KASPERSKY LAB Kaspersky Anti-Virus 5.5 for Proxy Server ADMINISTRATOR'S GUIDE KASPERSKY ANTI-VIRUS 5.5 FOR PROXY SERVER Administrator's Guide © Kaspersky Lab http://www.kaspersky.com Revision date: June 2006 Contents CHAPTER 1. KASPERSKY ANTI-VIRUS FOR PROXY SERVER .............................. 5 1.1. Hardware and software requirements .................................................................. 6 1.2. Licensing policy ..................................................................................................... 7 1.3. Distribution kit ........................................................................................................ 7 1.3.1. License agreement ......................................................................................... 8 1.4. Help desk for registered users .............................................................................. 8 1.5. Conventions........................................................................................................... 9 CHAPTER 2. OPERATION ALGORITHM AND TYPICAL DEPLOYMENT SCENARIOS .............................................................................................................. 10 2.1. The algorithm of application functioning ............................................................. 10 2.2. Typical deployment scenarios............................................................................. 13 2.2.1. Installing the application to the same server with SQUID proxy ................. 13 2.2.2. Installation on a dedicated server................................................................. 14 CHAPTER 3. INSTALLING THE APPLICATION......................................................... 15 3.1. Installing the application on a server running Linux ........................................... 15 3.2. Installing the application on a server running FreeBSD..................................... 16 3.3. Installation procedure .......................................................................................... 16 3.4. Post-install setup ................................................................................................. 17 3.5. Distribution of the application files in directories................................................. 18 CHAPTER 4. USING KASPERSKY ANTI-VIRUS ....................................................... 20 4.1. Updating the anti-virus databases ...................................................................... 20 4.1.1. Automatic updating of the anti-virus databases........................................... 21 4.1.2. Manual updating of the anti-virus databases............................................... 22 4.1.3. Creating a shared directory for storing and sharing database updates...... 23 4.2. Managing license keys........................................................................................ 24 4.2.1. Viewing information about license keys....................................................... 25 4.2.2. Renewing your license ................................................................................. 26 4.2.3. Removing a license key ............................................................................... 27 4.3. Using a control script ........................................................................................... 28 4 Kaspersky Anti-Virus for Proxy Server 4.4. Ensuring anti-virus protection of HTTP traffic..................................................... 29 4.5. Configuring the anti-virus scan parameters for user groups.............................. 30 CHAPTER 5. ADDITIONAL SETTINGS OF KASPERSKY ANTI-VIRUS .................. 34 5.1. Creating groups ................................................................................................... 34 5.2. Anti-virus scan settings........................................................................................ 36 5.3. The choice of actions over scanned objects ...................................................... 36 5.4. Administrator notifications ................................................................................... 38 5.5. Operation modes................................................................................................. 40 5.6. Modes of interaction with proxy via ICAP........................................................... 41 5.7. Application statistics logging ............................................................................... 41 5.8. Application reporting parameters........................................................................ 43 5.9. Memory dump creation for detection of errors ................................................... 45 5.10. Work with Internet broadcasting stations.......................................................... 46 CHAPTER 6. UNINSTALLING THE APPLICATION ................................................... 47 APPENDIX A. APPLICATION REFERENCE............................................................... 48 A.1. kav4proxy.conf application configuration file...................................................... 48 A.2. Macros................................................................................................................. 55 A.3. kavicapserver return codes................................................................................. 56 A.4. Command line options for licensemanager ....................................................... 56 A.5. Licensemanager return codes............................................................................ 57 A.6. Keepup2date command line options.................................................................. 57 A.7. Keepup2date return codes ................................................................................. 59 APPENDIX B. KASPERSKY LAB................................................................................. 60 B.1. Other Kaspersky Lab Products .......................................................................... 61 B.2. Contact Us........................................................................................................... 69 APPENDIX C. LICENSE AGREEMENT ...................................................................... 70 CHAPTER 1. KASPERSKY ANTIVIRUS FOR PROXY SERVER Kaspersky Anti-Virus 5.5 for Proxy Server (hereinafter also referred to as Kaspersky Anti-Virus or the Application) is intended for anti-virus protection of traffic routed via proxy servers based on Squid versions 2.5 and 3.0 with support for the Internet Content Adaptation Protocol (ICAP) in accordance with RFC 3507. The application allows the user to: · · · Perform anti-virus scanning of objects transferred via the proxy server. Cure revealed infected objects and block access to an infected object if disinfection fails. Use group settings to define various filtration parameters applied depending upon the address of the user requesting an object and the object's address (URL). Log activity statistics including, in addition to other data, information about anti-virus scanning and its results, application errors and warnings. Notify administrators about detection of malicious software. Update the anti-virus databases. The application uses update servers of Kaspersky Lab as the source of updates. It can also be configured to update the databases from a local directory. The anti-virus databases are employed for detection of infected objects and their disinfection. The application uses database records to analyze every object checking it for virus presence: its content is compared with code typical for specific viruses. Please keep in mind that new viruses appear every day and therefore we recommend maintaining the anti-virus databases in an up-to-date state. New updates are made available on Kaspersky Lab update servers every hour. · · · 6 Kaspersky Anti-Virus for Proxy Server 1.1. Hardware and software requirements In order to ensure normal functioning of Kaspersky Anti-Virus, the system must meet the following hardware and software requirements: Minimum hardware requirements for product operation: · · · · ® Intel Pentium 133 MHz processor or higher 64 MB RAM 50 MB of disk space for application setup 200 MB of available disk space for temporary files. The configuration is intended to provide for servicing of at least 10 clients sending at least 20 requests per minute with average request size of 15 Kb. Optimal hardware requirements: · for a proxy server servicing requests from 50 clients with average load of 900 requests per minute and daily traffic of 250 MB: · · · · Intel Pentium® II 300 MHz processor. 128 MB RAM. 512 MB of available disk space for temporary files. for a proxy server servicing requests from 250 clients with average load of 1300 requests per minute and daily traffic of 1 GB: · · · ® Intel Pentium 4 processor. 512 MB RAM. 1 GB of available disk space for temporary files. Software requirements: · One of the following operating systems: · · · · · RedHat Linux 9.0. RedHat Fedora Core 5. RedHat Enterprise Linux Advanced Server 4. SuSE Linux Enterprise Server 9.0. SuSE Linux Professional 10.1. Kaspersky Anti-Virus for Proxy Server 7 · · · · · · · · Mandriva 2006. Debian GNU/Linux version 3.1r2. FreeBSD version 4.11. FreeBSD version 5.4 . FreeBSD version 6.1. Squid 2.5 or 3.0 proxy server with ICAP support. Perl 5.0 or higher (www.perl.org). Glibc 2.2.x or higher (for Linux distributions). 1.2. Licensing policy The licensing policy for Kaspersky Anti-Virus includes a system of product use limitations based on the following criteria: · · Number of users protected by the application HTTP traffic processed daily (MB/day). The licensing policy based on processed traffic takes into account the traffic created by scanned objects only, auxiliary service traffic generated by the application is not included into that volume. Each type of licensing is also limited by a certain period (typically one year or two years after the date of purchase). You can purchase a license limited by one of the above criteria (for example, by the daily HTTP traffic volume). 1.3. Distribution kit You can purchase the product either from our dealers (retail box) or at one of our online stores (for example, www.kaspersky.com ­ follow the E-store link). The retail box contains: · · · · sealed envelope containing the installation CD with the product a copy of this Administrator's Guide license key file bundled with the distribution package or recorded to a special floppy disk License Agreement. 8 Kaspersky Anti-Virus for Proxy Server Before you unseal the envelope containing the CD, make sure you have carefully read the License Agreement. If you purchase our application online, you will download it from Kaspersky Lab's website. Your license key is either included in the installation package or will be sent to you by email after payment. 1.3.1. License agreement The license agreement constitutes a legal agreement between you and Kaspersky Lab Ltd containing the terms and conditions subject to which you may use the purchased software. Please read the license agreement carefully! If you do not agree with the terms of the license agreement you may return the box with Kaspersky Anti-Virus to the distributor, where you have purchased it, you will be refunded the amount you've paid for subscription, provided the CD envelope remains sealed. Opening the sealed envelope of the installation CD or installing the product to a computer means your acceptance of all the terms and conditions of the license agreement. 1.4. Help desk for registered users Kaspersky Lab offers an extensive service package enabling registered customers to boost the productivity of Kaspersky Mail Gateway. If you purchase a subscription you will be provided with the following services for the period of your subscription: · · · new versions of this software product provided free of charge phone or email support on matters related to the installation, configuration, and operation of the product you have purchased notifications about new software products from Kaspersky Lab, and about new virus outbreaks. This service is provided to users who have subscribed to the Kaspersky Lab email newsletter service. Kaspersky Anti-Virus for Proxy Server 9 Kaspersky Lab does not give advice on the performance and use of your operating system or other technologies. 1.5. Conventions Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. Table 1 below lists the formatting conventions used. Table 1. Conventions Style Bold type Meaning Menu titles, menu items, window titles, parts of dialog boxes, etc. Note. Additional information, notes. Attention! In order to perform the action, 1. 2. Step 1. ... Task, example Information requiring special attention. Procedure description for user's steps and p ...