background image

Avira GmbH

Avira AntiVir UNIX Server

2

7.2

Problem Analysis for the Virus Scan Provider. . . . . . . . . . . . . . . . . . . . . . . .   57

7.3

Example Program  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

8

Operation  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

8.1

Reaction to Viruses/ Unwanted Programs Detected  . . . . . . . . . . . . . . . . . . . 59

9

Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

9.1

Support   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

9.2

Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

10

Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

10.1 Glossary  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
10.2 Further Information   . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
10.3 Golden Rules for Protection Against Viruses  . . . . . . . . . . . . . . . . . . . . . . . . . 65

Summary of Contents for ANTIVIR VIRUS SCAN ADAPTER FOR SAP SOLUTIONS

Page 1: ...More Than Security www avira com User Manual Virus Scan Adapter for SAP Solutions ...

Page 2: ...onfiguration UNIX 17 4 1 Overview 17 4 2 Configuration Files 17 4 3 Configuration Script configantivir 20 4 4 Configuring Regular Updates 22 5 Configuration Windows 27 5 1 Available Entries in SAVAPI INI 27 5 2 Possible Entry in SAVAPIDL INI 30 5 3 Immediate Updates 30 6 ABAP Specific Configuration 31 6 1 Setting the Virus Scan Interface 31 6 1 1 Defining Scanner Groups 31 6 1 2 Defining Virus Sca...

Page 3: ...Virus Scan Provider 57 7 3 Example Program 58 8 Operation 59 8 1 Reaction to Viruses Unwanted Programs Detected 59 9 Service 61 9 1 Support 61 9 2 Contact 61 10 Appendix 63 10 1 Glossary 63 10 2 Further Information 64 10 3 Golden Rules for Protection Against Viruses 65 ...

Page 4: ...rs bringing you the following information The full name of the program is AntiVir Virus Scan Adapter for SAP Solutions For easier reading we have shortened the name in this manual to AntiVir VSA The term viruses is used as a general reference to malware such as worms Trojans hoaxes etc Chapter Contents 1 About this Manual The structure of the manual signs and symbols 2 Product Information General ...

Page 5: ...rforming an action shown before a step you have to perform shown before the result that directly follows the preceding action shown before a warning if there is a danger of critical data loss or hardware damage shown before a note containing particularly important information e g on the steps to be followed shown before a tip that makes it easier to understand and use AntiVir VSA Emphasis in text ...

Page 6: ...y of your system by integrating AntiVir VSA into the SAP system with the Virus Scan Interface In this way you can scan files or documents processed by applications for viruses and unwanted programs using a high performance integration solution This applies both to applications supplied by SAP and to your own processes for example data transfer via networks or the exchange of documents via interfac...

Page 7: ...n one AntiVir product Full Version The range of Full Version features includes Provision of AntiVir Versions by Internet download License file by email Complete installation instructions digital PDF manuals available for Internet download Four weeks installation support starting from acquisition date Newsletter service by email Internet update service for program files and VDF Convenience Package ...

Page 8: ... UNIX 256 MB RAM 768 MB for Solaris 100 MB on hard disk 1GB recommended CPU i386 or higher Linux SPARC SunOS Linux with glibc 2 2 ia32 and x86_64 or SunOS Version 5 9 SPARC Windows Pentium III 500 MHz 256 MB RAM 20 MB hard disk space Operating system Windows 2000 Server or Advanced Server Windows 2003 Server Windows NT Server Administrator rights for installation ...

Page 9: ...Product Information 8 AntiVir Virus Scan Adapter Avira GmbH ...

Page 10: ...load the current version file from our website http www avira com to your local computer The file name is antivir vsa prof version tar gz Save the file in a tmp folder on the computer on which you want to run AntiVir VSA Getting the Installation Files from CD ROM On the AntiVir CD ROM open en products unix server Copy the file antivir vsa prof version tar gz in a directory for example in tmp Unpac...

Page 11: ...ing AntiVir configuration files are inherited Optionally it installs AntiVir Update Daemon Optionally it configures an automatic start for AntiVir Updater on system start up Preparing Installation Login as root Otherwise you do not have the required authorization for installation and the script returns an error message Go to the directory in which you unpacked AntiVir cd tmp antivir vsa prof versi...

