background image

 

 

CHAPTER 3.

 

OPERATING 

PATTERN OF KASPERSKY 
ANTI-VIRUS

®

 FOR LOTUS 

NOTES/DOMINO  

Kaspersky Anti-Virus

®

 for Lotus Notes/Domino is designed for protection of 

messages of Lotus Notes/Domino version R5 and R6 and higher. After installing 
the software product on a server running Linux or Windows NT/2000 with a Lotus 
Notes system installed, the program performs virus scans on all the mail 
messages of Lotus Notes/Domino. During its work, the program uses 

antiviral 

protection parameters 

(see Chapter 4 on page 30). These parameters can be 

changed by an administrator who knows their access password, from any 
computer in the LAN, or by using remote access. To do so he must open the 
program using the web browser. 

Kaspersky Anti-Virus

®

 consists of the following modules:  

 

Hook

 

 mail message interception module .

 

 

Monitor 

 mail message scanning module .

 

 

Scanner 

 Domino server database scanning module.

 . 

The table below contains the names of executable modules of Kaspersky Anti-
Virus

®

 for Lotus Notes/Domino for Windows NT/2000 and Linux operating 

systems, along with their names used in this document. 

Table 1 

Modules 

Names of the 

modules for 

Windows NT/2000 

Names of the 

modules for 

Linux 

Module 

names used 

in the 

document 

Mail 
message 
interception 
module 

nKavHook libkavhook.so 

Hook 

Summary of Contents for ANTI-VIRUS 5.0 - FOR LOTUS NOTES-DOMINO

Page 1: ...KASPERSKY LABS Kaspersky Anti Virus 5 0 for Lotus Notes Domino USER S GUIDE...

Page 2: ...K A S P E R S K Y A N T I V I R U S 5 0 F O R L O T U S N O T E S D O M I N O User s Guide Kaspersky Labs Ltd Our website http www kaspersky co m Revision date December 2003...

Page 3: ...nterface 26 4 4 Help system 27 4 5 Terminology 28 CHAPTER 5 SETTING UP THE ANTIVIRAL PROTECTION PARAMETERS 30 5 1 General operation settings of Kaspersky Anti Virus for Lotus Notes Domino Settings Com...

Page 4: ...55 CHAPTER 8 MAINTAINING ANTIVIRAL PROTECTION 57 8 1 Working with objects stored in the check up database Bases In queue 58 8 2 Quarantine database 59 8 2 1 Working with quarantined mail message obje...

Page 5: ...y AV Updater 104 12 3 3 The Alerts window 110 12 3 4 The User account window 110 12 3 5 Task settings 111 CHAPTER 13 KASPERSKY REPORT VIEWER 112 CHAPTER 14 THE SETTINGS TREE 116 14 1 The Settings Tree...

Page 6: ...installed on this server The software searches for viruses in both message texts and in attached files In addition Kaspersky Anti Virus for Lotus Notes Domino scans for viruses in any attached archiv...

Page 7: ...ration database can be edited from any workstation via a web browser When scanning for viruses Kaspersky Anti Virus for Lotus Notes Domino uses an anti virus database that contains information require...

Page 8: ...rus either from our distributors retail box or in our Internet shop http www kaspersky com Buy online section When purchasing a retail box you will receive the following distribution kit A sealed enve...

Page 9: ...ill be provided with the following services for the period of your subscription daily virus definition database updates via e mail product upgrades phone and e mail advice on matters related to your s...

Page 10: ...ion To do this 1 Step 1 2 Actions that must be taken Task Example of a user defined task to be accomplished using this program Solution Solution of the task switch function of the switch Command line...

Page 11: ...mino server of version 5 06 and higher For a server running Lotus Domino R6 Windows NT 4 0 Service Pack 6a Windows 2000 Service Pack 2 and higher Linux Red Hat 7 2 8 0 SuSe 8 0 8 1 Kernel of version 2...

Page 12: ...o Administrator program in the Unrestricted LotusScript Java Agents list For Lotus Domino R6 also add the user account to the Run unrestricted methods and operations list 3 In the LocalDomainAdmins gr...

Page 13: ...art and in the next dialog window select the HTTP Web server task 10 Using any web browser open the kav50en nsf database e g http server address kav50en nsf 11 On the page that will open see Figure 1...

Page 14: ...ling the Linux version This directory does not store the antiviral kernel after web installation see below The kernel is always installed into the opt kav directory 14 Click on the Start Installation...

Page 15: ...and type ldconfig in the command line 3 Copy the license key to the opt kav keys folder 4 Update the anti virus databases using the update script from the opt kav folder 5 Launch the daemon process u...

Page 16: ...cct 5 Delete the program kernel if its version is older than 3 5 9 To delete the kernel Windows NT 2000 in the disk KAVENGINE folder run unreg bat and then delete the entire folder Linux In the server...

Page 17: ...ured nsf databases using Domino Administrator We recommend that you update the anti virus databases immediately after the installation of the product if this was not performed during the installation...

Page 18: ...nged by an administrator who knows their access password from any computer in the LAN or by using remote access To do so he must open the program using the web browser Kaspersky Anti Virus consists of...

Page 19: ...d in the respective lines of the report database log for more details please refer to section 8 3 on page 63 After starting the Hook module intercepts all messages placed by the Domino server to the m...

Page 20: ...the Domino server databases and processes them according to the preset antiviral protection parameters All the functions and actions of this module are similar to those of the Monitor module except f...

Page 21: ...Kaspersky Anti Virus for Lotus Notes Domino using the configuration database see Chapter 4 on page 30 4 1 Opening databases The sequence of operations required to open any database is identical excep...

Page 22: ...open the database using Lotus Notes Client do the following 1 Start Lotus Notes Client 2 In the password input window that will open see Figure 3 enter your access password and click OK 3 In the File...

Page 23: ...entre Configuration database Kaspersky AntiVirus for Lotus Notes Capture Database Check up database Kaspersky AntiVirus for Lotus Notes Quarantined Database Quarantine database If you start Lotus Note...

Page 24: ...rkspace of Kaspersky Anti Virus for Lotus Notes Domino 4 2 Granting access to the databases Setting up Kaspersky Anti Virus for operation means granting access to the program and to the quarantine and...

Page 25: ...he database shortcut 2 In the context window that will open see Figure 7 select the Database option 3 In the list that will appear select Access Control Figure 7 Path to the Access Control List window...

Page 26: ...4 3 Configuration database interface In order to open the configuration database do the following Left click on the configuration database shortcut This will open the configuration database window div...

Page 27: ...orking with Kaspersky Anti Virus for Lotus Notes Domino you can use its help system In order to open the configuration database help system do the following Click on the Help hyperlink located in the...

Page 28: ...s Show tips on using the program Navigation through the help system is carried out in the same way as with any hypertext document 4 5 Terminology In this document the interface elements of the program...

Page 29: ...Preparing to use Kaspersky Anti Virus for Lotus Notes Domino 29 Table 2 Interface element Name Button Option button Input field...

Page 30: ...jects to scan and other parameters of virus searching in mail messages These parameters are used by the Monitor module Each name of the parameters group is a hyperlink Clicking on the name opens a win...

Page 31: ...built in check up database In order to open this window you can use the Common hyperlink in the Settings section of the left frame of the configuration database see Figure 9 Set up the general operat...

Page 32: ...section of the left frame of the configuration database window see Figure 9 Setting the database scanning parameters you can Set the disinfection mode for the infected objects detected in the database...

Page 33: ...ion In the Kernel options section see Figure 12 the user can enable disable the cleaning mode for infected objects detected during scanning of the Domino server database In order to set the cleaning m...

Page 34: ...ecify the types of attachments to be scanned using the Mask parameter or exclude some types of attachment from scanning using the Exclude mask parameter for more details please refer to the section 5...

Page 35: ...w Exclude masks Include masks List of attached files masks that will be excluded from or included in the scan By default the following masks are specified in this input field TXT and DBF COM EXE DLL D...

Page 36: ...he databases that will be scanned The masks in the list must be separated by the character This parameter describes the databases located in the directory disk Lotus Domino Data i e if the user specif...

Page 37: ...rom the command line see Chapter 6 on page 53 5 3 Mail message scanning parameters Settings Scan of mail When scanning the mail messages of the Domino server the Monitor module uses the parameters set...

Page 38: ...infected objects detected during the mail message scan The procedure of enabling disabling this mode is similar to that described in section 5 2 1 on page 34 5 3 2 Scan of mail object types The Object...

Page 39: ...milar to those described in section 5 2 3 on page 34 5 4 Check up objects processing parameters Kernel Reply list Undefined reply Kaspersky Anti Virus for Lotus Notes Domino allows scanning not only o...

Page 40: ...rnel Return Code Status window Prior to setting the check up object processing parameters the user must select the object status see section 5 4 1 on page 41 For the check up object with the selected...

Page 41: ...indow see Figure 20 You can open this window using the Reply list hyperlink in the Kernel section of the left frame of the configuration database window see Figure 9 Figure 20 The Kernel Reply list wi...

Page 42: ...e actions dealing with object processing with any response are grouped under the corresponding sections of the kernel response windows see Figure 19 They are similar for all kernel responses 5 4 2 Set...

Page 43: ...sage itself is forwarded to the recipient and an attribute is added along with the mark of every infected object including information regarding the virus detected and the actions taken see Figure 21...

Page 44: ...ior to specifying the notification recipients select the antiviral kernel response that will trigger application of these settings It is advised that these settings are made for all antiviral kernel r...

Page 45: ...user specified parameters For example if the mail message contained two infected and one suspicious object then the notification would have three marks one for each object The check up mark parameter...

Page 46: ...fied code returned by the kernel For example in order to insert a template containing the virus name in the infected message body it is necessary to specify the following macros in the check up mark i...

Page 47: ...modules act according to the preset processing method Below we describe possible processing methods for objects with the Infected object status but the user can set similar parameters for other status...

Page 48: ...r the message body is redirected to the quarantine database The message itself is sent to the recipient with the check up mark and the message attribute In order to enable the quarantine mode for all...

Page 49: ...Yes check box for the Disinfect parameter if it was not checked Repeat this procedure for the Scan of bases window 2 Open the Clean object or Disinfected object status window see Figure 19 3 Select Re...

Page 50: ...7 select No for the Disinfect parameter if it was not checked Repeat this procedure for the Scan of bases window 2 Open the Clean object or Disinfected object status window see Figure 19 3 Select Skip...

Page 51: ...this procedure for the Scan of bases window 2 Open the Infected object status window see Figure 19 3 Select Skip as a processing method for infected objects To instruct the program to ignore infected...

Page 52: ...52 Kaspersky Anti Virus for Lotus Notes Domino Figure 24 An infected message with the check up template...

Page 53: ...eicar org anti_virus_test_file htm If you have no Internet connection you can create your own test virus To create a test virus type the following string in any text editor and save the file as eicar...

Page 54: ...cted the text of the virus body is changed for CURED DELE Infected object This object cannot be disinfected The first column of Table 1 lists prefixes to be added at the beginning of the string of the...

Page 55: ...avscanner quit To set the time and date of the next database scan by Scanner module type the following in the command line tell kavscanner setnewtime dd mm yyyy hh mm In order to maintain proper antiv...

Page 56: ...apply new settings for the configuration database immidiately type the following in the command line tell kavmonitor reloadopt tell kavscanner reloadopt To get help about Kaspersky Anti virus for Lot...

Page 57: ...antined as a result of scanning by the Scanner module You can work with these quarantined objects too for more details please refer to section 8 2 2 on page 61 Report database This database stores the...

Page 58: ...lete an infected object from it To view the check up database use the In queue hyperlink located in the Bases section of the configuration database window see Figure 9 A click on this hyperlink will r...

Page 59: ...i Virus for Lotus Notes Domino will detect any viruses in them but will be unable to delete them in archive In order to clean these infected files the administrator will have to unpack them first and...

Page 60: ...ation Sender The address of the sender of the retained mail message object Recipients The address of the recipient of the mail message object Subject The subject of the mail message Open A hyperlink t...

Page 61: ...s Figure 28 A message retained in the quarantine database 8 2 2 Working with quarantined database documents Bases Quarantine bases In order to work with the objects quarantine database of the Domino s...

Page 62: ...an be used to open the document in a separate window see Figure 30 Delete A hyperlink that can be used to delete the document Figure 30 A document retained in the quarantine database Every document st...

Page 63: ...ds grouped according to the module by which they were generated Monitor or Scanner The records group list is located in the Reports section in the left frame of the configuration database window see F...

Page 64: ...64 Kaspersky Anti Virus for Lotus Notes Domino Figure 31 The list of records grouped by the module Figure 32 A report log record...

Page 65: ...s well as file formats that require complicated analysis e g PDF Kaspersky Lab believes that the purpose of its anti virus is establishment of real anti virus security for its users instead of imagina...

Page 66: ...icense expires After expiration of the license Kaspersky Anti Virus won t work Therefore we will no longer be able to guarantee protection against new viruses Question My anti virus program does not w...

Page 67: ...in one archive before sending The report file The license key 6 Specify the approximate amount of daily traffic and whether or not the server has peak loads Question Is it possible for an intruder to...

Page 68: ...ering the following commands in the command line tell kavmonitor quit and tell kavscanner quit 2 Start the HTTP task on the server if it was not started previously 3 In any web browser open kav50en ns...

Page 69: ...rage ntf kav_quarantine ntf from the data directory of Lotus Domino server 4 Delete the directory in which the program was installed with all its contents 5 Delete the directory with temporary files 6...

Page 70: ...From the Control Centre automated From the command line From other applications of the Kaspersky Anti Virus package To start the Kaspersky AV Updater from the Windows Main menu go to the Start menu th...

Page 71: ...located in the middle of each box see Chapter 13 for usage instructions The control element configuration settings are grouped in a hierarchical tree 11 2 1 Step 1 The Welcome wizard box After the upd...

Page 72: ...from local folder Select this option to update from a user defined local folder Update Antivirus Bases Check this box to update anti virus bases Update Executable Modules Check this box to update exe...

Page 73: ...e allowing access to the updating server Password Use this field to define the password allowing access to the updating server Connections Use this branch to define the remote server connection settin...

Page 74: ...s in the dialog box or the corresponding commands of the right click menu Allows you to add a URL to the list Allows you to edit the URL highlighted in the list Deletes the URL highlighted in the list...

Page 75: ...Figure 41 The dial up options When configuring a dial up connection you can check the following check boxes Figure 41 Automatically connect on start Dial up automatically to your IP immediately after...

Page 76: ...h the Dialing message When you have dialed in successfully your username and password will be verified Figure 44 The Connected to Internet box User name and password verification In the Status line th...

Page 77: ...defined manually If you havee chosen to define the connection manually you must define the following settings Figure 48 Use a proxy server Firewall Check this box to use a proxy server or a firewall t...

Page 78: ...outlined in Figure 49 a box will open from which you should choose the updating folder 11 2 4 Choosing objects to be updated The following two check boxes are at the bottom of the settings tree Figure...

Page 79: ...user interface Show progress window Check this box to display the updating operation progress window see below Press the Next button to proceed with the updating operation Figure 51 The Options dialo...

Page 80: ...t is being updated The icon indicates a successful completion of this part of the updating process while shows that this part is currently being executed Figure 52 The retrieving updates window 11 2 7...

Page 81: ...Kaspersky Anti Virus Updater 81 Figure 53 The Finish box...

Page 82: ...ses The automated launch of the external programs allows you to use the Kaspersky AV Control Centre as a conventional task scheduler Usually there is no need to use other automated launch tools which...

Page 83: ...be able to import settings from this file see above Help Displays the Help topics window About Displays information about the product version the license name the license expiration date and more see...

Page 84: ...provides the program s graphic interface and supports communication between a user and the program If you unload only the interface sub program the tasks defined in the Kaspersky AV Control Centre set...

Page 85: ...s that is scheduled to start at some certain time or upon some event or as required by the user The page contains three frames In the left upper frame you can see each task listed with its correspondi...

Page 86: ...ay the date and time of the task launch the undertaken actions and their results and the object to which the action was applied At the bottom of the main window you will see a list of events with the...

Page 87: ...hat is running Pause Pause the selected task In this case the task is retained in memory but its performance is suspended Reload bases Reload the anti virus bases This command is used when you wish to...

Page 88: ...ropriate schedule will be saved Figure 58 Context menu for the task list Figure 59 Control Panel on the Tasks tab Copy Copy the selected task into the internal clipboard Paste Paste a task from the cl...

Page 89: ...save these task settings to a file in a shared folder on the server and later download this settings file onto another computer Some commands may be unavailable for some task types The tasks are launc...

Page 90: ...on your screen For details refer to subchapter 12 2 2 For example if there is a task called Automated update in the list and you press the key on the keyboard the list pointer will move to this task 1...

Page 91: ...at allows updating of your anti virus bases and executable modules in the Kaspersky AV Server folder This option button is called the Update Kaspersky Anti Virus from Kaspersky AV Server 12 2 3 The Co...

Page 92: ...Description Create task Creates a new task based on the selected component If you click on this button or select this menu entry the New task window will open See subchapter 12 3 Run Launches a task b...

Page 93: ...icons is located in the left pane of the window When you select a category the appropriate settings tree appears in the left panel If the window size is not sufficient to display all the categories th...

Page 94: ...ory the settings tree is displayed on the right The settings tree is based on the Setting Tree management element See chapter Chapter 13 for more details on how to work with this element When you limi...

Page 95: ...n the New password text field and confirm it in the Confirm password text field Protect resident task stopping If you check this box the program will prompt for the password when somebody tries to sto...

Page 96: ...Figure 68 The Disabled tasks branch This feature can be enabled on the Disabled tasks branch see Figure 68 This product version has only one option available Run user program If you check this box us...

Page 97: ...s is limited to 10 This means that when Kaspersky AV Control Centre receives the eleventh alert from a task the received alert list will be automatically cleared If the Process alerts by Kaspersky AV...

Page 98: ...tains the SMTP server address which can be typed in as decimal notation e g 125 5 29 1 or as full domain notation e g test mail ru or short notation e g test SMTP server port Contains the SMTP server...

Page 99: ...ry depending on the region 12 2 4 2 2 Send mail using MAPI If you have the Windows 95 98 operating system running on your computer the Kaspersky AV Control Centre application allows you to set up mess...

Page 100: ...mode of a program setting The Customize category includes two sections Play sound on event and Appearance Here is a short description Play sound on event Set sound effects following the execution or c...

Page 101: ...aunch regardless of type Task finished successfully Play the sound at successful task completion i e if the task has not been canceled by the user and has not terminated with errors Task canceled by u...

Page 102: ...f the task list window of the Tasks tab Component window background The Components tab background color Event list window background The Tasks tab background color Figure 77 below shows the example of...

Page 103: ...for different scan parameters for each task Task launch can be scheduled to activate automatically at a certain event occurrence or on the direct command of a user Real time scanning Launches the Kasp...

Page 104: ...ask window 12 3 2 The Schedule window for Kaspersky AV Updater When creating a Kaspersky Anti Virus Updater task in the Schedule window you should set the conditions and frequency of the launch Figure...

Page 105: ...he required start option in the left part of the window then set up the schedule according to details described in the subchapters below 12 3 2 1 Launching on event The Kaspersky AV Control Centre all...

Page 106: ...ge components In this product version this is realized in the following way the user can create a task that will be launched provided that Kaspersky Anti Virus closes down with a certain return code T...

Page 107: ...iled The created task will run only in the case of main task failure Canceled The created task will run only if the user cancels the main task 12 3 2 3 Launching hourly Figure 82 Start the task every...

Page 108: ...te Creates a new launch time record When you select this option and the Time window is activated you must type in the task launch time You can display this window by double clicking with your mouse in...

Page 109: ...me Figure 84 illustrates setup of a task launch on Monday 3 40 a m and 10 40 p m and on Friday 3 40 a m and 10 40 p m 12 3 2 6 Launching monthly To set up the task to be started each month on schedule...

Page 110: ...persky AV Control Centre can be launched as a Windows system service before login In this case define the user account to be used by the task The user account contains information about the user such...

Page 111: ...task parameters specific for this type of task As a rule the contents of these settings are equivalent to the tabs Let s take a look at task types and windows that are activated during this phase Tas...

Page 112: ...main window Figure 88 contains the following items Menu Tool bar List of sessions within the current file you can open only one report file at a time Report table Status bar To view a session report s...

Page 113: ...Toolbar button Menu commands Function View Always on top Sets the program main window to overlay all other windows on your Windows desktop File Open Allows you to open a selected report file File Save...

Page 114: ...89 appears in the report window when you press the toolbar button or select the Find command in the Edit menu To search for a string or section of it enter it in the String to find text field define t...

Page 115: ...ch function detects the first string or the string section matching the predefined search criteria you can move to the next string meeting the same criteria by pressing the toolbar button or selecting...

Page 116: ...ll controls are illustrated by pictures so you can see how they look like in the program windows 14 1 The Settings Tree Every joint in this tree may have branches If a branch is visible the correspond...

Page 117: ...rol 14 2 1 Check box A check box may be Unchecked meaning that this type of virus check will not be performed Checked meaning that the program will perform this type of virus check To check and unchec...

Page 118: ...elect and deselect an option button you must use the following methods Aim May be done using To select the option button The Space key on your keyboard The command of the right click menu Your mouse t...

Page 119: ...Input field defining the path to To edit the value of the path field you must use the conventional Windows dialog to select the directory or file The path input field To edit a path field value use th...

Page 120: ...and CTRL key combinations Figure 90 Drop down list 14 3 Control Indicators Figure 91 Disk hierarchy When setting your anti virus application to check for viruses in the disk hierarchy you must use the...

Page 121: ...he group indicator status To restore these items to inheriting the group rules you must select the Remove Strict command from the right click menu The control indicator will have the following appeara...

Page 122: ...occupy a boot sector or Master Boot Record of the infected disk or change pointer to the active boot sector Macro viruses which infect documents and spreadsheets of several popular editors Network vir...

Page 123: ...ow and in some operating systems the active period of the boot viruses ends when the OS disk drivers are installed The use of STEALTH FEATURES enables a virus to conceal itself partially or completely...

Page 124: ...cal and or sound and or other kinds of effects that are generally harmless though they may be extremely annoying Harmful viruses which may seriously interfere with the computer s performance Hot virus...

Page 125: ...uter virus activities enables the company to deliver comprehensive protection from current and even future threats Resistance to future attacks is the basic policy implemented into all of Kaspersky La...

Page 126: ...ript viruses malicious ActiveX and Java applets etc The program constantly controls all possible sources of virus penetration such as e mail Internet floppy disks CDs etc Kaspersky Anti Virus Personal...

Page 127: ...deliver enhanced privacy and 100 security of confidential data stored on your computer The product s SmartStealth technology prevents hackers from detecting your computer from the outside In this ste...

Page 128: ...The Kaspersky Anti Virus Business Optimal distribution kit includes Kaspersky Administration Kit a unique tool for automated deployment and administration You are free to choose from any of these anti...

Page 129: ...thods of e mail filtration including RBL lists and formal letter features Its unique combination of services allows users to identify and wipe out up to 95 of unwanted traffic Installed at the entranc...

Page 130: ...130 Kaspersky Anti Virus for Lotus Notes Domino General information WWW http www kaspersky com http www viruslist com E mail sales kaspersky com...

Page 131: ...interception module Hook 19 Mail message scanning module Monitor 19 Operation pattern of Kaspersky Anti Virus for Lotus Notes Domino Scan of bases module 19 Quarantine database for documents 62 Quara...

Page 132: ...ASPERSKY LAB DISTRIBUTOR OR RESELLER THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER All references to Software herein shall be deemed to include the software activation key Key...

Page 133: ...not intend to make such information available for any reason including without limitation costs you shall be permitted to take such steps to achieve interoperability provided that you may only reverse...

Page 134: ...of the Key File unless and until earlier terminated as set forth herein This Agreement will terminate automatically if you fail to comply with any of the conditions limitations or other requirements...

Page 135: ...en consent of Kaspersky Lab You shall implement reasonable security measures to protect such confidential information but without limitation to the foregoing shall use best endeavours to maintain the...

Page 136: ...use of reasonable skill and care 7 Limitation of Liability i Nothing in this Agreement shall exclude or limit Kaspersky Lab liability for i the tort of deceit ii death or personal injury caused by it...

Page 137: ...y Lab whether oral or in writing which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreement...

Reviews: