F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY - Administrator'S Manual Download Page 101

Page: 101 / 208

CHAPTER E

Troubleshooting

E.5

Virus Protection

Q. How do I enable the debug log for real-time virus scanner?

A. In Policy Manager Console, go to

Product/Settings/Advanced/

and

set

fsoasd log level

Debug

In standalone installation, run the following command:

/opt/f-secure/fsma/bin/chtest s 44.1.100.11 9

The above command works for Client Security product. If you are
using Server Security, replace 44 with 45.

The log file is in

/var/opt/f-secure/fsav/fsoasd.log

Q. How can I use an HTTP proxy server to downloading database

updates?

A. In Policy Manager Console, go to

F-Secure Automatic Update Agent /

Settings / Communications / HTTP Settings / User-defined proxy
settings

and set

Address

to:

http://[[user][:pass]@]proxyhost[:port]

In Web User Interface, use the setting in the Automatic Updates page
in the advanced mode.

Q. Does the real-time scan work on NFS server?

A. If the product is installed on NFS server, the real-time scan does not

scan files automatically when a client accesses a file on the server.

E.6

Generic Issues

Q. How can I clean an interrupted installation?

A. If the product installation is interrupted, you may have to remove the

product components manually.

List all installed rpm packages:

Summary of Contents for ANTI-VIRUS LINUX CLIENT SECURITY -

Page 1: ...F Secure Anti Virus Linux Server Security Administrator s Guide...

Page 2: ...orporation will not be liable for any errors or omission of facts contained herein F Secure Corporation reserves the right to modify specifications cited in this document without prior notice Companie...

Page 3: ...ux Workstations 14 2 3 Central Deployment Using Image Files 15 Chapter 3 Installation 16 3 1 System Requirements 17 3 2 Installation Instructions 18 3 2 1 Stand alone Installation 19 3 2 2 Centrally M...

Page 4: ...2 Virus Protection 40 6 2 1 Real Time Scanning 40 6 2 2 Scheduled Scanning 45 6 2 3 Manual Scanning 46 6 3 Firewall Protection 51 6 3 1 General Settings 53 6 3 2 Firewall Rules 54 6 3 3 Network Servi...

Page 5: ...80 A 2 Red Hat Enterprise Linux 4 80 A 3 Debian 3 1 and Ubuntu 5 04 5 10 6 06 81 A 4 SuSE 82 A 5 Turbolinux 10 82 Appendix B Installing Required Kernel Modules Manually 83 B 1 Introduction 84 B 2 Bef...

Page 6: ...ity Checking 95 E 4 Firewall 97 E 5 Virus Protection 99 E 6 Generic Issues 99 Appendix F Man Pages 102 Appendix G Config Files 171 G 1 fsaua_config 172 G 2 fssp conf 177 Technical Support 201 Introduc...

Page 7: ...5 1 INTRODUCTION Welcome 6 How the Product Works 6 Key Features and Benefits 9 F Secure Anti Virus Server and Gateway Products 11...

Page 8: ...n can be easily deployed and managed either using the local graphical user interface or F Secure Policy Manager F Secure Policy Manager provides a tightly integrated infrastructure for defining and di...

Page 9: ...ystem at regular intervals Automatic Updates Automatic Updates keep the virus definitions always up to date The virus definition databases are updated automatically after the product has been installe...

Page 10: ...istrator Protection Against Userspace Rootkits If an attacker has gained an access to the system and tries to install a userspace rootkit by replacing various system utilities HIPS detects modified sy...

Page 11: ...e protection Files are scanned for viruses when they are opened and before they are executed You can specify what files to scan how to scan them what action to take when malicious content is found and...

Page 12: ...lert is sent to the administrator when a modified system file is found Easy to Deploy and Administer The default settings apply in most systems and the product can be taken into use without any additi...

Page 13: ...r works independently of firewall and e mail server solutions and does not affect their performance F Secure Internet Gatekeeper for Windows is a high performance totally automated web HTTP and FTP ov...

Page 14: ...ation to Clearswift MIMEsweeper for SMTP and MIMEsweeper for Web giving the corporation the powerful combination of complete content security F Secure Anti Virus for Citrix Servers ensures business co...

Page 15: ...13 2 DEPLOYMENT Deployment on Multiple Stand alone Linux Workstations 14 Deployment on Multiple Centrally Managed Linux Workstations 14 Central Deployment Using Image Files 15...

Page 16: ...used to manage Linux workstations For more information on Centrally Managed installation see Centrally Managed Installation 21 The recommended deployment method is to delegate the installation respon...

Page 17: ...partment that install and maintains computers the software can be installed centrally to all workstations The recommended way to deploy the products is to create an image of a Linux workstation with t...

Page 18: ...nts 17 Installation Instructions 18 Upgrading from a Previous Product Version 24 Upgrading the Evaluation Version 25 Replicating Software Using Image Files 26 Preparing for Custom Installation 26 Crea...

Page 19: ...iracle Linux 2 1 Miracle Linux 3 0 Asianux 2 0 Turbolinux 10 Debian 3 1 The following 64 bit AMD64 EM64T distributions are supported with 32 bit compatibility packages SUSE Linux Enterprise Server 9 1...

Page 20: ...or evaluation use and for environments with few Linux workstations or servers where central administration with F Secure Policy Manager is not necessary When you install the product in stand alone mod...

Page 21: ...n distribution specific instructions how to install required tools to the computer see Installation Prerequisites 79 It is recommended to use the default settings during the installation To select the...

Page 22: ...ther you want to allow the remote access to the web user interface Allow remote access to the web user interface no 9 Select whether the web user interface can be opened from the localhost without a l...

Page 23: ...es 79 When you install the product in centrally managed mode you must first have F Secure Policy Manager installed on a separate computer For F Secure Policy Manager Console installation instructions...

Page 24: ...install the full licensed version of the product Enter the keycode in the format you received it including the hyphens that separate sequences of letters and digits If you are installing the evaluati...

Page 25: ...hrase 64 Please insert passphrase for HMAC creation max 80 characters 15 The installation is complete 16 Install the included upgrade for F Secure Policy Manager Console a Select Installation Packages...

Page 26: ...r version first You can install the latest in the evaluation mode during the clean install Manual scanning scheduled scanning and database update settings have changed in version 5 30 and later If you...

Page 27: ...sr share man man8 dbupdate 8 usr share man man8 fsavd 8 usr share man man8 fsavschedule 8 3 4 Upgrading the Evaluation Version If you want to upgrade the evaluation version to the full licensed versio...

Page 28: ...an autoregistration request to the F Secure Policy Manager Server Only hosts on which the image file will be installed should be imported 3 Run the command following command etc init d fsma clearuid...

Page 29: ...elverify nokernelverify pass PASSPHRASE keycode KEYCODE Where MODE is standalone for the standalone installation or managed for the centrally managed installation If MODE is managed you have to provid...

Page 30: ...users who do not need the real time protection integrity checking web user interface or central management for example users running AMaViS mail virus scanner Use the following command line when runn...

Page 31: ...backup all relevant data run the following commands etc init d fsma stop etc init d fsaua stop tar cpsf backup filename tar etc init d fsma etc init d fsaua etc opt f secure var opt f secure opt f se...

Page 32: ...ript opt f secure fsav bin uninstall fsav as root to uninstall the product The uninstall script does not remove configuration files If you are sure that you do not need them any more remove all files...

Page 33: ...31 4 GETTING STARTED Accessing the Web User Interface 32 Basics of Using F Secure Policy Manager 32 Testing the Antivirus Protection 33...

Page 34: ...unless the administrator has prevented this by selecting the Final checkbox in the F Secure Policy Manager settings 4 2 Basics of Using F Secure Policy Manager If your corporate network utilizes F Se...

Page 35: ...ute of Computer Anti virus Research The Eicar info page can be found at http www europe f secure com virus info eicar_test_file shtml You can test your antivirus protection as follows 1 You can downlo...

Page 36: ...34 5 USER INTERFACE BASIC MODE Summary 35 Common Tasks 36...

Page 37: ...r is vulnerable to virus attacks Firewall Protection Shows the current firewall protection level The firewall protection levels allow you to instantly change your firewall rule set For more informatio...

Page 38: ...w firewall rule You can control which type of network traffic is allowed and denied with firewall rules For more information see Add And Edit Rules 55 Check the integrity of the file system Check that...

Page 39: ...37 6 USER INTERFACE ADVANCED MODE Alerts 38 Virus Protection 40 Firewall Protection 51 Integrity Checking 59 General Settings 66...

Page 40: ...Mark highlighted as read to flag them as read messages Click Delete highlighted to delete all highlighted alerts Alert Database Maintenance You can delete or mark multiple messages as read simultaneo...

Page 41: ...ccepted version Fatal Error Unrecoverable error on the host that requires attention from the administrator For example a process fails to start or loading a kernel module fails Security alert For exam...

Page 42: ...the directories to scan and the action to take independently of the real time scanning settings 6 2 1 Real Time Scanning On the Real Time Scanning page you can select what to scan automatically in rea...

Page 43: ...es the infected file Deny access Blocks the access to the infected file but does not send any alerts or reports Suspected files Select the primary and secondary actions to take when heuristics scannin...

Page 44: ...es if you want to exclude specific files from the scan Scan only executables Select whether only executables in scanned directories are scanned for viruses Clear the check box to scan all files for vi...

Page 45: ...opened Maximum number of nested archives Set the number of levels in nested archives the product should scan Nested archives are archives inside other archives Treat password protected archives as sa...

Page 46: ...ions Report and deny access Displays and alerts about the found riskware and blocks access to it No other action is taken against the riskware View Alerts to check security alerts For more information...

Page 47: ...the scheduled time 4 Click Save task to add the scheduled scanning task into the schedule The scheduled scanning tasks use the Manual Scanning settings For more information see Manual Scanning 46 Cat...

Page 48: ...first you should manually scan the archive to make sure that it does not contain any viruses Action on infection Select the primary and secondary actions to take when a virus is found The secondary ac...

Page 49: ...y action for suspected files is Report only and secondary action Deny access Choose one of the following actions Report and deny access Displays and alerts about the suspected file and blocks access t...

Page 50: ...each directory on a new line only one directory per line Scan also executables Scan any executable files in addition to all other specified files during the manual scan Archive scanning Scan inside ar...

Page 51: ...Report only and secondary action Deny access Choose one of the following actions Report and deny access Displays and alerts about the found riskware and blocks access to it No other action is taken a...

Page 52: ...u can scan files manually from the KDE filemanager Right click on any file you want to scan and select Scan to scan the file for viruses Command Line For information how to scan files from the shell s...

Page 53: ...f pre configured firewall rules Different security profiles can be assigned to different users for example based on the company security policy user mobility location and user experience Firewall Rule...

Page 54: ...server profile has to be customized before it can be taken into use Mobile Allows normal web browsing and file retrievals HTTP HTTPS FTP as well as e mail and Usenet news traffic Encryption programs s...

Page 55: ...n Enable firewall Select the Enable firewall check box to enable the firewall protection Clear the check box to disable the firewall Log all unhandled network packets Select to log all network packets...

Page 56: ...ows to change the order of rules in the ruleset The order of the rules is important The rules are read from top to bottom and the first rule that applies to a connection attempt is enforced For exampl...

Page 57: ...e service Remote host Enter details about target addresses Enter the IP address and the subnet in bit net mask format For example 192 168 88 0 29 You can use the following aliases as the target addres...

Page 58: ...able or disable the use of a certain service you have to make sure that the service exists in the Network Services table After that you can create a firewall rule that allows or denies the use of that...

Page 59: ...e Protocol drop down list If your service does not use ICMP TCP or UDP protocol select Numeric and type the protocol number in the field reserved for it 4 If your service uses the TCP or UDP protocol...

Page 60: ...ptive comment in the Description field to distinguish this rule 11 Define Remote Host to which the rule applies Enter the IP address of the host in the field 12 Select the new service you have created...

Page 61: ...ts of the monitored files Communications 66 Known Files The Known Files lists files that the product monitors and protects Verify Baseline Verify the system integrity manually Generate Baseline Genera...

Page 62: ...ave not been modified All Displays all files in the known files list Filename Enter any part of the filename of the monitored file you want to view in the known files list Integrity Checking does not...

Page 63: ...use Action Displays whether the product allows or denies modifications to the file Alert Displays whether the product sends an alert when the file is modified Protection Displays whether the file is m...

Page 64: ...ify files that Integrity Checking monitors Use the Software Installation Mode when you want to modify system files and programs To access the Software Installation Mode open the user interface select...

Page 65: ...to make sure that your system is safe and all baselined files are unmodified If an attacker has managed to gain a root access to the system and regenerated the baseline the regenerated baseline does n...

Page 66: ...is applied to the baseline contents and the passphrase to generate a signature a HMAC signature of the baselined information You should not share the passphrase with other administrators without full...

Page 67: ...ly the product sends an alert when an unknown or modified kernel module is loaded but does not prevent it from loading Write protect kernel memory Protects the dev kmem file against write attempts A r...

Page 68: ...re Policy Manager Server address This setting is only available in the centrally managed installation mode Alert Forwarding Alert Level Specify where an alert is sent according to its severity level Y...

Page 69: ...re lost To prevent this configure a local mail server to port 25 and use it for relaying e mail alerts From Enter the full e mail address sender example com you want to use as a sender of the alert in...

Page 70: ...date when an alert sent in format YYYY MM DD TIME The time when an alert sent in format HH MM SS GMT ALERT_NUMBER The alert number during the session Variable Description Updates enabled Enable and di...

Page 71: ...url to the Address field and define the priority level of the new address Click Add PM Proxy to add the new entry to the list HTTP Proxy Use HTTP Proxy Use an HTTP proxy server to download database up...

Page 72: ...can should be launched automatically after the virus definitions have been updated The virus scan scans all local files and directories and it can take a long time The scan uses the manual scanning se...

Page 73: ...age displays the license terms the product version number and the database version If you are using the evaluation version of the product you can enter the keycode in the About page to upgrade the pro...

Page 74: ...72 7 Command Line Tools Overview 73 Virus Protection 73 Firewall Protection 74 Integrity Checking 75 General Command Line Tools 76...

Page 75: ...ile enter the file name without wildcards For example fsav myfile exe Note that the recursive scan detects mounted network file system subdirectories and does not scan network file systems Scanning a...

Page 76: ...it out 1 opt f secure fsav bin fsavpmd dbupdate only dev null 2 1 Follow these instructions to update virus definition databases manually from the command line 1 Download the fsdbupdate run file from...

Page 77: ...line tool Creating the Baseline Follow these instructions to create the baseline from the command line 1 Run the fsic tool with the baseline option fsic baseline 2 Select the files to add to the basel...

Page 78: ...The product validates files and displays whether the files are intact 7 4 2 fsims Use the following command to enable Software Installation Mode opt f secure fsav bin fsims on After you have installed...

Page 79: ...av bin fsavpmd Handles all F Secure Policy Manager Console operations for example Scan all hard disks now Update database now Reset statistics F Secure Firewall Daemon opt f secure fsav bin fsfwd run...

Page 80: ...V Status Daemon opt f secure fsav bin fstatusd Checks the current status of every component keeps desktop panel applications and web user interface up to date F Secure FSAV Web UI opt f secure fsav to...

Page 81: ...79 A Installation Prerequisites All 64 bit Distributions 80 Red Hat Enterprise Linux 4 80 Debian 3 1 and Ubuntu 5 04 5 10 6 06 81 SuSE 82 Turbolinux 10 82...

Page 82: ...prise Linux 4 Follow these instructions to install the product on a server running Red Hat Enterprise Linux 4 AS 1 Install the following RPM packages from RHEL4 CDs Use the command rpm ivh rpm files U...

Page 83: ...libc6 dev sudo apt get install kernel headers uname r cut d f 1 Ubuntu sudo apt get install gcc rpm make libc6 dev sudo apt get install linux headers uname r 2 If you are using Ubuntu 5 10 make sure t...

Page 84: ...ke sure that kernel source make and gcc packages are installed Use YaST or another setup tool 2 Install the product normally A 5 Turbolinux 10 Turbolinux kernel sources may not be configured and so th...

Page 85: ...83 B Installing Required Kernel Modules Manually Introduction 84 Before Installing Required Kernel Modules 84 Installation Instructions 84...

Page 86: ...re that the running kernel version is the same as the version of the kernel sources installed The kernel configuration must also be the same On some distributions such as older SUSE distributions you...

Page 87: ...d patches and configuration options which are likely different in the preinstalled Dazuko Uninstall the preinstalled Dazuko or make sure that it is not run during the system startup and follow the ins...

Page 88: ...86 C Riskware Types Riskware Categories and Platforms 87...

Page 89: ...iskware from the riskware scan Category Platform Adware Apropos AVTool BAT Client IRC Casino Client SMTP ClearSearch CrackTool DOS Dialer DrWeb Downloader Dudu Effect ESafe FalseAlarm HTML Joke Java M...

Page 90: ...88 Server FTP Perl Server Proxy PHP Server Telnet Searcher Server Web Solomon Tool Symantec TrendMicro UNIX VBA VBS Win16 Win32 Wintol ZenoSearch Category Platform...

Page 91: ...CHAPTERC 89 Riskware Types...

Page 92: ...90 D List of Used System Resources Overview 91 Installed Files 91 Network Resources 91 Memory 92 CPU 92...

Page 93: ...f secure fssp bin fsav usr bin fsic opt f secure fsav bin fsic usr bin fsui opt f secure fsav bin fsui usr share man man1 fsav 1 opt f secure fssp man fsav 1 usr share man man8 fsavd 8 opt f secure f...

Page 94: ...f file accesses on the system If several users are logged in to the system and all of them access lots of files the memory consumption grows D 5 CPU The load on the processor depends on the amount of...

Page 95: ...93 E Troubleshooting User Interface 94 F Secure Policy Manager 95 Integrity Checking 95 Firewall 97 Virus Protection 99 Generic Issues 99...

Page 96: ...iled report about the issue To fix the problem try to restart the product Run the following command etc init d fsma restart Q How can I get the F icon visible in the systray A You may need to logout a...

Page 97: ...mlinks are not working for Integrity Checking or Rootkit Protection what can I do A You may be denied to load a kernel module if the file containing the kernel module is a symlink and the real file wh...

Page 98: ...o many modified files to update with the user interface A Create a new baseline Execute the following commands opt f secure fsav bin fslistfiles fsic add fsic baseline Q The Integrity Checking page in...

Page 99: ...sabled by default Enable the rule to allow accesses to samba shares Q After intalling the product I cannot browse local are network domains and workgroups SMB How can I fix this A You need to add a ru...

Page 100: ...work now Q How can I set up firewall rules to access NFS servers A You need to allow the following network traffic through the firewall portmapper tcp and udp port 111 nfsd tcp and udp 2049 mountd va...

Page 101: ...ver to downloading database updates A In Policy Manager Console go to F Secure Automatic Update Agent Settings Communications HTTP Settings User defined proxy settings and set Address to http user pas...

Page 102: ...is very slow What is causing this A The real time virus scan and Integrity Checking can slow down the system Use the basic Linux tools top and vmstat to check what is slowing down the system Make sure...

Page 103: ...for example F Secure Status Daemon may fail to start Restart the product to solve the issue etc init d fsma restart Alternatively you may start F Secure Status Deamon manually opt f secure fsav bin f...

Page 104: ...102 F Man Pages fsav 103 fsavd 137 dbupdate 155 fsfwc 159 fsic 162...

Page 105: ...ro viruses infecting Microsoft Office files Windows viruses and DOS file viruses F Secure Anti Virus can also detect spy ware adware and other riskware in selected products fsav can scan files inside...

Page 106: ...to custom exec action timeout e c What to do when the scan times out Treat the timeout as error e or clean c archive on off yes no 1 0 Scan files inside archives default Archives are still scanned as...

Page 107: ...g the OID used in sending alerts databasedirectory path Read virus definition data bases from the directory path The default is This option cannot be used to change the database directory of fsavd tha...

Page 108: ...hs listed in the file Paths should be absolute paths ending with a newline character extensions ext ext Specify the list of filename extensions to be scanned You can use or as wildcard characters The...

Page 109: ...or the file See NOTES section below about nested archives If the value is set to 0 the archive is scanned but if it contains another archive fsav reports a scan error for the file The default value is...

Page 110: ...nabled the last access time of the file does not change when it is scanned The option can be used for example with some back up systems that back up only files that have an updated last access time fi...

Page 111: ...for a single file scan or disinfection task If scanning or disinfecting the file takes longer than the specified value fsav reports a scan error for the file If the value is set to 0 default the scan...

Page 112: ...ally a scanning daemon which is not running is not an error as fsav launches the daemon before the scan by default The daemon that was launched by fsav exits after some idle time To run a permanent in...

Page 113: ...ymbolic links Symbolic links are not followed by default usedaemon on off yes no 1 0 Use the existing daemon to scan files fsavd must be run ning or the command fails See fsavd 8 for more information...

Page 114: ...after Version is the version of databases virus action1 report dis inf clean rename delete remove abort custom exec Primary action to take when a virus infection is found report only to terminal and...

Page 115: ...n in brackets An example of a suspected infection in the scan report tmp sample img Suspected Type_Boot AVP which differs from infected output only by the type of the sus pection in the middle The fol...

Page 116: ...om Infected EICAR Test File AVP where the path to the archive surrounded by brackets is on the left followed by the path to the infected file in the archive In the current release the nested archives...

Page 117: ...ory in order to rename the file The delete action removes the infected suspected riskware file The user running the scan must have write access to the directory in order to delete the file By default...

Page 118: ...Unknown option user given option name in configuration file file path line line number Explanation The configuration file contains an unknown option name Resolution Edit the configuration file Configu...

Page 119: ...line line number Explanation The mimescanning field in the configuration file has an incorrect value Resolution Edit the configuration file and set the mimescan ning field to one of the following 1 o...

Page 120: ...s than zero or more than LONG_MAX Resolution Edit the configuration file Maximum scan engine instances value user given value is not valid in configuration file file path line line number Explanation...

Page 121: ...e is less than zero or more than LONG_MAX Resolution Edit the configuration file Scan extensions list is too long in configuration file file path line line number list is trun cated Explanation The ex...

Page 122: ...FATAL ERRORS fsav fatal errors are written to the standard error stream stderr In case of fatal error program execution stops imme diately with exit code 1 Fatal erros reported by fsav and the descri...

Page 123: ...orrect the command line parameters or configu ration file or remove the file from path and start the fsav again Input file file path is invalid OS error Explanation The user has given invalid input fi...

Page 124: ...e or is too long in the configuration file Resolution The user has to correct the path and start fsav again Scan engine directory directory path is not valid OS error message Explanation The user has...

Page 125: ...e directory directory path is not valid in configuration file at line line number OS error message Explanation The user has entered a database update direc tory path which either does not exist is not...

Page 126: ...ommand line options and try again Illegal maximum nested archives value value Explanation The user has entered an illegal maximum nested archives value from the command line Resolution The user has to...

Page 127: ...g failed Resolution If fsavd is not running the user does not need to do anything If fsavd is running but the user does not have rights to access to the socket the user may try to use kill 1 command t...

Page 128: ...tory file path is not valid OS error message Explanation The database update directory given in the con figuration file or from the command line does not exist or it is not accessible Resolution The u...

Page 129: ...d Resolution The database update process does not have proper rights to create the flag file and fails The user has to make sure the update process runs with proper rights or the database directory ha...

Page 130: ...remove the lock file do database update and start fsavd again Database update and restore failed Server halted Explanation The database update process has failed to per form an update and failed to r...

Page 131: ...found infected or suspected the scan error is indi cated with exit code 9 Scan erros reported by fsav and the descriptions are listed below file path ERROR OS error message Explanation The file could...

Page 132: ...ser is authorized to open file path ERROR Password protected file engine name Explanation The scan engine could not open the file for scanning because the file is password protected i e encrypted Reso...

Page 133: ...le scan engine Explanation The disinfect failed because of write to file failed Resolution The file is write protected archive or corrupted and cannot be disinfected file path ERROR Internal error Bad...

Page 134: ...f the problem per sists the user should send a bug report and a file sample to F Secure In case of other error messages type of filename ERROR error message scan engine not listed here the proba ble s...

Page 135: ...can error at least one file scan failed 130 Program was terminated by pressing CTRL C or by a sigterm or suspend event fsav reports the exit codes in following priority order 130 7 1 3 4 8 6 9 0 EXAMP...

Page 136: ...list files with EXE or COM extension in a direc tory mnt smbshare fsav list extensions exe com mnt smbshare Scan and disinfect or rename infected suspected files without confirmation fsav virus actio...

Page 137: ...and database versions fsav version Notes Nested archives may cause scan engine failures if the archive scanning is enabled The maxnested option may be used to limit nested archive scanning and to prev...

Page 138: ...eparate fsavd instance Bugs Please refer to Known Problems section in release notes Authors F Secure Corporation Copyright Copyright c 1999 2006 F Secure Corporation All Rights Reserved Portions Copyr...

Page 139: ...utomatically if fsavd is not running When fsavd is launched by the fsav client fsavd ter minates automatically after 30 seconds of idle time when no client has connected to fsavd during that time If y...

Page 140: ...erts databasedirectory path Read virus definition data bases from the directory path The default is enginedirectory path Load scan engines from the directory path The default is pidfile path Create a...

Page 141: ...y permissions can be changed with dirmode configuration file option Socket file permissions are set to read and write for the owner if the daemon is started in the stand alone mode If the daemon is st...

Page 142: ...n Show F Secure Anti Virus version and dates of signature files and exit LOGGING fsavd logs scan failures infected and suspected files to the fsavd s log file defined with the logfile fsavd writes err...

Page 143: ...onnects File file path disinfected Explanation fsavd reports that one of the scan engines disin fected the file successfully File file path disinfect failed Explanation fsavd reports that all the scan...

Page 144: ...e configuration file parsing has failed because of invalid syntax Resolution fsavd tries to proceed and probably encounter some other error later The user has to edit the configuration file and restar...

Page 145: ...le path line line number Explanation The scanexecutables field in the configura tion file has an incorrect value Resolution The user has to edit configuration file and set the scanexecutables field to...

Page 146: ...e than LONG_MAX Resolution fsavd tries to proceed The user has to edit the configuration file and restart fsavd Maximum nested archives value user given value is not valid in configuration file file p...

Page 147: ...nces value user given value is out of range in configuration file file path line line number Explanation The engineinstancemax field in the configu ration file is less than zero or more than LONG_MAX...

Page 148: ...an engine process has died unexpectly Resolution fsavd has noticed the scan engine has died fsavd tries to restart the scan engine If the scan engine was scanning a file the file is reported to be fai...

Page 149: ...sibly restart fsavd if fsavd fails to start the scan engine automatically Database file file path is not a database file Explanation The scan engine reports that the database file file path is not a v...

Page 150: ...gine name scan engine initialization time limit exceeded going for shutdown Explanation The scan engine has exceeded its initialization time limit 300 seconds The reason may be a high system load and...

Page 151: ...starts the scan engine Could not open logfile file path OS error mes sage Explanation fsavd failed to open the logfile file path for logging Resolution fsavd writes logs to default logfile stderr The...

Page 152: ...re installed Options parsing failed Explanation The user has given an unknown option or an option value from the command line Resolution fsavd exits with error status The user has to cor rect the com...

Page 153: ...accessible or is too long from the configuration file Resolution The user has to correct the path and start fsavd again Scan engine directory directory path is not valid in configuration file at line...

Page 154: ...ible configuration file and restart fsavd Access to database index file file path failed OS error message Explanation The database directory path set in the configu ration file or from the command lin...

Page 155: ...Anti Virus HOME fssp conf User specific configuration file for F Secure Anti Virus install directory etc fsav Startup file for F Secure Anti Virus install directory databases Directory for Anti Virus...

Page 156: ...Check fsavd scan engine and database versions fsavd version Bugs Please refer to Known Problems section in release notes AUTHORS F Secure Corporation Copyright Copyright c 1999 2006 F Secure Corporati...

Page 157: ...base updates directory Do not update databases downloaded by F Secure Automatic Update Agent update from the specified directory instead DESCRIPTION dbupdate is a shell script for updating F Secure An...

Page 158: ...pre viously downloaded OPERATION If new databases are available database files are copied to updatedirectory Database files are then validated using daastool and dbtool After the validation database f...

Page 159: ...ee disk space EXIT VALUE 0 Nothing was updated since no new updates were available 1 An error has occurred See program out put and var opt f secure fssp dbupdate log for details 2 Virus definition dat...

Page 160: ...158 SEE ALSO fsav 1 and fsavd 8 For more information see F Secure home page...

Page 161: ...out any options it will show current security level and minimum allowed Options mode block server mobile office st rict normal bypass Will set fire wall to requested security level if allowed by minim...

Page 162: ...file for office use It is assumed that some external firewall exists between Internet and the host Any outgoing TCP con nections are allowed A rule to allow Windows net working inside the same network...

Page 163: ...hing in and out RETURN VALUES fsfwc has the following return values 0Normal exit 1Error occurred AUTHORS F Secure Corporation COPYRIGHT Copyright c 1999 2006 F Secure Corporation All Rights Reserved S...

Page 164: ...out any options fsic will verify all files in the known files list and report any anomalies Options V verify options Default operation if invoked without any options Verify the system and report any d...

Page 165: ...ruses when verifying default yes ignore attr hash Ignore speci fied file properties if they differ from the baseline informa tion Only attr or hash can be speci fied at a time not both default noth in...

Page 166: ...ll of the files If a previous base line already exists it will be overwritten virus scan yes default no Enable disable virus scanning of the files during baselining Viruses are scanned with options du...

Page 167: ...are added as monitored A new baseline needs to be generated after all file addi tions have been performed protect yes no default Add the file as protected instead of moni tored When a file is added as...

Page 168: ...how file is handled in integ rity checking P implies Protected R is for Report send alert for every access to this file if file differs from baselined A is Allow access even if differs from baseline...

Page 169: ...aseline are reported as follows Note RA bin ls Hash does not match baselined hash Note RA bin ls inode information does not match baselined data mode uid gid len mtime hash Old 81ed 0 0 31936 10960078...

Page 170: ...to new baseline For example bin ls Accept to baseline Yes No All yes Disregard new entries If file has been modified fsic will ask Note bin ls seems to differ from baselined entry Want to rebaseline...

Page 171: ...rn value of 3 indicates that one or more of the following happened Incorrect passphrase or Files do not match baselined information or A virus was detected in one of the files FILES None EXAMPLES None...

Page 173: ...171 G APPENDIX Config Files fsaua_config 172 fssp conf 177...

Page 174: ...ect if FSMA is installed and configured properly The default is yes which means centrally managed mode enable_fsma yes Update servers This directive controls which update server the Automatic Update A...

Page 175: ...r1 http backup_server2 update_servers Update proxies This directive controls which Policy Manager Proxies the Automatic Update Agent tries to use Note that this is different from HTTP proxies see belo...

Page 176: ...http_proxies Poll interval This directive specifies in seconds how often the Automatic Update Agent polls the Update Server for updates The default is 3600 seconds which is 1 hour poll_interval 3600...

Page 177: ...ed in seconds since the last successful connection with your main update servers The default is 3600 which is 1 hour failover_timeout 3600 Log Level The amount of logging generated by the Automatic Up...

Page 178: ..._level normal Log Facility Specify the syslog facility for Automatic Update Agent Possible values are daemon local0 to local7 The default is daemon log_facility daemon os_version_distribution testingu...

Page 179: ...files that match the extensions specified in the Extensions to Scan setting Possible values 0 All files 1 Only files with specified extensions odsFileScanFiles 0 Specify the list of filename extension...

Page 180: ...tar td0 tgz tlb tsp tt6 vbe vbs vwp vxd wb wiz wml wpc ws xl zip zl Specify whether executables should be scanned If a file has any user group other executable bits set it is scanned regardless of th...

Page 181: ...ng according to what is defined in the other scanning settings Possible values 0 Disabled 1 Enabled odsFileEnableExcludedPaths 1 Specifies whether archives should be scanned when a manual scan is laun...

Page 182: ...E Current MIME decoding support does not work for mail folders where multiple e mail messages are stored in a single file such as Netscape Mozilla Thunderbird Evolution or mbox mail folders MIME decod...

Page 183: ...hen the first infection is found inside an archive If set to Yes scanning will stop on the first infection Otherwise the whole archive is scanned Possible values 0 No 1 Yes odsStopOnFirst 0 Specify th...

Page 184: ...m action will be executed as the super user of the system so consider and check carefully the command you specify Custom action script or program receives one parameter full pathname of the infected f...

Page 185: ...lease note that the custom action will be executed as the super user of the system so consider and check carefully the command you specify Custom action script or program receives one parameter full p...

Page 186: ...cted infection is detected and the primary action has failed Possible values 0 Do nothing 1 Report only 3 Rename 4 Delete odsFileSecondaryActionOnSuspected 0 Set this on to report and handle riskware...

Page 187: ...kware Specify the primary action to take when riskware is detected Possible values 0 Do nothing 1 Report only 3 Rename 4 Delete odsFilePrimaryActionOnRiskware 1 Specify the secondary action to take wh...

Page 188: ...file 1 second resolution A recommended upper limit would be for example 1 minute odsFileScanTimeout 60 Specify the action to take after a scan timeout has occurred Possible values 0 Report as Scan Err...

Page 189: ...h action Possible values 0 No 1 Yes odsAskQuestions 1 Read files to scan from from standard input Possible values 0 No 1 Yes odsInput 0 Print out all the files that are scanned together with their sta...

Page 190: ...angerous control and escape characters be removed Possible values 0 No 1 Yes odsRaw 0 In standalone mode a new fsavd daemon is launched for every client Usually you do not want this because launching...

Page 191: ...llowed This affects e g scanning a directory containing symlinks pointing to files outside of the directory Possible values 0 No 1 Yes odsFollowSymlinks 0 If enabled only infected filenames are report...

Page 192: ...e to disinfection then both access and modify times will change Possible values 0 No 1 Yes odsFilePreserveAccessTimes 0 Specifies how MIME messages with broken attachments will be handled If set to Ye...

Page 193: ...ess is allowed Partial MIME messages cannot reliably be unpacked and scanned Possible values 0 No 1 Yes odsFileIgnorePartialMime 0 Defines how MIME messages with broken headers should be handled If se...

Page 194: ...not set an error will be reported for large files Possible values 0 No 1 Yes odsFileSkipLarge 0 If On the Libra scanning engine is used for scanning files If Off Libra is not used Possible values 0 Of...

Page 195: ...on is not used Possible values 0 Off 1 On odsUseOrion 1 If On the AVP scanning engine is used for scanning files If Off AVP is not used Possible values 0 Off 1 On odsUseAVP 1 F Secure internal Do not...

Page 196: ...1 On odsAVPRiskwareScanning 1 Maximum size of MIME message Files larger than this are not detected as MIME messages Increasing this number will increase scan time of large files daemonMaxMimeMessageS...

Page 197: ...This is the directory where in use databases are kept daemonDatabaseDirectory var opt f secure fssp databases F Secure internal Do not change This is the directory into which new databases are stored...

Page 198: ...ile is written Possible values 0 No 1 Yes daemonLogfileEnabled 0 Log file location stderr write log to standard error stream syslog write log to syslog facility Anything else is interpreted as a filen...

Page 199: ...to run independent instances of the server daemonSocketPath tmp fsav Octal number specifying the mode permissions of the daemon socket See chmod 1 and chmod 2 unix manual pages daemonSocketMode 0600...

Page 200: ...ocal3 local4 local5 local6 local7 auth authpriv cron daemon ftp kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 daemonSyslogFacility daemon Obsolete setting...

Page 201: ...y 2 Alert 3 Critical 4 Error 5 Warning 6 Notice 7 Info 8 Debug 9 Everything debugLogLevel 0 Specify the full name of the debug logfile debugLogFile var opt f secure fssp fssp log The keycode entered d...

Page 202: ...l Do not change Text to be printed every day during evaluation use naggingText EVALUATION VERSION FULLY FUNCTIONAL FREE TO USE FOR 30 DAYS nTo purchase license please check http www F Secure com purch...

Page 203: ...201 H Technical Support Introduction 202 F Secure Online Support Resources 202 Web Club 203 Virus Descriptions on the Web 203...

Page 204: ...ountry f secure com Example Anti Virus Norway f secure com If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is...

Page 205: ...cts Web Club The F Secure Web Club provides assistance and updated versions of F Secure products To connect to the Web Club directly from within your Web browser go to http www F Secure com anti virus...

Page 206: ...204...

Page 207: ......

Page 208: ...www f secure com...

Search results

Summary of Contents for ANTI-VIRUS LINUX CLIENT SECURITY -

Reviews:

Related manuals for ANTI-VIRUS LINUX CLIENT SECURITY -

Brands by name

Popular brands

F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY -, Administrator'S Manual

Search results

Summary of Contents for ANTI-VIRUS LINUX CLIENT SECURITY -

Reviews:

Related manuals for ANTI-VIRUS LINUX CLIENT SECURITY -

Brands by name

Popular brands