background image

 

17. Appendix C. 

Classifying computer viruses 

Discussing various virus types. 

The 

computer virus 

is a computer program

 

(that is, executable code 

and/or a collection of instructions) that can replicate itself (though the copy 
may not necessarily exactly match the original) and penetrate files and 
other resources of computer systems and networks and make them per-
form tasks the virus dictates without the user’s permission. Copies of the 
program are also capable of self-replication. 

Computer viruses can be classified using the following criteria: 

• 

environment

;  

• 

operating system

;  

• 

algorithm features

;  

• 

destructive capabilities

If we classify viruses according to 

environment

, we come up with the fol-

lowing types: 

• 

file

 viruses infect executable files (the most widespread virus 

type), create twin-files (companion viruses), or use features of 
the operating system arrangement (link viruses);  

• 

boot

 viruses occupy a boot sector or Master Boot Record of the 

infected disk, or change the pointer to the active boot sector;  

• 

macro

 viruses infect documents and spreadsheets of several 

popular editors;  

• 

network

 viruses use network and e-mail protocols and instruc-

tions to spread themselves. 

Of course, you may run across combination viruses. For example, 

file-boot-

viruses

 infect both files and boot sectors. Such viruses usually apply ex-

tremely complicated performance algorithms and absolutely new methods 

284 

Summary of Contents for ANTI-VIRUS - FOR FREEBSD-OPENBSD-BSDI MAIL...

Page 1: ...KASPERSKY LAB Kaspersky Anti Virus for FreeBSD OpenBSD and BSDi Mail Server USERGUIDE...

Page 2: ...K A S P E R S K Y A N T I V I R U S F O R F R E E B S D O P E N B S D A N D B S D I M A I L S E R V E R User Guide Kaspersky Lab Ltd http www kaspersky com Revision date June 2002 1...

Page 3: ...5 Conventions 16 2 INSTALLING ANTI VIRUS 18 2 1 Software and hardware requirements 18 2 2 Backing up your installation diskettes 19 2 3 Step By Step Installation 19 2 3 1 Installation of Anti Virus fo...

Page 4: ...I VIRUS SCANNER AND DAEMON PROCESS USING SWITCHES AND PROFILES 38 5 1 Scanning settings 38 5 2 How to change settings 39 5 3 Settings for a separate location to be checked 40 5 3 1 Defining the locati...

Page 5: ...AIL QMAIL POSTFIX AND EXIM 72 7 1 Features of the Keeper program 72 7 2 Integrating Anti Virus with sendmail 74 7 3 Integrating Anti Virus with Qmail 76 7 4 Integrating Anti Virus with Postfix 78 7 5...

Page 6: ...ing Monitor 105 8 4 Reviewing the performance results 106 8 5 Troubleshooting 106 9 SLOGAN PROCESSING AND SUMMARIZING THE PERFORMANCE REPORTS 109 9 1 Features and functions 109 9 2 Launching Slogan 11...

Page 7: ...REMOTE ADMINISTRATION PROGRAM 139 11 1 Functions and features 139 11 2 General concept of the program performance 140 11 3 Installing WebTuner Access rights 142 11 3 1 The WebTuner components 142 11...

Page 8: ...11 8 1 Scanner settings 174 11 8 2 Remote configuration of the Scanner program 176 11 8 3 Launching Scanner from a Remote Location 177 11 8 4 Reviewing the log file 179 11 9 WebTuner administering Upd...

Page 9: ...for recipients 210 11 10 7 The restricts page restrictions for the Keeper 210 12 UPDATER UPDATING VIRUS DEFINITION DATABASES 213 12 1 Function and features 213 12 2 Starting the Updater 214 12 3 How...

Page 10: ...rf 238 16 4 Scanner and Daemon command line switches 249 16 5 Scanner and Daemon report messages 256 16 6 Scanner and Daemon exit codes 257 16 7 Slogan report templates 259 16 8 Inspector command line...

Page 11: ...C O N T E N T S 18 2 Other Kaspersky Lab AntiViral Products 289 18 3 Kaspersky Lab Contact Information 292 19 INDEX 293 10...

Page 12: ...or xBSD Mail Server KasperskyTM Anti Virus for FreeBSD OpenBSD and BSDi Mail Server Kaspersky Anti Virus for xBSD Mail Server is a software product that is designed to search for and delete viruses1 f...

Page 13: ...ruses in your opera tion system on demand2 The kavdaemon anti virus process Daemon allows integration of the vi rus check process into your programs and kavmonitor the anti virus file monitor Monitor...

Page 14: ...and to check for viruses in files with respect to the methods used to penetrate these files The package component WebTuner allows you to remotely manage Kaspersky Anti Virus for xBSD Mail Server The...

Page 15: ...agreement Before you unseal the envelope with CD or diskettes be sure to thoroughly review the license agreement 1 2 2 License agreement The License Agreement LA is a legal agreement between you eithe...

Page 16: ...ration you obtain the status of registered user of Kaspersky Anti Virus for xBSD Mail Server and will be provided with product support and virus definition database updates for the period of your subs...

Page 17: ...ook What is in this documentation and what is not This book contains information on how to install customize and manage the software product It explains the basic concepts and the way they can be appl...

Page 18: ...Actions that must be taken Function of the con trol function of the control Description of the settings tree switch function of the switch Command line switches Strings in the command line Text to be...

Page 19: ...ail Server In order to run Kaspersky Anti Virus for xBSD Mail Server you need a system that meets the following requirements a PC compatible computer with 486 CPU or better and at least 64 Mb of RAM r...

Page 20: ...s 2 3 Step By Step Installation Descriptions of each step to be taken when installing Kaspersky Anti Virus for xBSD Mail Server on a computer 2 3 1 Installation of Anti Virus for FreeBSD To install th...

Page 21: ...er copy edit the BasePath value in the file AvpUnix ini The BasePath parameter defines the path to the virus definition database directory For addresses of the servers from which you may download new...

Page 22: ...start it manually by entering the string start kavd sh start in the command line If any component of the Kaspersky Anti Virus for FreeBSD software package failed to start apply the launching procedure...

Page 23: ...om any directory create appropriate links in the directory usr bin or usr local bin For a list of files that are critical for the program s performance refer to Appendix A 2 4 Preparing to run How to...

Page 24: ...the name of your set file i e settings file of your virus definition databases you must specify its new name in the SetFile line of your AvpUnix ini Otherwise when started the Scanner and the Daemon...

Page 25: ...y for temporary files must be defined by editing the corresponding settings in the settings files of these programs 2 4 3 Customizing software for several users If you want to enable two or more diffe...

Page 26: ...BSD Mail Server you must define objects to be checked how to handle those objects advanced scanning tools to be used etc The program loads scanning settings from a profile the prf extension file that...

Page 27: ...sed For example kavscanner V H root This command line enables the anti virus scanner to check the directory root by using two advanced scanning tools a redundant check and a heu ristic tool To define...

Page 28: ...following kavdaemon This command execution will start the daemon process and loading of the virus definition databases into the system memory To start checking in your home directories for example yo...

Page 29: ...updates You may also refer to the site at www kaspersky com for a complete list of Kaspersky Lab dealers that can provide you with updates To efficiently protect your computer from new viruses it s a...

Page 30: ...ommand line or from the specially developed script file If your Scanner when started does not detect the key file the pro gram will function as a demonstration copy i e it will be disabled from scanni...

Page 31: ...pUnix ini your Scanner will load settings from this file However if when started the program will find no profile it will use its default settings Finally settings from the profile may be redefined by...

Page 32: ...rogram 4 2 1 Loading anti virus scanner When started Scanner loads virus definition databases If the operation was successful you will see the following message at the bottom of your screen Antiviral...

Page 33: ...message specify the objects to be checked by your Scanner If you started the program with no predefined location to be checked the following message will appear on your screen Nothing to scan You shou...

Page 34: ...the virus will be deleted and the object will be restored to its virus free state close to the original Delete delete the object Cancel ignore the object and continue with checking Stop abort the chec...

Page 35: ...ress ENTER To cancel it type N and press ENTER The sector check function under your operating system may be not available If you confirm the action Scanner will right away start disinfecting the sec t...

Page 36: ...new query Delete all non disinfected objects Yes No If you choose to confirm the action the program will automatically de lete all infected objects that it is not able to disinfect If you cancel the...

Page 37: ...s to Kaspersky Lab so that they could be studied for example you may use the address newvirus kaspersky com You may also deliver these objects to the Kaspersky Lab distributor that sold you copy of Ka...

Page 38: ...of viruses detected by Kaspersky Anti Virus for xBSD Mail Server Virus bodies the number of files infected by a known virus Disinfected objects from which viruses were de leted Deleted deleted objects...

Page 39: ...How to handle in fected objects Prior to checking for viruses in your computer you must define Location to be checked system sectors including Boot Sector Master Boot Record Partition Table files on...

Page 40: ...ogram According to tests our heuristic analyzer enables a user to detect more then 92 of unknown viruses from the Kaspersky Lab virus collection Logging reports of the check to a file the program can...

Page 41: ...you need an irregular set of settings For example you may need to check some directory for viruses in archives or mail da tabases In this case it is advisable that you start the anti virus scanner fr...

Page 42: ...d will check for viruses only in files of the root vir and root tst directories To exclude a directory from the loca tion to be checked prefix it with the character This feature is very useful since n...

Page 43: ...ust define objects that will be checked for viruses The program can check for viruses in objects of the following types sectors see subchapter 5 3 2 2 The sector check function under your operating sy...

Page 44: ...disks defined in the Names line 5 3 2 3 Files To scan files within the selected location 1 Type Yes in the Files line of the profile 2 To be more specific type one of the following values for the File...

Page 45: ...line in this file contains only one name of a file with the full path to it If the optional charac ter is specified in the switch i e filename upon completion of the task the filename file will be de...

Page 46: ...Mask line For daily preventative checks type Yes in the Sectors and Files lines and 0 in the FileMask line and disable archives and packed executables scanning tools 5 3 2 4 Packed executables Scanner...

Page 47: ...ected the files when they were already packed The unpacking device is able to correctly unpack files that have been com pressed multiple times It can also deal with some versions of immunizers program...

Page 48: ...ives it only detects them The unpacking engine generates temporary files in the directory de fined by the TempPath parameter in the TempFiles section of a profile see subchapter 5 4 2 The extracting e...

Page 49: ...to the command line switch MD The switch MD enables and the switch MD disables your anti virus scanner to check for viruses in mail databases While scanning mail databases Kaspersky Anti Virus for xB...

Page 50: ...ky Anti Virus for xBSD Mail Server reported some sus picious file or sector it s advisable that you contact our help desk department Send these objects to Kaspersky Lab so that they could be studied f...

Page 51: ...witch or I2 There are available two more command line switches for this action the switch I2S automatically disinfects infected objects and skips objects that cannot be disinfected and the switch I2D...

Page 52: ...rofile The directory for copies of the infected files must be defined in the appropriate line of the ActionWithInfected section of a profile see subchapter 5 4 3 5 3 4 Defining the advanced scanning t...

Page 53: ...will be deleted but some of its parts will remain in the file This is the case when you need to run the re dundant scan operation that will check not only the file entry points but also the entire co...

Page 54: ...size doesn t exceed 300 bytes Win32 the file seems to be infected by an unknown Windows virus Formula the Excel file contains suspicious instructions Of course just like any other of the type the heu...

Page 55: ...f unnaturally slows performance from applications etc Oth erwise we do not recommend enabling the redundant scanning tool as it noticeably slows down the scanning rate and increases the probability of...

Page 56: ...Mail Server virus definition databases and actions to be taken in case the databases are in fected The performance settings in this section also allow you to define messages that will be displayed by...

Page 57: ...tion of a profile Otherwise the program will be enabling the redundant scanning tool without the confirmation The setting will be used only for that location to be checked which has a positive value Y...

Page 58: ...all the other ob jects have been scanned type Yes in the ScanSubDirAtEnd line of the Options section of a profile Otherwise type No This setting will be used only for that location to be checked whic...

Page 59: ...Define the maximum number of simultaneously scanned files in the LimitForProcesses line To implement the loop scanning for viruses 1 Type Yes in the EndlesslyScan line Otherwise type No 2 Define the...

Page 60: ...used only if you entered a positive value Yes in the UseMemoryFiles line of the Tempfiles section Values in the LimitForMemFiles and MemFilesMaxSize lines must not exceed RAM on your computer To defin...

Page 61: ...path to the folder for suspicious files in the Suspicious Folder line The default folder is suspicious To copy corrupted files to a separate folder in the ActionWithCorrupted section of a profile Typ...

Page 62: ...e None To change access attributes of infected suspicious and cor rupted files that the program failed to desinfect define the target attribute mask in the ChModTo lines of the above sec tions For exa...

Page 63: ...of the log file type Yes in the Append line Type No to overwrite the report with the new one To be reported on every examined object type Yes in the RepForEachDisk line To define the log file attribut...

Page 64: ...nabled to log check reports to the system or the user log To add check results to the system log type Yes in the UseSysLog line Type No to add check results to the user defined file The positive value...

Page 65: ...d line switch O The switch O enables and the switch O disables the messages ShowPack reports packed and archived objects Type Yes to enable these messages or No to disable them This parameter correspo...

Page 66: ...xBSD Daemon operates as a system process and inherits all the functions of Scanner therefore our description of the Scanner capabilities can be applied to Daemon Unlike the anti virus scanner Daemon l...

Page 67: ...his is related to the specific operation mode of the process see subchap ter 6 2 6 2 Launching the daemon process The Daemon command line Command line switches specific to the daemon process The Daemo...

Page 68: ...er of the profile The objects to be checked are defined by the switch o in the command line see below The list of available switches includes those described for Scanner see Appendix B except for the...

Page 69: ...s from the client programs the secondary process reports performance of the first It is possible to disable the second process dl disables start of the secondary daemon process The Daemon command line...

Page 70: ...y section of the profile 6 3 Calling up the process from a client program How to call up the process from a client program The example To call up the existing daemon process from the client program fo...

Page 71: ...The mode is used if the objects are checked without being intermediately saved onto the disk In this case the general format of the string is flags date_and_time switch length where is the character s...

Page 72: ...it The value 0x1 in the high byte means that there should be 4 bytes read containing a size of the report buffer and then the buffer 5 Delete the socket The distribution kit includes the protocol imp...

Page 73: ...ogram Describing functions and features of the program Keeper is designed to handle viruses in incoming and outgoing SMTP traf fic The program is built into the mail server in order to check for virus...

Page 74: ...iruses and disinfects it If a virus is detected in a message body or its attachments the daemon process returns the corresponding code to Keeper that depending on the returned value may perform the fo...

Page 75: ...ng the install sendmail script file or manually To integrate the program manually you must first start the WebTuner pro gram which allows you to edit the Keeper configuration file For details on the W...

Page 76: ...cations in the Keeper e mail text field On the groups page see subchapter 11 10 3 1 select the required group of user addresses and press the properties button On the administrator page of the dialog...

Page 77: ...tegration of Kaspersky Anti Virus for xBSD Mail Server with the Qmail mail system can be implemented by starting the install qmail script file or manually To integrate the program manually you must fi...

Page 78: ...On the main page see subchapter 11 6 2 specify the following working path for the Sender mailer Recipient mailer and Admin mailer pa rameters qmail var qmail bin qmail que enter the host name where Ke...

Page 79: ...o integrate Keeper into the Postfix mail system manually fol low these steps 1 Check the version number of your Postfix mail system The version number must be more than snapshot_20000529 If it is not...

Page 80: ...fy the following working path for the Sender mailer Recipient mailer and Admin mailer pa rameters smtp localhost 10026 enter the host name where Keeper will be running in the Hostname text field enter...

Page 81: ...e Exim mail system must also support the lmtp protocol To integrate Keeper into the Exim mail system manually follow these steps 1 Copy the configuration file for example exim conf into the file exim...

Page 82: ...page see subchapter 11 10 3 1 select the required group of user addresses and press the properties button On the administrator page of the dialog window on your screen see subchapter 11 10 3 4 use the...

Page 83: ...tions in this window allow customization of various processing rules for different address groups Every address group has its own name and is defined by the list of incoming and outgoing addresses For...

Page 84: ...ng delivered to the destination mailboxes and to forward these messages to the administrator If required the program may also be preset to notify the infected message sender Example 2 If a system admi...

Page 85: ...the right address group The address groups and the appropriate settings are defined in the Keeper configuration that can be changed using the WebTuner program for details refer to subchapter 11 10 For...

Page 86: ...is applied by Keeper to a message is as follows 1 The program searches for the message address in the user defined address groups If or when the address is detected the message is processed according...

Page 87: ...From addresses In order for the Keeper program to process incoming and or outgoing mes sages belonging to a certain user s address list you must use the Web Tuner program to create an address group a...

Page 88: ...for viruses by the Keeper program in the Re cipient mask text field The masks must be entered in compliance with the POSIX regexp standard If you do not define any value for the Recipient mask or the...

Page 89: ...1 On the groups page see subchapter 11 10 3 1 select the required group name and press the properties button 2 On the recipient page of the dialog window on your screen see subchapter 11 10 3 6 check...

Page 90: ...for the Infected object type on the recipient page and select Remove from the corresponding Object action drop down list The program will send the notification to the re cipient without the infected o...

Page 91: ...the recipient page check the Add report check box for the Infected object type and select Remove from the corresponding Object action drop down list The program will delete the infected object from t...

Page 92: ...it If the object could not be disinfected it will be deleted Figure 5 The notification as it looks in the recipient mailbox Figure 6 The message disinfected and attached to the notification 7 6 2 4 2...

Page 93: ...age see subchapter 11 10 3 6 check the Block mail check box for the Infected object type and select Unchanged from the corresponding Object ac tion drop down list 7 6 2 4 3 Delivering only disinfected...

Page 94: ...fect infected mes sages on their computers To set the program to pass messages without checking them follow these steps 1 On the masks page uncheck the Check this group check box for the selected grou...

Page 95: ...delivered to the recipient without checking When processing files that meet the filtering conditions Keeper follows processing rules defined on the administrator sender and recipient pages for the Fil...

Page 96: ...f all infected messages from to ad dresses that are included in the address group The program will report viruses that were detected and attach the infected message to it Figure 7 The notification wit...

Page 97: ...detected in their messages without reference to whether the message is disinfected or not Figure 8 The notification as it looks in the sender mailbox 7 6 3 Defining attributes of the notification Kee...

Page 98: ...and the daemon process To define communication between the Keeper and the kavdaemon proc ess use options located in the Daemon connect section on the Web Tuner main page for details refer to subchapt...

Page 99: ...er program for details refer to subchapter 11 10 The following command line switches are available database_name sets Keeper to use the defined settings base h displays the list of command line switch...

Page 100: ...ey are opened saved or executed The program handles files of FreeBSD OS FTP HTTP HTTP Proxies POP3 Samba and other network servers whose filesystems are located on the local computer When the program...

Page 101: ...ring of files to be opened saved or executed you must first install and assemble the kernel anti virus module The module is supplied together with the Monitor program and is called kavmon The main fea...

Page 102: ...nent of which cannot per form its functions without the others The kavmon anti virus module and Monitor are supplied as a source code and therefore must be assembled before you are able to launch them...

Page 103: ...file rename rename the infected file by adding the string infected to its extension none ignore the file This is the default value For example the section line may look similar to the following Write...

Page 104: ...void the prob lem there was developed the cache memory that stores these files names and the time when they were last checked This way before checking for viruses in a file Monitor searches the cache...

Page 105: ...asing the number of files to be processed simultaneously However it may slow down your operating sys tem performance therefore it is advisable to scan not more than 5 to 15 files at once To define the...

Page 106: ...while checking for viruses and deleting them the program applies the Daemon settings For example if a directory is not included in the location to be checked by the Daemon program it will be ignored a...

Page 107: ...ssible problems see subchapter 8 5 8 4 Reviewing the performance results How to review the performance results While checking for viruses in the files to be opened saved or executed the Monitor progra...

Page 108: ...rrectly installed By en tering the kldstat command in the command line display the list of load able modules and check whether the kavmon kernel module is in the list If when launching the Monitor you...

Page 109: ...gram Set Daemon to check for viruses in all directories to be protected Monitor is not able to detect viruses in files that are saved within a NTFS filesystem whose server is running on the local comp...

Page 110: ...ram The Slogan program is developed to process and summarize data within the performance reports of the Scanner and the Daemon programs Slogan performs the following functions summarizes the scanning...

Page 111: ...m with No switches in the com mand line the list of available switches will appear on your screen You can also display this list by using the command line switch h When starting Slogan you can use the...

Page 112: ...the summary report using template tm see Figure 10 and this report is similar to the one described in subchapter Figure 10 The example of a summary report produced by Slogan ds dd mm yyyy The program...

Page 113: ...m in the monitoring mode The real time monitoring mode allows you to track changes in the prede fined log file and study them The general format of the command line for Slogan in the monitoring mode i...

Page 114: ...le can be sufficiently large it is advisable to use this switch prev This switch enables the program to study all the data presented in the log file r This switch redisplays the log file if it became...

Page 115: ...bjects detected Deleted objects deleted Warnings modified and corrupted viruses detected The end of the monitored log file The key combination CTRL C allows to exit the real time monitoring mode Figur...

Page 116: ...s you to create and edit profiles i e files containing a certain set of predefined settings of the anti virus scanner and the daemon process the list of objects to be checked for viruses the way infec...

Page 117: ...hes g This switch enables defUnix prf located in the directory usr local share AVP to be used as a profile ps This switch enables Tuner to manage only the Scanner settings pd This switch enables Tuner...

Page 118: ...To select a menu press the key ALT and a key with the letter that is highlighted in the name of the menu If you started Tuner via telnet to use a hotkey you must first double press the key ESC and th...

Page 119: ...evious page select Previous Page in the Settings menu Use the following keys when selecting options within a page HOME move the cursor to the beginning of the text field END move the cursor to the end...

Page 120: ...in window will appear on your screen 2 Change settings as you wish for details see subchap ters 10 5 10 9 3 Select Save Profile As in the File menu The Save Pro file dialog will appear on your screen...

Page 121: ...edit 4 Select the profile 5 Press the Open button Settings from this profile will be loaded into the main window To cancel loading of the profile settings press the Cancel button 6 Change the require...

Page 122: ...viruses In the Location page see Figure 12 you can define the list of directories to be scanned for viruses Figure 12 The Location page The Location page corresponds to the Object section of a profile...

Page 123: ...ng the check prefixed with item must be neutral no prefix To add a directory to the list 1 Press the Add folder button The Add folder dialog window with the Directory Name field the corresponding drop...

Page 124: ...eparate directory To do this follow these steps 1 Select the required directory with the arrow keys or with your mouse By default the program selects the first directory in the list 2 Press the Proper...

Page 125: ...directories on the Location page for instructions about how to add a directory to the location to be checked see subchapter 10 5 1 The directory will be added to the list and prefixed with Cancel all...

Page 126: ...2 5 The extracting and unpacking engines noticeably slow down the Kaspersky Anti Virus for xBSD Mail Server scanning rate Therefore we recommend enabling these engines only if the probability that yo...

Page 127: ...nd Ac cess and Java applets Thereby this value scans all the files that are capable of containing a virus code Programs scans all the files with extensions bat bin cla cmd com cpl dll doc dot dpl drv...

Page 128: ...ectory tree in the Add folder box for details see subchapter 10 5 1 10 5 2 3 The directory Property window Defining anti virus actions Options on the Property window Actions page see Figure 14 allow y...

Page 129: ...ill be displayed and if preset logged into the file The program will not delete unrecoverable objects Delete object automatically deletes unrecoverable objects Enable the program to backup infected fi...

Page 130: ...ut off In this case to detect the virus the thorough check redundant scanning tool must be used Redundant scan check this box to enable the redundant scanning tool Scan subdirectories check this box t...

Page 131: ...o ries to be checked the cumulative location to be checked The Options page corresponds to the Options section of a profile Figure 16 The Options page To define whether and how the program must check...

Page 132: ...ory created temporary file define the maximum size in Kb in this text field The default value is 3000 Kb and it means that the temporary files exceeding this size will be cre ated on the hard drive Me...

Page 133: ...e loops 10 7 The Report page Options located on the Report page Options on the Report page of the Tuner main window see Figure 17 allow you to define the format and the contents of the program reports...

Page 134: ...nefeed characters to separate records in the log file By default records in a log file are separated with the linefeed character only Therefore in some text editors it will be difficult to review thes...

Page 135: ...e optional information that must be added to the report Check the Showing button to display the corresponding dialog window see Figure 18 that is divided into the following two parts The working area...

Page 136: ...e modification of a known virus Show corrupted in the log check this box to be reported about the examined corrupted objects Show unknown in the log check this box to be reported about the detected un...

Page 137: ...Kaspersky Anti Virus for xBSD Mail Server Figure 19 The ActionWith page We recommend that you enter an absolute path to suspicious and infected folders but not relative Be careful when handling infec...

Page 138: ...oup By default the value is No meaning that the program does not change the access attributes 10 9 The Customize page Options located on the Customize page Options on the Customize page of the Tuner m...

Page 139: ...age check this box to be asked for con firmation when deleting an infected object This setting will be used only for the directory to be checked with checked Delete objects automatically box on the Ac...

Page 140: ...nti Virus for xBSD Mail Server i e to change settings and launch the package components locally or from a remote location Management of the WebTuner program is implemented via the web browser WebTuner...

Page 141: ...ine its settings as it is de scribed in subchapter 11 3 2 A web server allows you to limit the group of users authorized to work with WebTuner This kind of limitation is implemented by creating a file...

Page 142: ...ain of interconnections to be imple mented when working with Kaspersky Anti Virus for xBSD Mail Server via WebTuner Figure 21 Calling up Kaspersky Anti Virus for xBSD Mail Server from WebTuner The seq...

Page 143: ...ng access rights to the programs 11 3 1 The WebTuner components Right after the installation of Kaspersky Anti Virus for xBSD Mail Server on your computer see chapter 2 the WebTuner program will be lo...

Page 144: ...file _httpd init are located in the directory usr local share AVP httpd and are correct INIFILE path to the web server configuration file For example the string may look like the following INIFILE usr...

Page 145: ..._SSL only if you are sure 3 Verify and edit if not correct the following strings of the file loader cfg located in the subdirectory html settings CgiDir path to the cgi bin directory For example CgiDi...

Page 146: ...e files providing the commu nication privacy To do this open the Open SSL project pro grams and follow these steps Create the key and the certificate request openssl req new cert csr Delete the passwo...

Page 147: ...oot di rectory points to the extracted html directory and register the alias for this directory in the existing server 2 Edit the server settings to define the file index html as the de fault file for...

Page 148: ...ights of another user If you want to redefine the user running the server follow these steps 1 Be enter the host name where Keeper will be running sure that the target user is authorized to read write...

Page 149: ...py To be able to run WebTuner you must have the corresponding rights Only the users listed in the htpasswd file are authorized to access the web server root directory and the directories with the prog...

Page 150: ...https your_server_name port where your_server_name is the server with preinstalled WebTuner port is the server port defined in the file _httpd conf located within the directory conf in the URL text f...

Page 151: ...Virus for xBSD Mail Server components 11 5 Interface Discussing the interface When you start the program the main window appears on your screen see Figure 23 This window contains the list of controll...

Page 152: ...cted program to start the program and to review its performance reports The functions and the quantity of buttons depend on the list item you selected To delete an item from the list follow these step...

Page 153: ...Tuner program you can define its own configuration The configuration options are located in the WebTuner configure window To display the window with the program configuration options follow these step...

Page 154: ...settings for details refer to subchap ter 11 6 2 The modules page contains the list of software modules that can be administrated from WebTuner and the buttons allowing you to edit the list and prope...

Page 155: ...page To insure correct performance of the WebTuner program follow these steps 1 Enter the full path to the cgi bin directory in the WebTuner CGI directory text field You can do this manually or by us...

Page 156: ...ade 11 6 3 The modules page remote administration settings The list of modules to be remotely administered from WebTuner and their properties can be edited using the add delete and properties buttons...

Page 157: ...n 2 Enter the new module name in the Name text field of the Add new module window on your screen 3 Press the add button The new module will appear in the list To remove an item from the list follow th...

Page 158: ...y the CgiDir parameter in the file loader cfg will the corresponding module be added to the Pro grams list in the WebTuner main window Exec file name the executable file name for the cor responding mo...

Page 159: ...he WebTuner main window with the corresponding pro gram selected from the Programs list For details on the macroinstructions that are used in the above text field values refer to subchapter 16 15 of A...

Page 160: ...erlinks appear at the bottom of the window run config default config and view log see Figure 28 These are the links allowing you to display windows with Dae mon related options and commands The Daemon...

Page 161: ...p down list in the win dow on your screen and press the open button 3 Edit the daemon settings using appropriate pages in the win dow on your screen for details refer to subchapter 11 7 2 When you hav...

Page 162: ...for example by using the F switch in the Daemon command line The Profile tuning window see Figure 29 contains the following items Hyperlinks allowing you to switch to the following pages The objects p...

Page 163: ...ault profile save as saves the defined settings to a profile dif ferent from the default one exit allows you to exit the Profile tuning window without saving the redefined settings Figure 29 The objec...

Page 164: ...Options on this page are similar to those described in subchap ter 10 5 2 3 The options page allows you to define the advanced scanning tools to be used Options on this page are similar to those descr...

Page 165: ...irectory to the list 1 Press the add button 2 Select the required directory from the drop down list in the window on your screen with your right mouse button and by pressing the select button for brow...

Page 166: ...iority of the child process this process implements the check request The default values are zero You may edit these values by entering the re quired ones from your keyboard 11 7 2 4 The actions page...

Page 167: ...t page allows you to define the format of the Daemon program reports The page options and their functions are similar to those described in sub chapter 10 7 The only difference is that the optional in...

Page 168: ...han once but the virus definition databases are loaded into the memory just once when the pro gram is started for the first time Therefore when you start the daemon process using the run hyperlink in...

Page 169: ...ure 32 will appear on your screen In this window enter the path to the directory with the socket file supporting communication between Daemon and client programs in the Socket file dir text field manu...

Page 170: ...W E B T U N E R Figure 32 Daemon start parameters Figure 33 Daemon starting log 169...

Page 171: ...ut the existing daemon process Pid the daemon process identification number Socket directory name path to the directory with the socket file supporting communication between Daemon and client pro gram...

Page 172: ...o avoid conflicts that may arise between two or more simultaneously existing processes In this case if a client program calls up a daemon process it will be impos sible to identify the target process...

Page 173: ...ar on your screen see Figure 36 The window will contain the following sections Common info contains the log file name the scanning start date and the current date Total statistics lists the following...

Page 174: ...ked but the process is not sure and the amount for each of the types List of all warnings a list of modified or corrupted viruses de tected and the amount for each of the types Figure 36 The daemon pr...

Page 175: ...d with the Web Tuner distributive Reports in text format are generated on the basis of web_template tm and reports in HTML are generated on the basis of web_new_template tm 11 8 WebTuner administering...

Page 176: ...Profile line of AvpUnix ini the default profile is defUnix prf To edit the profile defined in the Kaspersky Anti Virus for xBSD Mail Server initialization file follow these steps 1 Click the default c...

Page 177: ...rs window see Figure 38 For details of the Scanner report see subchapter 11 8 4 Functions of the select show all and hide buttons are similar to those described in subchapter 11 5 11 8 2 Remote config...

Page 178: ...WebTuner allows you to remotely launch the Scanner program To start the Scanner program click the run hyperlink in the WebTuner main window with the Scanner item selected in the list see Figure 37 Th...

Page 179: ...an the location defined in the default profile select the Scan default path option button To launch Scanner press the run button the Scanner status window that may display messages listed in the subch...

Page 180: ...creen The report may contain messages listed in the subchap ter 16 5 of Appendix B If the anti virus scanner is not started the window will contain the re sults of the previous scanning operation 11 9...

Page 181: ...s run launches the updating utility view log displays the Updater performance report exit allows you to exit the Updater window Figure 39 The WebTuner main window Updater is selected The virus definit...

Page 182: ...asperskylab com updates The web location of the database updates may be manually edited From folder updating from a network directory If you selected this option enter the corresponding path in the Up...

Page 183: ...will appear on your screen see Figure 41 Figure 41 The updating operation is in progress To review the status of the last updating operation press the view log button The program will display a windo...

Page 184: ...select button for browsers not sup porting Java Script 2 Click the default config hyperlink that appeared at the bottom of the WebTuner main window see Figure 42 The Keeper tunning window see Figure 4...

Page 185: ...ms allow you to define the reporting settings for details refer to subchapter 11 10 5 The report page items allow you to define the format and the contents of the virus detected notifications to be br...

Page 186: ...ge 11 10 2 The main page identification settings and communication with Daemon The main page items see Figure 43 allow you to define the Keeper identi fication settings the Keeper daemon communication...

Page 187: ...ssed by the Keeper Every name in the list must be placed on a new line To define communication between Keeper and the daemon process follow these steps 1 Select one of the following Keeper daemon comm...

Page 188: ...t be able to detect viruses in mail messages To define mailers to be used by senders recipients and admin istrators included in the address groups follow these steps 1 In the Sender mailer text field...

Page 189: ...page defining the group The groups page see Figure 44 contains the list of address groups and allows you to define message processing rules for a separate address group The group list includes the def...

Page 190: ...message addresses From and To for details refer to subchap ter 7 6 2 1 Figure 44 The groups page properties allows you to define properties of the se lected group add allows you to add a group to the...

Page 191: ...1 Press the properties button 2 Edit settings for the selected group in the Group groupname window on your screen The window contains hyperlinks allow ing you to switch to the following pages The grou...

Page 192: ...e Group groupname window pages to the group selected in the groups list cancel allows you to exit the Group groupname window without saving the changes you made 11 10 3 2 The Group window masks page d...

Page 193: ...fine the required mask mask list for the message To ad dresses in the Recipient mask text fields When defining masks in these fields use the POSIX regexp stan dard If you leave the Sender mask field b...

Page 194: ...mes sages check the Check this group check box 11 10 3 3 The Group window filters page defining the filter The filters page see Figure 46 allows you to define the message filtering settings for the gr...

Page 195: ...r the required masks in the Attach file mask text field the Filters frame For example bmp txt Each mask must be placed on a new line To define MIME type of the attachments to be processed follow ing t...

Page 196: ...recipient without checking enter the required masks in the Attach file mask and Attach mime type mask text fields the No check mask frame 11 10 3 4 The Group window admin istrator page notifications...

Page 197: ...types and in what form objects must be delivered to the administrator what object types must be copied to the isolation directory If you enable isolation for an object type not only the infected objec...

Page 198: ...cured object The Cured value can be found only in the Object action drop down for cured objects To copy the required object type to the isolation directory fol low these steps 1 Check the Isolator ch...

Page 199: ...il address or the alias of the administrator in the Group administrator address text field 3 Select Unchanged from the Object action drop down list for the Infected object type 4 Enter the full path t...

Page 200: ...notifications to the senders the Keeper program does not attach the original messages to them If you want a sender of the required object type to be added to the list of suspicious addresses select Ad...

Page 201: ...mail address or the alias of the administra tor in the Group administrator address text field Select Unchanged from the Object action drop down list for the Infected object type Enter the full path to...

Page 202: ...ct action drop down list for every object type listed Unchanged deliver the object unchanged If you select Unchanged for the Cured type the recipient will re ceive infected messages despite the fact t...

Page 203: ...the recipient mailbox together with the appropriate report If the program fails to disinfect the object you want it to lock this message in the isolation directory notify the administrator about it a...

Page 204: ...ministrator address text field Select Unchanged from the Object action drop down list for the Infected object type Enter the full path to the isolation directory in the Isola tor path text field You c...

Page 205: ...equired user name in the text field of the Add new user dialog box on your screen 3 Press the add button The user name will appear in the list of legal users on your screen To remove a user from the l...

Page 206: ...log file Log file path to the log file You may enter the required path manually or by using the Browse button In the text field you can use the system instruction date switches e g d m y for the day t...

Page 207: ...g data select one of the following values from the Log level drop down list Tiny Simple Medium Advanced Expert To log only the infected mail messages detected check the Log only infected check box 11...

Page 208: ...the Send notify check box and recipient the Add report check box pages To define the notification settings for an item in the Notify list 1 Select the required item with your left mouse button 2 Press...

Page 209: ...heck box on the administrator page for details refer to subchapter 11 10 3 4 and define attributes of the notifications The notification options window see Figure 53 appears on your screen if you pres...

Page 210: ...If you entered the required path in the File with report content text field the Message content text field contents will be ignored To add the infected message From address to the notification press t...

Page 211: ...lar to those described for the admin istrator notifications in subchapter 11 10 6 2 11 10 7 The restricts page restrictions for the Keeper The restricts page see Figure 54 allows you to limit some per...

Page 212: ...gs are used by the program to protect you from un wanted e mail messages and DoS attacks Figure 54 The restricts page Enter the maximum period in seconds for the program to transmit an instruction in...

Page 213: ...uction in the Command timeout text field Define the maximum waiting period for the program af ter the appropriate instructions are transmitted HELO EHLO LHLO timeout after the HELO EHLO LHLO instructi...

Page 214: ...checking for viruses The program allows you to update virus definition databases via the Internet from an archive or from a network location The wget program is a software requirement for updating vi...

Page 215: ...ch defines the name of the set file of virus definition databases However you may redefine the values of these options with the command line switches b and s respec tively for details see Appendix B I...

Page 216: ...ram with the command line switch uik kavupdater uik server_and_path The program retrieves databases and copies them to the database direc tory For example kavupdater uik http www kasperskylab com upda...

Page 217: ...enient to download updates upgrades via the Internet to your network directory and then perform updating upgrading from this directory To install new databases from a network directory launch the prog...

Page 218: ...example kavupdater ua kavbases zip 12 4 Saving the report to a file Saving the report to a file Example To save report data to a file use the command line switch w kavupdater uik server_and_path w t a...

Page 219: ...line kavupdater uip server_and_path wa myreport rep The program will append reports to myreport rep To save reports to your system log use the command line switch ws kavupdater uip server_and_path ws...

Page 220: ...hile searching for viruses Inspector is not guided by virus definitions in the cor responding databases The program identifies viruses in an ob ject with respect to the methods that have been used by...

Page 221: ...line switch of Inspector pathN is the location to be checked For a complete list of available command line switches refer to subchapter 16 8 Appendix B Before starting your Inspector copy for the firs...

Page 222: ...switch g database_name If you specify the switches s database_name and g database_name in the command line the program will add newly collected data to the exiting database master copy for the define...

Page 223: ...l path must be located in a sepa rate line in the text file list For example the file may contain strings similar to the following tmp var 2 When starting Inspector use the switch a filename in its co...

Page 224: ...ck the files matching the defined mask You may specify more than one mask but make sure to separate them by colons By default Inspector is preset to check for viruses in the subdirectories of the defi...

Page 225: ...to disinfect transfer all the new files to Daemon where they will be proc essed The word disinfection used here must be understood as the complete recovery of a file to the original state described in...

Page 226: ...files to Daemon where they will be processed use the switches dc and a socket_directory in the Inspector com mand line The switch a socket_directory must define the path to the directory containing th...

Page 227: ...racter a is defined in the switch the report will be appended to the contents of filename the character t overwrites the report with a new one If the character is defined extra information will be inc...

Page 228: ...ule perform ance of all the Kaspersky Anti Virus for xBSD Mail Server components This program allows you to create change and schedule performance of package compo nent based tasks review information...

Page 229: ...s to be performed within the required period Creation and editing of the task performance schedule is performed from the command line The general format of the task scheduling command line is kavucc i...

Page 230: ...results must be logged into the system log The task time must not exceed 15 minutes Solution To do this enter the following strings in the command line kavucc cp kavscanner a task txt WS u root e 00...

Page 231: ...y colons u username is the user name under which the prgname program will be started fs day month year is the date when the task must be started the first time st hour min is the time when the task mu...

Page 232: ...the ones de scribed for a task to be performed daily To schedule a task to be performed monthly enter the following strings in the command line kavucc cam prgname a arg arg1 u username st hour min fs...

Page 233: ...rname fs day month year ls day month year e hour min Parameters in this command line are similar to the ones described for a task to be performed daily Let s review the following example for training...

Page 234: ...up command line For example kavucc cd Id5 14 4 Saving the performance report Control Centre can save the performance report to the system log or a separate file You can define the reporting settings...

Page 235: ...s set tings for your Scanner and the daemon process For example defUnix prf The key file If your Scanner and Daemon can not find this file they will function as demonstration copies i e they will chec...

Page 236: ...A P P E N D I X A contact information of the entity that sold this program copy to you company name address phone numbers the name of the person or entity that the product is regis tered under 235...

Page 237: ...es The general format of a section is Section_name Parameter_name Value Parameter_name Value Parameter_name Value The first string of a section introduces its name enclosed with square brackets Other...

Page 238: ...e Scanner to utilize all its features see Appendix A KeysPath the directory where your key files are located You may define values for only one of the above parameters KeyFile or KeysPath SetFile the...

Page 239: ...opriate way e g path to the virus definition databases 16 3 Scanner and Daemon the profile defUnix prf Let s review an example of a profile and discuss the sections within the file Object Names home u...

Page 240: ...rrupted Yes ShowUnknown Yes ActionWithInfected InfectedCopy No InfectedFolder infection CopyWithPath Yes ChangeExt None NewExtension Vir ChownTo None ChModTo No ActionWithSuspicion SuspiciousCopy No S...

Page 241: ...eans that the pro gram should check for viruses in files of the directories root vir and root tst To exclude a directory from the location to be checked prefix it with the character This feature is ve...

Page 242: ...y commas To make sure there is no virus in the location to be checked it is advisable to scan all the files UserMask the file masks to be checked for viruses valid only if File Mask 3 ExcludeFiles her...

Page 243: ...mbedded Yes in this line enables the program to check for viruses in OLE objects embedded in the examined files No disables this feature InfectedAction here you must define one of the values listed be...

Page 244: ...s line enables the program to scan subdi rectories in the last place after all the other objects have been scanned No disables this feature Symlinks here you must define one of the values listed below...

Page 245: ...k results to the user defined file This parameter is valid only if Report Yes The positive value Yes in the UseSysLog line automatically sup presses the following parameters ReportFileName Append Repo...

Page 246: ...of last modification and the size for every infected object 0 disables this feature LongStrings Yes in this line enables the program to display the re port without breaking its lines No breaks the rep...

Page 247: ...files to a separate folder that must be defined in the InfectedFolder line No disables this feature InfectedFolder the name of the folder for infected copies valid only if InfectedCopy Yes The default...

Page 248: ...rus for xBSD Mail Server reports a suspi cious file or sector it s advisable that you contact our help desk de partment Send these objects to Kaspersky Lab so that they can be studied you may use the...

Page 249: ...iles exceeding this size will be created on the hard drive MemFilesMaxSize the maximum size in Kb of files to be extracted in the memory valid only if UseMemoryFiles Yes For example if MemFilesMaxSize...

Page 250: ...gram to shut down when the corrupted virus definition databases are detected No disables this feature UseExtendedExitCode Yes in this line enables the program to report the performance results using t...

Page 251: ...es The following command switches are available the suffix defines the inverse meaning of the switch MP checks plain mail files MD checks mail databases P skips the hard drive MBR check B skips the ch...

Page 252: ...ecked with the full path to it If the optional character is specified in the switch filename will be deleted on completion of the task XD directory excludes directory from the check if more than one d...

Page 253: ...used in script files Z prohibits the check from being interrupted p enables parallel scanning p number enables parallel scanning of the defined number of files i enables loop scanning i number enable...

Page 254: ...tically and deletes objects that can not be disinfected If the boot sector is not repairable Scanner will replace it with a standard DOS 6 0 boot sector I3 or E deletes infected objects automatically...

Page 255: ...witchN path where switchN is the optional command line switch path is an optional xBSD path The meaning of path in the Daemon command line differs from that of the Kaspersky anti virus scanner For the...

Page 256: ...number f directory creates and stores the files AvpCtl and AvpPid in the defined directory If you do not start Daemon from under the root user the program may be prohibited from accessing the default...

Page 257: ...e or sector Disinfected VIRUS_NAME the defined virus has been successfully deleted from the file sector Deleted VIRUS_NAME the object infected with the defined virus has been deleted Disinfection fail...

Page 258: ...sage will be displayed only if the scanner is preset to report archived objects Unknown format the archive pack cannot be extracted unpacked be cause it is corrupted or was created using a new version...

Page 259: ...databases are corrupted 4 virus definition databases are not detected 1 key files are not loaded or the license is expired The advanced code 1 can also be returned at the user prompt These codes are...

Page 260: ...programs Scanner and Daemon including those generated by Slogan template tm summary report template for the console display template tm2 detail report template for the console display template htm de...

Page 261: ...iruses detected SUSPICION the number of suspicious objects detected CORUPTED the number of corrupted objects detected IOERROR the number of input output errors occurred NOW current date and time The f...

Page 262: ...date DATELO End date DATEHI Total statistic Request REQUEST Archives ARCHIVE Packed PACKED Infected INFECTED Disinfected DESINFECTED Disinfection failed DESFAILED Deleted files DELETED Warnings WARNIN...

Page 263: ...mmand line switches and their functions The general format of the Inspector command line is kavinspector switch1 switchN path1 pathN where switchN is the optional command line switch of Inspector path...

Page 264: ...settings from the defined settings file checks all files filename checks files listed in the text file filename Every line in this text file must contain only one filename to be checked with the full...

Page 265: ...ic links predefined in the command line and ignores other symbolic links ll checks the files and directories available via symbolic links lp skips the files and directories available via symbolic link...

Page 266: ...to Daemon where they will be processed dc checks all the new files using the Daemon program a socket_directory defines the full path to the directory containing the Daemon socket file w t a filname l...

Page 267: ...s The general format of the Control Centre command line is kavucc switch1 switchN instruction1 task_parameters instructionN task_parameters where switchN is the optional command line switch of Control...

Page 268: ...er y suppresses the display of the program dialog strings h a or displays the list of command line switches task parameters and in structions e defines English as the default language for reports and...

Page 269: ...in loads a task with the following parameters right after the Control Centre is started prgname is the name of the prgname program executable file a arg arg1 is the prgname performance parameters u us...

Page 270: ...hour min schedules a task to be performed weekly where re delay is the interval between two starts in weeks sd sun mon tue wed thu fri sat is the weekday when the task must be performed cam prgname a...

Page 271: ...ation file monitor conf Parameters in the Monitor configuration file Let s review an example of monitor conf Report file section LogFile tmp KasperskyMonitor log Append No Options section CacheSize 25...

Page 272: ...ormance To avoid this problem the cache memory was developed which stores these files names and the time when they were last checked In this way before checking for viruses in a file Monitor first sea...

Page 273: ...w to handle infected objects that the program failed to disinfect Enter one of the following values remove deletes the object rename renames the object none ignores the object MaxConcurrentChecks the...

Page 274: ...the inverse meaning of the switch ui k server_and_path downloads virus definition updates from the defined location If the op tional character k is used in the switch only new updates will be downloa...

Page 275: ...rver uipd server_and_path downloads new releases of the software from the defined location on the defined server without upgrading the installed programs g base saves information about the last upgrad...

Page 276: ...he ini file This switch may be use ful if you updated virus definition databases into a temporary directory from which they will later be moved y skips all confirmation dialogs to be used in script fi...

Page 277: ...disables the extra information in the report heading ws logs performance results in the system log e defines English as the default language for reports and messages 16 12 Installer command line switc...

Page 278: ...ersky Anti Virus software products from this com puter e defines English as the default language for reports and messages 16 13 Keeper for sendmail configuration file kaspersky av mc An example of the...

Page 279: ...CONNECT 1m define confTRY_NULL_MX_LIST true define confDONT_PROBE_INTERFACES true define QUEUE_DIR var spool mqueue1 FEATURE smrsh usr sbin smrsh FEATURE virtusertable hash o etc mail virtusertable FE...

Page 280: ...nix y trivial rewrite bounce unix y 0 bounce defer unix y 0 bounce flush unix y 1000 0 flush smtp unix y smtp showq unix n y showq error unix y error local unix y local virtual unix n y virtual lmtp u...

Page 281: ...AVP AvpIni AvpUnix ini Daemon Exec kavdaemon MainCgi DaemonPrf cgi Config ure DaemonPrf cgi avp_d AVP_DIR avp_prf AVP_ PRF start_dir AVP_DIR ConfigureDe fault DaemonPrf cgi avp_d AVP_DIR avp_prf AV P_...

Page 282: ...nix usrdb AVP_DIR etc userdb Hide No WebTuner MainCgi self_cfg cgi Configure self_cfg cgi Hide No The Main section parameters define the WebTuner performance settings Modules the list of Kaspersky Ant...

Page 283: ...ndow Configure defines generation of several files with the package com ponent settings from WebTuner where AVP_DIR the macroinstruction defining the path to the Kaspersky Anti Virus for xBSD Mail Ser...

Page 284: ...executable file The Run parameter insures availability of the run hyperlink on the WebTuner main window with the package component selected in the Programs list Report defines viewing of the package...

Page 285: ...destructive capabilities If we classify viruses according to environment we come up with the fol lowing types file viruses infect executable files the most widespread virus type create twin files com...

Page 286: ...ory resident part of the virus stays in RAM and continues to actively infect files until the user shuts the machine down or restarts the infected system NON RESIDENT viruses do not infect RAM and are...

Page 287: ...ities or lack thereof gives us the following categories harmless viruses do not affect computer operation in any way ex cept by consuming a portion of the hard disk s free space paper tiger viruses al...

Page 288: ...the inner file format Naturally if the format of a file does not correspond to its extension these viruses corrupt the file The jam of a resident virus and the system when using the new versions of D...

Page 289: ...aspersky Labs is committed to the development of general data security software Our current product line includes Kaspersky Inspector and Kaspersky WEB Inspector whose unique capabilities allow users...

Page 290: ...or protection of home computers running Windows 95 98 Me Windows 2000 NT Workstation Windows XP Kaspersky Anti Virus Lite includes anti virus scanner provides a comprehensive check of all local and ne...

Page 291: ...all the above components plus integrity checker that traces content changes on your hard drive and allows the complete recovery of modified files and boot sectors on demand behavior blocker that guara...

Page 292: ...used for on demand virus checking of all stored data on both the PDA itself as well as on any extension cards and an anti virus moni tor that intercepts viruses in data transferred when using the Hot...

Page 293: ...of workstations running Windows 95 98 ME Windows NT 2000 Workstation Windows XP Linux OS 2 file and application servers running Windows NT 2000 Server Linux Solaris Novell NetWare FreeBSD BSDi OpenBS...

Page 294: ...tration database with the samples provided by the spe cialists of linguistic laboratory 18 2 Contact Information If you have any questions comments or suggestions please refer them to our distributors...

Page 295: ...stfix 13 27 Keeper for Qmail 13 27 77 Keeper for sendmail 13 27 Key file 23 238 License agreement 14 Location to be checked 32 43 Monitor 12 101 Objects to be scanned 42 Path to the temporary files di...

Reviews: