Sendmail with Milter API NotifyAdmin=all AdminAddresses=admin@localhost UseCustomTemplates=on AdminSubject=Anti-virus notification message 6.4. Sending notifications to senders, recipients, and administrator You can set Kaspersky Anti-Virus to send notifications upon virus detection. Recipient and sender addresses for sending notifications are inherited from the original e-mail message.
Using Kaspersky Anti-Virus for Sendmail with Milter API 41 To perform the task, set the following parameters in the default.conf configuration file: [group.settings] ScanPolicy=combined [group.actions] DefaultAction=reject [group.notifications] EnableNotifications=on NotifySender=infected NotifyRecipients=infected NotifyAdmin=infected AdminAddresses=admin@localhost MessageDir=/var/db/kav/5.
Kaspersky Anti-Virus® for Sendmail with Milter API MessageSubject=This message was NOT scanned by KAV! Task: Inform the recipient, sender, and administrator about filtered messages. Insert an additional header with information about the application into any mail message scanned by Kaspersky Anti-Virus. To perform the task, set the following parameters in the default.conf configuration file: [group.settings] ScanPolicy=combined AddXHeader=yes [group.actions] DefaultAction=cure [group.
Using Kaspersky Anti-Virus for Sendmail with Milter API 43 Task: Deliver messages with attachments which size is below 500 Kb without additional treatment. Delete messages with attached files which names contain loveletter. Notify the recipient and administrator about the actions performed by the application. To perform the task, set the following parameters in the default.conf configuration file: [group.settings] ScanPolicy=combined [group.actions] DefaultAction=cure [group.
Kaspersky Anti-Virus® for Sendmail with Milter API database and anti-virus engine. Updating is performed every hour after Kaspersky Anti-Virus is installed on the server. If you want to update the components earlier than at the scheduled time, use the keepup2date.sh script supplied with the distribution package. To configure updating manually, enter the following string in the command line: # ./keepup2date.sh –run It is not recommended to use keepup2date binary file to update the application. 6.7.
Using Kaspersky Anti-Virus for Sendmail with Milter API NotifyRecipient=infected NotifyAdmin=all AdminAddresses=admin@localhost MessageDir=/var/db/kav/5.
CHAPTER 7. ADDITIONAL SETUP This section describes in detail additional setup of Kaspersky Anti-Virus functionality. Unlike the settings made during the installation process (please see section 3.3 on p. 22) which are required and essential for product functioning, additional setup is performed at the administrator's discretion. Those settings extend product functionality and allow its adjustment for operation in accordance with your corporate security policy. 7.1.
Additional setup 47 pass – skip email messages (or forward them to another filter) even if they remained unprocessed by kavmilter. This action poses an additional risk for users; –add-service – register kavmilter as a service. –del-service – cancel registration of kavmilter as a service and roll back the changes in configuration files. –check-service – check whether kavmilter is registered as a service and was started at operation system startup.
Kaspersky Anti-Virus® for Sendmail with Milter API • If the sendmail.mc file does not exist or the value of the SENDMAIL_CF environment variable is sendmail.cf or the binary m4 file has not been found, the sendmail.cf file will serve as the configuration file. • If the value of the SENDMAIL_MC environment parameter is sendmail.mc, the application will use sendmail.mc as the mail system configuration file.
Additional setup 49 7.2. Installing and uninstalling the Webmin module of Kaspersky Anti-Virus You can configure Kaspersky Anti-Virus settings and stop/start anti-virus tasks from a remote location using web-based interface of Webmin application. To enable remote management, you should install the Webmin application, install the Kaspersky Anti-Virus module for Webmin, and configure the application. For instructions on how to install Webmin, refer to the documentation for this product.
Kaspersky Anti-Virus® for Sendmail with Milter API Note that this document describes configuration options for Kaspersky Anti-Virus only by editing the configuration file. Configuration and launch of tasks using the Webmin module are not discussed, as the module interface structure is similar to the order of sections and options in the application configuration file. To get help on configuration options available in Webmin, refer to the Webmin help system.
Additional setup 51 7.4. Defining an e-mail scan policy Using Kaspersky Anti-Virus, the mail server administrator can customize the antivirus protection of incoming and outgoing e-mail messages by defining scan policies. There are two types of policies: • message – scan the entire message for viruses, regardless of its separate objects (header, body, attachment). This policy also aims to detect viruses that infect and corrupt MIME messages.
Kaspersky Anti-Virus® for Sendmail with Milter API viruses that are not yet in the database. The use of heuristic technology is defined by the ScanCodeAnalyser parameter in the [kavmilter.engine] section. • Set the time the application will use to scan a message or a message object. The maximum scan time (in seconds) for a message or a message object is specified by the MaxScanTime parameter and is ten seconds by default.
Additional setup 7.7. Selecting objects to be filtered and assigning actions In addition to processing e-mails and scanning them for viruses, you can filter them. The filtering procedure analyzes message objects and can be performed according to MIME type, name, and size of attachments. Note that this version of the application analyzes message attachments by headers only during filtration! The contents of attachments are not analyzed.
Kaspersky Anti-Virus® for Sendmail with Milter API • rename – rename the attachment using the following rules: if the filtered file has any extension, then it will be replaced with the vir extension, if the file has no extension, then the vir extension will be added to the file. This action can only be applied to the objects filtered by name (FilteredNameAction parameter). 7.8. Configuring backup options Backing up messages is an advanced feature of Kaspersky Anti-Virus.
Additional setup 55 file. This file contains information about the sender and recipient, the action applied to the original message, etc. When Kaspersky Anti-Virus is active, the backup storage can be quickly filled. The storage needs to be periodically cleaned of old and unnecessary backups. This can be done using a special utility, backup-sweeper.sh, included into the distributions package.
Kaspersky Anti-Virus® for Sendmail with Milter API If you connect to the Internet using a proxy server, do not forget to specify its IP address as the value of the ProxyAddress parameter in the [updater.options] section of the kavmilter.conf configuration file. If you want to use a local folder as an update source, set the UseUpdateServerUrl parameter to yes, UseUpdateServerUrlOnly to yes and specify the full path to the update storage folder (UpdateServerUrl parameter).
Additional setup You can also attach the original email message to the notification. New email notifications containing only notification text must be created for the administrator and sender. All notifications that can be customized by the administrator fall into one of the following two groups: • Standard notification is based on a unified template or on different templates. This notification is sent: • to the recipient using Milter API.
Kaspersky Anti-Virus® for Sendmail with Milter API • Protected – give notice about a message that is protected, and, hence, skipped from scanning. Because of the message status, the following actions are performed: delete or skip. • Error – send notifications about a message that generated a scan error or is corrupted. One of the following actions could be performed: warn, delete, or skip.
Additional setup The language of notification depends on the encoding specified in the configuration file (Charset parameter of the [group.notifications] section of the group configuration file). To create an English notification text, perform the following steps: 1. assign the following values to the parameters below: [group.notifications] Charset=us-ascii TransferEncoding=8bit 2. create a notification template in the English language. 7.10.1.
Kaspersky Anti-Virus® for Sendmail with Milter API • • • message_default_notify – text sent by default to the recipient, sender, and administrators about the actions applied to the message; • message_infected_warn – text that replaces the infected message; • message_suspicious_warn – text that replaces the message containing suspicious objects; • message_filtered_warn – text that replaces the filtered e-mail message; • message_error_warn – text that replaces a message that generated a scan e
Additional setup • Text notifying the administrator about the license expiration date. Notifications are sent three times: a week before the license expiration, in three days, and on the expiration date. The notification text or sending options cannot be customized. • Administrator notification about a violation of the license agreement (the limitations on daily traffic volume or the number of e-mail accounts have been exceeded) will be generated and sent automatically.
Kaspersky Anti-Virus® for Sendmail with Milter API 7.10.2.2. Iteration constructs An iteration construct (IC) is the main element of the template language. The syntax for an iteration construct is BODY where:
Additional setup 63 %_macro_name_% These condition constructs are parsed sequentially. Thus, iteration constructs are used to distinguish both the single and multiple values of a macro.
Kaspersky Anti-Virus® for Sendmail with Milter API The scope of visibility of a sub-macro is defined by the start and end tags of the condition construct: %_macro_name_child_% In the above example, the scope of the macro %_macro_name_parent_% includes all sublevels (between the FOR tags) if the macro value is overridden. 7.10.2.4. Variables Variables provide better flexibility in customizing templates using the Template language.
Additional setup 65 If a variable is redefined in its scope, a new value will be substituted after each redefinition. Thus, the statement: Now you will see the first value: %__NAME__%. Now you will see the second value: %__NAME__%. will be output as: Now you will see the first value: NAME_1. Now you will see the second value: NAME_2. A variable can have a macro as its value.
Kaspersky Anti-Virus® for Sendmail with Milter API != unequal sign: a non-coincidence in mask or value. Example: Example: * Unlimited length of all possible values. It is used only inside tags in comparison with templates. Example: ? All possible one-character values. It is used only inside tags in comparison with templates.
Additional setup 67 any other actions performed by the parser. This situation is handled independently by either the escape sequence being met inside a tag or outside a tag. See item 1 above if you want to place a ‘\’ at the end of line. • To output the ‘%’ symbol into the template text, use ‘\%’. • To output the ‘/’ symbol into the template text, use ‘\/’. • To output the ‘<’ symbol into the template text, use ‘\<’. • To output the ‘>’ symbol into the template text, use ‘\>’.
Kaspersky Anti-Virus® for Sendmail with Milter API %ACTION% – action applied to the object based on its status. %INFO% – information related to the following actions performed: • list of detected viruses (malicious software) – for infected objects; • error code description – for objects that generated a scan error; • MIME type or attachment name – for filtered objects. The macros must be specified in the text of notification templates. 7.11.
Additional setup • error – errors that can be fatal or non-fatal for application operation; • warning – events that reflect unusual situations during application performance; it is useful for the administrator to be aware of such situations; • notice – events related to the application business logics; • info – general information concerning the application functionality; • debug – debugging messages; • all – all the above levels.
Kaspersky Anti-Virus® for Sendmail with Milter API The following values, for example, can be used: LogOption LogOption LogOption LogOption = = = = backup.W config.E scan.0 -scan.9 Because the log file size grows rapidly, it is recommended to use log file rotation option to avoid creation of long log files which are hard to analyze (LogRotate=on). In this mode, when the report file grows and reaches RotateSize, it is copied to kavmilter..log and the initial log truncates to zero.
Additional setup Table 3. Report detail levels Level Level name Meaning 0 Fatal Errors Only information regarding critical errors (that terminate the program due to impossibility of executing an action). For example, the component is infected, or scanning, database loading, or license key loading failed. 1 Errors Information about other errors that may or may not lead to application shutdown, for example, file scan errors.
Kaspersky Anti-Virus® for Sendmail with Milter API The format of time and date representation can be changed in the [locale] section of the configuration file. STRING – a line of the report. While running the application update cron task keepup2date.sh.log file is created in /var/log/kav/5.6/kavmilter/. This file contains a report about execution of keepup2date.sh script. 7.13.
Additional setup MessageStatistics=file name|TCP-socket that defines the path to the local file or network socket. To reduce I/O operations while gathering statistics, the application uses internal buffering. As a result, the application provides first statistical information in twenty seconds after it has processed first sixty-five mails.
Kaspersky Anti-Virus® for Sendmail with Milter API 7.14. Restarting Kaspersky AntiVirus Occasionally events occur which necessitate that the application is restarted: these include configuration changes and application errors. Depending on the situation, the following methods may be used: • Configuration changes. For new changes to take effect, you need to restart Kaspersky Anti-Virus using the kavmilter service script. The configuration file with the most recent changes will be reloaded.
Additional setup 75 If you encounter problems when working with the application, for example, I/O errors, library errors, etc., use the watchdog utility included in the distribution kit. This utility is installed on your computer together with Kaspersky Anti-Virus. The watchdog utility produces a descendant process to control the parent process. If the application encounters a conflict and stops, the watchdog utility restarts the application.
Kaspersky Anti-Virus® for Sendmail with Milter API –g – start the application with the rights of the user group (for example, with the root user group rights). By default, the application is started with the rights of the kav user group; –c – use the file as the configuration file (default configuration file is /etc/kav/5.6/kavmilter/kavmilter.
Additional setup 77 7.17. Additional informational header fields in messages The application enables some supplementary information to be added to mail messages as header fields using one of two separate methods: • Addition of an extension header field to mail message The information may indicate the application version, the date when the anti-virus database was last updated, the time and result of message scanning (determined by the AddXHeaders parameter in the [group.
Kaspersky Anti-Virus® for Sendmail with Milter API The information you want to send to Technical Support is compressed and can be encrypted using an open part of the PGP key included into the application distribution kit. You can encrypt files to be sent using any third-party pgp or gpg utility (not supplied with the application). Use the following command line options: –h – display all command line options for the troubleshooter.
Additional setup statistics – operational statistics; admin – administrative information that contains: 1. the date when the application was started, in ISO 8601 format; 2. the time (in seconds) that has elapsed since the application started; update – application update information that includes: 3. the date of the last check for an update, in ISO 8601 format; 4.
Kaspersky Anti-Virus® for Sendmail with Milter API • Retries – number of retries for an AgentX request. The default value is 10. If this parameter is not set, the application will use value 5. • PingInterval – time interval (in seconds) between subagent attempts to connect to master agent if it becomes disconnected. You can use any SNMP agent that supports the AgentX protocol as a master agent.
Additional setup This node contains the following groups: • сonfig – application configuration parameters, including configuration, divided into sections as in configuration files. • stats – statistical information about processed messages, resources in use and detected viruses. • update – application update information. • admin – administrative information (application start time, errors etc.). groups To get parameter values for objects in the config.
CHAPTER 8. USING LICENSES The license key grants you the right to use the product. It contains all the necessary information related to the license you have purchased, such as license type, expiration date, distributor information, etc. The license key for Kaspersky Anti-Virus is issued for a certain period (as a rule, it is one year from the purchase date) and is limited by either the daily mail traffic processed by the application or the number of protected email addresses.
Using licenses 83 the domain). If number of mail addresses exceeds license limit, the administrator will be prompted to purchase a license for the amount of extra traffic. You must specify the main domain as well as all subdomains of this domain.
Kaspersky Anti-Virus® for Sendmail with Milter API Product name: Kaspersky Anti-Virus for Sendmail Milter API Traffic Distribution 1 year Key file 000843FF1.key Type: Commercial Expiration date: 17-02-2006 Serial: 0038-000466-000843F In order to review information about an installed license key enter, for example, the following text in the command line: # ./licensemanager -k 00053E3D.key The following information will be output to the server console: Kaspersky license manager for Linux. Version 5.6.0.
Using licenses In order to extend your license to use Kaspersky Anti-Virus for Sendmail with Milter API, you will need to: contact the company where you purchased the software and obtain an extension for your license to use Kaspersky Anti-Virus. or: extend the license duration directly through Kaspersky Lab by sending a message to the Sales Department (sales@kaspersky.com) or fill out an appropriate form at the E-Store section of our site (www.kaspersky.com).
Kaspersky Anti-Virus® for Sendmail with Milter API A reserved key is installed using the standard method, similar to the installation of the active key. After that, a license key information request will output data to the server console pertaining both to the active and the reserved keys. 8.3. License key removal In order to remove your active key enter, for example, the following text in the command line: # .
CHAPTER 9. COMPATIBILITY WITH OTHER KASPERSKY LAB APPLICATIONS Kaspersky Anti-Virus 5.6 for Sendmail with Milter API does not cause any compatibility problems when running concurrently with the following Kaspersky Lab applications for Unix/Linux platforms: • Kaspersky Anti-Virus 5.0.3-0 for Samba Servers. • Kaspersky Anti-Virus 5.5-2 for Linux Workstation. • Kaspersky SMTP-Gateway 5.5 for Linux/Unix Maintenance Pack 1.
Kaspersky Anti-Virus® for Sendmail with Milter API You should also exclude directory where Sendmail stores users' mailboxes as well as backup directories of Kaspersky Anti-Virus from the kavmonitor scan area. Backup directories are defined for each group by BackupDir parameter in the [group.backup] section.
CHAPTER 10. VERIFYING PROPER OPERATION OF THE ANTI-VIRUS When the installation and setup of Kaspersky Anti-Virus are complete, we recommend checking the settings and correct operation of the application using a test "virus" and modifications thereof. The test "virus" has been developed by (The European Institute for Computer Anti-Virus Research) specifically for the purpose of verification of the anti-virus software operation. The test "virus" IS NOT A VIRUS and contains no code that may harm your computer.
Kaspersky Anti-Virus® for Sendmail with Milter API Table 5. Modifications of test "virus" Prefix Object type No prefix, standard test “virus" Infected. An error occurs during disinfection. The object will then be deleted. CORR– Corrupted. SUSP– Suspicious (unknown virus code). WARN– Warning (modified code of a known virus). ERRO– Error. CURE– Curable. The object will be disinfected and the text in the infected file will be changed to CURE. DELE– Infected.
CHAPTER 11. FREQUENTLY ASKED QUESTIONS This chapter contains a detailed discussion of questions most frequently asked by our users regarding the installation, configuration and operation of Kaspersky Anti-Virus for Sendmail with Milter API. Question: Is it possible to use Kaspersky Anti-Virus with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky Anti-Virus to avoid software conflicts.
Kaspersky Anti-Virus® for Sendmail with Milter API Question: Why do I need the key file? Will my Kaspersky Anti-Virus work without it? No, Kaspersky Anti-Virus does not work without a license key. If you are still deciding whether or not to purchase Kaspersky Anti-Virus, we can provide you with a temporary key file (trial key) which will only work either for two weeks or for a month. When this period expires, the key will be blocked.
Frequently asked questions 93 Advantages of the new updating service include: • Ability to resume downloading of files after disconnection. Upon reconnection only files which have not been downloaded are retrieved. • Cumulative updates are now half the size. A cumulative update contains the whole anti-virus database, therefore its size exceeds considerably the size of typical updates.
Kaspersky Anti-Virus® for Sendmail with Milter API Question: Will the Kaspersky Anti-Virus work with my Linux distribution? Kaspersky Anti-Virus has been tested with the following distributions: • Red Hat Enterprise Linux Advanced Server 4. • Red Hat Linux 9.0. • Fedora Core 3. • SuSE Linux Enterprise Server 9.0. • SuSE Linux Professional 9.2. • Debian 3.1. • Mandrakelinux 10.1. • FreeBSD 4.10, 5.4. • OpenBSD 3.6.
Frequently asked questions b. 95 rename or delete /etc/nsswitch.conf file. Question: The application does not work. What should I do? First, check if a solution for your problem is provided in this documentation, especially in this section or on our website. In addition, we recommend that you apply for support to the distributor from whom you purchased Kaspersky Anti-Virus or write to our Technical support service (support@kaspersky.com) or to the address contained in the license key information.
Kaspersky Anti-Virus® for Sendmail with Milter API • 7. less than 64 MB or more than 2 GB of RAM. Specify the approximate amount of daily traffic and whether or not the server has peak loads. You can also use the troubleshooter.sh script to determine the reason of the problem and to communicate with our Technical support service (see section 7.18 on page 78).
APPENDIX A. ADDITIONAL INFORMATION A.1. Application configuration file kavmilter.conf This appendix provides a detailed explanation of every section of the kavmilter.conf configuration file which contains the general settings of Kaspersky Anti-Virus. The [kavmilter.global] section contains general parameters required for application startup and operation: RunAsUid – account user name which priveleges are used to run the application.
Kaspersky Anti-Virus® for Sendmail with Milter API LicensedUsersDomains – list of domains containing accounts which should be protected, according to the licensing scheme of Kaspersky Anti-Virus for Sendmail with Milter API. This option is available only if your license is issued for a certain number of mail addresses. The [kavmilter.
Appendix A ScanCodeanalyzer=yes|no – scan using a heuristic code analyzer to detect malicious programs, virus modifications, and unknown viruses. To disable this mode, set the parameter to no. UseAVBasesSet=standart|extended – the set of anti-virus databases which the application will use to scan messages.
Kaspersky Anti-Virus® for Sendmail with Milter API MessageStatistics – file that is used to store detailed information about all scanned messages. Leave the parameter value blank if you do not want the statistical data to be logged. The [path] section contains parameters that define the paths to critical directories. BasesPath – full path to the anti-virus database. LicensePath – full path to the directory where license keys are stored.
Appendix A UpdateServerUrl address fails the application will use an alternative address from the list of update servers. PostUpdateCmd – defines the command that must be executed after update is complete. The default value restarts the application. RegionSettings – defines the customer region used to update the anti-virus databases from the nearest Kaspersky Lab's update server. ConnectTimeout – interval (in seconds) within which the application will attempt to connect to the update source.
Kaspersky Anti-Virus® for Sendmail with Milter API used to define masks. If this option is not defined, the value is assumed to be *@* (all addresses). Recipients – masks of email recipient addresses. Enter masks as Recipients=mask (one mask per line). Regular expressions can also be used to define masks. If this option is not defined, the value is assumed to be *@* (all addresses). At least one of the Senders or Recipients parameters has to be specified.
Appendix A 103 VirusNameAction= warn|drop|reject|delete – actions to be applied to the message or its object if it is infected with a virus listed in the VirusNameList parameter. UsePlaceholderNotice=yes|no – attach a notification about the deleted object. The [group.filter] section defines rules for message filtering: IncludeMime – defines masks for filtering by MIME type.
Kaspersky Anti-Virus® for Sendmail with Milter API To make the application send notifications upon detection of objects with various statuses, you can set several values for NotifySender parameter, e.g.: NotifySender=filtered NotifySender=infected You can assign the NotifyRecipients and NotifyAdmin parameters in the same manner. NotifyRecipients=filtered|infected|suspicious|error|all|none – notify the recipients upon detection of e-mail messages (message objects) with this status.
Appendix A A.3. Error return codes Errors may occur during application performance. Table 6 below contains possible error return codes. Table 6. Error return codes Internal errors 1 Invalid log option. 2 Starting the application as a UNIX-daemon failed. 3 Insuffucient rights to change uid. 4 Insuffucient rights to change gid. 5 Cannot spawn filter child process. 6 Maximum number of retries for restarting the application exceeded. 7 Endpoint file already exists and is not a socket.
Kaspersky Anti-Virus® for Sendmail with Milter API 17 Invalid user name was used with the –u command line option of the kavmilterd script. 18 Invalid group was used with the –g command line option of kavmilterd script. 19 The directory with the group configuration files was not found. 20 Default group configuration file was not found / loaded. 255 Unidentified error. Engine errors 51 Error initializing the database manager. 52 Database load error.
Appendix A 108 Parameters are not set. Groups configuration errors 151 Invalid group configuration file. A.4. Keepup2date return codes The keepup2date component may return any of the following codes while running: 0 The anti-virus databases do not need an update. 1 The anti-virus databases were updated successfully. 10 A critical error occurred; updating was interrupted. 12 An error occurred during the roll back to previous anti-virus databases. Roll back was interrupted.
Kaspersky Anti-Virus® for Sendmail with Milter API command line options supported by the component and exit. Command line options for managing license keys -s Output information about all installed license keys to the console. -c (С) Use the alternative configuration file . -k Output to the console information about the current key. -a Install a license key. -d Delete the current/additional key. A.6.
Appendix A 109 A.7. Description of the MIB (Management Information Base) objects In this section you will find descriptions for all objects of .iso.org.dod.internet.private.enterprises.kaspersky.kavmilter branch. the Config – the node containing application configuration information. Parameters located in subnodes of this node are identical to the parameters of the application configuration files. Global – general parameters required for application startup and operation (correspond to [kavmilter.
Kaspersky Anti-Virus® for Sendmail with Milter API AverageMessagesSize – average mail message size. Resources – resource consumption related statistics: StatsTime – time in seconds since the last request for statistics. AverageScanTime – average mail scanning time. TotalMessageSize – total size of all processed messages. CpuUsageUser – CPU time spent executing instructions of the kavmilter process. CpuUsageSystem – CPU time spent by the system executing tasks on behalf of the kavmilter process.
Appendix A 111 adminEvents – parameters used for sending SNMP traps related to application operation: adminEventsVars – administrative events parameters. CurrentThreshold – actual percentage of infected messages in all messages scanned during the last hour. ProductStart – parameter which informs whether the application was started. ProductStop – parameter which informs whether the application was stopped.
APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks. Kaspersky Lab is an international company.
Appendix B 113 B.1. Other Kaspersky Lab Products Kaspersky Anti-Virus® Personal ® Kaspersky Anti-Virus Personal has been designed to provide anti-virus protection to personal computers running Windows 98/ME or Windows 2000/NT/XP against all known viruses, including potentially dangerous software. Kaspersky Anti-Virus Personal provides real-time monitoring of all sources of virus intrusion - e-mail, Internet, floppy disks, CD, etc.
Kaspersky Anti-Virus® for Sendmail with Milter API retrieval of daily updates for the anti-virus database and the program modules. A unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever. ® Kaspersky Anti-Virus Personal Pro has the following features: • On-demand scan of local disks. • Real-time automatic protection of all accessed files from viruses.
Appendix B 115 Kaspersky® Personal Security Suite Kaspersky® Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from penetrating through any possible data sources and protects you from unauthorized attempts to access your computer’s data, as well as blocking spam.
Kaspersky Anti-Virus® for Sendmail with Milter API • Exclude archives and e-mail databases from scanning. • Select standard/extended anti-virus databases for scanning. • Save a report on the scanning results in txt or html formats. ® Kaspersky Security for PDA Kaspersky® Security for PDA provides reliable anti-virus protection for data saved on various types of hand-held computers and smartphones.
Appendix B 117 You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. ® Kaspersky Corporate Suite This package provides corporate networks of any size and complexity with comprehensive, scalable anti-virus protection. The package components have been developed to protect every tier of a corporate network, even in mixed computer environments.
Kaspersky Anti-Virus® for Sendmail with Milter API Installed at the entrance to a network, where it monitors incoming e-mail traffic ® streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited e-mail. The product is compatible with any mail system and can be installed on either an existing mail server or a dedicated one.
Appendix B any matters related to our product by phone or via e-mail. Rest assured that all of your recommendations and suggestions will be thoroughly reviewed and considered. Technical support Please find the technical support information at http://www.kaspersky.com/supportinter.html General information WWW: http://www.kaspersky.com http://www.viruslist.com E-mail: info@kaspersky.
APPENDIX C. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT.
Appendix C 121 PRODUCT. IN THIS CASE, KASPERSKY LAB WILL NOT BE HELD BY THE PARTNER'S CLAUSES. THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software. 1. License Grant.
Kaspersky Anti-Virus® for Sendmail with Milter API steps to achieve interoperability, provided that you only reverse engineer or decompile the Software to the extent permitted by law. 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein). 1.1.
Appendix C 123 described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support.
Kaspersky Anti-Virus® for Sendmail with Milter API You shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the Key Identification File. 6. Limited Warranty.
Appendix C 125 (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue; (b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money; (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill; (h) Loss of reputation; (i) Loss of, damage to or corruption of data, or: (j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of d
