KASPERSKY LAB Kaspersky Anti-Virus for Firewall USER GUIDE KASPERSKY ANTI-VIRUS FOR FIREWALL User Guide Kaspersky Lab Ltd. Tel. +7 095 797 87 00 · Fax +7 095 948 43 31 Visit our Web site: http://www.kaspersky.com/ C ne t o t ns KASPERSKYTM ANTI-VIRUS FOR FIREWALL............................ 6 1.1. Function And Features ........................................... 6 1.2. KAV for Firewall: Protecting Local Network From Viruses .................................................................................. 8 1.3. What's New.............................................................. 9 1.4. Distribution Kit ......................................................... 9 1.5. Help Desk For Registered Users ......................... 11 1.6. Information In The Book ..................................... 12 2. INSTALLING KAV FOR FIREWALL ........................................ 13 2.1. Software And Hardware Requirements ............. 13 2.2. Step-By-Step Installation ..................................... 14 2.3. The *.KEY File........................................................ 28 3. PREPARING TO RUN THE PROGRAM.................................... 29 3.1. Binding Firewall With KAV For Firewall.............. 29 3.2. Adding CVP Server ................................................ 29 3.3. Adding Resources.................................................. 33 3.4. Creating Rules ....................................................... 43 3.5. Saving New Settings ............................................. 47 4. RUNNING THE PROGRAM.................................................... 48 4.1. Various Methods To Launch The Program ........ 48 5. CONFIGURING THE PROGRAM............................................. 51 5.1. Anti-Virus Settings................................................. 51 5.2. Various Configuration Methods........................... 52 5.3. Defining General Anti-Virus Settings.................. 54 3 1. 5.4. Defining Setting For Each Protocol Separately..57 6. ACTIONS TAKEN FOR INFECTED FILES .................................69 7. PERFORMANCE STATISTICS AND OPERATION LOG................71 7.1. Displaying The Performance Statistics ...............71 7.2. Log File ....................................................................73 7.3. Alerts From Control Centre...................................74 8. KASPERSKY ANTI-VIRUS FOR FIREWALL AGENT ...................76 8.1. General Information ..............................................76 8.2. Configuring The Agent ..........................................76 APPENDIX A. KASPERSKY LAB LTD. ...............................78 APPENDIX B. FREQUENTLY ASKED QUESTIONS .......80 4 Dear Customer, Thank you for choosing KASPERSKY ANTI-VIRUS to protect your computer from viruses. The best anti-virus experts worked hard to make this product meet the highest possible standards and feel sure that you will find it efficient and effective. By choosing our software, you acquire the unbeatable protection against viruses. Our company always seeks to make the software products more friendly and easy-to-use while keeping their functionality at the highest possible level. KASPERSKY ANTI-VIRUS provides its users with the highly reliable anti-virus protection, heuristic code-analyser, ability to check for viruses in all the commonly used mail formats and compressed files, easy-to-use anti-virus managing tools. Furthermore, the user is provided with round-the-clock technical support, information services, and personal attention to every client and immediate response to new viruses. We highly appreciate your confidence in our product and hope you'll find it fairly efficient and useful. Kaspersky Lab 5 1 Chapter 1. KasperskyTM Anti-Virus For Firewall What is Kaspersky Anti-Virus for Firewall? Distribution kit. 1.1. Function And Features KasperskyTM Anti-Virus for Firewall is a special plug-in module for the centralised filtering of data traffic passing through firewalls supporting Content Vectoring Protocol (CVP). KasperskyTM Anti-Virus for Firewall is based on the world's famous anti-virus kernel used in other Kaspersky Lab products. KAV for Firewall allows to protect user workstations from viruses passing via the firewall from the Internet. KAV for Firewall is installed on any computer running one of the following operating systems: Windows NT Server, Windows 2000 Server, Windows 2000 Advanced Server, Windows NT Workstation, Windows 2000 Professional, and works with Check Point Firewall-1 copies regardless of the operating system they are running under. The firewall transfers incoming data packets to KAV for Firewall via TCP/IP. KAV sorts these packets by the protocols 6 KASPERSKY ANTI-VIRUS that have been used to download them, i.e. SMTP, FTP and HTTP, checks for viruses and returns these to the firewall with the banner indicating the check results. To speed up the check procedure you can use different workstations to scan for viruses in different types of traffic (SMTP, FTP and HTTP). The KAV for Firewall features: In real-time, KasperskyTM Anti-Virus for Firewall checks for and deletes all types of malicious code from data passing through the firewall and received by HTTP, FTP, SMTP and other protocols. The program searches for viruses in archived and packed files and e-mail. A powerful heuristic code analyser and redundant scan feature will protect your network from even unknown viruses. You can define the quarantine directory where the program will transfer all infected and suspicious objects that have been detected in the Internet traffic. All detected virus attacks are immediately reported by KasperskyTM Anti-Virus to the predefined e-mail addresses. KasperskyTM Anti-Virus for Firewall logs all the program activity and the virus attack statistics. You may change any program setting without needing to restart it. All changes will be activated right after you have confirmed them. Content Vectoring Protocol (CVP) was developed by Check Point Software Technologies within the framework of the Open Platform for Secure Enterprise Connectivity project. CVP allows «coupling» the firewall with other programs. 7 KAV FOR FIREWALL KasperskyTM Anti-Virus for Firewall is developed for Check Point Firewall-1, versions 3.0, 4.0, and 4.1. 1.2. KAV for Firewall: Protecting Local Network From Viruses Nowadays more and more large, medium or small companies provide their staff with access to the Internet. Consequently, the probability that one day a virus will pass from the Internet onto your private network increases every day. According to International Computer Security Association (ICSA) practically all the medium and large companies suffered from virus attacks (1998 Virus Prevalence Survey) and in most cases the virus was carried in with email messages. Today, the corporate Internet-gateway is the main entry point for viruses attempting to penetrate corporate networks. Most network administrators take care to protect their file servers and workstations, but leave Internet gateways unprotected, hoping that their firewall protects them from the Internet viruses. To our regret firewalls monitor just the source of incoming files what makes them weak in the face of a virus attack. Nevertheless, integration of such an anti-virus software as KAV with the OPSEC architecture allows to develop the internal security policy that will stop viruses before they reach user workstations. The on-line scanner, KAV for Firewall, is used for anti-virus protection. The firewall transfers incoming data packets to KAV for Firewall via TCP/IP. KAV checks these packets for viruses and returns to the firewall with the banner indicating the check results. KAV for Firewall uses all the features of FireWall-1 to register events, it also records its performance statistics and logs it to a separate file. This data is very important and allows to define the source of incoming viruses. It allows you to increase the protection level by, for example, prohibiting the download of files from this "problem" source. 8 KASPERSKY ANTI-VIRUS Different servers require different approaches to their anti-virus protection. The HTTP server, for example, runs ActiveX and Java applets. These elements may contain viruses that must be deleted before they reach the browser. To protect email (SMTP) from viruses the anti-virus program must access each database and find any hidden viruses attached to messages before the recipient reads or readdresses this message. Finally, FTP corresponds to the file transfer protocol enabling you to download applications that can be infected with a virus. KAV for Firewall features enable it to provide protection for the different server types. KAV for Firewall is a quality product with high scanning speed and reliable check results. The latter quality is guaranteed by the ability to regularly update anti-virus databases via the Internet by means of the KAV for Firewall one-click automatic updating feature. 1.3. What's New... In this version, users are provided with the ability to optimise the KAV for Firewall processing of examined files (percentage of a large-size file, transferred to the user without checking). Besides, we added the feature allowing to view the quantity of simultaneously launched sessions and, if necessary, to terminate them. The package also includes the Kaspersky Anti-Virus for Firewall Agent module that launches the appropriate support program or restarts KAV for Firewall in case of the program failure. 1.4. Distribution Kit 1.4.1. What is in the distribution kit Your KAV distribution kit contains the following items: 9 KAV FOR FIREWALL · · · · license agreement; sealed envelope with CD containing the program installation files; User Guide; registration card. Before you unseal the envelope with CD make sure to review thoroughly the license agreement. 1.4.2. License agreement License Agreement is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Lab LTD) describing the terms on which you may employ this anti-virus product. Make sure to peruse this LA! If you do not agree to terms of this LA, Kaspersky Lab is not willing to license the software product to you and you should return the unused product to your KAV dealer for a full refund, but make sure the envelope with CD is sealed. By unsealing the envelope, you agree to all the LA terms. 1.4.3. Registration card To register you must fill the detachable coupon of your registration card (your full name, telephone and e-mail address) and mail it to the Kaspersky Lab legal dealer that sold this kit to you. If your mail/e-mail address or telephone number changed, please notify the entity to which you mailed the coupon. 10 KASPERSKY ANTI-VIRUS When registered you obtain the status of Kaspersky Lab legal customer and will be provided with the product support and antivirus database updates for the period of your subscription. Furthermore, Kaspersky Lab provides Kaspersky Anti-Virus registered users with information about the new products released by the company. 1.5. Help Desk For Registered Users Kaspersky Lab offers a large service package enabling its legal customers to efficiently employ Kaspersky Anti-Virus for Firewall. If you register and purchase a subscription, you will be provided with the following services for the period of your subscription: · · · · anti-virus database DAILY updates provided by e-mail; new versions of the Kaspersky Lab anti-virus software provided on the FREE basis; PHONE, E-MAIL or IN-OFFICE advising on matters related to the operation of our anti-virus software; information about the Kaspersky Lab new products and about new computer viruses (for those who subscribe to our newsletter http://www.kaspersky.com/subscribeNow.asp). For more information about our services, refer to the file README.TXT. Kaspersky Lab does not provide information related to operation and use of your operating system, and various technologies. 11 KAV FOR FIREWALL 1.6. Information In The Book This book contains information on how to install, configure and manage the software product, explains its basic concepts and the way they can be applied, recommends how to manage and change settings. 12 2 Chapter 2. Installing KAV for Firewall Step-by-step installation. File *.KEY. 2.1. Software And Hardware Requirements In order to run KAV for Firewall you need: · · · · · an IBM PC or a 100%-compartible computer with Processor Pentium 133 MHz; 64 MB RAM; 100 MB of hard disk space (for the server to work efficiently 500 MB of hard disk space is recommended); CD-ROM (for the KAV distribution kit that includes CDs); One of the following operation systems: Windows NT Server, Windows 2000 Server, Windows NT Workstation, Windows 2000 Professional, and Windows 2000 Advanced Server. 13 INSTALLING KAV FOR FIREWALL KAV for Firewall is installed on any computer of your local ...