background image

 

 

F-Secure Internet Gatekeeper 

for Linux

 

 
 

 A Comprehensive Internet and Anti-Virus Solution 

 

 

Version 4

 

 

Rev.  20100125 

 
 
 

Administrator’s Guide

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

Summary of Contents for INTERNET GATEKEEPER FOR LINUX 4.01 -

Page 1: ...F Secure Internet Gatekeeper for Linux A Comprehensive Internet and Anti Virus Solution Version 4 Rev 20100125 Administrator s Guide ...

Page 2: ...lated information on the topic is available in a different chapter or another document Fonts Font Description Arial bold blue Used to refer to menu names and commands to buttons and other items in a dialog box Arial italics blue Used to refer to chapters in the manual and to book titles of other manuals Arial italics black Used for file and folder names for figure and table captions and for direct...

Page 3: ...stalling F Secure Internet Gatekeeper for Linux 16 4 6 Backup and Restore 16 5 Typical Configurations 17 5 1 Configuration Overview 17 5 1 1 HTTP Connection 17 5 1 2 SMTP Connection 18 5 1 3 POP Connection 19 5 1 4 FTP Connection 20 5 2 Network Configuration Examples 21 5 3 Internet Gatekeeper Server Settings 22 5 3 1 Web Console 22 5 3 1 1 Accessing the Web Console 22 5 3 1 2 Web Console Layout 2...

Page 4: ...75 9 1 2 Virus and Spam Detection Logs 78 9 1 3 Error Logs 79 9 1 4 Information Logs 89 9 2 Splitting Rotating Log Files 94 9 3 Time Display Conversion Tool 95 9 4 Log Analysis Tools 96 9 5 External Output of Logs 97 10 Other Settings 98 10 1 Access Authentication 98 10 1 1 Host Authentication 98 10 1 2 Authentication using Virtual Networks 100 10 1 3 Proxy Authentication using Internet Gatekeeper...

Page 5: ... a HTTPS SSL Server 130 11 Product Specifications 132 11 1 Product Specifications 132 11 2 HTTP Proxy Process 134 11 3 SMTP Proxy Process 136 11 4 POP Proxy Process 138 11 5 FTP Proxy Process 140 11 6 HTTP Error Responses 144 11 7 HTTP Request and Response Headers 146 11 8 SMTP Command Responses 148 11 9 SMTP Commands Operations 151 11 10 POP Commands Operations 155 11 11 FTP Commands Operations 1...

Page 6: ...ection more resulting in harm to others With F Secure Internet Gatekeeper for Linux you can scan for viruses centrally You can monitor web site connections and the sending and receiving of e mails from all computers in a LAN Local Area Network The product can scan communication that is based on HTTP FTP SMTP and POP The ability to use the POP protocol means that you do not need to make any changes...

Page 7: ...F Secure Internet Gatekeeper for Linux Administrator s Guide 7 Internet Mail Server PC PC PC PC Mail Server Web Server F Secure Internet Gatekeeper ...

Page 8: ...sed both on large and small networks Adequate performance can be obtained also on less powerful computers 2 2 List of Features Monitor Web Browsing and E mail Traffic HTTP FTP SMTP POP High Speed Virus Scanning Proxy Best performance when compared to any Internet Gatekeeper product based on research by F Secure Pentium III 1GHz Dual MEM 1GB NETWORK Performance measured on a 1000BaseTX network HTTP...

Page 9: ...accounts LDAP NIS and Radius Access restrictions can be set for all protocols based on the IP address host name or domain name The SMTP receive domain can be restricted to prevent relaying through a third party Existing SMTP authentication function on a mail server can be used Existing APOP function on a mail server can be used Virus Detection Notifications The notification text can be edited and ...

Page 10: ... conditions Uses the Spam detection engine Can use a RBL Realtime Black List to detect spam from the sender s e mail address Can use a SURBL SPAM URL Realtime Black List to detect spam that contains spam domain URLs in the e mail body Adds a spam identification header X Spam Status Yes to spam e mail to allow easy sorting Adds predefined text such as SPAM to the e mail subject to allow easy sortin...

Page 11: ...nts 3 1 Hardware Requirements Minimum Hardware Requirements CPU Intel Pentium compatible CPU MEMORY 512 MB RAM or more DISK 5 GB or more free space adequate space for temporary file storage NETWORK TCP IP connection Recommended Hardware CPU Intel Pentium compatible CPU 2GHz or faster MEMORY 1 GB or more DISK 20 GB or more free space NETWORK 100BaseT or better ...

Page 12: ...MIRACLE LINUX 3 0 CentOS 4 5 Debian GNU Linux 5 0 Red Hat Enterprise Linux 3 4 5 SuSE Linux Enterprise Server 9 10 11 Turbolinux 10 Server 11 Server Ubuntu 8 04 64 bit x86_64 Asianux Server 3 Asianux 2 0 MIRACLE LINUX 4 0 CentOS 5 Debian GNU Linux 5 0 Red Hat Enterprise Linux 4 5 SuSE Linux Enterprise Server 9 10 11 Turbolinux 10 Server 11 Server Ubuntu 8 04 On x86_64 platforms the product require...

Page 13: ...nternet Gatekeeper for Linux on a server which runs one of the Red Hat family of Linux distributions In a Red Hat distribution you can easily install the software by using the rpm package The Red Hat family of distributions include the following Red Hat Turbolinux SUSE Linux MIRACLE LINUX Asianux Please refer to the related installation guides for instructions on how to install each distribution Y...

Page 14: ...f the Debian or Ubuntu based Linux distributions In a Debian or Ubuntu distribution you can easily install the software by using the deb package You can install the package by double clicking the deb package or executing the following command with root privileges dpkg i fsigk xxx_all deb This installs the whole product and makes the web console available for use Next see Typical Configurations 15 ...

Page 15: ...to installing the files this also installs the startup script and PAM setup files and starts the web console service Options prefix dir Specifies the installation directory We recommend that you install the product in the default installation directory opt f secure fsigk suffix name Specifies a suffix Use this option if you install multiple copies of the software on the same server Adds a suffix t...

Page 16: ...all rm rf opt f secure fsigk If you use the rpm package execute the following command rpm e fsigk If you use the deb package execute the following command dpkg r fsigk 4 6 Backup and Restore Follow these steps to back up and restore F Secure Internet Gatekeeper for Linux To back up the product save the contents of the following directories as needed opt f secure fsigk Entire system state opt f sec...

Page 17: ...e web server directly and fetches the page With virus scanning When virus scanning is used Internet Gatekeeper stands between the web server and client and operates as a proxy server for the web browser The web browser connects to the web server through Internet Gatekeeper The web browser retrieves pages after they have been scanned for viruses Internet Gatekeeper connects to the appropriate web s...

Page 18: ... the e mail client The client connects to the SMTP server through Internet Gatekeeper The client sends outbound e mail to mail servers on the Internet Internet Gatekeeper forwards the mail through the outbound mail server SMTP Connection example Mail server mail3 Mail server mail2 Client To foo mail2 To foo mail3 SMTP server settings fsigk Internet Gatekeeper fsigk Parent server mail1 Mail server ...

Page 19: ...ekeeper The client retrieves e mail that has been scanned for viruses Although Internet Gatekeeper usually connects to the designated parent server you can specify that the connection is created to any POP server To do this specify the POP user name in the format POP server user name POP server name POP Connection example Mail server mail3 Mail server mail2 POP user user2 POP server fsigk POP user...