Page 12: ... done copying vdf antivir2 vdf to usr lib AntiVir done copying vdf antivir3 vdf to usr lib AntiVir done Enter the path to your key file hbedv key copying hbedv key to usr lib AntiVir hbedv key done copying script configantivir to usr lib AntiVir done linking usr bin antivir to usr lib AntiVir antivir done installation of AntiVir Engine complete 2 installing internet update daemon An internet updat...

Page 13: ...ibantivirvsa so 1 1 0 to usr lib AntiVir done linking libantivirvsa so to libantivirvsa so 1 1 0 done installation of VSA library complete checking for existing etc avsapvsa conf not found copying etc avsapvsa conf to etc done 4 configuring AntiVir Updater Your connection to the internet might require special configuration settings such as HTTP proxy settings You may also want the updater to log t...

Page 14: ...irvsa so version The administrator has to integrate the SAPCAR tool in etc avsapvsa conf see the given example without this entry AntiVir does not scan SAPCAR archives SapCarProgram usr bin SAPCAR 3 2 AntiVir VSA Installation Windows 3 2 1 Getting the Installation Files Downloading the Installation Files from the Internet You can find the current program files for AntiVir VSA on our website They a...

Page 15: ...tiVir VSA Requirements Please check the following requirements in order for the software to perform efficiently 3 Make sure the System Requirements are met 3 Log in as administrator or as user with administrator rights 3 Make sure the Internet connection is available and it allows automatic Updates with the Internet Updater 3 Be sure to have the hbedv key license file at hand Open the folder conta...

Page 16: ...ead the License agreement Confirm with Yes The window for selecting the Destination folder appears Confirm with Next if the path is correct OR Click Browse and select the path then click Next You must agree to these conditions in order to continue the installation ...

Page 17: ...nstallation the following actions have been performed in the background Copying of the Virus Scan Adapter VSA file ANTIVIRVSA DLL to the installation folder Setting of the environment variable VSA_LIB in the absolute path for VSA for example VSA_LIB C Program Files Avira GmbH AntiVir Savapi ANTIVIRVSA DLL Searching for the tool to unpack SAP archives SAPCAR format searching for the environment var...

Page 18: ... scanning parameters and logging rules when viruses or unwanted programs are detected Configuration script You can use the script configantivir located in usr lib AntiVir to edit the settings in avupdater conf Updater settings 4 2 Configuration Files This section describes the structure of AntiVir VSA configuration files avsapvsa conf and avupdater conf AntiVir reads these files on program start u...

Page 19: ...selected priority or higher The possible priority levels in ascending order are Notice Information Warning Error and Alert By default the scanner does not suppress notifications SuppressNotificationBelow Scanner Notice LogFile Logfile AntiVir logs all important operations via the syslog daemon It can also create an additional logfile There is no default setting You must enter the full path to the ...

Page 20: ...toUpdateTime 04 23 EmailTo Email messages AntiVir can send email notifications with details regarding the performed updates There is no default setting You must specify a recipient in order to send emails EmailTo root localhost Suppress Notification Below Filtering email notifications as required This option can exclude certain messages when notifications are sent with the EmailTo option according...

Page 21: ... installation This is usually not necessary Both settings are deactivated by default Syslog Syslog settings AntiVir sends messages for all important operations to the syslog daemon You may specify the facility and priority for these messages The default setting is SyslogFacility user SyslogPriority notice These values apply even if the option is not active 4 3 Configuration Script configantivir Yo...

Page 22: ...lly restart in order to apply the new settings Then the configuration is complete AntiVir Configuration Here are the configuration settings you have specified Look them over to make sure they are correct email notification no specific logfile var log avupdater log update frequency every 2 hours if update daemon is running http proxy server none available options y n Save configuration settings y S...

Page 23: ...ity Configuring the Internet Connection for Updates 3 Check that your Internet connection is functioning correctly In most cases the connection is already configured If not refer to your UNIX documentation for the information you need Proxy server If your AntiVir VSA computer is connected to the Internet via HTTP proxy server you must make the necessary settings for AntiVir Run configantivir usr l...

Page 24: ...s update daily Time settings for updates for daily updates You can set the time yourself let the daemon choose a random time The script chooses the time once and keeps it as the update time In this case the computer has to be online at the set hour Run configantivir usr lib AntiVir configantivir HTTPProxyUsername HTTPProxyPassword 4 2 of 4 Proxy servers may be configured to require a username and ...

Page 25: ...ecial attention This allows AntiVir to be kept current against attacks and problems AntiVir can be configured to check for updates every 2 hours 2 or once a day d You can also choose to disable the Internet Update Daemon n Note Updates can also be done manually from the command line antivir update You may prefer to disable the Internet Update Daemon and instead perform regular updates using a cron...

Page 26: ...Using cron for updates you have more configuration possibilities than with the Internet Updater Example Enter the following cron job in etc crontab 45 2 root usr lib AntiVir antivir update q This command activates updates every 2 hours but performs them 15 minutes ahead of the set time 0 45 2 45 4 45 and so on The q parameter states that no report will be given Starting Internet Updater Automatica...

Page 27: ...ify its validity gpg sign key build vira com Change to the bin sub directory of the AntiVir installation directory example cd tmp antivir vsa prof version bin Here you can find the files antivir and antivir asc Check the signature with gpg verify antivir asc antivir If you do not get any error message you can use GnuPG for AntiVir updates Activate GnuPG for AntiVir In etc avupdater conf enter the ...

Page 28: ...ice If necessary restart the program that uses SAVAPI DLL 5 1 Available Entries in SAVAPI INI You can change the following parameters of SAVAPI INI Port Number This value indicates the number of the TCP IP port used for communication between Savapi Service and SAVAPI DLL If this port is already assigned you can change it Do not forget to specify it in SAVAPIDL INI see Possible Entry in SAVAPIDL IN...

Page 29: ... the maximum size of the logfile in kB When this value is exceeded the oldest entries are deleted automatically If the value is 0 there is no restriction for the logfile size Example LogFileSize 1000 Updates Server Name Savapi Service downloads its updates new virus signatures form the specified URL If you want to use another server e g via Internet Update Manager you can change the URL Example Up...

Page 30: ...et Updater should use to access the proxy server These values are applied only if ProxyEnabled is active Example ProxyUserName fmeier ProxyPassword password Email Notifications If SmtpMailEnabled is active 1 Savapi Service sends email notifications to the address specified for SmtpRecipientAddress The notifications can be sent in the event of errors or successful updates Make sure that the paramet...

Page 31: ...umber 18370 Port Number This is the number of the TCP IP port used for communication between Savapi Service and SAVAPI DLL If this port is already assigned you can change it Do not forget to change this value in the corresponding entry of the Savapi Service INI file SAVAPI INI see Available Entries in SAVAPI INI Page 27 Example PortNumber 18370 5 3 Immediate Updates AntiVir VSA is set by default t...

Page 32: ... Maintain a scanner group for each product class of virus scanners that are connected to the system using the virus scan server If you include your own virus scanners with the BAdI VSCAN_INSTANCE create a scanner group for each implementation of your own scanner and identify these as BAdI implementations You can store configuration parameters for each scanner group These are divided into initializ...

Page 33: ...pter Avira GmbH In the Implementation Guide choose IMG SAP Web Application Server System Administration Virus Scan Interface Choose the Execute option next to Define Scanner Groups The screen Change View Scanner Groups Overview appears Choose New Entries ...

Page 34: ... this in this step Field Notes Scanner Group Freely definable name of the scanner group Business Add In If this indicator is set the program transfers the request for a virus scan instance for this scanner group to the Business Add In VSCAN_INSTANCE with which customers can include their own virus scanners If this option is not set the program searches for a suitable virus scan server among the se...

Page 35: ... are starting the virus scan server on an application server using the Computing Center Management System choose the gateway of that application server In the Implementation Guide choose IMG SAP Web Application Server System Administration Virus Scan Interface Choose the Execute option next to Define Virus Scan Servers The screen View Change Virus Scan Servers Overview appears Choose New Entries T...

Page 36: ...e Scan Server field enter the name of the virus scan server The name must be the same as the name of the RFC destination that contains the technical connection to the virus scan server Under Virus Scan Server Definition enter the data for the virus scan server see table below ...

Page 37: ...ver and if necessary starts it on the specified application server INAC Inactive on an Application Server The CCMS monitors the virus scan server and if necessary stops it on the specified application server NONE No monitoring The CCMS does not monitor the virus scan server Monitoring status of the virus scan server in the CCMS If the status is NONE or INAC the system s automatic server selection ...

Page 38: ...initialization from outside the system can be performed you can leave the field empty This interface is available to certified vendors of virus scanners n Interval in hours Specifies the number of hours after which the virus scan server is to be regularly reinitialized For the virus scan server to load new virus definitions from the virus scan server you must reinitialize it The automatic reinitia...

Page 39: ...tion RZ20 in the monitor Virus Scan Servers in the monitor set SAP CCMS Monitors for Optional Components for more details see SAP Website The following differences exist in this case Application Server Starters In this case the CCMS data collector automatically checks whether a configured virus scan server is available If this is not the case the CCMS triggers an alert and starts the virus scan se...

Page 40: ...shared ext UNIX Installing a Virus Scan Server as a Self Starter The self starter is available to you as an alternative if you cannot use the application server starter for example in the following cases The SAP Web AS kernel uses 64 bits and the external anti virus product or the external virus scan adapter VSA uses 32 bits The SAP Web AS and the external anti virus product support different arch...

Page 41: ...cfg file is mandatory for this The options received using the command line are stored as the server configuration in this case If you do not specify any command line options the predefined values are set Use this command to start the setup of a self starter If the file specified using the option cfg does not exist a new file is created install NT Installs a new VSCAN_XX service in the Microsoft Wi...

Page 42: ...fault VSA_CONFIG for the current VSA configuration This option allows differentiation if you are using multiple different VSA configurations in one XML file T all Maximum number of threads that the server can use Possible values 1 to 999 m all Minimum number of threads that the server should use Note The mean value of m and T is always used for the number of threads that are held open L all Path s...

Page 43: ...rver as a daemon directly on operating system start up Example Starting a daemon vscan_rfc cfg vsa vscan_rfc xml daemon You can monitor the daemon with operating system resources CRONTAB INITTAB Configuring the Self Starter You have the following options for configuring the self starter Call get_config again and use additional commands and options as in Installing a Virus Scan Server as a Self Sta...

Page 44: ...ile which is then performed as part of the enclosing virus scan profile A virus scan is performed under the name of a virus scan profile The system administrator can use the profile to activate or deactivate the virus scan for each component By default each SAP application that integrates a virus scan provides a virus scan profile The names of these virus scan profiles are constructed as follows N...

Page 45: ...BAP Specific Configuration 44 AntiVir Virus Scan Adapter Avira GmbH The screen Change View Virus Scan Profile Overview appears Choose New Entries The screen New Entries Overview of Added Entries appears ...

Page 46: ...eaning that the application program works without a virus scan You can activate the virus scan for each application by setting this indicator Default Profile Indicator that this virus scan profile is the default profile You can set this indicator for a maximum of one virus scan profile This virus scan profile is used in the following cases If an application requests a virus scanner without specify...

Page 47: ...e used Relationship All steps successful The virus scan must have performed all steps without errors At least one step successful It is sufficient if one step of the virus scan was successfully performed Specifies the type of logical linkage for the steps in the virus scan profile If multiple steps that are to be performed during the virus scan with a virus scan profile are defined for a profile y...

Page 48: ...n server from this group or a BAdI implementation for the virus scan If you choose Profile the program processes the specified virus scan profile instead of this step You can define any conditions by combining the steps of the virus scan profile with the linkage type of the steps AND OR Scanner Group The input help provides a list of all existing scanner groups Combines multiple virus scan servers...

Page 49: ...p If you then perform a virus scan with this scanner group the program calls your implementation of the BAdI as a filter value for the group name and you can transfer an instance of your scanner implementation Create an implementation for each scanner group that is to use the BAdI implementation You can use an implementation for multiple filter values group names SAP does not provide a default imp...

Page 50: ... errors warnings or additional information to a file or writes them on the server s memory You can use the VSCANTRACE analysis tool to query and output this memory content to analyze all registered virus scan servers for errors during their production operation When the server is started the trace is deactivated for memory output Activate it only if problems occur since it affects the performance ...

Page 51: ... trace information You have the following options in the overview Refresh Refreshes the list Delete Deletes the trace output Export Exports the list to a local file Status Displays the current status of the virus scan server used even if the memory trace is deactivated In addition to technical information on the virus scan server this output also contains the configuration of the virus scan server...

Page 52: ...er You can use this procedure to check that your configured virus scan server is functioning correctly Start transaction VSCANTEST Specify the object to be checked using either the test data provided or your own local file Select the virus scan profile scanner group or the virus scan server to be tested Select an action ...

Page 53: ... the anti virus product that you specified scans the data for viruses and displays a result If you choose Check and Clean the product also attempts to clean the data if a virus infection is diagnosed 6 4 Commented Example Program You can also find a Commented Example Program on the SAP website ...

Page 54: ...The virus scan server communicates with the J2EE Engine using TCP IP SAP RFC protocol and accesses the external anti virus product using a virus scan adapter Virus scan adapter or virus scan server for an integrated installation Java and ABAP Both purely Java installations provide the same interface to instancejava from the package com sap security core server vsi api The configuration of the viru...

Page 55: ...ecify the parameter in the Parameter name field Use the input help to specify the parameter type in the Parameter type field Enter the value of the parameter in the Parameter value field To save your entries choose Set You have created a scanner group with the associated parameters As the next step Define a Virus Scan Provider Page 54 7 1 2 Define a Virus Scan Provider You can use either a virus s...

Page 56: ...uiry In case there are more inquiries than authorized instances this pool can also increase but it is reduced again as soon as possible Adapter Path Complete path to the storage location of the adapter as specified in Installing a Virus Scan Server as a Self Starter Page 39 If you leave this field empty the environment variable VSA_LIB is set Field Entry Name Name of the virus scan server and also...

Page 57: ... virus scanner If you check for viruses with this virus scan profile the virus scanner receives the parameters A virus scan profile specifies steps that are to be run during a scan A step is either a virus scanner which is found using the scanner group or it specifies in turn a virus scan profile which is then performed as part of the enclosing virus scan profile A virus scan is performed under th...

Page 58: ...linkage from the Linkage field To save the profile choose Set The new profile appears in the tree display To activate the profile select it and choose Activate You have defined a virus scan profile and therefore performed the last configuration step for the virus scan provider Finally you can check the configuration see Problem Analysis for the Virus Scan Provider Page 57 7 2 Problem Analysis for ...

Page 59: ...n Interface Virus Infections Virus infections reported by the external adapter These are displayed for scan and also for clean calls Therefore if a virus was successfully removed the trace also specifies the infection Virus Scan Adapter Functions Function calls within the Virus Scan Interface Contains the parameters with which the internal API was called and at the end of each function the return ...

Page 60: ...ur system Perform targeted scanning on the data storage supports you used Inform your team superiors or partners Submit Infected Files to Avira GmbH Please send us the viruses unwanted programs and suspicious files that our product does not yet recognize or detect and also any suspicious files Send us the virus or unwanted program packed in a password protected archive PGP gzip WinZIP PKZip Arj at...

Page 61: ...Operation 60 AntiVir Virus Scan Adapter Avira GmbH ...

Page 62: ...nnual fee for this service which includes eliminating viruses and hoax support is 20 of the list price of your purchased AntiVir program Another optional service is the AntiVir Premium Support which in addition to the scope of the AntiVir Classic Supports allows you to contact expert partners at any time even outside business hours in the event of an emergency When virus alerts occur you will rece...

Page 63: ...Service 62 AntiVir Virus Scan Adapter Avira GmbH ...

Page 64: ... detects Dialers Engine The scanning module of AntiVir software Heuristics The systematic process of solving a problem using general and specific rules drawn from previous experience However solution is not guaranteed AntiVir uses a heuristic process to detect unknown macro viruses When typical virus like functions are found the respective macro is classified as suspicious Kernel The basic compone...

Page 65: ... Symmetric Multi Processing Computer architecture with multiple similar CPUs working in parallel SMTP Simple Mail Transfer Protocol protocol for email communication on the Internet syslog daemon A daemon used by programs for logging various information These reports are written in different logfiles The syslog daemon configuration is in etc syslog conf Unwanted programs The name for programs that ...

Page 66: ...king and during installation If there are other users connected to your computer you should define the following rules for protection against viruses Use a test computer to check downloads of new software demo versions or virus suspicious media floppies CD R CD RW removable drives Disconnect the test computer from the network Appoint a person responsible for virus infection operations and establis...

Page 67: ... contents cannot be excluded The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira GmbH Errors and technical subject to change Issued May 2007 AntiVir is a registered trademark of the Avira GmbH All other brand and product names are trademarks or registered trademarks of their respective owners Protected trademarks are not marke...

Reviews: