F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY - Скачать руководство пользователя страница 1

Страница: 1 / 208

F-Secure Anti-Virus

Linux Server Security

Administrator’s Guide

Содержание ANTI-VIRUS LINUX CLIENT SECURITY -

Страница 1: ...F Secure Anti Virus Linux Server Security Administrator s Guide...

Страница 2: ...orporation will not be liable for any errors or omission of facts contained herein F Secure Corporation reserves the right to modify specifications cited in this document without prior notice Companie...

Страница 3: ...ux Workstations 14 2 3 Central Deployment Using Image Files 15 Chapter 3 Installation 16 3 1 System Requirements 17 3 2 Installation Instructions 18 3 2 1 Stand alone Installation 19 3 2 2 Centrally M...

Страница 4: ...2 Virus Protection 40 6 2 1 Real Time Scanning 40 6 2 2 Scheduled Scanning 45 6 2 3 Manual Scanning 46 6 3 Firewall Protection 51 6 3 1 General Settings 53 6 3 2 Firewall Rules 54 6 3 3 Network Servi...

Страница 5: ...80 A 2 Red Hat Enterprise Linux 4 80 A 3 Debian 3 1 and Ubuntu 5 04 5 10 6 06 81 A 4 SuSE 82 A 5 Turbolinux 10 82 Appendix B Installing Required Kernel Modules Manually 83 B 1 Introduction 84 B 2 Bef...

Страница 6: ...ity Checking 95 E 4 Firewall 97 E 5 Virus Protection 99 E 6 Generic Issues 99 Appendix F Man Pages 102 Appendix G Config Files 171 G 1 fsaua_config 172 G 2 fssp conf 177 Technical Support 201 Introduc...

Страница 7: ...5 1 INTRODUCTION Welcome 6 How the Product Works 6 Key Features and Benefits 9 F Secure Anti Virus Server and Gateway Products 11...

Страница 8: ...n can be easily deployed and managed either using the local graphical user interface or F Secure Policy Manager F Secure Policy Manager provides a tightly integrated infrastructure for defining and di...

Страница 9: ...ystem at regular intervals Automatic Updates Automatic Updates keep the virus definitions always up to date The virus definition databases are updated automatically after the product has been installe...

Страница 10: ...istrator Protection Against Userspace Rootkits If an attacker has gained an access to the system and tries to install a userspace rootkit by replacing various system utilities HIPS detects modified sy...

Страница 11: ...e protection Files are scanned for viruses when they are opened and before they are executed You can specify what files to scan how to scan them what action to take when malicious content is found and...

Страница 12: ...lert is sent to the administrator when a modified system file is found Easy to Deploy and Administer The default settings apply in most systems and the product can be taken into use without any additi...

Страница 13: ...r works independently of firewall and e mail server solutions and does not affect their performance F Secure Internet Gatekeeper for Windows is a high performance totally automated web HTTP and FTP ov...

Страница 14: ...ation to Clearswift MIMEsweeper for SMTP and MIMEsweeper for Web giving the corporation the powerful combination of complete content security F Secure Anti Virus for Citrix Servers ensures business co...

Страница 15: ...13 2 DEPLOYMENT Deployment on Multiple Stand alone Linux Workstations 14 Deployment on Multiple Centrally Managed Linux Workstations 14 Central Deployment Using Image Files 15...

Страница 16: ...used to manage Linux workstations For more information on Centrally Managed installation see Centrally Managed Installation 21 The recommended deployment method is to delegate the installation respon...

Страница 17: ...partment that install and maintains computers the software can be installed centrally to all workstations The recommended way to deploy the products is to create an image of a Linux workstation with t...

Страница 18: ...nts 17 Installation Instructions 18 Upgrading from a Previous Product Version 24 Upgrading the Evaluation Version 25 Replicating Software Using Image Files 26 Preparing for Custom Installation 26 Crea...

Страница 19: ...iracle Linux 2 1 Miracle Linux 3 0 Asianux 2 0 Turbolinux 10 Debian 3 1 The following 64 bit AMD64 EM64T distributions are supported with 32 bit compatibility packages SUSE Linux Enterprise Server 9 1...

Страница 20: ...or evaluation use and for environments with few Linux workstations or servers where central administration with F Secure Policy Manager is not necessary When you install the product in stand alone mod...

Страница 21: ...n distribution specific instructions how to install required tools to the computer see Installation Prerequisites 79 It is recommended to use the default settings during the installation To select the...

Страница 22: ...ther you want to allow the remote access to the web user interface Allow remote access to the web user interface no 9 Select whether the web user interface can be opened from the localhost without a l...

Страница 23: ...es 79 When you install the product in centrally managed mode you must first have F Secure Policy Manager installed on a separate computer For F Secure Policy Manager Console installation instructions...