Page 20: ...d receives files that have been scanned for viruses If the FTP client does not support a proxy server Internet Gatekeeper usually connects to the designated parent server However you can specify that the connection is created to any FTP server To do this specify the FTP user name in the format FTP server user name FTP server name FTP Connection example FTP server ftp2 FTP server ftp1 FTP user user...

Page 21: ...a typical network configuration like the one shown below The network configuration below shows that the gateway is located in a DMZ network However installation in a DMZ is not necessary if connections from the Internet are not required DMZ 192 168 0 0 255 255 255 0 Client Client Client mail provider com External mail server SMTP POP Internet External router mail foo com Internal mail server SMTP ...

Page 22: ... use for each service Parent servers for SMTP and POP Specify the host name and port number for your existing mail server 5 3 1 Web Console Use the web user interface to change the product settings The web user interface is called the web console 5 3 1 1 Accessing the Web Console 1 Access the following URL from your web browser http hostname 9012 Where hostname is the domain name or IP address of ...

Page 23: ...om the sub menu Field Description Main menu Select the category of settings you want to specify A sub menu appears under the main menu The sub menu is different for each item in the main menu Sub menu Click a menu item to show the corresponding settings page in the work area Work area Area that contains the default settings You can change them as required On and Off buttons To enable a service cli...

Page 24: ...er Host name mail example com Port number 25 POP proxy On Proxy port 110 Parent server Host name mail example com Port number 110 FTP proxy On Proxy port 9021 Common settings Settings to notify the administrator E Mail address fsigkadmin example com SMTP server Host name mail example com Port number 25 Other Settings Specifies the other required settings Virus definition database Automatic Updates...

Page 25: ...server setting in your web browser and the mail server setting in your e mail client Web Browser Settings Proxy server Host name fsigk example com Port number 9080 Mail Client Settings Internal mail box SMTP server fsigk example com POP server fsigk example com External mail box SMTP server fsigk example com POP server fsigk example com POP user name username mail provider com ...

Page 26: ...make eicar command from the opt f secure fsigk directory to create a test virus file eicar com 6 1 Checking the HTTP Proxy Do the following and confirm that a virus detection warning appears Start your web browser and download the test virus eicar from the following location http www eicar org anti_virus_test_file htm 6 2 Checking the SMTP Proxy Do the following and confirm that the virus does not...

Page 27: ... mail with eicar as an attachment Set the e mail client to send the e mail directly rather than through the Internet Gatekeeper server This prevents the test virus from being detected and deleted when it is sent 3 Receive the e mail 6 4 Checking the FTP Proxy Do the following and confirm that the virus is detected 1 Start your web browser and download the test virus eicar from the following locati...

Page 28: ...cport Specifies the port number used by the proxy service Usually you need to specify only the port number To specify the port number IP address and interface name all together use the following format Syntax A A A A EEE PPP A A A A PPP EEE PPP PPP PPP Port number A A A A Address EEE Interface Examples 9080 1 2 3 4 9080 eth0 9080 1 2 3 4 eth0 9080 You can specify only one inbound port number To li...

Page 29: ...tification to the administrator by e mail Specify the e mail address mail server and detection message in Settings to notify the administrator under Common settings To separate notifications from standard e mails X Admin Notification Id number is added to the header This also prevents the notification from being detected as a virus Number is a random number which is set as admin_notification_id in...

Page 30: ...ry Approximately 500 KB of memory is used per process A warning is output to the error log if the maximum number of connections is reached We recommend that you set an initial value of approximately 200 and then monitor the performance The value of the setting is usually less than 2000 The setting itself permits values up to 9999 Access control Access Control From these hosts From acl_from Only ac...

Page 31: ... program for Linux YUM package Microsoft BITS Microsoft Windows Update Windows Update Agent Microsoft Windows Update Adobe Update Manager update program for Adobe Mozilla 4 0 compatible Win32 Commtouch Http Client This product s Spam Detection Engine Host name Hosts acl_pass_to Skips virus scanning for connections to the specified hosts Usually all data is saved and transmitted to the client only ...

Page 32: ... can be scanned Scan files that have been sent by POST and PUT methods Scan sending files by POST PUT method virus_check_post Performs virus scans when files are sent If you disable this setting the product scans only incoming files If you enable the setting the product scans both incoming and outgoing files The product scans the following files files contained in data that the POST method sends i...

Page 33: ...response starts with keep alive The Content Length in the response header is 1 or more and the response code is 304 204 or 1xx Content Length does not appear more than once in the request header or response header Not a virus detection response The connection to the server was established successfully and no error occurred Not FTP over HTTP Not the CONNECT method Timeout Timeout keepalive_timeout ...

Page 34: ...rect all connections for port 80 to the HTTP proxy port 9080 select the HTTP redirect checkbox Error message Error message Edits the message which is shown when an error occurs Enter the message by using the UTF 8 character set The maximum length of the message is 9000 bytes For information on variables and options see Detection Notification Templates 67 If you edit an error message in the web con...

Page 35: ...tc init d iptables save Because SSL communications for protocols such as SMTPs TCP port number 465 are encrypted communications cannot be received directly regardless of whether iptables redirection is enabled or not If necessary install F Secure Internet Gatekeeper for Linux so that communications are first decrypted by an SSL proxy SSL accelerator or similar After this the communications pass th...

Page 36: ...outbound e mails because the recipient of infected e mails may be spoofed If you choose to notify the recipient it often means that the notification is sent to an unrelated third party Notify the sender by e mail after deleting the mail Delete and send back to sender action sendback Deletes the virus and sends a virus detection message to the sender by e mail This setting is not typically used for...

Page 37: ...l hundred milliseconds occurs while waiting for a response from the RBL or SURBL server Because the objective is to block incoming spam enable the Hosts and networks within LAN setting It excludes outgoing e mails from hosts on the LAN from spam checking If you enable both virus and spam scanning the virus scan result is handled first Log and notify Pass spam_action pass Allows the spam to pass If...

Page 38: ...d E mail addresses without a domain name are not blocked Even if you have enabled SMTP authentication or POP before SMTP authentication e mail to the specified domains can be sent without authentication For examples see Access Control 65 If you edit the Restrict e mail recipients setting by using the web console the smtp rcpt setting is updated in opt f secure fsigk conf hosts allow SMTP authentic...

Page 39: ...65 If you edit the Hosts and networks within LAN setting by using the web console the smtp lan field is updated in opt f secure fsigk conf hosts allow Parent server Parent Server lan_parent_server lan_parent_server_host lan_parent_server_port Specifies another SMTP server Specify this setting if you want to use a different SMTP server than the one you specified in Parent server This SMTP server is...

Page 40: ...ail Notify Admin notify_admin Sends a notification to the administrator by e mail Specify the e mail address mail server and detection message in Settings to notify the administrator under Common settings To separate notifications from standard e mails X Admin Notification Id number is added to the header This also prevents the notification from being detected as a virus Number is a random number ...

Page 41: ...tself permits values up to 9999 Access control Access Control From these hosts From acl_from Only accepts connections from the designated list of hosts If you have enabled DNS Reverse Lookup you can also specify host name domain name For examples see Access Control 65 If you edit the From these hosts setting by using the web console the smtp from field is updated in opt f secure fsigk conf hosts a...

Page 42: ...encrypted Blocks mail that contains encrypted and archived files ZIP RAR The detection name is FSIGK POLICY_BLOCK_ENCRYPTED When an encrypted and archived file is detected it is handled in the same way as viruses For more information see the What to do when a virus is detected setting If you disable virus scanning the scanning for encrypted and archived files is also disabled File name or extensio...

Page 43: ...se wildcards in the Category Platform and Family names For example Client IRC excludes all riskware in the Client IRC category The maximum length of the setting is 1999 bytes Separate each setting in the setup file with a semicolon Scan the e mail message body Scan text body part virus_check_text Scans the body of e mail messages However attached text format files and HTML format e mail body text ...

Page 44: ...iptables redirect settings To do this click Edit NAT iptables redirect settings Use the iptables command from the command line to specify the setting as follows The example shows the port number being set to 9025 iptables t nat A PREROUTING i eth1 p tcp dport 25 j REDIRECT to port 9025 For more information see Transparent Proxy 108 Edit NAT iptables redirect settings NAT Specifies the NAT redirect...

Page 45: ...IRECT to port 110 After specifying the setting save the iptables configuration etc init d iptables save Because SSL communications for protocols such as POPs TCP port number 995 are encrypted communications cannot be received directly regardless of whether iptables redirection is enabled or not If necessary install F Secure Internet Gatekeeper for Linux so that communications are first decrypted b...

Page 46: ... that you can set in Quarantine directory under Common settings Specify this setting only if sufficient disk space is available Even if you enable this setting it is not possible to delete the e mail completely or block it from being delivered to the user The reason for this are the specifications of the POP protocol Edit the virus detection message Detection message Edits the message which is sho...

Page 47: ...also prevents the notification from being detected as a virus Number is a random number which is set as admin_notification_id in the settings file during the installation Quarantine Quarantine keep spam_quarantine Quarantines spam The spam is quarantined in the directory that you set in Quarantine directory under Common settings Specify this setting only if sufficient disk space is available Even ...

Page 48: ...cl_from Only accepts connections from the designated list of hosts If you have enabled DNS Reverse Lookup you can also specify host name domain name For examples see Access Control 65 If you edit the From these hosts setting by using the web console the pop from field is updated in opt f secure fsigk conf hosts allow To To acl_to Only accepts connections to the designated list of hosts For example...

Page 49: ...ontaining encrypted and archived files ZIP RAR The detection name is FSIGK POLICY_BLOCK_ENCRYPTED When an encrypted and archived file is detected it is handled in the same as viruses For more information see the What to do when a virus is detected setting If you disable virus scanning the scanning for encrypted and archived files is also disabled File name or extension Files extensions block_ext b...

Page 50: ...ily names For example Client IRC excludes all riskware in the Client IRC category The maximum length of the setting is 1999 bytes Separate each setting in the setup file with a semicolon Scan the e mail message body Scan text body part virus_check_text Scans the body of e mail messages However attached text format files and HTML format e mail body text are scanned regardless of this setting If you...

Page 51: ... line to specify the setting as follows The example shows the port number being set to 9110 iptables t nat A PREROUTING i eth1 p tcp dport 110 j REDIRECT to port 9110 For more information see Transparent Proxy 108 Edit NAT iptables redirect settings NAT Specifies the NAT redirection settings If you select the POP redirect checkbox all connections for port 110 are redirected to the POP proxy port 9...

Page 52: ...port 21 After specifying the setting save the iptables configuration etc init d iptables save Parent server Parent Server parent_server_host parent_server_port Specifies the host name and port number of the destination FTP server The standard port number is 21 This setting is ignored in transparent mode Virus scanning Do Virus Check virus_check Enables or disables virus scanning We recommend that ...

Page 53: ...ser names Because the FTP server performs password authentication the password in the user database is not used Maximum number of simultaneous connections Maximum connections pre_spawn Specifies the maximum number of simultaneous connections from clients The specified number of processes listen for connections from clients You can check the number of connections used in Internal process ID in the ...

Page 54: ...is received For examples see Access Control 65 If you edit the Host name setting by using the web console the ftp pass to field is updated in opt f secure fsigk conf hosts allow File name or extension Files Extensions pass_ext pass_ext_list Skips virus scanning for files with the specified file names or extensions Separate each name with a comma by using backward matching a file is skipped if the ...

Page 55: ...all riskware in the Client IRC category The maximum length of the setting is 1999 bytes Separate each setting in the setup file with a semicolon Transparent proxy Transparent Proxy mode transparent Enables the transparent proxy mode A NAT redirection setting is required when the proxy operates as a transparent proxy Use one of the following methods to specify the NAT redirection setting Use the Ed...

Page 56: ...ard port number is 25 Edit the notification message Detection message Edits the message which is shown when a virus is detected in a file being sent The text up to the first blank line contains the header Enter the message including the Subject by using the UTF 8 character set The maximum length of the message is 9000 bytes For information on variables and options see Detection Notification Templa...

Page 57: ...tering methods the rules can be used as a black list and white list The list of rules is checked starting from the top The different conditions that can be specified are described below Please restart the service from the proxy s web console screen after editing these settings Field name Specifies where to apply the rule The available settings are described below Designated header field Applies th...

Page 58: ...anese the comparison is performed by using the UTF 8 codes The Subject field and filename are converted to UTF 8 before being compared The conversion is done for encoded word charset encoding encoded text written in RFC 2047 To scan for character sets other than UTF 8 such as Shift JIS or Unicode specify the codes as hexadecimal values For example specify the following to search for the text 完全無料 ...

Page 59: ...r backward matching If you use the e mail address is not recognized correctly This is because the From To and other headers contain additional characters before and after the e mail address example Xxx Yyy aaa example com Filter as Specifies the judgment result if the specified rule is satisfied Select one of spam not spam or no action The specified list of conditions is saved in opt f secure fsig...

Page 60: ...d that the message contains a virus RefID The RefID is a parameter that is returned by ctEngine with every message classification It contains a transaction tracing code that can help to track the reason for the classification RBL RBL spam_rbl These settings enable or disable the use of RBLs Realtime Black Lists for spam checking and specify the RBL servers which are used when checking for spam Spe...

Page 61: ...s which are used when checking for spam Specify the servers separated by commas Specify up to 199 characters E mail is scanned by checking whether the domain name part of the URLs contained in the text body or HTML body of the e mail is registered in a SURBL server Although the RBL and SURBL servers are queried together a delay of several hundred milliseconds occurs while waiting for the server re...

Page 62: ...not http_proxy_host Specifies the host name of the proxy server http_proxy_port Specifies the port number of the proxy server use_proxyauth Specifies whether proxy authorization is used or not http_proxyauth_user Specifies the user name used for proxy authorization http_proxyauth_pass Specifies the password used for proxy authorization To download definition files from Policy Manager specify UPDAT...

Page 63: ...ation http_proxyauth_pass Specifies the password which is used for proxy authorization To download definition files from Policy Manager specify UPDATEURL http host name port number in opt f secure fsigk conf dbupdate conf You can check the version number of virus definition files with cd opt f secure fsigk make show dbversion You can obtain the version of the definition file for each engine Aquari...

Page 64: ...ncluding product settings system settings and log information Download the opt f secure fsigk diag tar gz file created by the cd opt f secure fsigk make diag command When contacting support please send the diagnostic information file diag tar gz if possible License License Enter or show license information You do not need to restart the services after setting the license information However you ne...

Page 65: ...xx domain jp and domain jp 192 168 192 168 0 0 255 255 0 0 Permit connections for networks in which the addresses are specified in the form 192 168 3 4 255 255 255 255 cannot be specified as the netmask ALL Permit connections from all hosts ALL EXCEPT 1 2 3 4 4 5 6 7 Permit connections from all IP addresses except 1 2 3 4 and 4 5 6 7 ALL EXCEPT 192 168 0 0 255 255 0 0 Permit connections for networ...

Page 66: ...llow_list txt as follows aaa com bbb com ccc com Then specify the file e g etc fsigk_smtp_rcpt_allow_list txt in the access control setting You can use this method when you specify a list of hosts in the web console or in the access control settings file opt f secure fsigk conf hosts allow smtp_rcpt etc fsigk_smtp_rcpt_allow_list txt Specify multiple lines in the file Specify multiple lines in the...

Page 67: ...z H mm etc VIRUS_INFO_URL URL for information about a virus Example http cgi f secure com cgi bin search cgi q W32 NetSky D mm CLIENT_HOST Client host name To show the host name you must enable DNS Reverse Lookup in the web console CLIENT_ADDR Client IP address SERVER_HOST Server host name the server which is connected to from the Internet Gatekeeper SERVER_ADDR Server IP address the server which ...

Page 68: ...addresses the addresses passed to the RCPT TO command separated by commas MESSAGE_ID Value of the Message Id field in the SMTP e mail header ERROR_STR Error message the same information as PROXY ERROR in the access log ACTION Action which is taken when a virus is detected the same information that is recorded in the access log PATH_QUERY Path and query part of the URL only applies to the HTTP serv...

Page 69: ...sing Expert Options The expert options include settings that are highly likely to change in future versions and are not settings that normally need to be specified Because these options may be dependent on the particular system environment and may not work the way the user expects please confirm that the options work correctly on your system before you use them If you need to use the expert option...

Page 70: ... fsavd when the computer is started with the auto start command initscript Launch the virus verification engine before you start each proxy service Command names opt f secure fsigk rc fsigk_http http proxy auto start command opt f secure fsigk rc fsigk_smtp smtp proxy auto start command opt f secure fsigk rc fsigk_pop pop proxy auto start command opt f secure fsigk rc fsigk_ftp ftp proxy auto star...

Page 71: ... the ftp protocol default when started with fsigk_ftp f inifile Reads the settings of inifile as the configuration file Usually you need to specify opt f secure fsigk conf fsigk ini as the configuration file Specify the protocol before this option daemon Starts in the background q Stops the detailed display P port Listens to the specified port number h Displays a list of options Command examples S...

Page 72: ...auth Specifies whether proxy authorization is used or not http_proxyauth_user Specifies the user name which is used for proxy authorization http_proxyauth_pass Specifies the password which is used for proxy authorization To download virus definition databases from Policy Manager specify UPDATEURL http host name port number in opt f secure fsigk conf dbupdate conf with the host name and port number...

Page 73: ...fsigk dbupdate Import from a specific definition file fsdbupdate9 run cd opt f secure fsigk dbupdate fsdbupdate9 run Exit codes You can obtain the update results with the following exit codes Exit code Description 0 There are no new updates Nothing is updated 1 The system failed to update databases For details see the program output and log files at opt f secure fsigk log dbupdate log and opt f se...

Page 74: ...formation file diag tar gz in the opt f secure fsigk directory The diagnostic information file contains configuration information aboutthe product system and log files The information is needed for troubleshooting When contacting support please send the diagnostic information file diag tar gz if possible Command names cd opt f secure fsigk make diag Command examples Create a diagnostic information...

Page 75: ...ccess time from the client Displays the number of seconds from epoch time 1970 01 01 00 00 00 UTC in milliseconds Connection time Displays how long the client was connected in milliseconds Client host Displays the host of the client When reverse lookup is available the host name is displayed If not the IP address is displayed Processing results Returns Cache status HTTP status code Cache status is...

Page 76: ...ed but passed logged DELETE Deleted If SMTP is used a notification is sent to the recipient after the file is deleted DENY Detected with SMTP and blocked SENDBACK Notification sent to the sender with SMTP BLACKHOLE Deleted with SMTP no notification to the sender CHANGE_SUBJECT Spam detected with SMTP and the subject is changed Proxy information PROXY STAT Service type Internal process ID Process I...

Page 77: ...r address MAIL FROM Argument address of command Displayed with URL encode Message ID Argument address of command Displayed with URL encode HTTP service PROTOCOL STAT Protocol details X Forwarded For is returned KEEPALIVE Displays the detection details with the following strings separated by a comma KEEPALIVE Keep Alive connection Persistent Connection executed in the corresponding session PROGRESS...

Page 78: ...er is sent PROXY 550 Relaying denied Relaying denied by the Internet Gatekeeper Displayed if the relaying is denied due to recipient domain restrictions or authentication If relays are accepted from clients you must set the corresponding client address from the host within the LAN or enable the PbS SMTP authentication If relays are accepted externally you must set the recipient domains 9 1 2 Virus...

Page 79: ...of the error message strerror Error code Error message Error code Error code for system calls Error message Error message for system calls Error message content Message ERROR bind port Port number addr Address Please check whether other service mail web server etc is already running on port Port number strerror 98 Address already in use Description The service cannot be started because the configu...

Page 80: ...umber of connections during the startup of the corresponding access In addition you can check the ESTABLISH status of the corresponding port numbers with the netstat command netstat anp grep 9080 grep ESTABLISHED wc l Port 9080 is used in the example Solution Situation only a small number of messages appear for example 1 error every hour the product appears to be working fine and the number of inc...

Page 81: ...Host name Port number strerror xxx xxx Description Connection to the SMTP server admin_mx_host admin_mx_port in opt f secure fsigk conf fsigk ini which is configured to send notifications to the administrator after a virus or spam detection was successful However an error occurred Solution Check if the host name and port number of the configured SMTP server can be accessed Message ERROR notify_adm...

Page 82: ...um number of connections to under 2000 connections Use a larger number only if it is absolutely necessary Usually the maximum number of connections should not be set to over 2000 connections The product requires semaphores according to the number of processes You may sometimes need to increase the number of semaphores that the operating system can use This may happen for example when the maximum n...

Page 83: ... directory Directory name Description Is displayed when another anti virus software is found and real time virus protection is enabled for the temporary directory The service does not start Solution Disable real time virus protection altogether or disable it against the temporary directory Message ERROR smtp_data_cmd_senddata Action on detection smtp error Send command name buf Response line strer...

Page 84: ... the NOOP command Solution Check if the response message from the SMTP server is correct If there are no problems please send the diagnostic information and the results of the packet capture tcpdump being authenticated to F Secure Message ERROR XXXX strerror 23 Too many open files in system Description Displays a message which indicates that there are too many open files This message appears when ...

Page 85: ...ists If you use Turbolinux 10 Server please note the following kernel 2 6 8 5 or later must be used Check that the kernel version is 2 6 8 5 or later by using the uname a command If the kernel version is old update the kernel of Turbolinux10 to the latest one The iptable_tproxy module must be implemented Check if the iptable_tproxy module is included in the results from the lsmod command If it is ...

Page 86: ...l child nnn stopped sig 17 SIGCHLD si_code 3 CLD_DUMPED status xxx childid 1 cur _pid xxx pid xxx ERROR main core dumped child proxy process Please send core file core or core xxx on the installation directory and diag tar gz to support center ERROR Error recovery restarting service Description The proxy process was terminated abnormally core dump In addition the service was restarted The 3 error ...

Page 87: ... to fsavd s socket fsavd socket 0 fsavd may be not running Please run rc fsigk_fsavd restart to restart fsavd Description The socket fsavd socket 0 of the scan engine fsavd could not be reached The scan engine fsavd may not be running Solution The scan engine fsavd starts automatically if it is run from the web console If the proxy service is run from the command line the scan engine fsavd must be...

Page 88: ... databases commtouchunix libasapsdk lnx32 so required by spam detection engine So the spam detection engine is not available Solution Update database Message ERROR CSDKMain_classifyMessage Failed Type 3 Code 202 Desc CFCHttpClient ConnectHost Connect to X X X X failed errno 101_SocketError 101 Error 101 Description The product cannot connect the spam detection server or the specified proxy that ha...

Page 89: ...ndicates the time when the error occurred The first time displays the number of seconds from epoch time 1970 01 01 00 00 00 UTC in milliseconds The format and text of the messages may change in the future if necessary Messages at service startup Message main START argv opt f secure fsigk fsigk_xxx daemon http f conf fsigk ini ver Version pid Process ID Description A message which indicates the sta...

Page 90: ...h indicates that the SIGTERM signal of a proxy process has been received The message is displayed when a service is stopped Messages while the service is active Message is_alivesocket recv XXX Client closed connection Client may be cancel the session url YYY elasped TTTms Description Is displayed when a client closes a connection before the normal protocol process finishes The message may appear w...

Page 91: ...dfile system call BBB represents the size of the sent file CCC represents the file size DDD represents the data size being transferred Message reverselookup gethostbyaddr XXX failed herror EEE EEE Description A reverse lookup error occurred when trying to get the address XXX Message http_forward_response_storeforward_trickle_send sendfile canceled ret AAA tmpfile_offset BBB bytes CCC errno xxx xxx...

Page 92: ...e Access Denied from Address Host name Description Access was denied because access restrictions are enabled and the corresponding server was not found in the list of connections Message Access Denied to Address Host name Description Access was denied because access restrictions are enabled and the corresponding server was not found in the list of connections Message read extra CRLF for POST metho...

Page 93: ...CPT buf s ERROR Reply AUTH buf s ERROR Reply QUIT buf s ERROR Reply NOOP buf NULL error ERROR Reply NOOP buf s Description Is displayed when an error response is returned against the command sent to the SMTP server using the SMTP service A response message is included in buff xxx The command name DATAEND represents the body of the mail sent is indicated in parenthesis ...

Page 94: ...r log files by using the sample configuration file 1 Set the configuration file Copy the Sample configuration file opt f secure fsigk misc logrotate fsigk to etc logrotate d virusg cp opt f secure fsigk misc logrotate fsigk etc logrotate d fsigk 2 Edit the configuration file Specify the rotation interval as needed 3 Check that the logs are properly rotating Run the following command to make sure t...

Page 95: ...tries corresponding to the last num lines from the end of the log tailsec sec The log entries recorded in the last sec seconds are output cgi Used when invoking with CGI today The logs recorded for the current day are output noconv Time conversion is not performed r Converts the converted data back to its original form The converted results appear in the standard output If you add the tail num opt...

Page 96: ...cess log F squid o Log results are saved to the opt f secure fsigk log http logtool directory You can view the analysis results at http xxx xx log http logtool after logging into the web console A source patch misc webalizer xxx detect stat patch xxx that additionally displays virus information can be used if needed To apply the patch tar zxvf webalizer 2 xx xx src tgz patch p1 webalizer 2 xx xx d...

Page 97: ...ormation logs error_log External command For error logs For example to output SMTP virus detection information and error information to the local0 facility and the err level of syslog add the following setting to the smtp group in opt f secure fsigk conf fsigk ini smtp detect_log logger t fsigk p local0 err error_log logger t fsigk p local0 err To output files simultaneously use the following sett...

Page 98: ...an define that hosts which access Internet Gatekeeper from the Internet are authenticated You can configure Access Authentication in the following way 10 1 1 Host Authentication Internet Mail server Web server Network A Network B Access prohibited Access granted Anti Virus Gateway If the host which accesses the gateway is fixed you can use IP addresses and host names to set access control In this ...

Page 99: ... SMTP proxy Access control From these hosts Enabled Example 192 168 1 0 255 255 255 0 DNS reverse lookup Enable to restrict by host names POP proxy Access control From these hosts Enabled Example 192 168 1 0 255 255 255 0 DNS reverse lookup Enable to restrict by host names FTP proxy Access control From these hosts Enabled Example 192 168 1 0 255 255 255 0 DNS reverse lookup Enable to restrict by h...

Page 100: ...le the following software use SSH Reflection for Secure IT previously known as F Secure SSH http www attachmate com en US Products Host Connectivity Security Reflection for Secure IT Server Client SSH2 support OS Windows UNIX GUI Japanese language support Technical support Openssh http www openssh com Server Client SSH2 support OS mainly UNIX Teraterm TTSSH http hp vector co jp authors VA002416 Cl...

Page 101: ...becomes the localhost destination Set the Config file in the following way In the example below the SSH server host is ssh server the SSH user name is ssh username and the Internet Gatekeeper host is fsigk Host ssh server User ssh username LocalForward 25 virus gw 25 LocalForward 110 virus gw 110 LocalForward 9080 virus gw 9080 4 Connect the SSH client to the SSH server 5 Change the web browser s ...

Page 102: ...her a user name exists in the user database If multiple servers are used specify user name server name or user name server name To allow all users for a specific server specify server name The user name is specified on the client side The password is authenticated on the server side The settings are stored in userdb txt in the opt f secure fsigk conf pam directory If you edit the settings directly...

Page 103: ...d or remove users page FTP proxy FTP user restriction On Add or remove users Add delete or edit users on the Add or remove users page SMTP Service The following settings allow SMTP services without authentication to clients who are located within the LAN and to senders from specific mail servers addresses and networks Proxy settings SMTP proxy LAN access settings On Hosts and networks within LAN S...

Page 104: ...ication setting for F Secure Linux Internet Gatekeeper To disable SMTP authentication for the product Open the web console SMTP proxy Global settings and turn off SMTP authentication If you use APOP disable the parent server setting of the product To disable the parent server Open the Web Console POP proxy turn off Defining parent server by user Due to protocol specifications you cannot use APOP i...

Page 105: ...P authentication is performed in F Secure Internet Gatekeeper for Linux This is because the IP address of the product is always assigned to the IP address of the sender s mail server To use POP before SMTP authentication configure the SMTP and POP services in the following way Proxy Settings Proxy settings SMTP proxy On Global settings POP before SMTP authentication On Timeout Specify the time in ...

Page 106: ...e mail recipients On Specify mail server domains The database file for POP before SMTP is stored in the following way Database format BerkeleyDB 1 85 Directory Temporary directory Default var tmp fsigk File name pbs db Key Client IP address Data POP authentication time seconds elapsed from epoch time 1970 1 1 00 00 00 You can check information on the current database by running db1_dump p pbs db a...

Page 107: ...transparent proxy The settings apply when the host name of the mail server is assigned to the host name of Internet Gatekeeper through proxy and DNS settings Proxy mode Transparent proxy mode Install phase only Mail server DNS change Router Bridge Client settings POP User name Specific server Any server Server host name Specific server Any server SMTP Server host name Specific server Any server N ...

Page 108: ...he product relays the access and performs a virus scan during the relay by capturing connections from clients to servers and by creating another connection to servers In this way clients can directly access servers and clients traffic is scanned without having to change the client configuration Setting Example Without virus scanning With virus scanning Transparent proxy WEB server Mail server WEB ...

Page 109: ...rs This diagram below illustrates how to set up the product as a transparent proxy in a DMZ network SERVER 110 9110 FSIGK 192 168 0 99 F Secure Internet Gatekeeper for Linux SERVER Server HTTP SMTP POP FTP Top level Router Client Client Client Lower level Router Default route FSIGK SERVER 110 FSIGK 9110 SERVER 110 DMZ 192 168 0 0 255 255 255 0 Internet 1 2 F Secure Internet Gatekeeper for Linux Se...

Page 110: ...10 and retrieves the access request replaced by iptables Afterwards Internet Gatekeeper retrieves the original destination SERVER 110 which has been stored in iptables and sends the access request to the original destination SERVER 110 Settings To use a transparent proxy in proxy mode configure the network and server associated with F Secure Internet Gatekeeper for Linux in the following way 1 Ope...

Page 111: ...s restart Next run the following commands to redirect the server access to each service http 80 smtp 25 pop 110 ftp 21 to 9080 9025 9110 9021 of FSIGK FSIGK iptables t nat A PREROUTING p tcp dport 80 j REDIRECT to port 9080 FSIGK iptables t nat A PREROUTING p tcp dport 25 j REDIRECT to port 9025 FSIGK iptables t nat A PREROUTING p tcp dport 110 j REDIRECT to port 9110 FSIGK iptables t nat A PREROU...

Page 112: ...ternet Gatekeeper the IP address of the product is normally assigned as the IP address of the service source For FTP data sessions in Passive mode the destination address from the client and the source address from Internet Gatekeeper to the server are usually assigned to the address of the product In Active mode the destination address from the server and the source address from Internet Gatekeep...

Page 113: ...e interfaces and place it between clients and servers You may need to recompile the Linux kernel if the bridging functionality is not enabled by default in your distribution or if you use Linux version 2 4 Because the product works as a bridge both of the interfaces while on different physical networks are on the same logical IP network SERVER 110 9110 SERVER Server HTTP SMTP POP 192 168 1 12 Clie...

Page 114: ...per retrieves the original destination SERVER 110 which is stored in iptables and sends the access request to the original destination SERVER 110 Settings To use a transparent proxy in bridge mode configure the network and server associated with F Secure Internet Gatekeeper for Linux in the following way 1 Open the web console Select Proxy settings Start up each service in transparent proxy mode P...

Page 115: ...If a subnet exists under the network structure apply routing settings as needed cp opt f secure fsigk misc rc bridge etc rc d init d bridge etc rc d init d bridge start chkconfig add bridge Check that communication works between interfaces eth0 eth1 on both sides 4 Change the access destination of the client to FSIGK 9110 Do it on the server at the access destination by changing iptables on Intern...

Page 116: ... If FTP communication cannot be used check if it is denied by a firewall When Internet Gatekeeper accesses a server or when an IP address needs to be retained during a FTP data session the kernel needs to be patched with tproxy For more information see transparent_tproxy in the separate Expert options document Configure the settings so that the communication files and tasks used by the firewall se...

Page 117: ...rnet Gatekeeper If you specify a different port number for Internet Gatekeeper it is possible to use the product and a mail server in the same computer The following example uses ports 9025 and 9110 for Internet Gatekeeper Settings for F Secure Internet Gatekeeper for Linux Set the port numbers used by the product to 9025 and 9110 at the web console Proxy settings SMTP proxy Proxy port 9025 Parent...

Page 118: ... example uses ports 9025 and 9110 for the mail server Because virus scans are performed using SMTP Internet Gatekeeper does not need the POP settings and they can be skipped Mail server settings Change the SMTP server port to 9025 and the POP server port to 9110 Using sendmail 1 Make the following change in etc sendmail cf or etc mail sendmail cf O DaemonPortOptions Port 9025 2 Restart sendmail et...

Page 119: ...ollows 9025 inet n n smtpd 2 Restart postfix postfix reload Settings for F Secure Internet Gatekeeper for Linux Set the port numbers of the parent server to 9025 and 9110 at the web console Proxy settings SMTP proxy On Proxy port 25 Global settings Parent server Host name localhost Port number 9025 POP proxy On Proxy port 110 Parent server Host name localhost Port number 9110 If e mails are to be ...

Page 120: ... in 192 168 1 xxx and 192 168 2 xxx Proxy settings SMTP proxy LAN access settings On Hosts and networks within LAN 192 168 1 0 255 255 255 0 192 168 2 0 255 255 255 0 The following example uses POP before SMTP to enable data to be sent outside Proxy settings SMTP proxy On Global settings POP before SMTP authentication On POP proxy On If the mail server performs SMTP authentication you do not have ...

Page 121: ...92 168 1 1 and Internet Gatekeeper listens to eth1 192 168 2 1 If you only have one physical interface you can generate a virtual interface with the IP Alias function For example the following command generates the virtual interface eth0 1 192 168 1 2 ifconfig eth0 1 192 168 1 2 netmask 255 255 255 0 Copy etc sysconfig network scripts ifcfg eth0 to ifcfg eth0 1 and rewrite the file to DEVICE eth0 ...

Page 122: ... d qmail popup bind 192 168 1 1 2 Restart xinetd etc rc d init d xinetd restart Using postfix 1 Set the smtpd service address in etc postfix master cf as follows 192 168 1 1 25 inet n n smtpd 2 Restart postfix postfix reload Settings for F Secure Internet Gatekeeper for Linux Set the port numbers of the parent server to 192 168 2 1 25 and 192 168 2 1 110 Specify the parent server to be the mail se...

Page 123: ...er with the same port number You can redirect the access to default ports 25 100 in specific interfaces to Anti Virus 9025 9110 You can do it with the NAT setting in the iptables The following example uses two interfaces eth0 192 168 1 1 and eth1 192 168 2 1 Access from eth1 ports 25 and 110 is changed to ports 9025 and 9110 The eth1 interface is used for Internet Gatekeeper and the eth0 interface...

Page 124: ... dport 110 j REDIRECT to port 9110 etc rc d init d iptables save Settings for F Secure Internet Gatekeeper for Linux Set the port numbers of the parent server to 9025 and 9110 and the parent server to be the mail server localhost 25 localhost 110 at the web console Proxy settings SMTP proxy On Proxy port 9025 Global settings Parent server Host name localhost Port number 25 POP proxy On Proxy port ...

Page 125: ...to the destination mail server Inbound e mails are stored in an internal mail server and users can retrieve them by using the POP protocol With virus scanning If F Secure Internet Gatekeeper for Linux is implemented the product scans outbound e mails for viruses After that the e mails are delivered to the destination mail server by using the internal mail server After the product has scanned inbou...

Page 126: ...5 0 2 Configure the internal mail server so that e mails from virus gw can be sent to other mail servers Using sendmail Add the following line to etc mail access IP address of virus gw Example 192 168 0 99 RELAY Run make at etc mail cd etc mail make Restart sendmail etc rc d init d sendmail restart Using qmail tcpserver Make the following changes in var qmail rc usr local bin tcpserver R x etc tcp...

Page 127: ... limited to the specified domain 4 Change the host name of the internal mail server to mx2 and the host name of Internet Gatekeeper to mx in the DNS settings Change the mail server MX record of DNS of the internal domain to mx Internet Gatekeeper 5 Check that e mails can be sent from the internal network to an external mail server by using mx Check also that outbound e mails are limited to the spe...

Page 128: ... the Internet The following diagram illustrates the setting Internet Gatekeeper settings At the web console configure the proxy port and parent server port to 80 Proxy settings HTTP proxy On Proxy port 80 Parent server Host name Web server Port number 80 DNS Web Server settings Set the IP address as seen from the Internet of the web server to the address of the Gateway You can do this by using one...

Page 129: ...er The following example uses ports 9080 for the web server Internet Gatekeeper server Internet Gatekeeper Web server 9080 80 Internet Web Server settings Change the HTTP server port to 9080 Using Apache 1 Make the following change in etc httpd conf httpd conf Listen 9080 2 Restart Apache etc rc d init d httpd restart Internet Gatekeeper settings At the web console configure the proxy port and par...

Page 130: ...he following diagram illustrates the Apache configuration file when the product is used with a SSL proxy and a web server Internet Gatekeeper server Internet Gatekeeper Web server 80 9080 Internet Apache SSL proxy 443 Apache SSL settings In the following example port 443 is used first to listen to data Afterwards port 9080 is relayed to decrypt data Settings https access Listen 443 VirtualHost _de...

Page 131: ...e 131 Internet Gatekeeper settings At the web console configure the proxy port to 9080 and the parent server port to 80 Proxy settings HTTP proxy On Proxy port 9080 Parent server Host name localhost Port number 80 Web Server settings The web server uses port 80 ...

Page 132: ...se methods Virus scanning cannot be performed for CONNECT SSL HTTPS because the data is encrypted Supported HTTP proxy schemas http ftp Supported HTTP protocol specifications HTTP 1 0 RFC1945 HTTP 0 9 RFC1945 HTTP 1 1 RFC2616 WEBDAV RFC2518 HTTP 1 1 responses are automatically converted to HTTP 1 0 Supported HTTP authentication methods HTTP proxy authentication Basic Maximum HTTP transfer size Lim...

Page 133: ...ASS RETR LIST NLST STOR STOU APPE QUIT PORT PASV and similar response commands Supported FTP protocol specifications FTP RFC959 Supported FTP authentication methods User name argument of the USER command Maximum FTP transfer size Limited by the amount of available disk space Maximum file size that can be scanned 2GB for archive files 2GB is the limit before and after the files are extracted Archiv...

Page 134: ...ttp httpserver index html HTTP 1 0 TCP connect to 0 0 0 2 80 GET index html HTTP 1 0 HTTP 1 0 200 OK HTML file Virus scan HTTP 1 0 200 OK HTML file Proxy mode POST method scans files when they are sent Client Internet Gatekeeper 0 0 0 1 HTTP Server httpserver 0 0 0 2 TCP connect to 0 0 0 1 9080 POST http httpserver post cgi HTTP 1 0 File to be sent Virus scan TCP connect to 0 0 0 2 80 POST post cg...

Page 135: ...arent Proxy mode Router or Bridge GET method Client Internet Gatekeeper 0 0 0 1 HTTP Server httpserver 0 0 0 2 TCP connect to 0 0 0 2 80 GET index html HTTP 1 0 TCP connect to 0 0 0 2 80 GET index html HTTP 1 0 HTTP 1 0 200 OK HTML file Virus scan HTTP 1 0 200 OK HTML file ...

Page 136: ...P server smtpserver 0 0 0 2 TCP connect to 0 0 0 1 9025 TCP connect to 0 0 0 2 25 220 smtpserver 220 fsigk EHLO client EHLO fsigk 250 smtpserver 250 smtpserver MAIL FROM fromuser fromdomain MAIL FROM fromuser fromdomain 250 ok 250 ok RCPT TO touser todomain RCPT TO touser todomain 250 ok 250 ok DATA 354 Enter mail E mail body Virus scan DATA 354 Enter mail E mail body 250 ok 250 ok QUIT QUIT 221 s...

Page 137: ...t Internet Gatekeeper fsigk 0 0 0 1 SMTP server smtpserver 0 0 0 2 TCP connect to 0 0 0 2 25 TCP connect to 0 0 0 2 25 220 smtpserver 220 fsigk EHLO client EHLO fsigk 250 smtpserver 250 smtpserver MAIL FROM fromuser fromdomain MAIL FROM fromuser fromdomain the rest is processed in the same way as in proxy mode ...

Page 138: ...he POP proxy Proxy mode Client Internet Gatekeeper fsigk 0 0 0 1 POP server popserver 0 0 0 2 TCP connect to 0 0 0 1 9110 OK fsigk starting USER user popserver TCP connect to 0 0 0 2 110 OK popserver USER user OK OK PASS password PASS password OK OK LIST LIST 1 1000 1 1000 RETR 1 RETR 1 E mail body Virus scan E mail body RSET RSET OK OK QUIT QUIT OK OK ...

Page 139: ... Router or Bridge Client Internet Gatekeeper fsigk 0 0 0 1 POP server popserver 0 0 0 2 TCP connect to 0 0 0 2 110 TCP connect to 0 0 0 2 110 OK popserver OK popserver USER user USER user OK OK PASS password PASS password OK OK the rest is processed in the same way as in proxy mode ...

Page 140: ... 9021 220 fsigk at fsigk USER user ftpserver TCP connect to 0 0 0 2 21 220 ftpserver USER user 331 Password required 331 Password required PASS password PASS password 230 User logged in 230 User logged in PASV PASV 227 Entering Passive Mode 0 0 0 2 0 2 227 Entering Passive Mode 0 0 0 1 0 1 RETR file RETR file TCP connect To 0 0 0 1 1 TCP connect To 0 0 0 2 2 150 Opening data connection 150 Opening...

Page 141: ...1 Password required 331 Password required PASS password PASS password 230 User logged in 230 User logged in PORT 0 0 0 3 0 3 PORT 0 0 0 1 0 1 200 PORT command successful 200 PORT command successful RETR file RETR file TCP connect From 0 0 0 2 20 To 0 0 0 1 1 TCP connect From 0 0 0 1 20 To 0 0 0 3 3 150 Opening data connection 150 Opening data connection File information Virus scan File information...

Page 142: ...1 220 ftpserver 220 ftpserver USER user USER user 331 Password required 331 Password required PASS password PASS password 230 User logged in 230 User logged in PASV PASV 227 Entering Passive Mode 0 0 0 2 0 2 227 Entering Passive Mode 0 0 0 1 0 1 RETR file RETR file TCP connect To 0 0 0 1 1 TCP connect To 0 0 0 2 2 150 Opening data connection 150 Opening data connection the rest is processed in the...

Page 143: ...rver 220 ftpserver USER user USER user 331 Password required 331 Password required PASS password PASS password 230 User logged in 230 User logged in PORT 0 0 0 3 0 3 PORT 0 0 0 1 0 1 200 PORT command successful 200 PORT command successful RETR file RETR file TCP connect From 0 0 0 2 20 To 0 0 0 1 1 TCP connect From 0 0 0 1 20 To 0 0 0 3 3 150 Opening data connection 150 Opening data connection the...

Page 144: ...bytes Response code 400 Reason Bad Request Message Too long Request Method Request method character error Description The request method contains an invalid character the character is under the character code 0x20 Response code 400 Reason Bad Request Message Illegal method character Request URL length error Description The length of the request URL exceeds the limit 2098 bytes Response code 414 Re...

Page 145: ...escription The request HTTP version specified is a version other than HTTP 1 0 HTTP 1 1 or HTTP 0 9 Response code 505 Reason HTTP Version Not Supported Message Only support HTTP 0 9 HTTP 1 0 HTTP 1 1 Proxy authentication error Description Proxy authentication failed Response code 407 Reason Proxy Authentication Required Message Proxy Authentication Required Additional header Proxy Authenticate Bas...

Page 146: ...he connection is Keep Alive Connection Add Keep Alive Proxy Connection The Proxy Connection header is removed Via If an anonymous proxy is used the header is not changed Otherwise the following change is made Via 1 0 Host name Port Product name If a Via header exists it is added to the end with a X Forwarded For If an anonymous proxy is used the header is not changed Otherwise the IP address of th...

Page 147: ...e the following is added Connection Keep Alive Proxy Connection The current Proxy Connection header is removed Proxy Support If a WWW Authenticate header exists and the proxy has no parent server and is not transparent the following information is added Proxy Support Session Based Authentication Proxy Support Session Based Authentication is needed if a proxy uses NTLM authentication and other auth...

Page 148: ...d COMMAND used to notify the sender COMMAND can be either RSET MAIL or FROM RCPT TO Message 250 Message accepted for delivery Reason Indicates that the e mail data has been received Message 554 Too long message Reason The data size has exceeded the maximum The maximum size is 2 GB or the value specified at block_messagesize block_message_len in the expert options Message 554 Infected by Detection ...

Page 149: ...hen COMMAND was executed The COMMAND can be either HELO or EHLO MAIL command responses Message 501 Syntax error MAIL FROM Reason The MAIL command is invalid FROM is missing RCPT command responses Message 500 RCPT command must begin with RCPT TO Reason The RCPT command is invalid TO is missing Message 250 Recipient ok Reason The relay was denied Is displayed when recipient domains are restricted an...

Page 150: ... performed by F Secure Internet Gatekeeper for Linux If authentication is done on the SMTP server side the SMTP server response is relayed Message 500 disconnected from server AUTH Reason The server disconnected during authentication Unknown commands Message 500 Unknown Command COMMAND Reason The specified command COMMAND is not supported ...

Page 151: ... If the response code is other than 220 the connection is terminated 5 The following is sent to the client 200 Host name Product name Command lines 1 If a line is greater than 9998 bytes The following is sent to the client 500 Too long line Product name The connection is terminated 2 If the following conditions are met and a command other than HELO EHLO AUTH QUIT RSET is received POP before SMTP o...

Page 152: ... following is sent to the client 500 RCPT command must begin with RCPT TO Product name 2 If recipient domains are restricted and authentication is not complete Recipient RCPT domain restrictions are enabled and PbS POP before SMTP SMTP authentication is not complete destination domains and domain connections from the LAN are not related The following is sent to the client 550 Relaying denied Produ...

Page 153: ...ollowing is sent to the server MAIL FROM Template sender or administrator address 4 If the response code is other than 250 a The following is sent to the client 554 SENDBACK smtp error MAIL FROM Server Reply Server response information Product name 5 The following is sent to the server RCPT TO Sender address 6 If the response code other than 250 a The following is sent to the client 554 SENDBACK s...

Page 154: ...t to the server DATA If the response code is other than 354 1 The following is sent to the client Server response information 2 The command terminates If anonymous proxy mode is not enabled 1 The following is sent to the server Received from Client host name Client IP address by Host name Product name Current time RFC822 format 2 If spam is detected a The following is sent to the server X Spam Sta...

Page 155: ...nt Server response information 2 If 2 above does not apply The following is sent to the client OK Product name starting Command lines 1 If a line is greater than 998 bytes The following is sent to the client ERR Too long line 2 If not connected to a server and a command other than USER QUIT is sent The following is sent to the client ERR please use USER command at first 3 If 1 and 2 above do not a...

Page 156: ...r restriction with the APOP command is enabled If the user is not added 1 The following is sent to the client ERR Invalid Account Auth 2 The following is sent to the server Client response information 3 Receives a response from the server 4 If the server response is successful Add the client IP address to the POP before SMTP database RETR command 1 The following is sent to the server Client respon...

Page 157: ...ult F Secure fsigk_ftp Version Host name You can change the product name by editing product_name in the expert options Client connections 1 If Defining parent server by user is disabled or transparent mode is enabled The server is accessed If access fails 1 The following is sent to the client 500 Can t Connect to Server host Server port errmsg Connection error message For connection error messages...

Page 158: ... The following is sent to the client 500 Invalid Account Auth If the user name contains or 1 The server specified by the last or is accessed If 2 above does not apply 1 If the parent server is empty a The following is sent to the client 500 USER format is USER username hostname or username hostname b The command terminates 2 Connects to the parent server ...

Page 159: ...er 3 The following is sent to the client 227 Entering Passive Mode xx xx xx xx yy yy xx is the IP address of the proxy and yy is the proxy port PORT command 1 The following is sent to the client PORT xx xx xx xx yy yy xx is the IP address of the proxy and yy is the proxy port 2 Receives a response from the server 3 The following is sent to the client Server response information RETR LIST NLST STOR...

Page 160: ...quest to the IP address of a server failed Connections are performed using the connect system call of Linux The Connection error details contains the error message of connect system call which in most cases will be one of the following Connection refused The server denied the connection Connection timed out A timeout occurred while trying to access the server Network is unreachable The network on ...

Page 161: ...eached If there is no problem on the DNS server check if you can look up the host name from the Linux Internet Gatekeeper server by using nslookup Unknown server error Error in the DNS server No address associated with name IP address of the specified host could not be found CONNECT Host Port Access Inhibited by Proxy FSIGK Connection was denied due to access control settings on the destination ...

Page 162: ...her single process is used for administration In addition the process also communicates with the scanning engine process fsavd as needed Communication is processed by using the UNIX domain socket fsavd socket 0 in the install directory Up to 500 KB of memory cannot be shared per process fsigk_pop Process used to provide POP service It makes POP communication between clients and servers possible To...

Page 163: ... the usage The process uses a minimum of 2 processes for each service http smtp pop ftp and the maximum number of processes it can use for each service is equal to the logical number of CPUs in the system 2 CPUs 2 processes 4 CPUs 4 processes In addition the process uses a single process for administration Around 50 MB of memory cannot be shared per process ...

Page 164: ...GK POLICY_BLOCK_SCRIPT HTML file including scripts if scripts are denied FSIGK POLICY_BLOCK_ACTIVEX HTML file including ActiveX if ActiveX is denied FSIGK POLICY_BLOCK_PARTIAL_MESSAGE Partial message if partial messages are denied FSIGK POLICY_BLOCK_MAXNESTED Archive file that contains more than the allowed nest levels if the maximum nest level of archive files is denied in block_maxnested yes FSI...

Page 165: ...abase Virus and spam notification e mails The condition number indicates the number of lines detected in the database file FSIGK SPAM_LIST ERROR Condition Header field name Spam detected by a database Error mail The condition number indicates the number of lines detected in the database file FSIGK SPAM_RBL Detected address RBL server name RBL response address Spam detected by RBL inspection Detect...

Page 166: ...ple IRC Programs for transferring files over the internet from one computer to another Internet phone programs VoIP If a program is identified as riskware but it is explicitly installed and correctly set up and used it is less likely to be harmful Riskware detected by F Secure Internet Gatekeeper for Linux are given the detection name of Catagoriy Platform Family Riskware categories Adware AVTool ...

Page 167: ...strator s Guide 167 Riskware platforms Apropos BAT Casino ClearSearch DOS DrWeb Dudu ESafe HTML Java JS Linux Lop Macro Maxifiles NAI NaviPromo NewDotNet Palm Perl PHP Searcher Solomon Symantec TrendMicro UNIX VBA VBS Win16 Win32 Wintol ZenoSearch ...

Page 168: ...e ftp ftp porcupine org pub security index html pam_userdb Original Package http www kernel org pub linux libs pam zip Original Package http www info zip org pub infozip BerkeleyDB 1 85 Original Package http www sleepycat com download SHA 1 in C Original Package ftp ftp funet fi pub crypt hash sha sha1 c Perl Compatible Regular Expressions Original Package http www pcre org libaes Original Package...

Page 169: ...r Linux Administrator s Guide 169 Apache Myfaces Myfaces Core Myfaces Tomahawk Original Package http myfaces apache org GNU wget Original Package http www gnu org software wget Location tool wget on installation directory License GPL ...

Reviews: