KASPERSKY LAB Kaspersky Anti-Virus® 5.6 for Sendmail with Milter API ADMINISTRATOR'S MANUAL KASPERSKY ANTI-VIRUS® 5.6 FOR SENDMAIL WITH MILTER API Administrator's manual © Kaspersky Lab http://www.kaspersky.com Revision date: March 2006 Contents CHAPTER 1. KASPERSKY ANTI-VIRUS® FOR SENDMAIL WITH MILTER API....... 6 1.1. What's new in version 5.6 ..................................................................................... 7 1.2. Hardware and software system requirements ..................................................... 7 1.3. Licensing policies................................................................................................... 9 1.4. Distribution kit ........................................................................................................ 9 1.5. Help desk for registered users ............................................................................ 10 1.6. Adopted conventions........................................................................................... 10 CHAPTER 2. TYPICAL DEPLOYMENT SCENARIOS ............................................... 13 2.1. Installing Kaspersky Anti-Virus on the same server with your mail system ...... 13 2.2. Installing Kaspersky Anti-Virus on a dedicated server....................................... 16 2.3. Installing Kaspersky Anti-Virus as a filter (single or additional).......................... 18 2.4. Installing Kaspersky Anti-Virus as Milter filter for several Sendmail servers..... 18 CHAPTER 3. INSTALLATION AND UNINSTALLATION OF KASPERSKY ANTIVIRUS ......................................................................................................................... 21 3.1. Software installation on a server running Linux.................................................. 21 3.2. Software installation on a server running FreeBSD or OpenBSD..................... 22 3.3. Installation process.............................................................................................. 22 3.4. Post-install setup ................................................................................................. 23 3.5. Location of application files and directories ........................................................ 24 3.6. Software uninstall ................................................................................................ 26 3.7. Uninstallation process ......................................................................................... 26 CHAPTER 4. THE PRINCIPLES OF APPLICATION OPERATION........................... 28 4.1. General message processing algorithm............................................................. 28 4.2. Creating groups for message processing........................................................... 29 4.3. Message status ................................................................................................... 31 4.4. Assigning actions for mail messages ................................................................. 31 CHAPTER 5. PRESET PROTECTION PROFILES..................................................... 33 5.1. High overall security profile ................................................................................. 33 5.2. High effective security profile .............................................................................. 34 4 Kaspersky Anti-Virus® for Sendmail with Milter API 5.3. Optimal operation profile ..................................................................................... 35 5.4. Top performance mode....................................................................................... 35 CHAPTER 6. USING KASPERSKY ANTI-VIRUS FOR SENDMAIL WITH MILTER API................................................................................................................ 37 6.1. Delivering disinfected messages to recipients ................................................... 37 6.2. Blocking infected messages ............................................................................... 39 6.3. Delivering protected messages........................................................................... 40 6.4. Sending notifications to senders, recipients, and administrator......................... 41 6.5. Filtering e-mail traffic by attachments ................................................................. 43 6.6. Updating the anti-virus database and application kernel ................................... 44 6.7. Backing up e-mail messages.............................................................................. 45 CHAPTER 7. ADDITIONAL SETUP ............................................................................. 47 7.1. Integrating the application into your mail system................................................ 47 7.2. Installing and uninstalling the Webmin module of Kaspersky Anti-Virus........... 50 7.3. Checking the configuration file syntax ............................................................... 51 7.4. Defining an e-mail scan policy ............................................................................ 52 7.5. Adjusting scan thoroughness.............................................................................. 52 7.6. Selecting objects to scan..................................................................................... 53 7.7. Selecting objects to be filtered and assigning actions........................................ 54 7.8. Configuring backup options................................................................................. 55 7.9. Configuring database and kernel module updates ............................................ 56 7.10. Customizing notifications................................................................................... 57 7.10.1. Notification templates ................................................................................. 60 7.10.2. Customizing notification templates ............................................................ 62 7.10.2.1. Macros.................................................................................................. 62 7.10.2.2. Iteration constructs............................................................................... 63 7.10.2.3. Scope of visibility for an iterative statement ........................................ 64 7.10.2.4. Variables .............................................................................................. 65 7.10.2.5. Language syntax ................................................................................. 66 7.10.2.6. Notification macros for the application ................................................ 68 7.11. Reporting options .............................................................................................. 69 7.12. Parameters of update report generation .......................................................... 71 7.13. Statistics parameters......................................................................................... 73 7.14. Restarting Kaspersky Anti-Virus ....................................................................... 75 7.15. Managing the application from the command line ........................................... 76 Contents 5 7.16. Localization of displayed date and time format ................................................ 77 7.17. Additional informational header fields in messages......................................... 78 7.18. Troubleshooting................................................................................................. 78 7.19. Application control via SNMP............................................................................ 79 CHAPTER 8. USING LICENSES.................................................................................. 83 8.1. Viewing license key information.......................................................................... 84 8.2. License extension................................................................................................ 85 8.3. License key removal............................................................................................ 87 CHAPTER 9. COMPATIBILITY WITH OTHER KASPERSKY LAB APPLICATIONS ......................................................................................................... 88 CHAPTER 10. VERIFYING PROPER OPERATION OF THE ANTI-VIRUS.............. 90 CHAPTER 11. FREQUENTLY ASKED QUESTIONS................................................. 92 APPENDIX A. ADDITIONAL INFORMATION.............................................................. 98 A.1. Application configuration file kavmilter.conf ....................................................... 98 A.2. Default group configuration file default.conf..................................................... 102 A.3. Error return codes ............................................................................................. 106 A.4. Keepup2date return codes ............................................................................... 108 A.5. Command line options for licensemanager ..................................................... 108 A.6. Licensemanager return codes.......................................................................... 109 A.7. Description of the MIB (Management Information Base) objects.................... 110 APPENDIX B. KASPERSKY LAB............................................................................... 113 B.1. Other Kaspersky Lab Products ........................................................................ 114 B.2. Contact Us......................................................................................................... 119 APPENDIX C. LICENSE AGREEMENT .................................................................... 121 CHAPTER 1. KASPERSKY ANTIVIRUS® FOR SENDMAIL WITH MILTER API Kaspersky Anti-Virus® for Sendmail with Milter API (hereinafter also referred to as Kaspersky Anti-Virus, application) provides anti-virus protection for e-mail traffic handled by Sendmail with Milter API running on a Linux/Unix server. Kaspersky Anti-Virus running on a mail server will... · · Intercept incoming and outgoing e-mail messages handled by the server. Scan e-mail traffic for viruses using the anti-virus engine. The application scans the entire message as well as message objects, including the header, body, and attachment (depending on the anti-virus policy). Back up e-mail messages prior to performing any action related to antivirus protection, including blocking and rejecting messages. The administrator can then restore original messages from these backup copies. Handle infected objects of e-mail messages detected during the scan. Filter e-mail messages. This version of the product filters messages by MIME type, size, and name of attachments. Notify the senders and administrators about the results of anti-virus treatment and message filtering. The application may also send detailed notifications using an external mail agent. Provide general statistics and reports on application performance. · · · · · The advanced features of Kaspersky Anti-Virus allow the administrator to perform the following tasks: · · Configure the application from a remote location through the web interface of the Webmin application. Customize templates for sending notifications to senders, recipients, and administrators using a special language. Kaspersky Anti-Virus® for Sendmail with Milter API 1.1. What's new in version 5.6 Kaspersky Anti-Virus 5.6 for Sendmail with Milter API has these additional features, compared to version 5.0: · · · · Simple processing rules for e-mails can be grouped, depending upon the message's senders and recipients, to provide complex processing. Additional options have been added for processing messages containing suspicious objects Additional statistics are recorded for all messages processed by the application. The SNMP protocol can be used to get read-only access to application configuration and statistic data; the application can be configured to send SNMP-traps when specific events occur. 1.2. Hardware and software system requirements For smooth operation of Kaspersky Anti-Virus, your mail server must meet the following hardware and software requirements: Minimum hardware requirements for application operation: · · · Intel Pentium 133 MHz processor or higher 32 MB RAM 100 MB available space on your hard drive (this amount does not include space necessary for storing backup message copies). Minimum hardware requirements for a mail server with about 800 MB of traffic per day 1 (250-300 mail accounts (addresses)): · · Celeron (Mendocino) 400 MHz processor 512 MB RAM The following scheme is used to calculate daily traffic: average message size is 60 KB, during 10-hour period, with 25 scan processes working in parallel, about 13200 messages are processed, which totals to 800 MB. 1 8 Kaspersky Anti-Virus® for Sendmail with Milte ...