Страница 24: ...install the full licensed version of the product Enter the keycode in the format you received it including the hyphens that separate sequences of letters and digits If you are installing the evaluati...

Страница 25: ...hrase 64 Please insert passphrase for HMAC creation max 80 characters 15 The installation is complete 16 Install the included upgrade for F Secure Policy Manager Console a Select Installation Packages...

Страница 26: ...r version first You can install the latest in the evaluation mode during the clean install Manual scanning scheduled scanning and database update settings have changed in version 5 30 and later If you...

Страница 27: ...sr share man man8 dbupdate 8 usr share man man8 fsavd 8 usr share man man8 fsavschedule 8 3 4 Upgrading the Evaluation Version If you want to upgrade the evaluation version to the full licensed versio...

Страница 28: ...an autoregistration request to the F Secure Policy Manager Server Only hosts on which the image file will be installed should be imported 3 Run the command following command etc init d fsma clearuid...

Страница 29: ...elverify nokernelverify pass PASSPHRASE keycode KEYCODE Where MODE is standalone for the standalone installation or managed for the centrally managed installation If MODE is managed you have to provid...

Страница 30: ...users who do not need the real time protection integrity checking web user interface or central management for example users running AMaViS mail virus scanner Use the following command line when runn...

Страница 31: ...backup all relevant data run the following commands etc init d fsma stop etc init d fsaua stop tar cpsf backup filename tar etc init d fsma etc init d fsaua etc opt f secure var opt f secure opt f se...

Страница 32: ...ript opt f secure fsav bin uninstall fsav as root to uninstall the product The uninstall script does not remove configuration files If you are sure that you do not need them any more remove all files...

Страница 33: ...31 4 GETTING STARTED Accessing the Web User Interface 32 Basics of Using F Secure Policy Manager 32 Testing the Antivirus Protection 33...

Страница 34: ...unless the administrator has prevented this by selecting the Final checkbox in the F Secure Policy Manager settings 4 2 Basics of Using F Secure Policy Manager If your corporate network utilizes F Se...

Страница 35: ...ute of Computer Anti virus Research The Eicar info page can be found at http www europe f secure com virus info eicar_test_file shtml You can test your antivirus protection as follows 1 You can downlo...

Страница 36: ...34 5 USER INTERFACE BASIC MODE Summary 35 Common Tasks 36...

Страница 37: ...r is vulnerable to virus attacks Firewall Protection Shows the current firewall protection level The firewall protection levels allow you to instantly change your firewall rule set For more informatio...

Страница 38: ...w firewall rule You can control which type of network traffic is allowed and denied with firewall rules For more information see Add And Edit Rules 55 Check the integrity of the file system Check that...

Страница 39: ...37 6 USER INTERFACE ADVANCED MODE Alerts 38 Virus Protection 40 Firewall Protection 51 Integrity Checking 59 General Settings 66...

Страница 40: ...Mark highlighted as read to flag them as read messages Click Delete highlighted to delete all highlighted alerts Alert Database Maintenance You can delete or mark multiple messages as read simultaneo...

Страница 41: ...ccepted version Fatal Error Unrecoverable error on the host that requires attention from the administrator For example a process fails to start or loading a kernel module fails Security alert For exam...

Страница 42: ...the directories to scan and the action to take independently of the real time scanning settings 6 2 1 Real Time Scanning On the Real Time Scanning page you can select what to scan automatically in rea...

Страница 43: ...es the infected file Deny access Blocks the access to the infected file but does not send any alerts or reports Suspected files Select the primary and secondary actions to take when heuristics scannin...

Страница 44: ...es if you want to exclude specific files from the scan Scan only executables Select whether only executables in scanned directories are scanned for viruses Clear the check box to scan all files for vi...

Страница 45: ...opened Maximum number of nested archives Set the number of levels in nested archives the product should scan Nested archives are archives inside other archives Treat password protected archives as sa...

Страница 46: ...ions Report and deny access Displays and alerts about the found riskware and blocks access to it No other action is taken against the riskware View Alerts to check security alerts For more information...

Страница 47: ...the scheduled time 4 Click Save task to add the scheduled scanning task into the schedule The scheduled scanning tasks use the Manual Scanning settings For more information see Manual Scanning 46 Cat...

Страница 48: ...first you should manually scan the archive to make sure that it does not contain any viruses Action on infection Select the primary and secondary actions to take when a virus is found The secondary ac...

Страница 49: ...y action for suspected files is Report only and secondary action Deny access Choose one of the following actions Report and deny access Displays and alerts about the suspected file and blocks access t...

Страница 50: ...each directory on a new line only one directory per line Scan also executables Scan any executable files in addition to all other specified files during the manual scan Archive scanning Scan inside ar...

Страница 51: ...Report only and secondary action Deny access Choose one of the following actions Report and deny access Displays and alerts about the found riskware and blocks access to it No other action is taken a...

Страница 52: ...u can scan files manually from the KDE filemanager Right click on any file you want to scan and select Scan to scan the file for viruses Command Line For information how to scan files from the shell s...

Страница 53: ...f pre configured firewall rules Different security profiles can be assigned to different users for example based on the company security policy user mobility location and user experience Firewall Rule...

Страница 54: ...server profile has to be customized before it can be taken into use Mobile Allows normal web browsing and file retrievals HTTP HTTPS FTP as well as e mail and Usenet news traffic Encryption programs s...

Страница 55: ...n Enable firewall Select the Enable firewall check box to enable the firewall protection Clear the check box to disable the firewall Log all unhandled network packets Select to log all network packets...

Страница 56: ...ows to change the order of rules in the ruleset The order of the rules is important The rules are read from top to bottom and the first rule that applies to a connection attempt is enforced For exampl...

Страница 57: ...e service Remote host Enter details about target addresses Enter the IP address and the subnet in bit net mask format For example 192 168 88 0 29 You can use the following aliases as the target addres...

Страница 58: ...able or disable the use of a certain service you have to make sure that the service exists in the Network Services table After that you can create a firewall rule that allows or denies the use of that...

Страница 59: ...e Protocol drop down list If your service does not use ICMP TCP or UDP protocol select Numeric and type the protocol number in the field reserved for it 4 If your service uses the TCP or UDP protocol...

Страница 60: ...ptive comment in the Description field to distinguish this rule 11 Define Remote Host to which the rule applies Enter the IP address of the host in the field 12 Select the new service you have created...

Страница 61: ...ts of the monitored files Communications 66 Known Files The Known Files lists files that the product monitors and protects Verify Baseline Verify the system integrity manually Generate Baseline Genera...

Страница 62: ...ave not been modified All Displays all files in the known files list Filename Enter any part of the filename of the monitored file you want to view in the known files list Integrity Checking does not...

Страница 63: ...use Action Displays whether the product allows or denies modifications to the file Alert Displays whether the product sends an alert when the file is modified Protection Displays whether the file is m...

Страница 64: ...ify files that Integrity Checking monitors Use the Software Installation Mode when you want to modify system files and programs To access the Software Installation Mode open the user interface select...

Страница 65: ...to make sure that your system is safe and all baselined files are unmodified If an attacker has managed to gain a root access to the system and regenerated the baseline the regenerated baseline does n...

Страница 66: ...is applied to the baseline contents and the passphrase to generate a signature a HMAC signature of the baselined information You should not share the passphrase with other administrators without full...

Страница 67: ...ly the product sends an alert when an unknown or modified kernel module is loaded but does not prevent it from loading Write protect kernel memory Protects the dev kmem file against write attempts A r...

Страница 68: ...re Policy Manager Server address This setting is only available in the centrally managed installation mode Alert Forwarding Alert Level Specify where an alert is sent according to its severity level Y...

Страница 69: ...re lost To prevent this configure a local mail server to port 25 and use it for relaying e mail alerts From Enter the full e mail address sender example com you want to use as a sender of the alert in...

Страница 70: ...date when an alert sent in format YYYY MM DD TIME The time when an alert sent in format HH MM SS GMT ALERT_NUMBER The alert number during the session Variable Description Updates enabled Enable and di...

Страница 71: ...url to the Address field and define the priority level of the new address Click Add PM Proxy to add the new entry to the list HTTP Proxy Use HTTP Proxy Use an HTTP proxy server to download database up...

Страница 72: ...can should be launched automatically after the virus definitions have been updated The virus scan scans all local files and directories and it can take a long time The scan uses the manual scanning se...

Страница 73: ...age displays the license terms the product version number and the database version If you are using the evaluation version of the product you can enter the keycode in the About page to upgrade the pro...

Страница 74: ...72 7 Command Line Tools Overview 73 Virus Protection 73 Firewall Protection 74 Integrity Checking 75 General Command Line Tools 76...

Страница 75: ...ile enter the file name without wildcards For example fsav myfile exe Note that the recursive scan detects mounted network file system subdirectories and does not scan network file systems Scanning a...

Страница 76: ...it out 1 opt f secure fsav bin fsavpmd dbupdate only dev null 2 1 Follow these instructions to update virus definition databases manually from the command line 1 Download the fsdbupdate run file from...

Страница 77: ...line tool Creating the Baseline Follow these instructions to create the baseline from the command line 1 Run the fsic tool with the baseline option fsic baseline 2 Select the files to add to the basel...

Страница 78: ...The product validates files and displays whether the files are intact 7 4 2 fsims Use the following command to enable Software Installation Mode opt f secure fsav bin fsims on After you have installed...

Страница 79: ...av bin fsavpmd Handles all F Secure Policy Manager Console operations for example Scan all hard disks now Update database now Reset statistics F Secure Firewall Daemon opt f secure fsav bin fsfwd run...

Страница 80: ...V Status Daemon opt f secure fsav bin fstatusd Checks the current status of every component keeps desktop panel applications and web user interface up to date F Secure FSAV Web UI opt f secure fsav to...

Страница 81: ...79 A Installation Prerequisites All 64 bit Distributions 80 Red Hat Enterprise Linux 4 80 Debian 3 1 and Ubuntu 5 04 5 10 6 06 81 SuSE 82 Turbolinux 10 82...

Страница 82: ...prise Linux 4 Follow these instructions to install the product on a server running Red Hat Enterprise Linux 4 AS 1 Install the following RPM packages from RHEL4 CDs Use the command rpm ivh rpm files U...

Страница 83: ...libc6 dev sudo apt get install kernel headers uname r cut d f 1 Ubuntu sudo apt get install gcc rpm make libc6 dev sudo apt get install linux headers uname r 2 If you are using Ubuntu 5 10 make sure t...

Страница 84: ...ke sure that kernel source make and gcc packages are installed Use YaST or another setup tool 2 Install the product normally A 5 Turbolinux 10 Turbolinux kernel sources may not be configured and so th...

Страница 85: ...83 B Installing Required Kernel Modules Manually Introduction 84 Before Installing Required Kernel Modules 84 Installation Instructions 84...

Страница 86: ...re that the running kernel version is the same as the version of the kernel sources installed The kernel configuration must also be the same On some distributions such as older SUSE distributions you...

Страница 87: ...d patches and configuration options which are likely different in the preinstalled Dazuko Uninstall the preinstalled Dazuko or make sure that it is not run during the system startup and follow the ins...

Страница 88: ...86 C Riskware Types Riskware Categories and Platforms 87...

Страница 89: ...iskware from the riskware scan Category Platform Adware Apropos AVTool BAT Client IRC Casino Client SMTP ClearSearch CrackTool DOS Dialer DrWeb Downloader Dudu Effect ESafe FalseAlarm HTML Joke Java M...

Страница 90: ...88 Server FTP Perl Server Proxy PHP Server Telnet Searcher Server Web Solomon Tool Symantec TrendMicro UNIX VBA VBS Win16 Win32 Wintol ZenoSearch Category Platform...

Страница 91: ...CHAPTERC 89 Riskware Types...

Страница 92: ...90 D List of Used System Resources Overview 91 Installed Files 91 Network Resources 91 Memory 92 CPU 92...

Страница 93: ...f secure fssp bin fsav usr bin fsic opt f secure fsav bin fsic usr bin fsui opt f secure fsav bin fsui usr share man man1 fsav 1 opt f secure fssp man fsav 1 usr share man man8 fsavd 8 opt f secure f...

Страница 94: ...f file accesses on the system If several users are logged in to the system and all of them access lots of files the memory consumption grows D 5 CPU The load on the processor depends on the amount of...

Страница 95: ...93 E Troubleshooting User Interface 94 F Secure Policy Manager 95 Integrity Checking 95 Firewall 97 Virus Protection 99 Generic Issues 99...

Страница 96: ...iled report about the issue To fix the problem try to restart the product Run the following command etc init d fsma restart Q How can I get the F icon visible in the systray A You may need to logout a...

Страница 97: ...mlinks are not working for Integrity Checking or Rootkit Protection what can I do A You may be denied to load a kernel module if the file containing the kernel module is a symlink and the real file wh...

Страница 98: ...o many modified files to update with the user interface A Create a new baseline Execute the following commands opt f secure fsav bin fslistfiles fsic add fsic baseline Q The Integrity Checking page in...

Страница 99: ...sabled by default Enable the rule to allow accesses to samba shares Q After intalling the product I cannot browse local are network domains and workgroups SMB How can I fix this A You need to add a ru...

Страница 100: ...work now Q How can I set up firewall rules to access NFS servers A You need to allow the following network traffic through the firewall portmapper tcp and udp port 111 nfsd tcp and udp 2049 mountd va...

Страница 101: ...ver to downloading database updates A In Policy Manager Console go to F Secure Automatic Update Agent Settings Communications HTTP Settings User defined proxy settings and set Address to http user pas...

Страница 102: ...is very slow What is causing this A The real time virus scan and Integrity Checking can slow down the system Use the basic Linux tools top and vmstat to check what is slowing down the system Make sure...

Страница 103: ...for example F Secure Status Daemon may fail to start Restart the product to solve the issue etc init d fsma restart Alternatively you may start F Secure Status Deamon manually opt f secure fsav bin f...

Страница 104: ...102 F Man Pages fsav 103 fsavd 137 dbupdate 155 fsfwc 159 fsic 162...

Страница 105: ...ro viruses infecting Microsoft Office files Windows viruses and DOS file viruses F Secure Anti Virus can also detect spy ware adware and other riskware in selected products fsav can scan files inside...

Страница 106: ...to custom exec action timeout e c What to do when the scan times out Treat the timeout as error e or clean c archive on off yes no 1 0 Scan files inside archives default Archives are still scanned as...

Страница 107: ...g the OID used in sending alerts databasedirectory path Read virus definition data bases from the directory path The default is This option cannot be used to change the database directory of fsavd tha...

Страница 108: ...hs listed in the file Paths should be absolute paths ending with a newline character extensions ext ext Specify the list of filename extensions to be scanned You can use or as wildcard characters The...

Страница 109: ...or the file See NOTES section below about nested archives If the value is set to 0 the archive is scanned but if it contains another archive fsav reports a scan error for the file The default value is...

Страница 110: ...nabled the last access time of the file does not change when it is scanned The option can be used for example with some back up systems that back up only files that have an updated last access time fi...

Страница 111: ...for a single file scan or disinfection task If scanning or disinfecting the file takes longer than the specified value fsav reports a scan error for the file If the value is set to 0 default the scan...

Страница 112: ...ally a scanning daemon which is not running is not an error as fsav launches the daemon before the scan by default The daemon that was launched by fsav exits after some idle time To run a permanent in...

Страница 113: ...ymbolic links Symbolic links are not followed by default usedaemon on off yes no 1 0 Use the existing daemon to scan files fsavd must be run ning or the command fails See fsavd 8 for more information...

Страница 114: ...after Version is the version of databases virus action1 report dis inf clean rename delete remove abort custom exec Primary action to take when a virus infection is found report only to terminal and...

Страница 115: ...n in brackets An example of a suspected infection in the scan report tmp sample img Suspected Type_Boot AVP which differs from infected output only by the type of the sus pection in the middle The fol...

Страница 116: ...om Infected EICAR Test File AVP where the path to the archive surrounded by brackets is on the left followed by the path to the infected file in the archive In the current release the nested archives...

Страница 117: ...ory in order to rename the file The delete action removes the infected suspected riskware file The user running the scan must have write access to the directory in order to delete the file By default...

Страница 118: ...Unknown option user given option name in configuration file file path line line number Explanation The configuration file contains an unknown option name Resolution Edit the configuration file Configu...

Страница 119: ...line line number Explanation The mimescanning field in the configuration file has an incorrect value Resolution Edit the configuration file and set the mimescan ning field to one of the following 1 o...

Страница 120: ...s than zero or more than LONG_MAX Resolution Edit the configuration file Maximum scan engine instances value user given value is not valid in configuration file file path line line number Explanation...

Страница 121: ...e is less than zero or more than LONG_MAX Resolution Edit the configuration file Scan extensions list is too long in configuration file file path line line number list is trun cated Explanation The ex...

Страница 122: ...FATAL ERRORS fsav fatal errors are written to the standard error stream stderr In case of fatal error program execution stops imme diately with exit code 1 Fatal erros reported by fsav and the descri...

Страница 123: ...orrect the command line parameters or configu ration file or remove the file from path and start the fsav again Input file file path is invalid OS error Explanation The user has given invalid input fi...

Страница 124: ...e or is too long in the configuration file Resolution The user has to correct the path and start fsav again Scan engine directory directory path is not valid OS error message Explanation The user has...

Страница 125: ...e directory directory path is not valid in configuration file at line line number OS error message Explanation The user has entered a database update direc tory path which either does not exist is not...

Страница 126: ...ommand line options and try again Illegal maximum nested archives value value Explanation The user has entered an illegal maximum nested archives value from the command line Resolution The user has to...

Страница 127: ...g failed Resolution If fsavd is not running the user does not need to do anything If fsavd is running but the user does not have rights to access to the socket the user may try to use kill 1 command t...

Страница 128: ...tory file path is not valid OS error message Explanation The database update directory given in the con figuration file or from the command line does not exist or it is not accessible Resolution The u...

Страница 129: ...d Resolution The database update process does not have proper rights to create the flag file and fails The user has to make sure the update process runs with proper rights or the database directory ha...

Страница 130: ...remove the lock file do database update and start fsavd again Database update and restore failed Server halted Explanation The database update process has failed to per form an update and failed to r...

Страница 131: ...found infected or suspected the scan error is indi cated with exit code 9 Scan erros reported by fsav and the descriptions are listed below file path ERROR OS error message Explanation The file could...

Страница 132: ...ser is authorized to open file path ERROR Password protected file engine name Explanation The scan engine could not open the file for scanning because the file is password protected i e encrypted Reso...

Страница 133: ...le scan engine Explanation The disinfect failed because of write to file failed Resolution The file is write protected archive or corrupted and cannot be disinfected file path ERROR Internal error Bad...

Страница 134: ...f the problem per sists the user should send a bug report and a file sample to F Secure In case of other error messages type of filename ERROR error message scan engine not listed here the proba ble s...

Страница 135: ...can error at least one file scan failed 130 Program was terminated by pressing CTRL C or by a sigterm or suspend event fsav reports the exit codes in following priority order 130 7 1 3 4 8 6 9 0 EXAMP...

Страница 136: ...list files with EXE or COM extension in a direc tory mnt smbshare fsav list extensions exe com mnt smbshare Scan and disinfect or rename infected suspected files without confirmation fsav virus actio...

Страница 137: ...and database versions fsav version Notes Nested archives may cause scan engine failures if the archive scanning is enabled The maxnested option may be used to limit nested archive scanning and to prev...

Страница 138: ...eparate fsavd instance Bugs Please refer to Known Problems section in release notes Authors F Secure Corporation Copyright Copyright c 1999 2006 F Secure Corporation All Rights Reserved Portions Copyr...

Страница 139: ...utomatically if fsavd is not running When fsavd is launched by the fsav client fsavd ter minates automatically after 30 seconds of idle time when no client has connected to fsavd during that time If y...

Страница 140: ...erts databasedirectory path Read virus definition data bases from the directory path The default is enginedirectory path Load scan engines from the directory path The default is pidfile path Create a...

Страница 141: ...y permissions can be changed with dirmode configuration file option Socket file permissions are set to read and write for the owner if the daemon is started in the stand alone mode If the daemon is st...

Страница 142: ...n Show F Secure Anti Virus version and dates of signature files and exit LOGGING fsavd logs scan failures infected and suspected files to the fsavd s log file defined with the logfile fsavd writes err...

Страница 143: ...onnects File file path disinfected Explanation fsavd reports that one of the scan engines disin fected the file successfully File file path disinfect failed Explanation fsavd reports that all the scan...

Страница 144: ...e configuration file parsing has failed because of invalid syntax Resolution fsavd tries to proceed and probably encounter some other error later The user has to edit the configuration file and restar...

Страница 145: ...le path line line number Explanation The scanexecutables field in the configura tion file has an incorrect value Resolution The user has to edit configuration file and set the scanexecutables field to...

Страница 146: ...e than LONG_MAX Resolution fsavd tries to proceed The user has to edit the configuration file and restart fsavd Maximum nested archives value user given value is not valid in configuration file file p...

Страница 147: ...nces value user given value is out of range in configuration file file path line line number Explanation The engineinstancemax field in the configu ration file is less than zero or more than LONG_MAX...

Страница 148: ...an engine process has died unexpectly Resolution fsavd has noticed the scan engine has died fsavd tries to restart the scan engine If the scan engine was scanning a file the file is reported to be fai...

Страница 149: ...sibly restart fsavd if fsavd fails to start the scan engine automatically Database file file path is not a database file Explanation The scan engine reports that the database file file path is not a v...

Страница 150: ...gine name scan engine initialization time limit exceeded going for shutdown Explanation The scan engine has exceeded its initialization time limit 300 seconds The reason may be a high system load and...

Страница 151: ...starts the scan engine Could not open logfile file path OS error mes sage Explanation fsavd failed to open the logfile file path for logging Resolution fsavd writes logs to default logfile stderr The...

Страница 152: ...re installed Options parsing failed Explanation The user has given an unknown option or an option value from the command line Resolution fsavd exits with error status The user has to cor rect the com...

Страница 153: ...accessible or is too long from the configuration file Resolution The user has to correct the path and start fsavd again Scan engine directory directory path is not valid in configuration file at line...

Страница 154: ...ible configuration file and restart fsavd Access to database index file file path failed OS error message Explanation The database directory path set in the configu ration file or from the command lin...

Страница 155: ...Anti Virus HOME fssp conf User specific configuration file for F Secure Anti Virus install directory etc fsav Startup file for F Secure Anti Virus install directory databases Directory for Anti Virus...

Страница 156: ...Check fsavd scan engine and database versions fsavd version Bugs Please refer to Known Problems section in release notes AUTHORS F Secure Corporation Copyright Copyright c 1999 2006 F Secure Corporati...

Страница 157: ...base updates directory Do not update databases downloaded by F Secure Automatic Update Agent update from the specified directory instead DESCRIPTION dbupdate is a shell script for updating F Secure An...

Страница 158: ...pre viously downloaded OPERATION If new databases are available database files are copied to updatedirectory Database files are then validated using daastool and dbtool After the validation database f...

Страница 159: ...ee disk space EXIT VALUE 0 Nothing was updated since no new updates were available 1 An error has occurred See program out put and var opt f secure fssp dbupdate log for details 2 Virus definition dat...

Страница 160: ...158 SEE ALSO fsav 1 and fsavd 8 For more information see F Secure home page...

Страница 161: ...out any options it will show current security level and minimum allowed Options mode block server mobile office st rict normal bypass Will set fire wall to requested security level if allowed by minim...

Страница 162: ...file for office use It is assumed that some external firewall exists between Internet and the host Any outgoing TCP con nections are allowed A rule to allow Windows net working inside the same network...

Страница 163: ...hing in and out RETURN VALUES fsfwc has the following return values 0Normal exit 1Error occurred AUTHORS F Secure Corporation COPYRIGHT Copyright c 1999 2006 F Secure Corporation All Rights Reserved S...

Страница 164: ...out any options fsic will verify all files in the known files list and report any anomalies Options V verify options Default operation if invoked without any options Verify the system and report any d...

Страница 165: ...ruses when verifying default yes ignore attr hash Ignore speci fied file properties if they differ from the baseline informa tion Only attr or hash can be speci fied at a time not both default noth in...

Страница 166: ...ll of the files If a previous base line already exists it will be overwritten virus scan yes default no Enable disable virus scanning of the files during baselining Viruses are scanned with options du...

Страница 167: ...are added as monitored A new baseline needs to be generated after all file addi tions have been performed protect yes no default Add the file as protected instead of moni tored When a file is added as...

Страница 168: ...how file is handled in integ rity checking P implies Protected R is for Report send alert for every access to this file if file differs from baselined A is Allow access even if differs from baseline...

Страница 169: ...aseline are reported as follows Note RA bin ls Hash does not match baselined hash Note RA bin ls inode information does not match baselined data mode uid gid len mtime hash Old 81ed 0 0 31936 10960078...

Страница 170: ...to new baseline For example bin ls Accept to baseline Yes No All yes Disregard new entries If file has been modified fsic will ask Note bin ls seems to differ from baselined entry Want to rebaseline...

Страница 171: ...rn value of 3 indicates that one or more of the following happened Incorrect passphrase or Files do not match baselined information or A virus was detected in one of the files FILES None EXAMPLES None...

Страница 173: ...171 G APPENDIX Config Files fsaua_config 172 fssp conf 177...

Страница 174: ...ect if FSMA is installed and configured properly The default is yes which means centrally managed mode enable_fsma yes Update servers This directive controls which update server the Automatic Update A...

Страница 175: ...r1 http backup_server2 update_servers Update proxies This directive controls which Policy Manager Proxies the Automatic Update Agent tries to use Note that this is different from HTTP proxies see belo...

Страница 176: ...http_proxies Poll interval This directive specifies in seconds how often the Automatic Update Agent polls the Update Server for updates The default is 3600 seconds which is 1 hour poll_interval 3600...

Страница 177: ...ed in seconds since the last successful connection with your main update servers The default is 3600 which is 1 hour failover_timeout 3600 Log Level The amount of logging generated by the Automatic Up...

Страница 178: ..._level normal Log Facility Specify the syslog facility for Automatic Update Agent Possible values are daemon local0 to local7 The default is daemon log_facility daemon os_version_distribution testingu...

Страница 179: ...files that match the extensions specified in the Extensions to Scan setting Possible values 0 All files 1 Only files with specified extensions odsFileScanFiles 0 Specify the list of filename extension...

Страница 180: ...tar td0 tgz tlb tsp tt6 vbe vbs vwp vxd wb wiz wml wpc ws xl zip zl Specify whether executables should be scanned If a file has any user group other executable bits set it is scanned regardless of th...

Страница 181: ...ng according to what is defined in the other scanning settings Possible values 0 Disabled 1 Enabled odsFileEnableExcludedPaths 1 Specifies whether archives should be scanned when a manual scan is laun...

Страница 182: ...E Current MIME decoding support does not work for mail folders where multiple e mail messages are stored in a single file such as Netscape Mozilla Thunderbird Evolution or mbox mail folders MIME decod...

Страница 183: ...hen the first infection is found inside an archive If set to Yes scanning will stop on the first infection Otherwise the whole archive is scanned Possible values 0 No 1 Yes odsStopOnFirst 0 Specify th...

Страница 184: ...m action will be executed as the super user of the system so consider and check carefully the command you specify Custom action script or program receives one parameter full pathname of the infected f...

Страница 185: ...lease note that the custom action will be executed as the super user of the system so consider and check carefully the command you specify Custom action script or program receives one parameter full p...

Страница 186: ...cted infection is detected and the primary action has failed Possible values 0 Do nothing 1 Report only 3 Rename 4 Delete odsFileSecondaryActionOnSuspected 0 Set this on to report and handle riskware...

Страница 187: ...kware Specify the primary action to take when riskware is detected Possible values 0 Do nothing 1 Report only 3 Rename 4 Delete odsFilePrimaryActionOnRiskware 1 Specify the secondary action to take wh...

Страница 188: ...file 1 second resolution A recommended upper limit would be for example 1 minute odsFileScanTimeout 60 Specify the action to take after a scan timeout has occurred Possible values 0 Report as Scan Err...

Страница 189: ...h action Possible values 0 No 1 Yes odsAskQuestions 1 Read files to scan from from standard input Possible values 0 No 1 Yes odsInput 0 Print out all the files that are scanned together with their sta...

Страница 190: ...angerous control and escape characters be removed Possible values 0 No 1 Yes odsRaw 0 In standalone mode a new fsavd daemon is launched for every client Usually you do not want this because launching...

Страница 191: ...llowed This affects e g scanning a directory containing symlinks pointing to files outside of the directory Possible values 0 No 1 Yes odsFollowSymlinks 0 If enabled only infected filenames are report...

Страница 192: ...e to disinfection then both access and modify times will change Possible values 0 No 1 Yes odsFilePreserveAccessTimes 0 Specifies how MIME messages with broken attachments will be handled If set to Ye...

Страница 193: ...ess is allowed Partial MIME messages cannot reliably be unpacked and scanned Possible values 0 No 1 Yes odsFileIgnorePartialMime 0 Defines how MIME messages with broken headers should be handled If se...

Страница 194: ...not set an error will be reported for large files Possible values 0 No 1 Yes odsFileSkipLarge 0 If On the Libra scanning engine is used for scanning files If Off Libra is not used Possible values 0 Of...

Страница 195: ...on is not used Possible values 0 Off 1 On odsUseOrion 1 If On the AVP scanning engine is used for scanning files If Off AVP is not used Possible values 0 Off 1 On odsUseAVP 1 F Secure internal Do not...

Страница 196: ...1 On odsAVPRiskwareScanning 1 Maximum size of MIME message Files larger than this are not detected as MIME messages Increasing this number will increase scan time of large files daemonMaxMimeMessageS...

Страница 197: ...This is the directory where in use databases are kept daemonDatabaseDirectory var opt f secure fssp databases F Secure internal Do not change This is the directory into which new databases are stored...

Страница 198: ...ile is written Possible values 0 No 1 Yes daemonLogfileEnabled 0 Log file location stderr write log to standard error stream syslog write log to syslog facility Anything else is interpreted as a filen...

Страница 199: ...to run independent instances of the server daemonSocketPath tmp fsav Octal number specifying the mode permissions of the daemon socket See chmod 1 and chmod 2 unix manual pages daemonSocketMode 0600...

Страница 200: ...ocal3 local4 local5 local6 local7 auth authpriv cron daemon ftp kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 daemonSyslogFacility daemon Obsolete setting...

Страница 201: ...y 2 Alert 3 Critical 4 Error 5 Warning 6 Notice 7 Info 8 Debug 9 Everything debugLogLevel 0 Specify the full name of the debug logfile debugLogFile var opt f secure fssp fssp log The keycode entered d...

Страница 202: ...l Do not change Text to be printed every day during evaluation use naggingText EVALUATION VERSION FULLY FUNCTIONAL FREE TO USE FOR 30 DAYS nTo purchase license please check http www F Secure com purch...

Страница 203: ...201 H Technical Support Introduction 202 F Secure Online Support Resources 202 Web Club 203 Virus Descriptions on the Web 203...

Страница 204: ...ountry f secure com Example Anti Virus Norway f secure com If there is no authorized F Secure Anti Virus Business Partner in your country you can submit a support request directly to F Secure There is...

Страница 205: ...cts Web Club The F Secure Web Club provides assistance and updated versions of F Secure products To connect to the Web Club directly from within your Web browser go to http www F Secure com anti virus...

Страница 206: ...204...

Страница 207: ......

Страница 208: ...www f secure com...

Результаты поиска

Содержание ANTI-VIRUS LINUX CLIENT SECURITY -

Отзывы:

Похожие инструкции для ANTI-VIRUS LINUX CLIENT SECURITY -

Бренды по названию

Популярные бренды

F-SECURE ANTI-VIRUS LINUX CLIENT SECURITY -, Руководство администратора

Результаты поиска

Содержание ANTI-VIRUS LINUX CLIENT SECURITY -

Отзывы:

Похожие инструкции для ANTI-VIRUS LINUX CLIENT SECURITY -

Бренды по названию

Популярные бренды