Kaspersky 8.0 Mail Server security software Administrator's Guide
Kaspersky Security 8.0 Linux Mail Server is a powerful solution for protecting your mail server from spam, viruses, and phishing attacks. It also includes features for content filtering, managing employee accounts, and generating reports. The application is designed to be easy to install and configure, and it provides a user-friendly web interface.
Advertisement
Advertisement
Kaspersky Security 8.0 for Linux Mail Server
Administrator's Guide
APPLICATION VERSION: 8.0 MAINTENANCE PACK 1
Dear User,
Thank you for choosing our product. We hope that you will find this documentation useful and that it will provide answers to most questions that may arise.
Attention! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction or distribution of this document or parts hereof will result in civil, administrative, or criminal liability under applicable law.
Any type of reproduction or distribution of any materials, including translations, is allowed only with the written permission of Kaspersky Lab.
This document and related graphic images can be used exclusively for informational, non-commercial, or personal use.
This document may be amended without prior notice. You can find the latest version of this document on the Kaspersky
Lab website, at http://www.kaspersky.com/docs .
Kaspersky Lab assumes no liability for the content, quality, relevance, or accuracy of any materials used herein the rights to which are owned by third parties, or for any potential damages associated with the use of such documents.
Document revision date: 12/22/2014
© 2014 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com
http://support.kaspersky.com
2
TABLE OF CONTENTS
Step 1. Selecting the language for viewing the License Agreement and the Kaspersky Security Network
3
A
D M I N I S T R A T O R
'
S
G
U I D E
MANUAL INTEGRATION OF KASPERSKY SECURITY WITH MAIL SERVERS AND AMAVIS INTERFACE ........... 48
4
T
A B L E O F
C
O N T E N T S
5
A
D M I N I S T R A T O R
'
S
G
U I D E
INTEGRATING THE APPLICATION WITH AN EXTERNAL USER SERVICE USING THE LDAP PROTOCOL ....... 121
6
T
A B L E O F
C
O N T E N T S
7
ABOUT THIS GUIDE
This document is the Administrator's Guide to installing, configuring, and using the Kaspersky Security 8.0 for Linux®
Mail Server (hereinafter also "Kaspersky Security"). This document is intended for application administrators. The Guide is intended for technical specialists who carry out the installation and administration of Kaspersky Security and provide support for organizations that use Kaspersky Security.
This Guide is intended to:
ď‚·
Explain how to install and use Kaspersky Security.
ď‚·
Provide readily available information on issues related to the operation of Kaspersky Security.
ď‚·
Describe additional sources of information about the application and ways of receiving technical support.
I
N THIS SECTION
I
N THIS DOCUMENT
This document includes the following sections:
Sources of information about the application (see page
)
This section describes sources of information about the application and lists websites that you can use to discuss the application's operation.
Kaspersky Security 8.0 for Linux Mail Server (on page
)
This section contains information on the purpose, key features, and composition of the application. It shows the function of each part of the package supplied and a range of services available to registered users of the application. This section contains hardware and software requirements which the computer must meet for the installation of Kaspersky Security.
Application architecture (see page
)
This section describes Kaspersky Security and the logic of their interaction.
Installing and removing the application (see page
)
This section contains step-by-step instructions for application installation and removal.
Manual integration of Kaspersky Security with mail servers and Amavis interface (see page
)
This section contains information about how to manually integrate Kaspersky Security for Linux Mail Server with Exim,
Postfix, Sendmail, qmail, and Amavis.
8
A
B O U T T H I S
G
U I D E
Application licensing (see page
)
This section provides information about general terms related to the application activation. Read this section to learn more about the purpose of the License Agreement, ways of activating the application, and license renewal.
Starting and stopping the application (see page
)
This section describes how you can start and stop the application.
Mail server protection status (see page
)
This section contains information about how to check the level of protection of the mail server and related problems.
Basic operating principles (see page
)
This section contains a description of the basic concepts and principles of using the application, and information about how to configure it.
Anti-Spam email protection (see page
)
This section contains information about Anti-Spam protection of messages and how to configure it.
Anti-Virus email protection (see page
)
This section contains information about Anti-Virus protection of messages and how to configure it.
Anti-Phishing email protection (see page
)
This section contains information about Anti-Phishing protection of messages and how to configure it.
Content filtering of email (see page
)
This section contains information about content filtering of messages and how to configure it.
Kaspersky Security updates (see page
)
This section contains information on how to update application databases.
Kaspersky Security advanced settings (see page
)
This section contains information on how to configure additional settings for the application.
Integration with an external user service via LDAP (see page
)
This section contains information about how to integrate Kaspersky Security with an external user service using the
LDAP protocol.
Managing the application via SNMP (see page
)
This section contains information about how to use Kaspersky Linux Mail Security via the SNMP protocol and configure runtime trap events.
Managing company employee accounts (see page
)
This section describes how you can manage accounts of company employees and configure their settings.
9
A
D M I N I S T R A T O R
'
S
G
U I D E
Backup (see page
)
This section contains information about Backup and how to use it.
Email notifications (see page
)
This section contains information about mail notifications and how to configure them.
Runtime reports and statistics (see page
)
This section contains information about reports and statistics on the operation of the application.
Event log (see page
)
This section contains information about the Event log and how to configure it.
Trace log (see page
)
This section contains information about the Trace log and how to configure it.
Application testing (see page
)
This section provides information about how to ensure that the application detects viruses and their modifications and performs the correct actions on them.
Administering the application through Kaspersky Security Center (see page
)
This section describes how you can manage Kaspersky Security 8.0 for Linux Mail Server through Kaspersky Security
Center.
Contacting Technical Support (see page
)
This section provides information about how to obtain technical support and the requirements for receiving help from
Technical Support.
Annexes (see page
)
This section provides information that complements the document text.
Kaspersky Lab ZAO (see page
)
This section provides information about Kaspersky Lab ZAO.
Information on third-party code (see page
)
This section provides information about the third-party code used in the application.
Trademark notices
This section lists trademarks of third-party manufacturers that were used in the document.
Index
This section allows you to quickly find required information within the document.
10
A
B O U T T H I S
G
U I D E
D
OCUMENT CONVENTIONS
The document text is accompanied by semantic elements to which we recommend paying particular attention: warnings, hints, and examples.
Document conventions are used to highlight semantic elements. Document conventions and examples of their use are shown in the table below.
S
AMPLE TEXT
Note that...
Example:
We recommend that you use...
Table 1. Document conventions
D
ESCRIPTION OF DOCUMENT CONVENTION
Warnings are highlighted in red and boxed.
Warnings provide information about possible unwanted actions that may lead to data loss, failures in equipment operation or operating system problems.
Notes are boxed.
Notes may contain useful hints, recommendations, specific values for settings, or important special cases in operation of the application.
Examples are given on a yellow background under the heading "Example".
...
Update means...
The Databases are out of date event occurs.
The following semantic elements are italicized in the text:
ď‚·
new terms;
ď‚·
names of application statuses and events.
Press ENTER.
Press ALT+F4.
Click the Enable button.
To configure a task schedule:
Names of keyboard keys appear in bold and are capitalized.
Names of keys that are connected by a + (plus) sign indicate the use of a key combination. Those keys must be pressed simultaneously.
Names of application interface elements, such as entry fields, menu items, and buttons, are set off in bold.
Introductory phrases of instructions are italicized and are accompanied by the arrow sign.
In the command line, type help. The following types of text content are set off with a special font:
The following message then appears:
ď‚·
text in the command line;
Specify the date in dd:mm:yy format.
ď‚·
text of messages that the application displays on screen;
ď‚·
data that the user must enter.
<User name> Variables are enclosed in angle brackets. Instead of a variable, the corresponding value should be inserted, with angle brackets omitted.
11
SOURCES OF INFORMATION ABOUT THE
APPLICATION
This section describes sources of information about the application and lists websites that you can use to discuss the application's operation.
You can select the most suitable information source, depending on the issue's level of importance and urgency.
I
N THIS SECTION
S
OURCES OF INFORMATION FOR INDEPENDENT RESEARCH
You can use the following sources to find information about the application:
ď‚· application page on the Kaspersky Lab website;
ď‚· application page on the Technical Support website (Knowledge Base);
ď‚· online help;
ď‚· documentation.
If you cannot find a solution for your issue, we recommend that you contact Kaspersky Lab Technical Support (see the
section "Technical support by phone" on page 162 ).
To use information sources on the Kaspersky Lab website, an Internet connection should be established.
Application page on the Kaspersky Lab website
The Kaspersky Lab website features an individual page for each application.
On the page ( http://www.kaspersky.com/linux-mail-security ), you can view general information about the application, its functions and features.
The http://www.kaspersky.com
web page contains a link to a section describing the product and how to obtain a license or extend an existing one.
The application's Knowledge Base page at the Technical Support Service website
Knowledge Base is a section on the Technical Support website that provides advice on using Kaspersky Lab applications. The Knowledge Base comprises reference articles grouped by topics.
On the page of the application in the Knowledge Base ( http://support.kaspersky.com/klms8 ), you can read articles that provide useful information, recommendations, and answers to frequently asked questions on how to purchase, install, and use the application.
12
S
O U R C E S O F I N F O R M A T I O N A B O U T T H E A P P L I C A T I O N
Articles may provide answers to questions that are out of scope of Kaspersky Linux Mail Security, being related to other
Kaspersky Lab applications. They also may contain news from the Technical Support Service.
Web interface help
Help provides information on managing protection, configuring the application, and performing common user tasks using the web-interface of Kaspersky Security 8.0 for Linux Mail Server (hereinafter the "web interface").
Documentation
The distribution kit includes documents that help you to install and activate the application on the computers of a local area network, configure its settings, and find information about the basic techniques for using the application.
To connect Kaspersky Security manual pages under the Linux operating system,
add the following string to the /etc/manpath.config configuration file:
MANPATH /opt/kaspersky/klms/share/man
To connect Kaspersky Security manual pages under the FreeBSD™ operating system,
add the following string to the /etc/manpath.config (or man.conf) configuration file:
MANDATORY_MANPATH /usr/local/man
D
ISCUSSING
K
ASPERSKY
L
AB APPLICATIONS ON THE
FORUM
If your question does not require an immediate answer, you can discuss it with the Kaspersky Lab experts and other users in our forum ( http://forum.kaspersky.com
).
In this forum you can view existing topics, leave your comments, create new topics.
C
ONTACTING THE
S
ALES
D
EPARTMENT
If you have any questions on how to select, purchase, or renew the application, you can contact our Sales Department specialists in one of the following ways:
ď‚·
By calling our central office in Moscow by phone ( http://www.kaspersky.com/about/contactinfo ).
ď‚·
By emailing your question to [email protected]
.
The service is provided in Russian and English.
C
ONTACTING THE
L
OCALIZATION AND
T
ECHNICAL
D
OCUMENTATION
U
NIT
To contact the Technical Writing and Localization Unit, send an email to [email protected]
. Please use
"Kaspersky Help Feedback: Kaspersky Security 8.0 for Linux Mail Server
” as the subject of your message.
13
KASPERSKY SECURITY 8.0 FOR LINUX
MAIL SERVER
Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 protects incoming and outgoing email messages (or
"messages") against malware, spam and phishing, and provides content filtering. Kaspersky Security runs under Linux and FreeBSD operating systems, and can be used on high-load mail servers.
The Application allows:
ď‚·
Anti-Spam and Anti-Phishing scanning of incoming and outgoing mail.
ď‚·
Detecting objects that are infected, probably infected, password-protected, or inaccessible for scanning.
ď‚·
Neutralizing the threats revealed in files and mail messages; disinfecting objects.
ď‚·
Saving Backup copies of messages before Anti-Virus scanning and filtering in Backup; saving messages from
Backup to a file on the hard drive and delivering messages from Backup to recipients.
ď‚·
Processing mail in accordance with the rules defined for existing groups of senders and recipients.
ď‚·
Performing content filtering of messages by size, name, and type of attachments.
ď‚·
Notifying the sender, recipients, and administrator of detected messages containing objects that are infected, probably infected, password-protected, or inaccessible for scanning.
ď‚·
Updating the application databases (Anti-Virus, Anti-Spam, and Anti-Phishing databases) from the update servers of Kaspersky Lab according to schedule or on demand.
ď‚·
Generating application runtime statistics and reports.
ď‚·
Getting application runtime info and statistics via SNMP as well as enabling / disabling event traps.
ď‚·
Scanning mail server file systems for threats on demand.
ď‚·
Configuring the settings and managing the application using the standard tools of the operating system from the command line or using a web-based interface.
All commands and paths in the document are specified for the Linux operating system. Information about application file locations on computers with the FreeBSD operating system is available in the "Application file locations on a computer
running FreeBSD section (see page 166 )".
If you copy any code strings from the Guide to the mail server configuration file, be sure to delete the backslashes (\) and their trailing LFs.
I
N THIS SECTION
14
K
A S P E R S K Y
S
E C U R I T Y
8 . 0
F O R
L
I N U X
M
A I L
S
E R V E R
H
ARDWARE AND SOFTWARE REQUIREMENTS
To ensure the functioning of Kaspersky Security, your computer should meet the following requirements:
ď‚·
Minimum hardware requirements:
ď‚·
Intel® Xeon® 3040 or Intel Core™ 2 Duo 1.86 GHz or faster processor;
ď‚·
2 GB RAM;
ď‚· at least 4 GB available for swap;
ď‚·
4 GB available on the hard drive to install application and store temporary and log files.
ď‚·
Software requirements:
ď‚·
One of the following 32-bit operating systems:
ď‚·
Red Hat Enterprise Linux® 6.4 Server.
ď‚·
SUSE Linux Enterprise Server 11 SP3.
ď‚·
CentOS-6.4.
ď‚·
Ubuntu Server 10.04.4 LTS.
ď‚·
Ubuntu Server 12.04 LTS.
ď‚·
Debian GNU / Linux 6.0.5.
ď‚·
Debian GNU / Linux 7.1.
ď‚·
FreeBSD 8.4.
ď‚·
FreeBSD 9.1.
ď‚·
Canaima 3.0.
ď‚·
Asianux Server 4 SP1.
ď‚·
One of the following 64-bit operating systems:
ď‚·
Red Hat Enterprise Linux 6.4 Server.
ď‚·
SUSE Linux Enterprise Server 11 SP3.
ď‚·
CentOS-6.4.
ď‚·
Novell® Open Enterprise Server 11.
ď‚·
Ubuntu Server 10.04.4 LTS.
ď‚·
Ubuntu Server 12.04 LTS.
ď‚·
Debian GNU / Linux 6.0.5.
ď‚·
Debian GNU / Linux 7.1.
ď‚·
FreeBSD 8.4.
15
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
FreeBSD 9.1.
ď‚·
Canaima 3.0.
ď‚·
Asianux Server 4 SP1.
ď‚·
Availability of the following packages of 32-bit libraries on 64-bit operating systems:
ď‚· ia32-libs for Debian and Ubuntu;
ď‚· libgcc.i686, glibc.i686 for RHEL and CentOS;
ď‚· libgcc-32bit, glibc-32bit for SUSE.
ď‚·
Kaspersky Security requires the Perl 5 programming language of version 5.8.5 or later.
Kaspersky Security supports integration with the following mail servers:
ď‚· exim-4.71 or later;
ď‚· postfix-2.5 or later;
ď‚· qmail-1.03;
ď‚· sendmail-8.14 or later.
To run the Kaspersky Security web interface, one of the following browsers must be installed on the computer:
ď‚·
Mozilla™ Firefox™ 24.
ď‚·
Internet Explorer® 10.
ď‚·
Google Chrome™ 30.
To enable the operation of the Kaspersky Security web interface, an Apache web server must be installed on the computer hosting the web interface.
D
ISTRIBUTION KIT
You can purchase the application through Kaspersky Lab's online stores (for example, http://www.kaspersky.com
, in the
Online Shop section) or partner companies.
The content of the distribution kit may differ depending on the region, in which the application is distributed.
If Kaspersky Security is purchased through an online store, the application is copied from the store's website. Information required to activate the application is sent to you by email after payment.
For more details on ways of purchasing and the distribution kit, contact the Sales Department by the [email protected]
.
16
APPLICATION ARCHITECTURE
This section describes Kaspersky Security and the logic of their interaction.
I
N THIS SECTION
M
AIN COMPONENTS
Kaspersky Security includes the following components:
ď‚·
Filter
– receives and forwards mail messages to/from the application's mail server. Kaspersky Security includes several filters used in accordance with the mail server and the type of integration with Kaspersky Security:
ď‚·
Milter.
ď‚·
Smtp-proxy.
ď‚·
Dlfunc.
ď‚·
Qmail-queue binary.
ď‚·
Klms-watchdog
– the main component for processing mail messages. It consists of the following modules:
ď‚·
Scan Logic is a module that controls message scanning (hereinafter also "Scan Logic module"). It includes a MIME parser and content filter.
ď‚·
AV-engine
– scans messages for viruses (hereinafter "the Anti-Virus engine").
ď‚·
AS-engine
– scans messages for spam (hereinafter "the Anti-Spam engine").
ď‚·
AP-engine
– scans messages for phishing threats (hereinafter "the Anti-Phishing engine").
ď‚·
Updater
– updates Anti-Virus, Anti-Spam, and Anti-Phishing databases.
ď‚·
Backup
– allows messages to be restored to their original form with no changes.
ď‚·
Auth
– interfaces with user registration systems.
ď‚·
Statistics
– collects statistical information.
ď‚·
Settings-manager
– stores task and rule settings for processing messages in the database; exports and imports these settings and notifies other modules of any changes.
ď‚·
Facade
– allows the application to interface with utilities and administration systems.
ď‚·
Licenser
– manages keys.
ď‚·
Notifier
– generates messages with notifications of importance to the administrator.
ď‚·
Event_manager
– delivers notifications about events to other application modules.
17
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
Smtp_sender
– sends notifications.
ď‚·
Task manager
– controls the start/stop sequence of other modules.
ď‚·
Klms-postgres
– a database storing application settings, statistics for reports, and metadata of objects in
Backup. Metadata of objects in backup may be stored in a database that is stored externally (outside the application).
ď‚·
Klms-control
– a utility used to set application settings (task settings and message processing rules (see section
O
PERATION ALGORITHM
The application runs according to the following algorithm:
1. The filter receives a message from the mail server and forwards it to the Scan Logic module.
2. The Scan Logic message scanning control module determines the rule by which the application will process the
email message (see section "About message processing rules" on page 76 ).
3. The application scans the message in accordance with the settings for the rule. If all scans are set to run in accordance with the rule settings, the application performs them in the following order: a. Anti-Spam scan;
b. Anti-Virus scan (see section "About Anti-Virus email protection" on page 92 );
c.
Anti-Phishing scan (see section "About Anti-Phishing email protection" on page 101 );
d. content filtering (see section "About content filtering of messages" on page 105 ).
4. Based on the results of message scanning, Scan Logic adds a status tag at the beginning of the message
) the application takes the action (see section "About actions on objects" on page 80 )
configured in the message processing rule settings on the message. Infected objects are treated by default, and cured if possible.
6. After scanning and processing, Scan Logic forwards the message to the filter.
7. The filter forwards the processed message with notifications on the scan and disinfection results to the mail server.
8. The mail server delivers the message to local users or routes it to other mail servers.
18
INSTALLING AND REMOVING THE
APPLICATION
This section contains step-by-step instructions for application installation and removal.
I
N THIS SECTION
P
REPARING TO INSTALL
Before you install Kaspersky Security:
ď‚·
ď‚· download the Kaspersky Security installation package in .tgz, .deb, or .rpm format from the website of the online
store to your computer (see section "Distribution kit" on page 16 );
ď‚· install the glibc package (64-bit operating systems require the 32-bit version of glibc).
Before installing Kaspersky Security on a computer running the Debian or Ubuntu operating system, you need to execute the following command: # locale-gen en_US.UTF-8.
The installation package for the Kaspersky Security web interface is required only if you want to manage the application through the browser.
Before you install the Kaspersky Security web interface:
ď‚· make sure that your computer meets the hardware and software requirements;
ď‚· download the installation package for the Kaspersky Security web interface in .deb or .rpm format from the
Online Shop (the installation package for the web interface is required only if you want to manage the application through the browser);
19
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚· install the following Apache modules: mod_ssl, mod_include, mod_dir, mod_expires (if not already installed) and enable them using the command: # a2enmod (if not already enabled):
# a2enmod ssl
# a2enmod include
# a2enmod dir
# a2enmod expires
For the localization packages to work correctly, the system has to support the corresponding languages.
For example, if you need to install the Russian localization package klms-l10n-ru_<version_number>_i386.deb under Debian GNU/Linux 6.0, make sure that the system supports the Russian language before installing it.
To do so, execute the following command that shows the list of languages supported by the system:
# locale -a
If Russian is not on this list, you have to install it.
Execute the following command:
# dpkg-reconfigure locales
Only then can you install the klms-l10n-ru_<version_number>_i386.deb package.
Follow the same steps for the Chinese language or any other localization.
U
PGRADING FROM A PREVIOUS VERSION OF THE
APPLICATION
The process of upgrading Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 to Kaspersky Security 8.0 for Linux
Mail Server Maintenance Pack 1 includes several stages:
Server Critical Fix 1 package.
2. Updating Kaspersky Security settings (see page 22 ) using the application settings update script.
3. Installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface package (see
the Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 web interface package.
Steps 1 and 3 can be performed simultaneously if Kaspersky Security and the application web interface are installed on the same mail server.
update script.
language packages of the previous application version.
After Kaspersky Security is upgraded, the threat detection statistics, reports, and objects in Backup and Anti-Spam
Quarantine are preserved.
20
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
If Kaspersky Security localization packages were installed for the previous version of the application, it is required to delete localization packages prior to upgrading by executing the following command:
# rpm -e klms_<localization>
I
N THIS SECTION
I
NSTALLING
K
ASPERSKY
S
ECURITY ON TOP OF THE PREVIOUS
VERSION
This section describes the procedure for installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 package on top of the Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 package on computers running under
Linux and FreeBSD operating systems.
Installing Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 on a computer running under the Linux operating system
To install Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 from an RPM package, execute the following command:
# rpm -U klms-<version number>.i386.rpm
To install Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 from a DEB package on a 32-bit operating system, execute the following command:
# dpkg -i klms_<version_number>_i386.deb
To install Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 from a DEB package on a 64-bit operating system, execute the following command:
# dpkg --force-architecture -i klms_<version_number>_i386.deb
After running the command, the application is installed automatically.
Installing Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 on a computer running under the FreeBSD operating system
Prior to installing Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 on a computer running under the
FreeBSD operating system, remove the previous version of Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1.
To remove the previous version of Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1, execute the following command:
# pkg_delete klms_<version_number>
Do not run the klms-cleanup script after removing the previous version of Kaspersky Security 8.0 for Linux Mail
Server Critical Fix 1, as doing so will erase information about the configured application settings.
21
A
D M I N I S T R A T O R
'
S
G
U I D E
To install Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1, execute the following command:
# pkg_add klms_<version_number>.tgz
After running the command, the application is installed automatically.
After installing Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1, run the Kaspersky Security settings
update script (see section "Updating Kaspersky Security settings" on page 22 ).
U
PDATING
K
ASPERSKY
S
ECURITY SETTINGS
After installing Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1, run the Kaspersky Security settings update script. The Kaspersky Security settings update script is included in the Kaspersky Security installation package.
The configured application settings and mail server integration settings are preserved on computers running under the
Linux operating system after Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 is upgraded to Kaspersky
Security 8.0 for Linux Mail Server Maintenance Pack 1. You have to update the Kaspersky Security settings in order to apply the values of settings that have been added or modified in Kaspersky Security 8.0 for Linux Mail Server
Maintenance Pack 1.
The application has to be integrated with the mail server again manually or automatically on computers running under the
FreeBSD operating system after Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 is upgraded to Kaspersky
Security 8.0 for Linux Mail Server Maintenance Pack 1.
To run the Kaspersky Security settings update script, execute the following command:
ď‚· under Linux:
# /opt/kaspersky/klms/bin/klms-upgrade.pl
ď‚· under FreeBSD:
# /usr/local/bin/klms-upgrade.pl
The script will prompt you to specify the values of Kaspersky Security settings one step at a time.
When upgrading Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 to Kaspersky Security 8.0 for Linux Mail
Server Maintenance Pack 1, automatic update of application settings via the auto-reply file is not possible.
I
NSTALLING THE
K
ASPERSKY
S
ECURITY WEB INTERFACE ON TOP OF
THE PREVIOUS VERSION
This section describes the procedure for installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface package on top of the Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 web interface package on computers running under Linux and FreeBSD operating systems.
Installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface on a computer running under the Linux operating system
To install the Kaspersky Security web interface from an RPM package on a 32-bit operating system, execute the following command:
# rpm -U klmsui-<version_number>.i386.rpm
22
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
To install the Kaspersky Security web interface from an RPM package on a 64-bit operating system, execute the following command:
# rpm -U klmsui-<version_number>.x86_64.rpm
To install the Kaspersky Security web interface from a DEB package on a 32-bit operating system, execute the following command:
# dpkg -i klmsui_<version_number>_i386.deb
To install the Kaspersky Security web interface from a DEB package on a 64-bit operating system, execute the following command:
# dpkg -i klmsui_<version_number>_amd64.deb
After the command is executed, the application web interface is installed automatically.
Installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface on a computer running under the FreeBSD operating system
Prior to installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface on a computer running under the FreeBSD operating system, remove the Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 web interface.
To remove the Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 web interface, execute the following command:
# pkg_delete klmsui-<version_number>
To install the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface, execute the following command:
# pkg_add klmsui-<version_number>.tgz
After the command is executed, the application web interface is installed automatically.
After installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface, run the Kaspersky
U
PDATING
K
ASPERSKY
S
ECURITY WEB INTERFACE SETTINGS
After installing the Kaspersky Security 8.0 for Linux Mail Server Maintenance Pack 1 web interface, run the Kaspersky
Security web interface settings update script. The Kaspersky Security web interface settings update script is included in the Kaspersky Security web interface installation package.
To run the Kaspersky Security web interface settings update script, execute the following command:
ď‚· under Linux:
# /opt/kaspersky/klmsui/bin/klmsui-upgrade.pl
ď‚· under FreeBSD:
# /usr/local/bin/klmsui-upgrade.pl
When updating web interface of Kaspersky Security 8.0 for Linux Mail Server Critical Fix 1 to Kaspersky Security 8.0 for
Linux Mail Server Maintenance Pack 1, automatic update of application settings via the auto-reply file is not possible.
23
A
D M I N I S T R A T O R
'
S
G
U I D E
I
NSTALLING THE APPLICATION
The installation includes several steps:
You must have root privileges to initiate installation of the Kaspersky Security package.
Installation of this package is required only if you want to manage the application through the browser.
3. Installing localization packages. Installation packages must be installed prior to running initial application configuration scripts of Kaspersky Security. Only in this case will you be able to read the License Agreement and the Kaspersky Security Network Statement in the right language.
I
N THIS SECTION
S
TEP
1.
I
NSTALLING THE
K
ASPERSKY
S
ECURITY PACKAGE
Kaspersky Security is distributed in packages in .tgz, .deb, and .rpm format.
To install Kaspersky Security from an .rpm package, execute the following command:
# rpm -i klms-<version_number>.i386.rpm
To install Kaspersky Security from a .deb package on a 32-bit operating system, execute the following command:
# dpkg -i klms_<version_number>_i386.deb
To install Kaspersky Security from a .deb package on a 64-bit operating system, execute the following command:
# dpkg --force-architecture -i klms_<version_number>_i386.deb
After running the command, the application is installed automatically.
After Kaspersky Security has been installed, run the Kaspersky Security initial configuration script (see section
"Preparing Kaspersky Security for operation" on page 26 ).
S
TEP
2.
I
NSTALLING THE
K
ASPERSKY
S
ECURITY WEB INTERFACE
PACKAGE
The Kaspersky Security web interface can be installed from a .deb or .rpm package.
To install the web interface from a .deb package on a 32-bit operating system, execute the following command:
# rpm -i klmsui-<version_number>.i386.rpm
24
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
To install the web interface from a .deb package on a 64-bit operating system, execute the following command:
# rpm -i klmsui-<version_number>.x86_64.rpm
To install the web interface from a .deb package on a 32-bit operating system, execute the following command:
# dpkg -i klmsui_<version_number>_i386.deb
To install the web interface from a .deb package on a 64-bit operating system, execute the following command:
# dpkg -i klmsui_<version_number>_amd64.deb
To install the web interface on a computer running under the FreeBSD operating system, execute the following command:
# pkg_add klmsui-<version_number>.tgz
After the Kaspersky Security web interface has been installed, run the Kaspersky Security web interface initial
I
NSTALLING THE WEB INTERFACE PACKAGE ON A DIFFERENT COMPUTER
This section describes the case when the web server and the mail server are installed on different computers.
The Kaspersky Security web interface can be installed from a .deb or .rpm package.
To install the web interface from a .deb package on a 32-bit operating system, execute the following command:
# rpm -i klmsui-<version_number>.i386.rpm
To install the web interface from a .deb package on a 64-bit operating system, execute the following command:
# rpm -i klmsui-<version_number>.x86_64.rpm
To install the web interface from a .deb package on a 32-bit operating system, execute the following command:
# dpkg -i klmsui_<version_number>_i386.deb
To install the web interface from a .deb package on a 64-bit operating system, execute the following command:
# dpkg -i klmsui_<version_number>_amd64.deb
To install the web interface on a computer running under the FreeBSD operating system, execute the following command:
# pkg_add klmsui-<version_number>.tgz
To configure the Facade module that enables the application to interact with utilities and administration systems:
1. Export the Facade task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <Facade task ID> -f <settings file name> or
# /opt/kaspersky/klms/bin/klms-control \
--get-settings Facade -n -f <name of the settings file>
2. Open the XML file to edit the task settings.
25
A
D M I N I S T R A T O R
'
S
G
U I D E
3. In the <port> </port> section, specify the port for interaction with the web interface.
4. In the <interfaceAddress> </interfaceAddress> section, specify the IP address of the computer where the web interface is installed.
5. Save the changes made.
6. Import the Facade task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <Facade task ID> -f <name of the settings file> or
# /opt/kaspersky/klms/bin/klms-control \
--get-settings Facade -n -f <name of the settings file>
To configure the connection to the Apache web server:
1. Open the /etc/apache2/conf.d/klmsui.conf file with web interface settings.
2. Specify the IP address of the mail server and the port of the Facade module in the line
FastCgiExternalServer /opt/kaspersky/klmsui/share/htdocs/cgi-bin/klwi -host
127.0.0.1:2711.
After the Kaspersky Security web interface has been installed, run the Kaspersky Security web interface initial
P
REPARING
K
ASPERSKY
S
ECURITY FOR OPERATION
After the installation, Kaspersky Security needs to be configured.
Kaspersky Security initial configuration consists of a series of steps in the form of a script for the user's convenience.
The initial configuration script should be started after Kaspersky Security has been installed. The initial configuration script for Kaspersky Security is included in the installation package.
To run the Kaspersky Security initial configuration script, execute the following command:
ď‚· under Linux:
# /opt/kaspersky/klms/bin/klms-setup.pl
ď‚· under FreeBSD:
# /usr/local/bin/klms-setup.pl
26
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
I
N THIS SECTION
S
TEP
1.
S
ELECTING THE LANGUAGE FOR VIEWING THE
L
ICENSE
A
GREEMENT AND THE
K
ASPERSKY
S
ECURITY
N
ETWORK
S
TATEMENT
At this step you can select the language in which the text of the License Agreement and the Kaspersky Security Network
Statement will be displayed.
Language selection is available if additional localization packages are installed in the system. If no additional localization packages have been installed, the text of the License Agreement and the Kaspersky Security Network Statement are displayed in the English language.
S
TEP
2.
R
EVIEWING THE
L
ICENSE
A
GREEMENT
At this step, you have to accept or decline the terms of the License Agreement.
To view the License Agreement:
1. Press ENTER.
The text of the License Agreement is displayed. To move through the text, use the cursor control keys or the B and F keys (to move backward or forward one screen, respectively). To view help, press the H key.
2. Press the Q key to exit the viewing mode.
27
A
D M I N I S T R A T O R
'
S
G
U I D E
3. Do one of the following:
ď‚·
To accept the License Agreement, enter yes (or y).
ď‚·
To reject the License Agreement, enter no (or n).
4. Press ENTER.
If you rejected the License Agreement, initial configuration is discontinued.
You can also view the text of the License Agreement by opening the relevant file. The file with the text of the End User
License Agreement is located at the following path:
ď‚· for the application installed on a computer running under Linux: /opt/kaspersky/klms/share/doc/LICENSE, for the web interface: /opt/kaspersky/klmsui/share/doc/LICENSE;
ď‚· for the application installed on a computer running under FreeBSD: /usr/local/share/doc/klms/LICENSE, for the web interface: /opt/kaspersky/klmsui/share/doc/LICENSE.
S
TEP
3.
P
ARTICIPATING IN
K
ASPERSKY
S
ECURITY
N
ETWORK
At this step you need to accept or decline participation in Kaspersky Security Network (KSN).
Kaspersky Security Network (KSN) is an infrastructure of online services that provides access to the online Kaspersky
Lab Knowledge Base, which contains information about the reputation of files, web resources, and software. Data from
Kaspersky Security Network ensures faster response by Kaspersky Security to new threats, improves the performance of some protection components, and reduces the risk of false positives.
Thanks to users who participate in Kaspersky Security Network, Kaspersky Lab is able to promptly gather information about types and sources of new threats, develop solutions for neutralizing them, and minimize the number of false positives.
Participation in Kaspersky Security Network also lets you access reputation statistics for applications and websites.
When you participate in the Kaspersky Security Network, certain statistics collected while Kaspersky Linux Mail Security protects your computer are sent to Kaspersky Lab automatically.
No personal data is collected, processed, or stored.
Participation in Kaspersky Security Network is voluntary. You are prompted to decide during initial configuration of
Kaspersky Security, but you can change your decision at any time later.
To check the connection to the KSN Participation Agreement:
1. Press ENTER.
The text of the agreement is displayed. To move through the text, use the cursor control keys or the B and F keys (to move backward or forward one screen, respectively). To view help, press the H key.
2. Press the Q key to exit the viewing mode.
3. Do one of the following:
ď‚·
To accept the terms of the Kaspersky Security Network Statement, type yes (or y).
ď‚·
To reject the terms of the Kaspersky Security Network Statement, type no (or n).
4. Press ENTER.
Port 443 (TCP) must be open to enable data exchange with KSN.
28
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
You can also view the text of the Kaspersky Security Network Statement straight from the file. The file with the text of the
Kaspersky Security Network Statement is located at the following path:
ď‚· for the application installed on a computer running under Linux: /opt/kaspersky/klms/share/doc/LICENSE_ksn.
ď‚· for the application installed on a computer running under FreeBSD: /usr/local/share/doc/klms/LICENSE_ksn.
S
TEP
4.
S
ELECTING THE BACKUP DIRECTORY
At this step, you can specify the directory where backup copies of mail messages processed by Kaspersky Security are to be stored, or select the default directory.
To specify the backup directory:
1. Specify the full path to the directory for storing the backup copies of mail messages.
2. Press ENTER.
To accept the default backup directory,
press ENTER.
The default path is/var/opt/kaspersky/klms/backup.
S
TEP
5.
B
ACKUP CONNECTION SETTINGS
At this step, you can specify the settings for connecting the application to Backup database or select the default connection settings.
You can use an external database as Backup. Kaspersky Security supports PostgreSQL databases of version 9.1 or later.
To specify Backup connection settings:
1. Specify Backup connection settings in the following format:
[dbname=<database name> user=<user name> host=<database socket>]
2. Press ENTER.
To select default Backup connection settings,
press ENTER.
The proposed default connection settings are as follows: [dbname=backup user=kluser host=/var/run/klms].
S
TEP
6.
S
ELECTING THE SOCKET
During this step, you need to specify the socket that Scan Logic uses to listen for incoming connections from the filter.
To specify the socket:
1. Specify the IP address and port number or the UNIX socket that Scan Logic will use to listen for incoming connections as follows: inet:<port>@<IP address>(for network sockets) or unix:<path to UNIX socket> (for UNIX sockets).
The default UNIX socket is: unix: /var/run/klms/klms_scanner_sock
2. Press ENTER.
29
A
D M I N I S T R A T O R
'
S
G
U I D E
S
TEP
7.
M
ANAGING
K
ASPERSKY
S
ECURITY VIA THE WEB
INTERFACE
At this step, you can specify whether or not the web interface will be used for managing Kaspersky Security.
To specify that the web interface will be used,
type yes (or y) and press Enter.
The web interface is disabled by default.
S
TEP
8.
S
ELECTING THE
TCP
PORT FOR INTERACTION WITH THE
A
PACHE MODULE
This step is displayed if you enabled the web interface for managing Kaspersky Security at the previous step.
At this step, you can specify the number of the TCP port to be used by Kaspersky Security for interaction with the web interface.
To specify the TCP port number,
enter the port number and press ENTER.
The default option is 2711.
S
TEP
9.
A
SSIGNING A PASSWORD TO ACCESS THE WEB INTERFACE
At this step, you can specify the Administrator account password for access to the web-based interface of the application.
If you do not specify a password for access to the web interface at this step, you can do so later using the utility
/opt/kaspersky/klms/bin/klms-control --set-web-admin-password.
To enter a password for access to the web-interface, perform the following steps:
1. Enter yes.
The default option is no.
2. Press ENTER.
3. Specify the password for the Administrator account.
The password must contain at least eight characters and meet at least three of the following four requirements:
ď‚·
Contain at least one upper-case character.
ď‚·
Contain at least one lower-case character.
ď‚·
Contain at least one special character.
ď‚·
Contain at least one numeral.
4. Confirm the password.
5. Press ENTER.
30
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
S
TEP
10.
S
ELECTING THE TYPE OF INTEGRATION WITH THE MAIL
SERVER
At this step you need to run the setting scenario.
To run the setting scenario execute the following command:
# /opt/kaspersky/klms/bin/klms-setup.pl
After that you need to select the type of integration of Kaspersky Security with the mail server: automatic or manual.
Kaspersky Security can be integrated with the following mail servers:
ď‚·
Exim.
ď‚·
Postfix.
ď‚·
Sendmail
ď‚· qmail.
To perform automatic integration of Kaspersky Security with the mail server:
1. Enter the number specified next to the name of the mail server.
2. Press ENTER.
3. Depending on which server you selected at step 1 of the instructions, perform the actions described in the sections that follow:
ď‚·
integration with Sendmail server (see page 32);
ď‚·
integration with Exim server (see page 33);
ď‚·
integration with Postfix server (see page 33);
ď‚·
integration with qmail server (see page 32).
If you choose not to integrate the application with the mail server at this step automatically, you can perform manual
To decline automatic integration of Kaspersky Security with the mail server:
1. Enter the number specified next to the option Manual integration.
2. Press ENTER.
I
N THIS SECTION
31
A
D M I N I S T R A T O R
'
S
G
U I D E
I
NTEGRATING WITH QMAIL SERVER
The application performs integration with the qmail server automatically.
If the initial configuration script cannot find the path to the directory containing the qmail executable file during installation, perform the following instructions.
To specify the path to the directory containing the qmail executable file:
1. Specify the full path to the directory containing the qmail executable file.
2. Press ENTER.
If the initial configuration script cannot find the standard qmailq user account during installation, specify the user account with the rights to start the qmail service.
To specify the qmail user account:
1. Specify the user account with the rights to start the qmail service.
2. Press ENTER.
I
NTEGRATING WITH
S
ENDMAIL SERVER
To integrate Kaspersky Security with Sendmail:
1. Select the method for integration with the Sendmail server:
ď‚·
If you want changes to be made to the .mc file and then use that file to create the .cf file during integration, enter 1.
ď‚·
If you want changes to be made to the .cf configuration file during integration, enter 2.
The default option is 1.
2. Press ENTER.
3. Specify the IP address and port number or the UNIX socket that the filter will use to listen for incoming connections as follows: inet:<port>@<IP address> (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets).
The default UNIX socket is unix:/var/opt/kaspersky/klms/klms_milter.
4. Press ENTER.
5. Select the action that the Sendmail server must take on the message in case of filter error:
ď‚·
If you want Sendmail to accept the message without scanning, enter 2 to select the accept option.
ď‚·
If you want Sendmail to reject the message, enter 1 to select the reject option.
ď‚·
If you want Sendmail to notify the sender of the temporary inability to accept the message, enter 3 to select the tempfail option.
The default option is tempfail.
6. Press ENTER.
32
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
I
NTEGRATING WITH
E
XIM MAIL SERVER
To integrate Kaspersky Security with Exim:
1. Select the type of integration with the Exim mail server:
ď‚·
If you want to perform a before-queue integration of Kaspersky Security with Exim using dynamic linking
(dlfunc), enter 1.
Make sure that Exim supports dlfunc-based content filtering. To do so, run the exim -bV command. The following represents a positive result: Expand_dlfunc.
ď‚·
If you want to perform after-queue integration of Kaspersky Security with Exim via SMTP by rerouting, enter 2.
The default option is 1 (if Exim supports dlfunc-based content filtering).
2. Press ENTER.
3. If your choice is 2, do the following: a. Specify the port number where the smtp_proxy filter will listen for messages from the mail server.
The default option is 10025. b. Press ENTER. c. Specify the port number where the message will go after being scanned.
The default option is 10026. d. Press ENTER.
I
NTEGRATING WITH
P
OSTFIX MAIL SERVER
To integrate Kaspersky Security with Postfix:
1. Select the type of integration with the Postfix mail server:
ď‚·
To perform before-queue integration of Kaspersky Security with Postfix, enter 1.
ď‚·
To perform after-queue integration of Kaspersky Security with Postfix, enter 2.
ď‚·
To integrate Kaspersky Security with Postfix using Milter functions, enter 3.
The default option is 3.
2. Press ENTER.
3. Specify the IP address and port number or UNIX socket that the smtp_proxy filter will use to listen for messages from the mail server as follows: inet:<port>@<IP address>(for network sockets) or unix:<path to
UNIX-socket> (for UNIX sockets).
ď‚·
If you selected the first option at step 1, the default UNIX socket is unix.
ď‚·
If you selected the second option at step 1, only network socket is available in the following format inet:<port>@<IP address>. The default socket is inet:[email protected].
ď‚·
If you selected the third option at step 1, the default UNIX socket is unix:/var/run/klms/klms_milter_sock.
33
A
D M I N I S T R A T O R
'
S
G
U I D E
4. Press ENTER.
5. If you entered 2 at step 1, specify the port number to which the message will be forwarded after being scanned.
The default option is 10026.
6. Press ENTER.
7. If you entered 3 at step 1, select the action that Postfix must take on the message in case of filter error:
ď‚·
If you want Postfix to accept the message without scanning, enter 2 to select the accept option.
ď‚·
If you want Postfix to reject the message, enter 1 to select the reject option.
ď‚·
If you want Postfix to notify the sender of the temporary inability to accept the message, enter 3 to select the tempfail option.
The default option is tempfail.
8. Press ENTER.
S
TEP
11.
C
ONFIGURING THE PROXY SERVER SETTINGS
If you access the Internet via a proxy server, you can configure it at this step. An Internet connection is required to download the Anti-Virus and Anti-Spam databases from Kaspersky Lab's update servers. If you choose not to configure
If you do not use a proxy server to connect to the Internet, press ENTER.
To specify that a proxy server should be used,
type yes (or y) and press Enter.
You will be prompted to specify the IP address and port of the proxy server.
To specify the IP address and port of the proxy server,
enter the proxy server address in the IP_address_of_proxy_server:port format and press Enter.
You will be prompted to choose whether or not authentication is required upon connecting to the proxy server:
ď‚·
If authentication is not required, type no (or n) and press Enter.
ď‚·
If authentication is required, type yes (or y) and press Enter.
To set user name and password, perform the following steps:
1. Enter the proxy server login name and press Enter.
You will be prompted to set a password.
2. Enter the password for accessing the proxy server and press Enter.
The proxy server will be configured with authentication.
34
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
S
TEP
12.
A
DDING A KEY
At this step, you can specify the path to the key file. The key file contains information that is used to verify the right to use
Kaspersky Security and defines the period of its use. You can add a key during initial configuration of Kaspersky Security
To add a key during initial configuration:
1. Specify the full path to the key file.
2. Press ENTER.
To not add a key:
1. Enter a blank line.
2. Press ENTER.
If no key is added, Kaspersky Security does not protect the computer.
S
TEP
13.
U
PDATING DATABASES
At this step, Anti-Virus and Anti-Spam databases of the application are updated automatically.
The database update schedule is configured by default, with databases updated once every 5 minutes.
S
TARTING AUTOMATIC INITIAL CONFIGURATION OF
K
ASPERSKY
S
ECURITY
Initial configuration of Kaspersky Security can be performed in automatic mode.
A file with saved answers can be created using the --create-auto-install=<full path to the configuration file> parameter when executing the initial application configuration script.
Possible values should be typed using lower-case characters.
To start initial configuration of Kaspersky Security in automatic mode, execute the following command:
ď‚· under Linux:
/opt/kaspersky/klms/bin/klms-setup.pl \
--auto-install=<full path to the configuration file with the saved answers>
ď‚· under FreeBSD:
/usr/local/bin/klms-setup.pl \
--auto-install=<full path to the configuration file with the saved answers>
The settings of the configuration file with answers are given in the following table.
35
A
D M I N I S T R A T O R
'
S
G
U I D E
S
ETTING
EULA_AGREED
KSN_AGREED
KEY_FILE
BACKUP_CUSTOM_PATH
BACKUP_CUSTOM_DB
SCANNER_SOCKET
MTA
POSTFIX_INTEGRATION_TYPE
POSTFIX_MILTER_SOCKET
D
ESCRIPTION
Table 2. Settings of the configuration file with answers
A
VAILABLE VALUES
Required setting.
Acceptance of the terms of the License agreement. yes
Required setting. yes | no
Acceptance of the terms of the Kaspersky Security
Network Statement.
Optional setting.
Path to the key file.
<path>
Case sensitive.
<path>
Optional setting.
Custom path to Backup. If the line with this setting is skipped, the default path to Backup is used
(/var/opt/kaspersky/klms/backup).
Case sensitive.
Optional setting.
<connection_string>
Case sensitive. Custom path for connecting to the Backup database.
If the line with this setting is skipped, the default setting is used (dbname=backup user=kluser host=/var/run/klms).
Kaspersky Security supports PostgreSQL databases of version 9.1 or later.
Optional setting.
Socket used by the scanner. If the line with this setting is skipped, the default setting is used
(unix:/var/run/klms/klms_scanner_sock). inet:port@IP | unix:<path_to_socket>
Case sensitive.
Required setting.
Type of integration with the mail server. postfix | exim | sendmail | qmail | manual
Required setting.
Type of integration with the Postfix mail server. prequeue | afterqueue
| milter
Optional setting.
Socket used for integration with the Postfix mail server via the Milter protocol.
If the line with this setting is skipped, the setting takes the value inet:[email protected].
The setting is ignored if:
ď‚·
The value of the MTA setting is not equal to "postfix". inet:port@IP | unix:<path_to_socket>
Case sensitive.
ď‚·
The value of the
POSTFIX_INTEGRATION_TYPE setting is not equal to "milter".
36
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
S
ETTING
D
ESCRIPTION
A
VAILABLE VALUES
POSTFIX_SMTP_PROXY_SOCKET Optional setting.
Socket used for integration with the Postfix mail server with "after-queue" and "before-queue" integration types.
If the line with this setting is skipped, the setting takes the value inet:[email protected].
The setting is ignored if:
ď‚·
The value of the MTA setting is not equal to "postfix". inet:port@IP | unix:<path_to_socket>
Case sensitive.
POSTFIX_FORWARD_PORT
POSTFIX_FAILTYPE
EXIM_INTEGRATION_TYPE
EXIM_FORWARD_PORT
ď‚·
The value of the
POSTFIX_INTEGRATION_TYPE setting is equal to "milter".
Optional setting.
TCP port for forwarding scanned messages in the case of integration with the Postfix mail server.
<port>
If the line with this setting is skipped, the setting takes the value "10026".
The setting is ignored if the value of the MTA setting is not equal to "postfix".
Optional setting.
Default action on a message in the case of integration with the Postfix mail server via the
Milter protocol.
If the line with this setting is skipped, the setting takes the value "Tempfail".
The setting is ignored if: accept | reject | tempfail
ď‚·
The value of the MTA setting is not equal to "postfix".
ď‚·
The value of the
POSTFIX_INTEGRATION_TYPE setting is not equal to "milter".
The setting is required if the MTA value is equal to
"exim". dlfunc | afterqueue
Type of integration with the Exim mail server.
If the line with this setting is skipped, the setting takes the value "dlfunc" (if the Exim version has been compiled with support of dynamic linking).
The setting is ignored if the value of the MTA setting is not equal to "exim".
Optional setting.
TCP port for forwarding scanned messages in the case of integration with the Exim mail server.
If the line with this setting is skipped, the setting takes the value "10026".
The setting is ignored if the value of the MTA setting is not equal to "exim".
<port>
37
A
D M I N I S T R A T O R
'
S
G
U I D E
S
ETTING
EXIM_FILTER_PORT
SENDMAIL_USES_MC
SENDMAIL_MILTER_SOCKET
SENDMAIL_FAILTYPE
QMAIL_BIN_DIR
QMAIL_USER
D
ESCRIPTION
A
VAILABLE VALUES
Optional setting.
Port to be monitored by the scanner when filtering messages arriving from the Exim mail server.
<port>
If the line with this setting is skipped, the setting takes the value "10025".
The setting is ignored if the value of the MTA setting is not equal to "exim".
Optional setting.
Enables the option to edit or compile a file with the
.mc extension, or edit a file with the .cf extension.
0 | 1
If the line with this setting is skipped, the setting takes the value "1".
The setting is ignored if the value of the MTA setting is not equal to "sendmail".
Optional setting.
Socket used for integration with the Sendmail mail server via the Milter protocol. inet:port@IP | unix:<path_to_socket>
Case sensitive.
If the line with this setting is skipped, the setting takes the value inet:[email protected].
The setting is ignored if:
ď‚·
The value of the MTA setting is not equal to "sendmail".
ď‚·
The value of the SENDMAIL_USES_MC setting is not equal to 1.
Optional setting.
Default action on a message in the case of integration with the Sendmail mail server via the
Milter protocol.
If the line with this setting is skipped, the setting takes the value "tempfail".
The setting is ignored if:
ď‚·
The value of the MTA setting is not equal to "sendMail". accept | reject | tempfail
ď‚·
The value of the SENDMAIL_USES_MC setting is not equal to 1.
<path>
Case sensitive.
Optional setting.
Path to the Qmail directory.
If the line with this setting is skipped, the setting takes the value "var/qmail/bin".
The setting is ignored if the value of the MTA setting is not equal to "qmail".
Optional setting. The default value is "qmaild".
Specifies the user login for the Qmaild service.
The line with the setting is ignored if the value of the MTA setting is not equal to "qmail".
<login>
Case sensitive.
38
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
S
ETTING
USE_UI
WEB_UI_PORT
WEB_UI_IFACE_ADDR
WEB_PASSWORD
D
ESCRIPTION
Optional setting.
Enables the option to use the web interface for managing the application.
If the line with this setting is skipped, the setting takes the value "no".
Optional setting.
TCP port for interaction with the Apache server.
If the line with this setting is skipped, the setting takes the value "2711".
The setting is ignored if the value of the USE_UI setting is equal to "no".
Optional setting.
A
VAILABLE VALUES
yes | no
<port>
Host IP address where Kaspersky Security web interface is installed.
The setting is ignored if the value of the USE_UI setting is equal to "no".
Optional setting.
Administrator password for accessing the web interface of the application.
If the line with this setting is skipped, the
Administrator password is not specified.
If the password specified in the line is not subject to validation, the Administrator password is not specified.
<password>
Case sensitive.
The password will not be saved in the file with answers if this password as specified during the execution of the klms-setup.pl script.
P
REPARING
K
ASPERSKY
S
ECURITY WEB INTERFACE FOR
OPERATION
After Kaspersky Security web interface has been installed, you need to perform an initial configuration.
Initial configuration of the Kaspersky Security web interface consists of a series of steps in the form of a script for the user's convenience. The initial configuration script should be started after the Kaspersky Security web interface has been installed. The initial configuration script for the Kaspersky Security web interface is included in the installation package.
To run the initial configuration script for the Kaspersky Security web interface, execute the following command:
ď‚· under Linux:
# /opt/kaspersky/klmsui/bin/klmsui-setup.pl
ď‚· under FreeBSD:
# /usr/local/bin/klmsui-setup.pl
39
A
D M I N I S T R A T O R
'
S
G
U I D E
The Administrator account is used for access to the Kaspersky Security web-interface. The password for this
I
N THIS SECTION
S
TEP
1.
S
ELECTING THE
L
ICENSE
A
GREEMENT LANGUAGE
At this step you can select the language in which the text of the License Agreement will be displayed.
Language selection is available if you have installed at least one additional localization package. If no additional localization packages have been installed, the text of the License Agreement is displayed in the English language.
S
TEP
2.
R
EVIEWING THE
L
ICENSE
A
GREEMENT
At this step, you have to accept or decline the terms of the License Agreement.
To view the License Agreement:
1. Press ENTER.
The text of the License Agreement is displayed. To move through the text, use the cursor control keys or the B and F keys (to move backward or forward one screen, respectively). To view help, press the H key.
2. Press the Q key to exit the viewing mode.
3. Do one of the following:
ď‚·
To accept the License Agreement, enter yes (or y).
ď‚·
To reject the License Agreement, enter no (or n).
4. Press ENTER.
If you rejected the License Agreement, initial configuration is discontinued.
You can also view the text of the License Agreement by opening the relevant file. The file with the text of the End User
License Agreement is located at the following path:
ď‚· for the application installed on a computer running under Linux: /opt/kaspersky/klms/share/doc/LICENSE, for the web interface: /opt/kaspersky/klmsui/share/doc/LICENSE;
ď‚· for the application installed on a computer running under FreeBSD: /usr/local/share/doc/klms/LICENSE, for the web interface: /opt/kaspersky/klmsui/share/doc/LICENSE.
40
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
S
TEP
3.
S
ELECTING AN
A
PACHE WEB SERVER
Before installing the web interface package for Kaspersky Security, you need to install the following Apache modules: mod_ssl, mod_include, mod_dir, mod_expires (if not already installed) and enable them using the command a2enmod (if not already enabled):
# a2enmod ssl
# a2enmod include
# a2enmod dir
# a2enmod expires
At this step, you can specify the Apache web server to be used by Kaspersky Security.
The initial configuration script for the application web interface automatically determines the location of the configuration and executable files of the Apache service and displays information about the Apache web server that is located.
If the initial configuration script for the application web interface correctly identified the location of the configuration and executable files of the Apache server, you need to confirm it.
If the initial configuration script for the web interface did not correctly locate the configuration and executable files for the
Apache service, or if you do not want to use the selected Apache web server, you need to manually specify the location of the Apache service files of the Apache web server that you want to use.
To confirm the location of the Apache service files:
1. Enter yes (or y).
2. Press ENTER.
To specify the location of the Apache service files:
1. Enter no (or n).
2. Press ENTER.
3. Specify the full path to the Apache executable file.
4. Press ENTER.
5. Specify the full path to the Apache configuration file.
6. Press ENTER.
7. Specify the full path to the Apache run script.
8. Press ENTER.
S
TEP
4.
S
ELECTING AN
A
PACHE SERVER VIRTUAL HOST
At this step, you need to specify a virtual host for the Apache web server.
To specify the virtual host:
1. Do one of the following:
ď‚·
If the Apache server virtual host is defined by its name, enter name.
ď‚·
If the Apache server virtual host is defined by its port number, enter port.
This option is selected by default.
41
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
If the Apache server virtual host is defined by its directory, enter dir.
When using the Apache web server virtual host defined by its directory, Kaspersky Security uses the connection settings specified in the Apache configuration file. An insecure HTTP connection is established by default. You can manually configure the Apache web server virtual host to use an encrypted SSL connection.
2. Press ENTER.
3. Do one of the following:
ď‚·
If you selected the name option at step 1, enter the name of the virtual host for the Apache web server.
ď‚·
If you selected the port option at step 1, enter the port number of the virtual host for the Apache web server.
The default option is 9045.
ď‚·
If you selected the dir option at step 1, enter the path to the directory where files of the Kaspersky
Security web interface will be stored.
The klms directory is offered by default.
4. Press ENTER.
S
TEP
5.
S
ELECTING A SOCKET TO INTERACT WITH
K
ASPERSKY
S
ECURITY
At this step, you need to specify a socket (IP address and port number) to enable interaction between the Apache web server and Kaspersky Security.
To specify an IP address and port number to enable interaction between the Apache web server and Kaspersky
Security:
1. Enter the IP address and port number in the format: <IP address>:<port>.
The default network socket is: 127.0.0.1:2711.
2. Press ENTER.
S
TEP
6.
S
ELECTING A CERTIFICATE
TRACER
S
ETTINGS
At this step, you need to specify a certificate to access the Kaspersky Security web interface.
You can create a new certificate or specify the path to a private key file and the path to an existing certificate on the computer.
To create a new certificate to access the web interface of the application:
1. Enter new.
2. Press ENTER.
A new certificate is created.
42
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
To specify the path to a private key file and the path to an existing certificate:
1. Type file and press ENTER.
2. Specify the path to the private key file and press ENTER.
3. Specify the path to the certificate file and press ENTER.
S
TARTING AUTOMATIC INITIAL CONFIGURATION OF THE WEB
INTERFACE OF
K
ASPERSKY
S
ECURITY
Initial configuration of the web interface of Kaspersky Security can be performed in automatic mode. A file with saved answers can be created using the --create-auto-install=<full path to the configuration file> parameter when executing the initial application configuration script.
Possible values should be typed using lower-case characters.
To start initial configuration of the Kaspersky Security web interface in automatic mode, execute the following command:
ď‚· under Linux:
/opt/kaspersky/klmsui/bin/klmsui-setup.pl \
--auto-install=<full path to the configuration file with the saved answers>
ď‚· under FreeBSD:
/usr/local/bin/klmsui-setup.pl \
--auto-install=<full path to the configuration file with the saved answers>
The settings of the configuration file with answers are given in the following table.
S
ETTING
WEB_EULA_AGREED
APACHE_BIN
APACHE_CONF_D
APACHE_INIT_D
VHOST_TYPE
D
ESCRIPTION
Table 3. Settings of the configuration file with answers
A
VAILABLE VALUES
yes
Required setting.
Acceptance of the terms of the License agreement.
Required setting.
Path to the directory of the Apache web server.
Required setting.
Path to the settings directory of the Apache web server.
Required setting.
Path to the startup script of the Apache web server.
Required setting.
Method of configuration of the virtual server of the
Apache web server.
<path>
Case sensitive.
<path>
Case sensitive.
<path>
Case sensitive. name | port | dir
43
A
D M I N I S T R A T O R
'
S
G
U I D E
S
ETTING
VHOST_PORT
VHOST_DIR
VHOST_HOST
UI_HOST
CERT_TYPE
CERT_KEY
CERT_CRT
IGNORE_APACHE_ARCH
D
ESCRIPTION
A
VAILABLE VALUES
Required setting if the value of the VHOST_TYPE setting is equal to "port".
Number of the port on the virtual server of the
Apache web server.
Required setting if the value of the VHOST_TYPE setting is equal to "dir".
Sets the path to the directory where files of the
Kaspersky Security web interface will be stored.
Required setting if the value of the VHOST_TYPE setting is equal to "name".
Sets the port number on the virtual server of the
Apache web server.
Required setting.
Server address and port of Kaspersky Security.
<port>
<url_subdir>
<hostname>
<host:port>
Required setting.
Type of certificate. If the type is set to "new", the certificate is generated by the configuration script.
The type "keep" is included in the list and selected by default if the certificate already exists. new | file | keep
Required setting if the value of the CERT_TYPE setting is equal to "file".
Path to the private key to the Apache web server.
<path>
Case sensitive.
Required setting if the value of the CERT_TYPE setting is equal to "file".
Path to the certificate of the Apache web server.
<path>
Case sensitive.
Optional setting.
Specifies whether or not to ignore the error when the klmsui-setup.pl script cannot determine the bit value of the installed Apache server. yes | no
If the bit value of the server cannot be determined and the key value is set to "yes", integration continues.
C
ONFIGURING ADMINISTRATION OF THE APPLICATION
THROUGH
K
ASPERSKY
S
ECURITY
C
ENTER
Kaspersky Security Center is designed for centrally managing and monitoring servers with Kaspersky Security installed by performing the primary administrative tasks. Kaspersky Security Center supports interaction through all network configurations that use the TCP/IP protocol.
Kaspersky Security Center supports the following operations in administering Kaspersky Security installed on mail servers:
ď‚· adding the active or additional key;
ď‚· viewing information about the protection status of a cluster of mail servers.
44
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
To configure the process of administering Kaspersky Security via Kaspersky Security Center:
package together with the Kaspersky Security setup package.
initial configuration script.
3. Install Kaspersky Security Console Plug-in. For detailed information on installing Kaspersky Security Console
Plug-in, refer to the Kaspersky Security Center Administrator's Guide.
I
N THIS SECTION
I
NSTALLING
N
ETWORK
A
GENT
Installation of Network Agent is required if you plan to manage Kaspersky Security using Kaspersky Security Center.
Network Agent comes in a separate package together with the Kaspersky Security distribution kit.
You must have root privileges to initiate installation of Network Agent.
To install Network Agent from an .rpm-package, execute the following command:
# rpm -i klnagent-<version_number>.i386.rpm
To install Network Agent from a .deb-package, execute the following command:
# dpkg -i klnagent_<version_number>_i386.deb
To install Network Agent from a .deb-package on a 64-bit operating system, execute the following command:
# dpkg -i --force-architecture klnagent_<version_number>_i386.deb
After the command is executed, the installation process will be performed automatically.
The initial configuration script must be started after Network Agent has been installed from the .rpm-package.
C
ONFIGURING
N
ETWORK
A
GENT SETTINGS
If you plan to manage Kaspersky Security using Kaspersky Security Center, you must configure Network Agent settings.
The configuration process is implemented as a script.
To run the Network Agent configuration script, execute the following command:
# /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl
45
A
D M I N I S T R A T O R
'
S
G
U I D E
After launching the script, you will be prompted to do the following:
1. Specify the DNS name or IP address of the Administration Server.
2. Specify the Administration Server port number or use the default port number (14000).
3. Specify the SSL port number of the Administration Server or use the default port number (13000).
4. Specify whether the SSL connection should be used for data transfer. By default, the SSL connection is enabled.
5. Specify whether the Network Agent should be used as a gateway to connect to Kaspersky Security Center. By default, the connection to Kaspersky Security Center is direct, i.e. without a gateway.
To obtain detailed information on setting up Network Agent, please refer to the Kaspersky Security Center
Administrator's Guide.
C
HECKING THE CONNECTION TO
K
ASPERSKY
S
ECURITY
C
ENTER
After installing and configuring Network Agent, you can check the connection of the mail server to the Kaspersky Security
Center server using the klnagchk utility.
To check the connection to Kaspersky Security Center, execute the following command:
# /opt/kaspersky/klnagent/bin/klnagchk
The klnagchk utility displays the results of the connection check.
R
EMOVING
K
ASPERSKY
S
ECURITY
To remove Kaspersky Security installed from an .rpm package, execute the following command:
# rpm -e klms
You can remove Kaspersky Security, installed from a .deb package in one of the following ways:
ď‚· remove the application, but keep data created and used by the application during run time;
ď‚· remove the application completely, including all files and directories.
To remove Kaspersky Security installed from an .deb package, execute the following command:
# dpkg -r klms
To remove Kaspersky Security installed from a .deb-package completely (including all files and directories), execute the following command:
# dpkg -P klms
To remove Kaspersky Security installed on a computer running under the FreeBSD, execute the following command:
# pkg_delete klms-<version_number>
The application is removed automatically. Kaspersky Security is removed and integration with the mail server is canceled.
46
I
N S T A L L I N G A N D R E M O V I N G T H E A P P L I C A T I O N
A
CTIONS AFTER REMOVING
K
ASPERSKY
S
ECURITY
application settings, messages in Backup, executable service files, help files, database updates, reports, log files, and sockets may remain on the computer.
Kaspersky Security includes scripts to delete files and directories that remain following removal of the application.
To delete data that remains when the application is removed:
1. Enter the following command:
ď‚· under Linux:
# /var/opt/kaspersky/klms/cleanup.sh
ď‚· under FreeBSD:
# /var/db/kaspersky/klms/cleanup.sh
2. Enter yes to confirm deletion of data remaining after the removal of Kaspersky Security.
47
MANUAL INTEGRATION OF KASPERSKY
SECURITY WITH MAIL SERVERS AND
AMAVIS INTERFACE
This section contains information about how to manually integrate Kaspersky Security with Exim, Postfix, Sendmail, qmail, as well as with the Amavis interface.
I
N THIS SECTION
A
BOUT MANUAL INTEGRATION
If you choose not to integrate the application with a mail server automatically during initial configuration (see section
a mail server manually.
You can integrate Kaspersky Security with the following mail servers manually:
ď‚·
Exim (see section "Manual integration with Exim mail server" on page 52 ).
ď‚·
Postfix (see section "Manual integration with Postfix mail server" on page 59 ).
ď‚·
Sendmail (see section "Manual integration with Sendmail mail server" on page 49 ).
ď‚·
qmail (see section "Manual integration with qmail mail server" on page 58 ).
ď‚·
Amavis (see section "Manual integration with the Amavis interface" on page 64 ).
Kaspersky Security supports integration with mail servers through the klms service, which receives processing requests from the mail server.
If the application is integrated with the mail server manually, you need to:
ď‚· enter the klms server in the operating system registry;
ď‚· modify the configuration file of the mail server.
Under FreeBSD you can configure the klms service to start automatically at operating system startup.
48
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
To configure the klms service to start automatically on FreeBSD startup,
add the following strings to the /etc/rc.conf configuration file: klmsdb_enable=YES klms_enable=YES
For Exim and Postfix mail servers, Kaspersky Security supports both before-queue and after-queue integration. In the case of before-queue integration, messages are forwarded to Kaspersky Security for scanning before insertion in the mail server queue, while after-queue integration sends messages to Kaspersky Security for scanning after they are inserted in the mail server queue.
The Kaspersky Security filter and the mail server communicate via sockets.
Sockets must be assigned based on the following rules:
ď‚· inet:<port>@<ip_address> for network sockets;
ď‚· unix:<socket_path> for UNIX sockets.
Example: scanner=inet:[email protected] for network sockets scanner=unix:/var/run/klms/scanner_sock for UNIX sockets
The following two conditions must be met when using a socket:
ď‚· when defining a network socket, the port number must be above 1024;
ď‚· when defining a UNIX socket, the filter and kluser must have the rights to access the socket.
M
ANUAL
I
NTEGRATION WITH
S
ENDMAIL SERVER
Sendmail provides the Milter API interface for integration with third-party filters. Kaspersky Security receives messages from Sendmail and transmits them back by calling Milter API functions. Messages are sent for scanning before insertion in the mail queue (before-queue integration).
To integrate the application with a Sendmail server, you to modify the Sendmail configuration file manually.
In the [global] section set the true value for theheader-guard setting of the klms_filter.conf filter settings file.
You can make changes to the Sendmail configuration file as follows:
ď‚· by modifying the .cf configuration file;
ď‚· by modifying the .mc file and then creating the .cf file from it using the m4 macro processor.
If you modify the .cf file only, all modifications will be lost on any subsequent creation of the .cf file from the .mc file.
I
N THIS SECTION
49
A
D M I N I S T R A T O R
'
S
G
U I D E
I
NTEGRATION USING THE
.
MC FILE
To integrate Kaspersky Security with Sendmail using the .mc file:
1. Back up the .mc file.
2. Add the following strings to the .mc file: dnl #KLMS-milter-begin-filter dnl define(`_FFR_MILTER', `true')dnl
INPUT_MAIL_FILTER(`KLMS_Milter,`S=$filter_socket,${fail_type}T=S:3m;R:5m;E:10m') \ dnl dnl #KLMS-milter-end-filter dnl where $filter_socket stands for the IP address and port number or the UNIX socket that the filter uses to listen for incoming connections as follows: inet:port@IP address (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets);
${fail_type} defines the action to be taken by the Sendmail server on messages if the filter works incorrectly. ${fail_type} can take the values "F=R," or "F=T," or nothing. R means reject, T means tempfail; if you replace ${fail_type} with a blank string, messages will be skipped. The recommended option is tempfail.
Example:
INPUT_MAIL_FILTER(`KLMS_Milter,`S=inet:[email protected],F=T,T=S:3m;R:5m;E:10m')dnl
3. Compile the .cf configuration file according to your operating system settings.
4. Stop the klms service.
5. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or
/usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
6. In the [global] section, specify the path to the sendmail file in the following line: sendmail-path=<path to sendmail file>
7. Specify the IP address and port number or UNIX socket where the filter will listen for incoming connections in the following string of the [milter] section of the /etc/opt/kaspersky/klms/klms_filters.conf file (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD): socket=<IP address and port number> or <path to UNIX socket>
Example: socket=inet:[email protected]
8. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
9. Add the following lines to the file:
SENDMAIL_MILTER=1
SENDMAIL_USES_MC=1 if you have compiled the .mc file, 0 if not.
START_MILTER=1
50
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
10. Start the klms service.
11. Restart Sendmail.
I
NTEGRATION USING THE
.
CF FILE
To integrate Kaspersky Security with Sendmail using the .cf file:
1. Create the backup copy of the sendmail.cf file.
2. Add the following strings to the sendmail.cf file:
#KLMS-milter-begin-filter
O InputMailFilters=KLMS_Milter
O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
O Milter.macros.helo={tls_version}, {cipher}, \
{cipher_bits}, {cert_subject}, {cert_issuer}
O Milter.macros.envfrom=i, {auth_type}, \
{auth_authen}, {auth_ssf}, {auth_author}, \
{mail_mailer}, {mail_host}, {mail_addr}
O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}
#KLMS-milter-end-filter
#KLMS-milter-begin-socket
XKLMS_Milter, S=$filter_socket,${fail_type}T=S:3m;R:5m;E:10m
#KLMS-milter-end-socket where $filter_socket stands for the IP address and port number or the UNIX socket that the filter uses to listen for incoming connections as follows: inet:port@IP address (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets);
${fail_type} defines the action to be taken by the Sendmail server on messages if the filter works incorrectly. ${fail_type} can take the values "F=R," or "F=T," or nothing. R means reject, T means tempfail; if you replace ${fail_type} with a blank string, messages will be skipped. The recommended option is tempfail.
Example:
INPUT_MAIL_FILTER(`KLMS_Milter,`S=inet:[email protected],F=T,T=S:3m;R:5m;E:10m')dnl
3. Stop the klms service.
4. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or
/usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
5. In the [global] section, specify the path to the sendmail file in the following line: sendmail-path=<path to sendmail file>
51
A
D M I N I S T R A T O R
'
S
G
U I D E
6. Specify the IP address and port number or UNIX socket where the filter will listen for incoming connections in the following string of the [milter] section of the /etc/opt/kaspersky/klms/klms_filters.conf file (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD): socket=inet:<port>@<IP-address> or<UNIX-socket>
Example: socket=inet:[email protected]
7. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
8. Add the following lines to the file:
SENDMAIL_MILTER=1
SENDMAIL_USES_MC=1 if you have compiled the .mc file, 0 if not.
START_MILTER=1
9. Start the klms service.
10. Restart Sendmail.
M
ANUAL
I
NTEGRATION WITH
E
XIM MAIL SERVER
Kaspersky Security supports 2 methods for manual integration with Exim:
ď‚·
After-queue integration via SMTP by rerouting. With after-queue integration, all messages that are forwarded via the computer go to Kaspersky Security for scanning after they have been inserted in the Exim mail server queue.
ď‚·
Before-queue integration via dlfunc. With before-queue integration, messages go to Kaspersky Security for scanning before insertion in the Exim mail server queue.
I
N THIS SECTION
A
FTER
-
QUEUE INTEGRATION BY REROUTING
When "after-queue" integration is used and messages are rerouted to Kaspersky Security for scanning and then returned to the Exim mail server, the following conditions must be satisfied:
ď‚·
The filter must be configured to intercept messages from the Exim mail server via socket-in. This socket must be specified in the configuration of the application.
ď‚·
The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the application.
ď‚·
The filter must return messages to the Exim mail server via socket-out. This socket must be specified in the configuration of the application.
52
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
When after-queue integration with the Exim mail server is used for rerouting, socket-in, scanner, and socket-out must point to a network socket.
Depending upon the specific distribution of the operating system, you have to modify one or several configuration files of the Exim mail server. For example, in Debian and Ubuntu Exim configuration may consist of several files in the
/etc/exim/conf.d directory or a single file only.
To perform after-queue integration of Kaspersky Security with Exim by rerouting:
1. Make a backup copy of the Exim configuration file (files).
2. In the [routers] section of Exim configuration file(s), add after the line begin routers add the following lines:
#klms-filter-begin-2 klms_dnslookup:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
verify_only
pass_router = smtp_proxy
no_more klms_system_aliases:
driver = redirect
allow_fail
allow_defer
data =${lookup{$local_part}lsearch{/etc/aliases}}
verify_only
pass_router = smtp_proxy klms_localuser:
driver = accept
check_local_user
verify_only
pass_router = smtp_proxy
53
A
D M I N I S T R A T O R
'
S
G
U I D E
cannot_route_message = Unknown user failed_address_router:
driver = redirect
verify_only
condition = "{0}"
allow_fail
data = :fail: Failed to deliver to address
no_more smtp_proxy:
driver = manualroute
condition = "${if or {{eq {$interface_port}{$forward_port}} \\
{eq {\$received_protocol}{spam-scanned}} \\
}{0}{1}}"
transport = smtp_proxy
route_list = "* localhost byname"
self = send
#klms-filter-end-2 where $forward_port is the port number of the socket where the message will go after being scanned by
Kaspersky Security.
3. In the [transports] section of Exim configuration file(s), add after the line begin transports add the following lines:
#klms-filter-begin-3 smtp_proxy:
driver = smtp
port = $scanner_port
delay_after_cutoff = false
allow_localhost
#klms-filter-end-3 where $scanner_port stands for the port, which filter uses to wait for messages.
54
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
4. In the main Exim configuration file (exim.conf or update-exim.conf.conf), specify the substring in the form
127.0.0.1.$forward_port as follows: dc_local_interfaces=<IP-address1>.<port1>:127.0.0.1.$forward_port or local_interfaces=<IP-address1>.<port1>:127.0.0.1.$forward_port where the 127.0.0.1.$forward_port substring is required to enable Exim to accept processed messages from the filter and listen for data on $forward_port.
5. Compile the Exim configuration file (files) according to your operating system settings.
6. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
7. Add the following lines to the file:
EXIM_INTEGRATION_TYPE= after-queue
START_SMTP_PROXY=1
8. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or
/usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
9. In the [smtp_proxy] section, specify the following settings: socket-in=inet:[email protected] socket-out=inet: [email protected]
10. Set the true value in the [global] section for theheader-guard setting.
11. Restart the klms service.
12. Restart Exim mail server.
B
EFORE
-
QUEUE INTEGRATION USING DYNAMIC LINKING
To use the "before-queue" integration method, you have to specify that dlfunc support is required when compiling the corresponding dynamic library from the source code. Repositories of some Linux distributions contain compiled Exim versions already, in other cases manual compiling is required.
In case of manual compilation, you have to add the following lines to Makefile:
EXPAND_DLFUNC=yes
EXTRALIBS= -export-dynamic
When before-queue integration via a dynamic library is used, the filter must transfer messages for scanning to ScanLogic through ServiceSocket. This socket must be specified in the configuration of the application.
Depending upon the specific distribution of the operating system, you have to modify one or several configuration files of the Exim mail server. For example, in Debian and Ubuntu Exim configuration may consist of several files in the
/etc/exim/conf.d directory or a single file only.
55
A
D M I N I S T R A T O R
'
S
G
U I D E
To integrate before_queue integration with Exim using a dynamic library:
1. Make sure that Exim supports dlfunc-based content filtering. To do so, run the exim -bV command.
The following represents a positive result: Expand_dlfunc.
2. Make a backup copy of the Exim configuration files.
3. Modify the access control list for acl_smtp_data. To do that, find in the Exim configuration file(s) the line that looks like: acl_smtp_data = acl_check_data (the line may contain another access control list instead of acl_check_data) and after the line acl_check_data: (or line containing another access control list) add the following lines:
#klms-filter-begin warn set acl_m_klms_headers =
set acl_m_klms_result =
set acl_m_klms_answer = ${dlfunc{LIBDIR/libklmsexim.so}{scan}{${spool_directory}/input}} defer condition = ${if eq {$acl_m_klms_answer}{}{yes}{no}}
log_message = LMS check failed (empty answer)
message = Temporary local problem - please try later defer condition = ${if match {$acl_m_klms_answer}{\N^451\N}{yes}{no}}
log_message = LMS check defer: ${if match {$acl_m_klms_answer} \
{\N^451 Mail processing aborted(.+\n?.*\n)*$\N}{$1}{}}\\
${if eq {$acl_m_klms_result}{}{}{, result is \
'$acl_m_klms_result\'}}\
, temporary file $acl_m_klms_tempfile
message = Temporary local problem - please try later defer condition = ${if match {$acl_m_klms_answer}{\N^452\N}{yes}{no}}
log_message = LMS check defer: ${if match{$acl_m_klms_answer} \
{\N^451 Mail processing timed out(.+\n?.*\n)*$\N}{$1}{}}\
${if eq {$acl_m_klms_result}{}{}{, result is \
'$acl_m_klms_result\'}}\
, temporary file $acl_m_klms_tempfile
message = Temporary local problem - please try later
56
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
deny condition = ${if match {$acl_m_klms_answer}{\N^550\N}{yes}{no}}
log_message = LMS check reject: ${if match {$acl_m_klms_answer} \
{\N^550 Rejected by malware filter(.+\n?.*\n)*$\N}{$1}{}}\
${if eq {$acl_m_klms_result}{}{}{, result is \
'$acl_m_klms_result\'}}\
, temporary file $acl_m_klms_tempfile deny condition = ${if match {$acl_m_klms_answer}{\N^554\N}{yes}{no}}
log_message = LMS check reject: ${if match {$acl_m_klms_answer} \
{\N^554 Mail processing failed(.+\n?.*\n)*$\N}{$1}{}}\
${if eq {$acl_m_klms_result}{}{}{, result is \
'$acl_m_klms_result\'}}\
, temporary file $acl_m_klms_tempfile
message = ${if match {$acl_m_klms_answer} \
{\N^554 Mail processing failed(.+\n?.*\n)*$\N} \
{Mail processing failed:$1}{}} warn condition = ${if match {$acl_m_klms_answer}{\N^250\N}{yes}{no}}
logwrite = LMS check accept: ${if match {$acl_m_klms_answer} \
{\N^250 (.+)$\N}{$1}{}} \
${if eq {$acl_m_klms_result}{}{}{, result is \
'$acl_m_klms_result\'}}
set acl_m_klms_answer = warn condition = ${if eq {$acl_m_klms_answer}{}{no}{yes}}
logwrite = LMS check: $acl_m_klms_answer
#klms-filter-end where LIBDIR
– path to the libklms-exim.so library:
ď‚· for FreeBSD (32-bit) - /usr/local/lib/kaspersky/klms/libklms-exim.so,
ď‚· for FreeBSD (64-bit) - /usr/local/lib/kaspersky/klms/compat64/libklms-exim.so,
ď‚· for Linux (32-bit) - /opt/kaspersky/klms/lib/libklms-exim.so,
ď‚· for Linux (64-bit) - /opt/kaspersky/klms/lib64/libklms-exim.so.
4. Compile the .so module according to the settings of your operating system (optional).
57
A
D M I N I S T R A T O R
'
S
G
U I D E
5. Add the user kluser to the group to which the exim process belongs.
6. In the [global] section set the false value for the header-guard setting of the klms_filter.conf filter settings file.
7. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
8. Add the following line to the file:
EXIM_INTEGRATION_TYPE=dlfunc
9. Restart the klms service.
10. Restart Exim mail server.
The Kaspersky Security installation package contains a compiled dynamically loaded dlfunc library for all operating systems supported by the application. The source files required for the dlfunc library are located in the directory
/opt/kaspersky/klms/share/src/dlfunc (under Linux) or /usr/local/share/klms/src/dlfunc (under FreeBSD).
In some cases, manual compilation is required.
To perform a manual compilation of the dynamically loaded dlfunc library:
1. Install the source libraries of the Exim mail server.
2. Install the libevent library (version 2.0.10 or higher).
3. Install the boost library (version 1.47.0 or higher).
4. Open the folder /opt/kaspersky/klms/share/src/dlfunc (for Linux) or the folder /usr/local/share/klms/src/dlfunc (for
FreeBSD)
5. Execute the command ./configure --with-exim=<path to exim headers> --withboost=<path to boost> --with-libevent=<path to libevent>
6. Execute the following command: # make.
The libklms-exim.so file appears in the current folder.
M
ANUAL
I
NTEGRATION WITH QMAIL SERVER
The qmail server does not support the integration of extensions. To integrate Kaspersky Security with qmail manually, replace the original executable file with the /opt/kaspersky/klms/lib/bin/klms-qmail (under Linux) or
/usr/local/libexec/kaspersky/klms/klms-qmail (under FreeBSD) queue file supplied with Kaspersky Security for Linux Mail
Server. This file supports message filtering and transmits messages back to the original qmail-queue file for subsequent delivery. Rename the original qmail-queue file to qmail-queue-real.
Messages are sent for scanning before insertion in the mail queue (before-queue filtering).
To integrate Kaspersky Security with qmail manually:
1. Specify /var/qmail/bin/sendmail as the sendmail-path parameter’s value in the [global] section of the klms_filters.conf file.
2. Copy the file /var/qmail/bin/qmail-queue into the folder /var/qmail/bin/qmail-queue-real using the following command:
#cp –fp /var/qmail/bin/qmail-queue /var/qmail/bin/qmail-queue-real
58
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
3. Copy the filter file from the Kaspersky Security distribution kit into the qmail folder using the following command:
ď‚· under Linux:
#cp -fp /opt/kaspersky/klms/libexec/qmail-queue /var/qmail/bin/qmail-queue
ď‚· under FreeBSD:
#cp -fp /usr/local/libexec/kaspersky/klms/qmail-queue /var/qmail/bin/qmailqueue
4. Set the following access rights for the qmail-queue and qmail-queue-real files:
# ls -la /var/qmail/bin/qmail-queue*
-rws--s--x 1 qmaild klusers 2287242 Dec 19 20:53 /var/qmail/bin/qmail-queue
-rws--x--x 1 qmailq qmail 19288 Jun 27 2013 /var/qmail/bin/qmail-queue-real
5. In the klms_filter.conf filter settings file, in section [global], make sure that the header-guard setting is set to true.
6. Restart Kaspersky Security: service klms restart
M
ANUAL INTEGRATION WITH A
P
OSTFIX MAIL SERVER
Kaspersky Security supports 3 methods for integration with Postfix:
ď‚·
After-queue integration. With after-queue integration, all messages that are forwarded via the protected computer go to the application for scanning after they have been inserted in the Postfix mail server queue.
ď‚·
Before-queue integration. With before-queue integration, messages go to the application for scanning before insertion in the Postfix mail server queue.
ď‚·
Integration using the Milter protocol. In this case, messages are forwarded to the application for scanning via the
Milter protocol.
I
N THIS SECTION
A
FTER
-
QUEUE INTEGRATION
When "after-queue" integration is used and messages are forwarded to Kaspersky Security for scanning from the Postfix mail server, the following conditions must be satisfied:
ď‚·
The filter must be configured to intercept messages from the Postfix mail server via socket-in. This socket must be specified in the configuration of the application.
ď‚·
The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the application.
ď‚·
The filter must return messages to the Postfix mail server via socket-out. This socket must be specified in the configuration of the application.
59
A
D M I N I S T R A T O R
'
S
G
U I D E
When Kaspersky Security is integrated with the Postfix mail server, socket-in, scanner, and socket-out can point to a network socket or to a local one.
To perform after-queue integration of Kaspersky Security with Postfix:
1. Open the configuration file main.cf.
2. Add the following strings to the end of the main.cf file:
#klms-begin-afterqueue-filter content_filter =klms_postfix-afterqueue:$sock_postfix_format
#klms-end-afterqueue-filter where $sock_postfix_format stands for the IP address and port number or the UNIX socket where the filter will listen for incoming connections, as follows: inet:<IP address>:<port> (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets).
3. Open the configuration file master.cf.
4. Add the following strings to the end of the master.cf file:
#klms-begin-afterqueue-filter klms_postfix-afterqueue\tunix - - \ n - 10 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,\ no_header_body_checks,no_address_mappings
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
#klms-end-afterqueue-filter where the string
127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd is required to enable Postfix to accept processed messages from the filter and listen for data on $forward_port.
5. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
60
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
6. Add the following lines to the file:
POSTFIX_INTEGRATION_TYPE=afterqueue
START_SMTP_PROXY =1
7. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or
/usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
8. In the [global] section set the false value for theheader-guard setting.
9. In the [smtp_proxy] section, specify the following settings: socket-in=<IP address and port number> or <UNIX socket>, defined in step 2 for
$sock_postfix_format socket-out=inet: [email protected] using the format inet:<port>@<IP address> (for network sockets) or unix:<path to UNIX socket>
(for UNIX sockets).
Example: socket-in=inet:[email protected] socket-out=inet: [email protected]
10. Restart the klms service.
11. Restart Postfix.
B
EFORE
-
QUEUE INTEGRATION
When "before-queue" integration is used and messages are forwarded to Kaspersky Security for scanning and then returned to the Postfix mail server, the following conditions must be satisfied:
ď‚·
The filter must be configured to intercept messages from the Postfix mail server via socket-in. This socket must be specified in the configuration of the application.
ď‚·
The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the application.
ď‚·
The filter must return messages to the Postfix mail server via socket-out. This socket must be specified in the configuration of the application.
When Kaspersky Security is integrated with the Postfix mail server, socket-in, scanner, and socket-out can point to a network socket or to a local one.
To perform before-queue integration of Kaspersky Security with Postfix:
1. Open the configuration file master.cf.
2. In the master.cf file, after the line smtp inet n - n - - smtpd add the following lines:
#klms-postfix-prequeue-start
61
A
D M I N I S T R A T O R
'
S
G
U I D E
-o smtpd_proxy_filter=$sock_postfix_format
-o smtpd_proxy_options=speed_adjust (for integration with Postfix 2.7 or higher)
#klms-postfix-prequeue-end where $sock_postfix_format stands for the IP address and port number or the UNIX socket where the filter will listen for incoming connections, as follows: inet:<IP address>:<port> (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets).
3. Add the following strings in the end of the master.cf configuration file:
#klms-begin klms_postfix-prequeue unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd
-o receive_override_options=no_unknown_recipient_checks, \ no_header_body_checks,no_address_mappings
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
#klms-end where the string
127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd is required to enable Postfix to accept processed messages from the filter and listen for data on $forward_port.
4. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
5. Add the following lines to the file:
POSTFIX_INTEGRATION_TYPE= prequeue
START_SMTP_PROXY =1
6. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or
/usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
7. In the [global] section set the false value for the header-guard setting.
8. In the [smtp_proxy] section, specify the following settings: socket-in=<IP address and port number> or <UNIX socket>, defined in step 2 for
$sock_postfix_format socket-out=inet: [email protected]
62
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
using the format inet:<port>@<IP address> (for network sockets) or unix:<path to UNIX socket>
(for UNIX sockets).
Example: socket-in=inet:[email protected] socket-out=inet: [email protected]
9. Restart the klms service.
10. Restart Postfix.
I
NTEGRATION USING THE
M
ILTER PROTOCOL
When integration based on Milter functionality is used to transfer messages to the application for scanning and return them to the Postfix mail server, the following conditions must be observed:
ď‚·
The filter must be configured to intercept messages from the Postfix mail server via socket. This socket must be specified in the configuration of the application.
ď‚·
The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the application.
When Kaspersky Security is integrated with the Postfix mail server, socket and scanner can point to a network socket or to a local one.
To integrate Kaspersky Security with Postfix using the Milter protocol:
1. Enter the following command: postconf -e $milter_socket where $milter_socket stands for the IP address and port number or the UNIX socket where the filter will listen for incoming connections, as follows: inet:port@IP address (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets).
2. Open the configuration file main.cf.
3. Add the following strings to the end of the main.cf file:
#lms-milter-begin milter_connect_macros = j _ {daemon_name} {if_name} {if_addr} milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} \
{cert_issuer} milter_mail_macros = i {auth_type} {auth_authen} {auth_ssf} {auth_author} \
{mail_mailer} {mail_host} {mail_addr} milter_rcpt_macros = {rcpt_mailer} {rcpt_host} {rcpt_addr} milter_default_action = $fail_type milter_protocol = 3 milter_connect_timeout=180 milter_command_timeout=180
63
A
D M I N I S T R A T O R
'
S
G
U I D E
milter_content_timeout=600
#lms-milter-end where $fail_type can take the values: reject, accept or tempfail.
${fail_type} defines the action to be taken by the Postfix mail server on messages if the filter works incorrectly:
ď‚· reject
– reject the message;
ď‚· accept
– skip without scanning;
ď‚· tempfail
– send temporary error notification to message sender.
The recommended option is tempfail.
4. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under
FreeBSD).
5. Add the following lines to the file:
POSTFIX_INTEGRATION_TYPE= milter
START_MILTER=1
6. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or
/usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
7. Specify the IP address and port number or UNIX socket that the filter will use to listen for incoming connections in the following string of the [milter] section: socket=<IP address and port number> or <UNIX socket>, defined in step 1 for $milter_socket using the format inet:<port>@<IP address> (for network sockets) or unix:<path to UNIX socket>
(for UNIX sockets).
Example: socket=inet:[email protected]
8. In the [global] section set the false value for theheader-guard setting.
9. Restart the klms service.
10. Restart Postfix.
M
ANUAL INTEGRATION WITH THE
A
MAVIS INTERFACE
To integrate Kaspersky Security with Amavis manually:
1. Add the kluser user to the amavis group (or to the group specified via the $daemon_group parameter of
/etc/amavisd.conf) with the following command: gpasswd -a kluser amavis
2. Add the account of the amavis user (or user specified in the $daemon_user setting of the amavisd.conf configuration file (hereinafter /etc/amavis.conf)) to the klusers user group using the following command: gpasswd -a amavis klusers
64
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
3. Open the amavisd file (hereinafter
– /usr/local/sbin/amavisd)
4. Comment out the following lines to the @spam_scanners section:
@spam_scanners = (
#['SpamdClient', 'Amavis::SpamControl::SpamdClient' ],
5. Under the SUSE Linux 11 SP2 operating system, add the kluser account to the vscan user group. The vscan user group should be the primary group for the kluser account.
6. Under the SUSE Linux 11 SP2 operating system, add the vscan account to the klusers user group. The klusers user group should be the primary group for the vscan account.
7. Specify the rds_asp socket, where the KLRDS task is listening for incoming messages, in the following lines of the /usr/local/sbin/amavisd file for SpamdClient Perl module: package Amavis::SpamControl::SpamdClient ... my($spamd_handle) = Amavis::IO::RW->new(
[ '/var/run/klms/rds_asp' ], Eol => "\015\012", Timeout => 30);
8. Open the amavisd.conf configuration file (hereinafter
– /etc/amavisd.conf) for editing.
9. Make the following changes to the @av_scanners and @spam_scanners sections of the opened file:
@av_scanners = (
['Kaspersky Security 8.0 for Linux Mail Server',
\&ask_daemon, ["nCONTSCAN {}\n", "/var/run/klms/rds_av"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], ); ...
@spam_scanners = (
['SpamdClient', 'Amavis::SpamControl::SpamdClient' ], );
10. We recommend setting a 1500 KB limit on the maximum message size when using the Anti-Spam scan. To do so, set the following value in this string:
$sa_mail_body_size_limit = 1500000;
11. Restart the amavisd using the following command:
/etc/init.d/amavisd restart
During integration with the Amavis interface, you can specify the settings of Kaspersky Security only using the command line. Settings specified using the web interface of Kaspersky Security (such as the response timeout when attempting to connect to KSN) will not apply.
I
NTEGRATION BY MEANS OF USER SCRIPTS
User scripts make it possible to integrate directory services into Kaspersky Security.
A script is a function used for retrieving data from a directory service.
User scripts should be run only after logon under the kluser account.
65
A
D M I N I S T R A T O R
'
S
G
U I D E
I
N THIS SECTION
T
YPES OF USER SCRIPTS
The following scripts must be used when integrating with an external directory service:
ď‚· searchemail
– used for determining the IDs of a message, list of user groups, sender, and recipient;
ď‚· searchusers
– used for searching a user in an external directory service and for searching a user in custom allow and block lists of senders and recipients;
ď‚· getuseraccount
– used for substituting user accounts with names while viewing a rule. If the script has failed, the rule will show user IDs only;
ď‚· login
– used during authorization of a user from an external directory service;
ď‚· checkconnection
– used to check the availability of an external directory service. The results of script execution appear in the Monitoring screen.
G
ENERAL REQUIREMENTS FOR USER SCRIPTS
The system has the following general requirements for user scripts:
ď‚·
Data sent to a script and retrieved as a result of script execution should end with a line that does not contain characters, but contains ".\n".
ď‚·
If data requested during script execution has not been located, the script should return an empty line with a period ".\n".
ď‚·
Data should be sent to the script looking the way the user entered it. Data input should be screened to avoid the injection of code.
ď‚·
User scripts have a specific name.
ď‚·
Error messages during user script execution should be returned to the console as messages with the "+++
ERROR " start line containing a blank. For example, "+++ ERROR cannot connect to DB\n".
ď‚·
All IDs are line values, which is why they can appear as both words and numerals.
ď‚·
Each script can be executed in parallel. For example, searchemail can be run several times (task Auth, setting processPool -> processNumber), in which case data will be retrieved from the external directory service in parallel. This works only when the setting processPool -> processNumber of the task Auth is greater than "1".
ď‚·
It is recommended to execute the searchemail script once. As soon as the script has transmitted data, it awaits the next request. This means that the script keeps working until the application itself stops it.
66
M
A N U A L I N T E G R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y W I T H M A I L S E R V E R S A N D
A
M A V I S I N T E R F A C E
S
EARCHEMAIL SCRIPT
The following table contains the characteristics of the searchemail script:
D
FORMAT
ATA INPUT
email\n
.\n
D
ATA OUTPUT
FORMAT
userID1\n group1 ID\n group2 ID\n
… groupN ID\n
.\n
U
SAGE EXAMPLES
D
ESCRIPTION
D
ATA INPUT
D
ATA OUTPUT
The user account belongs to only one group.
The user account does not exist.
An error has occurred. [email protected]
. userID1 managerGroup
.
. [email protected] ERROR connection lost
.
S
EARCHUSERS SCRIPT
The following table contains the characteristics of the searchusers script:
D
ATA INPUT FORMAT
D
ATA OUTPUT FORMAT
U
SAGE EXAMPLES
any search line\n
.\n
UserID1\n nameOfField1 valueOfField1\n nameOfField2 valueOfField2\n
… nameOfFieldN valueOfFieldN\n
\n userID2\n nameOfField1 valueOfField1\n nameOfField2 valueOfField2\n
… nameOfFieldN valueOfFieldN\n
\n userIDN\n
…
.\n
D
ESCRIPTION
D
ATA INPUT
The administrator needs to find users whose last name is
Brown. As a result of script execution, the administrator gets two accounts:
John and Santa.
Brown
.
There are no accounts matching the requested line. hacker
.
D
ATA OUTPUT
userID1 name John Brown email [email protected] phone 1871 login john userID2 name Santa Brown email [email protected] phone 1500 login santa
.
.
67
A
D M I N I S T R A T O R
'
S
G
U I D E
G
ETUSERACCOUNT SCRIPT
The following table contains the characteristics of the getuseraccount script:
D
ATA INPUT FORMAT
D
ATA OUTPUT FORMAT
U
SAGE EXAMPLES
userID\n
.\n
L
OGIN SCRIPT
nameOfField1 valueOfField1\n nameOfField2 valueOfField2\n
… nameOfFieldN valueOfFieldN\n
.\n
D
ESCRIPTION
D
ATA INPUT
The administrator needs to retrieve the details of the userID1 account. userID1
.
The following table contains the characteristics of the login script:
D
ATA INPUT FORMAT
D
ATA OUTPUT FORMAT
U
SAGE EXAMPLES
userLogin\n userPassword\n
.\n nameOfField1 valueOfField1\n nameOfField2 valueOfField2\n
… nameOfFieldN valueOfFieldN\n
.\n
D
ESCRIPTION
D
ATA INPUT
Successful system login. John
123456
.
System login error. hacker password
.
D
ATA OUTPUT
name John Brown email [email protected] phone 1871
.
D
ATA OUTPUT
userID1
.
ERROR wrong login or password
.
68
APPLICATION LICENSING
This section provides information about general terms related to the application activation. Read this section to learn more about the purpose of the License Agreement, ways of activating the application, and license renewal.
I
N THIS SECTION
A
BOUT THE
E
ND
U
SER
L
ICENSE
A
GREEMENT
The End User License Agreement is a binding agreement between you and Kaspersky Lab ZAO, stipulating the terms on which you may use the application.
Read through the terms of the License Agreement carefully before you start using the application.
It is deemed that you accept the terms of the License Agreement by confirming that you agree with the License
Agreement when installing the application. If you do not accept the terms of the License Agreement, you must abort the application installation or renounce the use of the application.
The file with the text of the End User License Agreement is located at the following path:
ď‚· for the application installed on a computer running under Linux: /opt/kaspersky/klms/share/doc/LICENSE, for the web interface: /opt/kaspersky/klmsui/share/doc/LICENSE;
ď‚· for the application installed on a computer running under FreeBSD: /usr/local/share/doc/klms/LICENSE, for the web interface: /opt/kaspersky/klmsui/share/doc/LICENSE.
A
BOUT THE LICENSE
A license is a time-limited right to use the application, granted under the End User License Agreement.
A current license entitles you to the following kinds of services:
ď‚· use of the application on the terms of the License Agreement;
ď‚· availability of technical support.
The scope of services and application usage term depend on the type of license under which the application is activated.
69
A
D M I N I S T R A T O R
'
S
G
U I D E
The following license types are provided:
ď‚·
Trial
– a free license intended for trying out the application.
A trial license is of limited duration. As soon as the license expires, all Kaspersky Security features are disabled.
To continue using the application, you need to purchase a commercial license.
You can activate the application under a trial license only once.
ď‚·
Commercial
– a paid license offered upon purchase of the application.
When the commercial license expires, the application continues running though with a limited functionality (for example, Kaspersky Security database updates and use of Kaspersky Security Network are not available). To continue using Kaspersky Security in fully functional mode, you must renew your commercial license.
We recommend renewing the license before its expiration to ensure maximum protection of your computer against security threats.
A
BOUT THE KEY FILE
Key file is a piece of data for activating a license attached to it. It entitles you to use the application and additional services.
The key file is included in the application distribution kit if you purchase it from resellers of Kaspersky Lab, or is sent to you by email if you purchase the application from eStore.
The key file contains the following information:
ď‚·
License term.
ď‚·
Functionality unlocked by the key.
ď‚·
License type (trial or commercial).
ď‚·
License restrictions (such as the maximum number of computers protected by the application or the maximum volume of protected mail traffic).
ď‚·
Key file expiration. You can activate the application with the key file only before this validity period has expired.
A
BOUT THE KEY
A key makes it possible to activate and use the application on the terms of the License Agreement. A key is generated by
Kaspersky Lab. The key is displayed in the application or website interface as an alphanumeric sequence. You can add a key to the application by using a key file.
The application works only with a valid key. Kaspersky Lab can black-list a key over violations of the License Agreement.
If the key has been black-listed, you have to add a different valid key to continue using the application.
There are two types of keys: active and additional.
Active key
Active key is a key that is currently used by the application. A trial or commercial license key can be added as the active key. The application cannot have more than one active key.
70
A
P P L I C A T I O N L I C E N S I N G
Additional key
Additional key is a key that certifies the right to use the application but is not currently being used. An additional key becomes active automatically when the current active key stops working, for example due to license expiry. An additional key can be added only if the active key is available. A trial license key cannot be added as an additional key.
Keys can unlock the following components:
ď‚·
Anti-Virus component and Anti-Spam component.
ď‚·
Anti-Virus component.
ď‚·
Anti-Spam component.
When a key for the Anti-Virus and Anti-Spam components is added, the application works in full-functionality mode, performing scans for spam, viruses and other types of malware.
When you add a key for the Anti-Spam component alone, the application performs anti-spam scanning but does not detect viruses and other threats. The status label assigned by the application to a message following a scan for viruses and other threats contains information about limited functionality.
When you add a key for the Anti-Virus component alone, the application performs scanning for viruses and other threats but does not perform anti-spam scanning. The status label assigned by the application to a message following a spam scan contains information about limited functionality.
When the additional key becomes active, other application components may become available.
Anti-Spam and Anti-Virus databases are updated regardless of key type.
V
IEWING INFORMATION ABOUT THE LICENSE AND ADDED
KEYS
You can view information about the license, such as its validity period and expiration date.
To view information about the license, execute the following command:
# /opt/kaspersky/klms/bin/klms-control \
--licenser --query-status
To view information about all added keys, enter the following at the command line:
# /opt/kaspersky/klms/bin/klms-control \
--licenser --get-installed-keys
A
BOUT DATA PROVISION
According to the terms of the License Agreement that you have accepted, you consent to the automatic transmission to
If you agree to participate in Kaspersky Security Network, information collected during the operation of Kaspersky Linux
Mail Security on the computer is automatically forwarded to Kaspersky Lab. The list of data that is transmitted is provided
71
A
D M I N I S T R A T O R
'
S
G
U I D E
Information retrieved is protected by Kaspersky Lab pursuant to the requirements stipulated by the existing legislation.
Kaspersky Lab uses any retrieved information as general statistics only. General statistics are automatically generated using original collected information and do not contain any private data or other confidential information. Kaspersky Lab uses the latest methods for protecting the privacy of data it collects. Original collected data is stored in encrypted form and deleted as new data is accumulated. General statistics are stored indefinitely.
A
DDING A KEY
You can add keys with two statuses: active and supplementary. You can use the application as soon as you add an active key. After adding an active key, you can add a supplementary key. The supplementary key automatically becomes active on expiration of the license. This ensures that protection is maintained in the period between expiration and renewal of the license.
If you add an active key when one has already been added for Kaspersky Security, the new key replaces the previously installed one. The key installed earlier is removed.
If you add a supplementary key when one has already been added for Kaspersky Security, the new key replaces the previously installed one. The supplementary key installed earlier is removed.
To add an active key, execute the following command:
# /opt/kaspersky/klms/bin/klms-control \
--licenser --install-active-key <key file name>
To add a supplementary key, execute the following command:
# /opt/kaspersky/klms/bin/klms-control \
--licenser --install-suppl-key <key file name>
R
EMOVING A KEY
If you remove the active key and a supplementary key has been added for Kaspersky Security, the supplementary key automatically becomes active.
To remove the active key, execute the following command:
# /opt/kaspersky/klms/bin/klms-control \
--licenser --revoke-active-key
To remove the supplementary key, execute the following command:
# /opt/kaspersky/klms/bin/klms-control \
--licenser --revoke-suppl-key
If you remove the active and supplementary keys, you cannot use the full functionality of the application.
72
STARTING AND STOPPING THE
APPLICATION
Starting the application
By default, Kaspersky Security starts automatically when the operating system is booted (at the default level of execution for each operating system).
When the product starts for the first time and when it further restarts, it automatically creates directories in /var/log and /tmp. These directories are required for correct functioning of the product. Changing these directories manually may result in malfunction of the product.
Stopping the application
If required, you can stop the application. To stop the application, first stop the klms service and then the database.
To stop the klms service under a Linux operating system, execute the following command:
# /etc/init.d/klms stop
To stop the database under a Linux operating system, execute the following command:
# /etc/init.d/klmsdb stop
To stop the klms service under a FreeBSD operating system, execute the following command:
# /usr/local/etc/rc.d/klms stop
To stop the database under a FreeBSD operating system, execute the following command:
# /usr/local/etc/rc.d/klmsdb stop
73
SERVER PROTECTION STATUS
The protection status of the mail server indicates whether or not there are currently any security issues affecting the level of security.
Not only detected malicious programs and spam are classified as security issues in this instance, but also:
ď‚·
using outdated databases (see section "About database updates" on page 110 );
ď‚·
ď‚·
ď‚·
To ensure that Kaspersky Security is protecting the mail server:
ď‚· check that the klms service is running;
ď‚·
check the state of databases (see section "Checking database state" on page 111 );
ď‚· if you have configured integration with an external user service (LDAP, Active Directory ®), check the
To verify that the klms service is running:
1. Execute the command:
# /opt/kaspersky/klms/bin/klms-control --is-program-started
2. Execute the command:
# echo $?
If Kaspersky Security is running, 0 is returned; if the application is not running, 1 is returned.
74
BASIC PRINCIPLES
This section contains a description of the basic concepts and principles of using the application, and information about how to configure it.
I
N THIS SECTION
A
BOUT SCAN AND CONTENT FILTERING STATUSES
Based on the results of scanning for spam, the Anti-Spam engine assigns one of the following Anti-Spam scan statuses to messages:
ď‚·
Clean
– the message contains no spam.
ď‚·
Spam
– the application unambiguously recognizes the message as spam.
ď‚·
Probable Spam
– the message may contain spam.
ď‚·
Blacklisted
– the sender's email address or IP address is contained in the black list of addresses.
ď‚·
Error
– the scan returned an error.
Based on the results of scanning for viruses, the Anti-Virus engine assigns one of the following Anti-Virus scan statuses to messages:
ď‚·
Clean
– the object is not infected.
ď‚·
Intrusion Threat
– an intrusion threat has been detected.
ď‚·
Infected
– the object is infected; either it cannot be disinfected, or disinfection has not been attempted.
ď‚·
Disinfected
– the object is disinfected.
ď‚·
Probably infected
– the object is probably infected with an unknown virus or a new modification of a known virus.
ď‚·
Encrypted
– the object cannot be scanned because it is encrypted.
ď‚·
Corrupted
– the object is damaged or an error occurred during the scan.
75
A
D M I N I S T R A T O R
'
S
G
U I D E
Based on the Anti-Phishing scan results, the Anti-Phishing engine assigns one of the following status labels to the message:
ď‚·
Clean
– the message does not contain phishing URLs, images or text that could trick users into disclosing confidential data to fraudsters, or links to websites with malware.
ď‚·
Phishing
– the application has found the message to contain images or text that could trick users into disclosing confidential data to fraudsters.
ď‚·
Malicious link
– the application has found the message to contain links to websites with malware.
ď‚·
Error
– the scan returned an error.
As a result of content filtering, the Scan Logic message scanning control module assigns one of the following content filtering statuses to messages:
ď‚·
Clean
– the message does not violate the content filter settings.
ď‚·
BannedFileName
– the message contains an attachment with a banned name.
ď‚·
BannedFileFormat
– the message contains an attachment having a banned file format.
ď‚·
SizeExceeded
– the message exceeds the maximum allowed size.
A
BOUT MESSAGE PROCESSING RULES
A message processing rule (or rule) is a group of settings for multiple pairs of addresses of senders and recipients;
Kaspersky Linux Mail Security applies the rule to all messages whose sender and recipient match one of the pairs. For a rule to be assigned to a message, the addresses of the sender and recipient must be specified in the rule settings.
By default, the application contains the following preset message processing rules:
ď‚·
WhiteList
– process messages from the white list.
ď‚·
BlackList
– process messages from the black list.
ď‚·
Default
– process messages according to the predefined settings.
When processing an email, the application checks each rule for the "sender - recipient" pair of addresses beginning with the highest-priority rule (1). If no match is found, the application checks the pair of addresses of the rule with the next highest priority (2). As soon as it finds the "sender - recipient" pair of addresses in any rule, the application applies the processing settings configured in that rule to the message.
If none of the rules contains the "sender - recipient" pair of addresses, the message is processed according to the preset settings of the Default rule.
You can customize the settings of each message processing rule.
M
ESSAGE PROCESSING ALGORITHM
The application processes mail message according to the following algorithm:
recipient addresses, and chooses the rule with the highest priority. If no rule is found for the address pair, the application processes the message in accordance with the Default rule.
2. If the message is addressed to several recipients whose addresses belong to different rules, several virtual copies of the message are created in accordance with the number of rules. Each copy of the message is processed as per the rule assigned to the address of the recipient.
76
B
A S I C P R I N C I P L E S
3. The further actions taken by the application depend on the settings of the selected message processing rule.
ď‚·
If the rule specifies that messages are to be scanned for spam, the Scan Logic module forwards the mail message to Anti-Spam engine for scanning.
scanning, the Scan Logic module also adds a status tag at the beginning of the message subject (Subject field).
ď‚·
If the rule specifies that messages are to be scanned for phishing threats, the Scan Logic module forwards the mail message to the Anti-Phishing engine for scanning.
The Anti-Phishing engine scans the message and assigns it one of the spam scan statuses (see section
scanning, the Scan Logic module also adds a status tag at the beginning of the message subject (Subject field).
ď‚·
If the rule specifies that messages are to be filtered for content, the Scan Logic module performs content filtering of the message by size, name, and format of attachments.
Based on the results of content filtering, the Scan Logic module assigns one of the content filtering statuses
to the message (see section "About scan and content filtering statuses" on page 75 ).
ď‚·
If the rule specifies that messages are to be scanned for viruses, the Scan Logic module forwards the mail message to the Anti-Virus engine for scanning.
The mail format analyzer (MIME, RFC2822, UUE) built into the Anti-Virus engine parses the individual objects of the message: body, attachments, and others. Every object received is sent to Anti-Virus engine for scanning.
Anti-Virus scans the message first as a whole object and then by its constituent parts, before assigning it
Based on the results of message scanning, the Scan Logic module adds a status tag at the beginning of the message subject (Subject field).
A
BOUT BLACK AND WHITE LISTS OF ADDRESSES
Black and white lists of addresses can be used to fine-tune the mail system's response to messages that are not spam officially (such as news feeds). Black lists can also be used to configure the application to block messages containing new types of threats and spam before Kaspersky Security databases have been updated.
There are two types of black and white lists of addresses:
ď‚·
anti-spam scanning. However, the messages are still scanned for viruses and phishing threats, and content filtering is also performed.
ď‚·
Global. Contain the addresses of senders and recipients. You can specify such lists in the preset BlackList and
addresses of senders and recipients whose messages should be rejected without scanning or allowed to pass without scanning. A global white list of addresses allows messages to pass through without scanning for spam, viruses, and phishing threats.
77
A
D M I N I S T R A T O R
'
S
G
U I D E
Messages whose sender and recipients have their addresses on a global black or white list of addresses are processed as follows:
ď‚·
If the addresses of the sender and recipients of a message are on a global black list of addresses, the application rejects the message. The message does not reach the mail server of Kaspersky Security.
ď‚·
If the addresses of the sender and recipients of a message are on a global white list of addresses, the application refers the message for further scanning, bypassing scanning by the Anti-Spam, Anti-Virus, and Anti-
Phishing components.
ď‚·
If the addresses of the sender and recipients of a message are both on the global white list and the global black list of addresses, the application processes the message according to a rule with a higher priority.
A message is processed according to the rule of a personal white list or personal black list of addresses if the rules of the global black list and global white list of addresses do not apply to it.
A message whose sender has his address on a personal black or white list of addresses is processed as follows:
ď‚·
If the message sender's address is on a personal black list of addresses and one of the addresses of the message recipients belongs to the owner of the personal black list of addresses, the message is not delivered to the recipient who owns the personal black list. Depending on the action configured for messages from senders on a personal black list, the message is either deleted or quarantined.
ď‚·
If the sender's address is on a personal white list of addresses, the message is delivered to the recipient depending on the results of scanning for viruses, phishing threats, and content filtering.
ď‚·
If the sender's address is both on a personal white list and black list of addresses, the message is processed according to the rules of the personal white list of addresses.
C
REATING MESSAGE PROCESSING RULES
To create a new rule:
1. To create a new rule, use the command:
# /opt/kaspersky/klms/bin/klms-control --create-rule <rule name>
2. Set the rule priority using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-priority <rule ID> --before <rule ID>
The value can be set using any natural number.
3. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
4. Open the XML file to edit the rule settings.
5. In the <belongingCriteria> section, specify the addresses of the sender and recipient in the <sender> and <recipient> settings, respectively.
If you need to add several sender and recipient email addresses, each new email address must be in a separate <item> section, typed in a new string of the settings file.
78
B
A S I C P R I N C I P L E S
Example:
<belongingCriteria>
<sender>
<item>
<type>EMailMask</type>
<value>*</value>
</item>
<item>
<type>CIDR</type>
<value>172.16.10.145</value>
</item>
</sender>
<recipient>
<item>
<type>ExternalAccount</type>
<value>CN=test10,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbs2k8,DC=local</value>
</item>
</recipient>
</belongingCriteria>
At least one of the sender, recipient values must be specified. If the description of the rule does not contain a sender or recipient value, the application applies the rule with the next highest priority.
You can use the symbols "*" and "?" to create a an address mask, and regular expressions beginning with the prefix "re:"
Regular expressions are not case-sensitive.
6. In the <ScanSettings> section, specify 1 as the value of the <active> setting to activate the rule.
7. Specify the rule mode. To do so, in the <ScanSettings> section use one of the following values for the
<ruleAction> setting:
ď‚·
Scan, if you want the application to process messages according to the configured scan settings;
ď‚·
Skip (skip without scanning), if you want the application to process messages according to this rule in the
ď‚·
Reject (reject without scanning), if you want the application to process messages according to this rule in the same way it does according to the rule of the global black list of addresses.
79
A
D M I N I S T R A T O R
'
S
G
U I D E
), Anti-Virus scanning (see section "Configuring Anti-Virus scan settings for a rule" on page 97
), and content filtering (see section "Configuring content filtering by message size" on page 107 ).
If the values of these settings have not been configured for a rule, the default settings are used.
9. Save the changes made.
10. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
V
IEWING THE LIST OF MESSAGE PROCESSING RULES
You can view the list of all preset and newly created rules.
To view the list of rules, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --get-rule-list
The application displays the list of rules, with the following information:
ď‚· rule name;
ď‚· rule ID;
ď‚· rule priority;
ď‚· rule status (active or inactive).
A
BOUT ACTIONS ON OBJECTS
based on the results of Anti-Virus and Anti-Spam scanning and content filtering, Kaspersky Security performs actions on messages and the objects that they contain. The application records the result of scanning in the event log (see
In the rule settings, you can specify actions to be performed by the application on messages with a certain status.
The settings that define the actions can take the following values:
ď‚·
Skip
– deliver message to recipient with no changes.
ď‚·
Reject
– do not deliver message to recipient. If you select this operation, the sending mail server receives a return code in response, indicating the occurrence of an error during delivery. The message is not delivered to the recipient.
80
B
A S I C P R I N C I P L E S
ď‚·
DeleteMessage
– delete message. If you select this operation, the sending mail server receives a notification that the message has been received; however, the message is not delivered to the recipient.
ď‚·
DeleteAttachment
– delete attachment (applied only after an anti-virus scan).
ď‚·
Cure
– cure infected object (applied only after an anti-virus scan). When this action is selected, the application attempts to cure the infected object. If disinfection fails, the application performs a Reject, DeleteMessage,
application performs the DeleteAttachment action.
A
BOUT
K
ASPERSKY
S
ECURITY TASKS
Some of Kaspersky Security functionality is implemented in the form of Tasks. For instance, the Anti-Virus database update task UpdaterAVS (hereinafter also "Anti-Virus database update task") and the Anti-Spam database update task UpdaterASP (hereinafter also "Anti-Spam database update task") download and install Anti-Virus and Anti-
Spam database updates. The scheduled report generation tasks DailyReport, WeeklyReport, and MonthlyReport generate application reports for a day, week, and month. The Notifier task forms notifications about events occurring during the operation of the application.
Kaspersky Security includes the following tasks:
ď‚·
Auth (ID=1).
ď‚·
Backup (ID=2).
ď‚·
ScanLogic (ID=3).
ď‚·
Facade (ID=4).
ď‚·
AvServer (ID=5).
ď‚·
AspServer (ID=6).
ď‚·
EventManager (ID=7).
ď‚·
Licenser (ID=8).
ď‚·
Notifier (ID=9).
ď‚·
Statistics (ID=10).
ď‚·
Updater (ID=11).
ď‚·
AspMoebius (ID=13).
ď‚·
AspQuarantine (ID=14).
ď‚·
SmtpSender (ID=15).
ď‚·
Snmp (ID=16).
ď‚·
DailyReport (ID=17).
ď‚·
WeeklyReport (ID=18).
ď‚·
MonthlyReport (ID=19).
81
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
EventLogger (ID=20).
ď‚·
ScanServer (ID=21).
ď‚·
KLRDS (ID=22).
ď‚·
Ksn (ID=23).
Most of them are system tasks not to be configured by the administrator.
Kaspersky Security tasks can have one of the following statuses:
ď‚·
Started
– a running task.
ď‚·
Starting
– a task being launched.
ď‚·
Stopped
– a task that has stopped.
ď‚·
Failed
– a task that has ended with an error.
V
IEWING THE LIST OF APPLICATION TASKS
To view the list of application tasks, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --get-task-list
The application displays the list of tasks.
The following task details are shown:
ď‚· number of tasks;
ď‚· task names;
ď‚· task IDs;
ď‚·
task performance state (see section "About Kaspersky Security tasks" on page 81 ).
The following example shows how task details are displayed (task name, task ID, task state, and task run ID):
Example:
Name: Notifier
ID: 9
State: Started
Runtime ID: 7
82
B
A S I C P R I N C I P L E S
A
BOUT INFORMATION
X-
HEADERS
After scanning message, the Scan Logic message scanning control module adds special information X-headers to the message header, such as:
ď‚·
X-KLMS-Rule-ID: 1
– list of message processing rule IDs.
ď‚·
X-KLMS-Message-Action: attachment removed, AntiVirus
– action taken by the application on the message.
ď‚·
X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server, version 8.0.1.517, bases: 2013/11/19
06:41:00
– Anti-Virus database release date.
ď‚·
X-KLMS-AntiSpam-Method: none
– the method used to identify spam.
ď‚·
X-KLMS-AntiSpam-Rate: 0
– rating assigned to the message by the Anti-Spam engine.
ď‚·
X-KLMS-AntiSpam-Status: not_detected
– status assigned to the message by the Anti-Spam engine based on the Anti-Spam scan results.
ď‚·
X-KLMS-AntiSpam-Envelope-From: [email protected]
– message sender.
ď‚·
X-KLMS-AntiPhishing: Clean, 2013/11/13 18:22:56
– a general header for messages processed by the Anti-
Phishing engine.
83
ANTI-SPAM PROTECTION
This section contains information about Anti-Spam protection of messages and how to configure it.
I
N THIS SECTION
A
BOUT
A
NTI
-S
PAM PROTECTION
One of the main tasks of Kaspersky Security is to filter out unwanted messages (spam) in the mail traffic of the server.
Kaspersky Security uses the following technologies to detect spam:
ď‚·
Enforced Anti-Spam Updates Service
– instant update system for anti-spam signatures.
ď‚·
Reputation Filtering
– anti-spam cloud reputation service.
Messages are scanned for spam by the Anti-Spam engine. Anti-Spam engine scans each message for signs of spam.
First, Anti-Spam engine scans the attributes of the message, such as sender and recipient addresses, size, and headers
(including the From and To fields). Second, Anti-Spam engine analyzes the message content (including the Subject header) and attached files. Anti-Spam engine is enabled by default. If required, you can disable the Anti-Spam engine or
Depending on the sensitivity level, the application assigns messages in which spam or probable spam has been detected the specific statuses in accordance with the spam rating calculated by Anti-Spam. Spam rating is a whole number from 0 to 100 that reflects the number of times Anti-Spam engine was actuated in processing the message. The application also takes into account the responses from the DNSBL, SURBL and UDS servers and SPF technology to assign the spam rating.
(Subject field).
performed by the application on messages with a certain status. The default action performed on messages is Skip.
84
A
N T I
- S
P A M P R O T E C T I O N
A
BOUT EXTERNAL
A
NTI
-S
PAM MESSAGE SCANNING
SERVICES
Reputation filtering is a cloud service that uses the technology that determines the reputation of messages. The reputation filtering increases the accuracy of detection of spam messages. The high accuracy of spam detection is achieved owing to the high speed with which information about new types of spam is updated in the cloud service.
On detecting a potential spam message, Kaspersky Security temporarily places it in Anti-Spam Quarantine. The message remains in Anti-Spam Quarantine for the specified period of time, such as 30 minutes. When the Anti-Spam
Quarantine period elapses, Kaspersky Security rescans the message. After re-scanning the message, the application can change its status to one of the following: Spam / Massmail / Probable Spam / Clean.
You can specify the period for keeping a message in Anti-Spam Quarantine and the maximum size of Anti-Spam
Quarantine by configuring the relevant values of Anti-Spam Quarantine settings.
To ensure more thorough Anti-Spam filtering of email messages, Kaspersky Security supports external services:
ď‚·
DNSBL. Servers that host public lists of IP addresses identified in the distribution of spam.
ď‚·
SURBL. SURBL is a list of hyperlinks to the resources advertised by spam senders.
During spam rating calculation, the application considers the weight assigned to each responding DNSBL and
SURBL server.
ď‚·
Reputation filtering. A technology used by KSN to increase the accuracy of spam detection.
ď‚·
SPF. SPF (Sender Policy Framework) allows validation of the sender's domain to make sure it is not forged.
Domains use SPF to authorize certain computers to send mail on their behalf. If the sender of a message is not included in the list of authorized senders, the spam rating of the message is increased.
E
NABLING AND DISABLING THE
A
NTI
-S
PAM ENGINE
You can enable or disable the Anti-Spam engine. Anti-Spam engine is enabled by default.
To enable or disable the Anti-Spam engine:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
# /opt/kaspersky/klms/bin/klms-control \
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file to edit the task settings.
3. In the <asSettings> section, specify one of the following values for the <enableAsScan> setting:
ď‚·
1, to enable the Anti-Spam engine;
ď‚·
0, to disable the Anti-Spam engine.
By default, the value is set to 1.
4. Save the changes made.
85
A
D M I N I S T R A T O R
'
S
G
U I D E
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
# /opt/kaspersky/klms/bin/klms-control \
--set-settings ScanLogic -n -f <name of the settings file>
E
NABLING AND DISABLING
A
NTI
-S
PAM SCANNING OF
MESSAGES FOR A RULE
You can enable or disable Anti-Spam scanning of messages for any message processing rule.
To enable or disable Anti-Spam scanning of messages for a rule:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. In the <engineSettings> subsection of the <asScanSettings> section, specify one of the following values of the <enableScan> setting:
ď‚·
1, to enable Anti-Spam scanning of messages for this rule;
ď‚·
0, to disable Anti-Spam scanning of messages for this rule.
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
C
ONFIGURING GENERAL
A
NTI
-S
PAM SCAN SETTINGS
You can specify general Anti-Spam scan settings that will apply to all rules that perform Anti-Spam scanning.
To configure general Anti-Spam scan settings:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
86
A
N T I
- S
P A M P R O T E C T I O N
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <asSettings> section, specify the values of the relevant Anti-Spam scan settings:
ď‚·
In the <enableReputationFiltering> subsection, specify the value 1 to enable reputation filtering
<useKsnStatus> subsection is set to 0, reputation filtering is disabled.
Reputation filtering is enabled by default.
ď‚·
In the <scanTimeLimit> subsection, specify the maximum duration of Anti-Spam scanning of a message in seconds. If the message scan is not completed during this time, the message is assigned a scan error verdict.
The default maximum duration of Anti-Spam scanning of a message is 30 seconds.
ď‚·
In the <useKsnStatus> subsection, specify the value 1 if you want the application to use information from
Kaspersky Security Network when issuing a verdict on the message, or 0 if you do not want the application to use information from Kaspersky Security Network.
The use of information from Kaspersky Security Network is enabled by default.
ď‚·
In the <useEnforcedAntiSpamUpdatesService> subsection, specify the value 1 to enable the
Enforced Anti-Spam Updates service or 0 to disable the service.
The Enforced Anti-Spam Updates service is enabled by default.
ď‚·
In the <externalServices> subsection, specify the relevant values for the following nodes:
ď‚·
<dnsTimeout>
– the maximum time during which the application waits for a response from DNS servers (in seconds). The default value is 10 seconds.
ď‚·
<dnsblList>
– the list of DNSBL servers from which the application will request information about the message being scanned. Each server must be specified in the following format: <item>Server name or IP address</item>.
ď‚·
<surblList>
– the list of SURBL servers from which the application will request information about the message being scanned. Each server must be specified in the following format: <item>Server name or IP address</item>.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
C
ONFIGURING
A
NTI
-S
PAM SCAN SETTINGS FOR A RULE
To configure the Anti-Spam scan message processing settings:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
87
A
D M I N I S T R A T O R
'
S
G
U I D E
2. Open the XML file to edit the rule settings.
on messages. To do so, in the <asScanSettings>section, specify the value Skip, DeleteMessage or
Reject for the following settings:
ď‚·
<spamAction>, if the message has the status Spam;
ď‚·
<probableSpamAction>, if the message has the status ProbableSpam;
ď‚·
<blacklistedAction>, if the message has the status Blacklisted;
ď‚·
<massMailAction>, if the message has status as MassMail.
The default action for all statuses is Skip.
4. If you selected the DeleteMessage action at the previous step of the sequence, you can configure the
ď‚·
<backupSpam>, if the message has the status Spam;
ď‚·
<backupProbableSpam>, if the message has the status ProbableSpam;
ď‚·
<backupBlacklisted>, if the message has the status Blacklisted;
ď‚·
<backupMassMail>, if the message has status as MassMail.
The default value for all statuses is set to 0
– do not move a message copy to Backup.
5. If you selected Skip at Step 3 of the sequence, you can edit the text of the tag added to the Subject field of the message. To do so, in the <asScanSettings> section, specify the text of the stamp as the value for the following settings:
ď‚·
<spamMark>, if the message has the status Spam;
ď‚·
<probableSpamMark>, if the message has the status ProbableSpam;
ď‚·
<blacklistedMark>, if the message has the status Blacklisted;
ď‚·
<massMailMark>, if the message has status as MassMail.
6. In the <maxSizeLimit> subsection, specify the maximum size of messages (in bytes) to be scanned by Anti-
Spam. The value 0 is interpreted as the absence of a limit on the maximum message size.
By default, the value is set to 1.5 MB.
ď‚·
<useDns>
– enables / disables the use of external services when scanning messages. When the value is set to 0, the use of all external services is disabled.
The use of external services is enabled by default.
ď‚·
<useSpf>
– enables / disables the SPF technology when scanning messages.
SPF technology is enabled by default.
88
A
N T I
- S
P A M P R O T E C T I O N
ď‚·
<useSurbl>
– enables / disables the use of a custom list of SURBL servers when scanning messages.
You can specify the list of SURBL servers when configuring general Anti-Spam scan settings (see section
"Configuring general Anti-Spam scan settings" on page 86 ).
The SURBL service is enabled by default.
ď‚·
<useSurblDefaultList>
– enables / disables message scanning with use of SURBL servers whose list is provided with application database updates.
The use of the standard list of SURBL servers is enabled by default.
ď‚·
<useDnsbl>
– enables / disables the use of a custom list of DNSBL servers when scanning messages.
You can specify the list of DNSBL servers when configuring the general Anti-Spam scanning settings.
The use of the custom list of DNSBL servers is enabled by default.
ď‚·
<useDnsblDefaultList>
– enables / disables message scanning with use of DNSBL servers whose list is provided with application database updates.
The use of the standard list of DNSBL servers is enabled by default.
ď‚·
<dnsHostInDns>
– enables / disables the scanning of DNS for the address of the message sender.
The scanning of DNS for the address of the message sender is enabled by default.
ď‚·
<dnsDynamicResolvedFrom>
– enables / disables the scanning of the message sender against the database of bot nets. The scan uses a reverse DNS lookup of the sender's IP address.
If your mail server has users connected via a dial-up link, enabling this scan is not recommended.
The scanning of the message sender against the database of bot nets is disabled by default.
8. In the <advancedOptions> subsection, specify the values of additional Anti-Spam scan settings:
ď‚·
<parseRtf>
– enables / disables the scanning of RTF attachments.
The scanning of RTF attachments is disabled by default.
ď‚·
<useGsg>
– enables / disables enables graphics analysis technology during scanning.
Graphics analysis technology is enabled by default.
ď‚·
<disableLangChinese>
– enables / disables a higher spam rating for messages written in Chinese.
A higher spam rating for messages written in Chinese is disabled by default.
ď‚·
<disableLangKorean>
– enables / disables a higher spam rating for messages written in Korean.
A higher spam rating for messages written in Korean is disabled by default.
ď‚·
<disableLangThai>
– enables / disables a higher spam rating for messages written in Thai.
A higher spam rating for messages written in Thai is disabled by default.
89
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
<disableLangJapanese>
– enables / disables a higher spam rating for messages written in Japanese.
A higher spam rating for messages written in Japanese is disabled by default.
ď‚·
<disableLangCyrillic>
– enables / disables a higher spam rating for messages written in Cyrillic font.
A higher spam rating for messages written in Cyrillic font is disabled by default.
9. Save the changes made.
10. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
U
SING REPUTATION FILTERING
Reputation filtering is a cloud service that uses the technology that determines the reputation of messages. The reputation filtering technology increases the accuracy of detection of spam messages. The high accuracy of spam detection is achieved owing to the high speed with which information about new types of spam is updated in the cloud.
On detecting a potential spam message, Kaspersky Security temporarily places it in Anti-Spam Quarantine. The message remains in Anti-Spam Quarantine for the specified period of time, such as 30 minutes. When the Anti-Spam
Quarantine period elapses, Kaspersky Security rescans the message. When the message is rescanned, a different verdict is possible: Spam / Massmail / Probable Spam / Clean.
The period for keeping a message in Anti-Spam Quarantine and the maximum size of Anti-Spam Quarantine can be specified by configuring the relevant values of Anti-Spam Quarantine settings.
To specify the period of time for keeping messages in Anti-Spam Quarantine:
1. Export the rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings AspQuarantine -n -f <name of the settings file>
2. Open the XML file for editing.
3. Specify the period of time for keeping messages in Anti-Spam Quarantine in the <MaxObjectTimeout> section. Time period is specified in seconds.
4. Save the changes made.
5. Import Anti-Spam quarantine settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings -n -f <name of the settings file>
90
A
N T I
- S
P A M P R O T E C T I O N
L
IMITING THE SIZE OF MESSAGES TO BE SCANNED FOR
SPAM
You can set the maximum size of messages to be scanned for spam.
To limit the size of messages to be scanned for spam:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. Specify the maximum size of a message that should be scanned (0
– no size restriction). To this end, in the
<engineSettings> subsection of the <asScanSettings> section, specify a value not exceeding 1572864 for the <maxSizeLimit> setting.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
91
ANTI-VIRUS PROTECTION
This section contains information about Anti-Virus protection of messages and how to configure it.
I
N THIS SECTION
A
BOUT
A
NTI
-V
IRUS PROTECTION
One of the main tasks of Kaspersky Security is to scan email messages for the presence of viruses and other threats, and cure infected objects using information from the current (latest) version of the Anti-Virus databases (see section
"About database updates" on page 110 ).
Messages are scanned for viruses and other threats by Anti-Virus engine. Anti-Virus engine scans the body of the message and all attached files in any format (attachments) using the Anti-Virus databases. Based on the scan results,
performed by the application on messages with a certain status. Before processing a message, the application saves its
copy in Backup (see section "About Backup" on page 133 ).
The Anti-Virus engine is enabled by default. If required, you can disable Anti-Virus module or disable Anti-Virus scanning for any rule.
92
A
N T I
- V
I R U S P R O T E C T I O N
A
BOUT
ZETA S
HIELD TECHNOLOGY
Zeta Shield technology can single out attacks specifically targeting the local area network from among other malware and defend against them effectively. Targeted attacks exploit known LAN vulnerabilities and are usually meant for a limited number of recipients. Zeta Shield technology works together with the Anti-Virus engine.
On detecting a targeted attack, the application adds the [Intrusion Threat] tag at the beginning of the message subject (Subject field).
E
NABLING AND DISABLING THE
A
NTI
-V
IRUS ENGINE
You can enable or disable the Anti-Virus engine. The Anti-Virus engine is enabled by default.
To enable or disable Anti-Virus engine:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <avSettings> section, specify one of the following values for the <enableAvScan> setting:
ď‚·
1, to enable the Anti-Virus engine;
ď‚·
0, to disable the Anti-Virus engine.
By default, the value is set to 1.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
E
NABLING AND DISABLING THE
Z
ETA
S
HIELD
TECHNOLOGY
You can enable or disable Zeta Shield technology. Zeta Shield technology is enabled by default.
To enable Zeta Shield technology:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
93
A
D M I N I S T R A T O R
'
S
G
U I D E
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <avSettings> section, specify the value 1 for the <useZetaShield> setting.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
To disable Zeta Shield technology:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <avSettings> section, specify the value 0 for the <useZetaShield> setting.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
E
NABLING AND DISABLING
A
NTI
-V
IRUS SCANNING FOR A
RULE
You can enable or disable Anti-Virus scanning of messages for any message processing rule.
To enable or disable Anti-Virus scanning of messages for a rule:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
94
A
N T I
- V
I R U S P R O T E C T I O N
3. In the <engineSettings> subsection of the <avScanSettings> section, specify one of the following values of the <enableScan> setting:
ď‚·
1, to enable Anti-Virus scanning of messages for this rule;
ď‚·
0, to disable Anti-Virus scanning of messages for this rule.
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
C
ONFIGURING GENERAL
A
NTI
-V
IRUS SCAN SETTINGS
You can configure general Anti-Virus scan settings. These settings apply to all message processing rules according to which the application performs Anti-Virus scanning of messages.
To configure general Anti-Virus scan settings:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <avSettings> section, specify the values of the relevant Anti-Virus scan settings:
ď‚·
In the <scanTimeLimit> subsection, specify the maximum duration of Anti-Virus scanning of a message in seconds. If the message has not been scanned during the specified time, the application labels it as
Corrupted
– the object is damaged or an error occurred while scanning the object.
The maximum Anti-Virus scan duration also includes the maximum duration of message scanning using
Zeta Shield technology. The maximum duration of a message scan using Zeta Shield technology may not exceed more than one half of the maximum Anti-Virus scan duration specified in the <scanTimeLimit> subsection.
The default maximum duration of Anti-Virus scanning of a message is 180 seconds.
ď‚·
In the <maxNestingLevel> subsection, specify the maximum nesting level of objects during Anti-Virus scanning. Nested objects include message attachments and archives packed inside other archives. For example, if the maximum object nesting level is set to 1, the application scans the message and its attachments of the first nesting level during an Anti-Virus scan. If these objects are found to contain threats, the application scans all attachments and objects of the first nesting level contained in them.
The default maximum nesting level for objects is 32.
95
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
In the <useAnalyzer> subsection, specify the value 1 to enable the use of Heuristic Analyzer during Anti-
Virus scanning, or 0 to disable Heuristic Analyzer.
The use of Heuristic Analyzer is enabled by default.
ď‚·
In the <heuristicLevel> subsection, specify the level of heuristic analysis to be used during Anti-Virus scanning of messages. The following levels are available: Light, Medium, and Deep.
The default heuristic analysis level is set to Medium.
4. If necessary, specify the maximum volume of memory that Zeta Shield technology is allowed to use in the
<avSettings> section. To do so, type the maximum memory volume in megabytes in the
<zetaShieldMemoryLimit> subsection.
If the allocated memory proves insufficient for Zeta Shield technology to scan a message, the scanning is interrupted and the message receives the Zeta Shield scan error verdict.
The default maximum volume of memory used by Zeta Shield is set to 100 MB.
5. Save the changes made.
6. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
C
ONFIGURING THE PROCESSING OF A MESSAGE THAT
CANNOT BE DISINFECTED
You can configure the actions to be taken by the application on messages with objects that cannot be disinfected. These actions apply to all rules that use Anti-Virus scanning.
To configure the settings for processing messages with objects that cannot be disinfected:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <avSettings> section, specify the action to be taken by the application on objects that could not be disinfected (the <InfectedFirstAction> setting) or from which an attachment could not be removed (see
ď‚·
In the <emergencyAction> subsection, specify the action to be taken by the application on messages with objects that could not be disinfected: RejectMessage (the message will be rejected) or
DeleteMessage (the message will be deleted).
The default action is DeleteMessage.
96
A
N T I
- V
I R U S P R O T E C T I O N
ď‚·
In the <backupEmergency> subsection, specify the value 1 to save a copy of the deleted message in
Backup, or 0 to delete the message without saving its copy.
By default, the value is set to 1.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
C
ONFIGURING
A
NTI
-V
IRUS SCAN SETTINGS FOR A RULE
To configure Anti-Virus scan message processing settings:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
on messages found to contain intrusion threats. To do so, in the <avScanSettings> section, specify the value
Skip, DeleteMessage or Reject for the <intrusionThreatAction> setting.
The default action is Reject.
4. Specify the preferred action to be taken by the application on infected messages (messages with Infected status and messages with Probably Infected status that contain potentially malicious objects). To do so, in the
<avScanSettings> section, specify the value Skip, Cure, DeleteMessage, DeleteAttachment or
Reject for the <infectedFirstAction> setting.
The default action is Cure.
5. Specify the preferred action to be performed on infected messages (with Infected status) that cannot be disinfected. To do so, in the <avScanSettings> section, specify the value DeleteMessage,
DeleteAttachment or Reject for the <infectedSecondAction> setting.
The default action is DeleteAttachment.
6. Specify the preferred action to be taken on messages with Corrupted and Encrypted status. To do so, in the
<avScanSettings> section, specify the value Skip, DeleteMessage, DeleteAttachment or Reject for the following settings:
ď‚·
<corruptedAction>, if the message has the status Corrupted;
ď‚·
<encryptedAction>, if the message has the status Encrypted.
The default action for all statuses is Skip.
97
A
D M I N I S T R A T O R
'
S
G
U I D E
7. If you selected the Delete and DeleteMessage actions at the previous steps of the sequence, you can
settings:
ď‚·
<backupIntrusionThreat>, if the message is found to pose an intrusion threat;
ď‚·
<backupInfected>, if an infected or probably infected message is detected;
ď‚·
<backupCorrupted>, if the message has the status Corrupted;
ď‚·
<backupEncrypted>, if the message has the status Encrypted.
8. The default setting for messages with Corrupted and Encrypted status is 0
– do not save message copy in Backup.
9. If you selected Skip, Cure, or DeleteAttachment, at Steps 3-6 of the sequence, you can edit the text of the tag added to the Subject field of the message. To do so, in the <avScanSettings> section, specify the text of the stamp as the value for the following settings:
ď‚·
<intrusionThreatMark>, if the message is found to contain an intrusion threat;
ď‚·
<infectedMark>, if the message has status as Infected or Probably Infected;
ď‚·
<disinfectedMark>, if the message is Disinfected;
ď‚·
<corruptedMark>, if the message has the status Corrupted;
ď‚·
<encryptedMark>, if the message has the status Encrypted.
10. Save the changes made.
11. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
If the attachment contains an archive with objects having different scan statuses, all objects of the message or the entire attachment are subject to one (most severe) action depending on all scan statuses assigned to objects in the archive.
E
XCLUDING MESSAGES FROM
A
NTI
-V
IRUS SCANNING BY
ATTACHMENT FORMAT
Kaspersky Security can exclude attachments of certain formats from Anti-Virus scanning of messages.
To exclude attachments of certain formats from Anti-Virus scanning of messages:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
98
A
N T I
- V
I R U S P R O T E C T I O N
2. Open the XML file to edit the rule settings.
3. In the <engineSettings> subsection of the <avScanSettings> section, specify 1 as the value of each relevant setting corresponding to the file format inside the <excludedFormats> subsection:
ď‚·
If executable files need to be excluded from scanning, in the <executableCategory> subsection specify the value 1 for the settings corresponding to the executable file formats that you want to exclude from scanning.
ď‚·
If document files need to be excluded from scanning, in the <officeCategory> subsection specify the value 1 for the settings corresponding to the document file formats that you want to exclude from scanning.
ď‚·
If multimedia files need to be excluded from scanning, in the <multimediaSubcategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to exclude from scanning.
ď‚·
If image attachments need to be excluded from scanning, in the <imageCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to exclude from scanning.
ď‚·
If archived objects need to be excluded from scanning, in the <archiveCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to exclude from scanning.
ď‚·
If database files need to be excluded from the scan, in the <databaseCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to exclude from scanning.
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
E
XCLUDING MESSAGES FROM
A
NTI
-V
IRUS SCANNING BY
ATTACHMENT NAME
Kaspersky Security can exclude attachments with certain names from Anti-Virus scanning of messages.
To exclude attachments with certain names from Anti-Virus scanning of messages:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
99
A
D M I N I S T R A T O R
'
S
G
U I D E
3. Specify the names of attachments to be excluded from scanning. To do so, in the <engineSettings> subsection of the <avScanSettings> section, specify the file name masks as the values of the <excludedNames> setting.
You can use the "*" and "?" symbols to create a name mask.
If you need to add several file names, each file name must be in a separate <item> section, typed in a new string of the settings file.
Example:
<excludedNames>
<item>*.iso</item>
</excludedNames>
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
L
IMITING THE SIZE OF OBJECTS TO BE SCANNED FOR
VIRUSES
You can specify the maximum size of objects to be scanned for viruses and other threats.
To restrict the size to be scanned for viruses and other threats:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. Specify the maximum size that should be scanned (0 - no size restriction). To this end, in the
<engineSettings> subsection of the <avScanSettings> section, specify a value not exceeding 10485760 for the <maxSizeLimit> setting.
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
100
ANTI-PHISHING PROTECTION
This section contains information about Anti-Phishing protection of messages and how to configure it.
I
N THIS SECTION
A
BOUT
A
NTI
-P
HISHING PROTECTION
One of the tasks of Kaspersky Security is to filter out phishing threats and links to websites with malware from messages passing through the mail server. Phishing applies to messages with phishing URLs, containing images or text that could trick users into disclosing confidential data to fraudsters.
The Anti-Phishing engine scans messages for phishing threats and links to websites with malware. The Anti-Phishing engine analyzes the message content (including the Subject header) and attached files.
Based on the Anti-Phishing scan results, the application assigns one of the Anti-Phishing scan statuses to the message
Anti-Phishing scan message processing settings" on page 103 ).
rule. You can specify actions to be performed by the application on messages with a certain status. The default action taken by the application on messages is Skip, with messages delivered to users unchanged.
The Anti-Phishing engine is enabled by default. If required, you can disable the Anti-Phishing engine or disable Anti-
Phishing scanning for any rule.
E
NABLING AND DISABLING THE
A
NTI
-P
HISHING ENGINE
You can enable or disable the Anti-Phishing engine. The Anti-Phishing engine is enabled by default.
To enable or disable the Anti-Phishing engine:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
101
A
D M I N I S T R A T O R
'
S
G
U I D E
3. In the <apSettings> section, specify one of the following values for the <enableApScan> setting:
ď‚·
1, to enable the Anti-Phishing engine;
ď‚·
0, to disable the Anti-Phishing engine.
By default, the value is set to 1.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
E
NABLING AND DISABLING
A
NTI
-P
HISHING SCANNING OF
MESSAGES FOR A RULE
You can enable or disable Anti-Phishing scanning of messages for any message processing rule.
To enable or disable Anti-Phishing scanning of messages for a rule:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. In the <engineSettings> subsection of the <apScanSettings> section, specify one of the following values of the <enableScan> setting:
ď‚·
1, to enable Anti-Phishing scanning of messages for this rule;
ď‚·
0, to disable Anti-Phishing scanning of messages for this rule.
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
102
A
N T I
- P
H I S H I N G P R O T E C T I O N
C
ONFIGURING GENERAL
A
NTI
-P
HISHING SCAN SETTINGS
You can configure general Anti-Phishing scan settings. These settings apply to all message processing rules according to which the application performs scanning of messages.
To configure general Anti-Phishing scan settings:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <apSettings> section, specify the values of the relevant Anti-Phishing scan settings:
ď‚·
In the <scanTimeLimit> subsection, specify the maximum duration of Anti-Phishing scanning of a message in seconds. If the message has not been scanned during this time, the application issues an Error verdict
— the message scan has returned an error.
The default maximum duration of scanning is 30 seconds.
ď‚·
In the <enableHeuristic> subsection, specify the value 1 to enable Heuristic Analyzer during Anti-
Phishing scanning, or 0 to disable Heuristic Analyzer.
The use of Heuristic Analyzer is enabled by default.
ď‚·
In the <useKsnStatus> subsection, specify the value 1 if you want the application to use information from
Kaspersky Security Network when issuing a phishing verdict on the message, or 0 if you do not want the application to use information from Kaspersky Security Network.
The use of information from Kaspersky Security Network is enabled by default.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
C
ONFIGURING
A
NTI
-P
HISHING SCAN MESSAGE
PROCESSING SETTINGS
To configure the Anti-Phishing scan message processing settings:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
103
A
D M I N I S T R A T O R
'
S
G
U I D E
2. Open the XML file to edit the rule settings.
on messages. To do so, in the <apScanSettings> section specify the value Skip, DeleteMessage or
Reject for the <phishingAction> setting if the message has status as Phishing or Malicious link.
The default action is Skip.
4. If you selected the DeleteMessage action at the previous step of the sequence, you can configure the application to move a copy of the message found to contain a phishing threat to Backup before deleting the
value 1 for the <backupPhishing> setting.
5. If you selected Skip at Step 3 of the sequence, you can edit the text of the tag added to the Subject field of the message. To do so, in the <apScanSettings> section, specify the text of the stamp as the value for the following settings:
ď‚·
<phishingMark>, if the message has Phishing status;
ď‚·
<maliciousMark>, if the message has Malicious link status.
6. Save the changes made.
7. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
104
CONTENT FILTERING
This section contains information about content filtering of messages and how to configure it.
I
N THIS SECTION
A
BOUT CONTENT FILTERING
Kaspersky Security can perform content filtering of messages that pass through the mail server.
Content filtering of messages is performed in the following ways:
ď‚·
by message size (see section "Configuring content filtering by message size" on page 107 );
ď‚·
ď‚·
You can specify the maximum size of messages, mask undesirable file names, and specify undesirable file formats.
As a result of content filtering, the message scanning control module assigns one of the content filtering statuses to the message.
performed by the application on messages with a certain status. The program rejects messages by default.
By default, content filtering of messages is disabled. You can enable content filtering of messages by the application (see
E
NABLING AND DISABLING CONTENT FILTERING OF
MESSAGES
You can enable or disable content filtering of messages by the application. By default, content filtering of messages is disabled.
105
A
D M I N I S T R A T O R
'
S
G
U I D E
To enable or disable content filtering of messages:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <cfSettings> section, specify one of the following values for the <enableCfScan> setting:
ď‚·
1, to enable content filtering of messages;
ď‚·
0, to disable content filtering of messages.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
E
NABLING AND DISABLING CONTENT FILTERING OF
MESSAGES FOR A RULE
You can enable or disable content filtering of messages for any message processing rule.
To enable or disable content filtering of messages for a rule:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. In the <engineSettings> subsection of the <cfScanSettings> section, specify one of the following values of the <enableScan> setting:
ď‚·
1, to enable content filtering of messages for this rule;
ď‚·
0, to disable content filtering of messages for this rule.
4. Save the changes made.
106
C
O N T E N T F I L T E R I N G
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
C
ONFIGURING CONTENT FILTERING BY MESSAGE SIZE
To configure content filtering by message size, do the following:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. Enable content filtering of messages. To do so, in the <engineSettings> subsection of the
<cfScanSettings> section, specify the value 1 for the <enableScan> setting.
4. Specify the maximum allowed size for messages, for example, 10 MB. To do so, in the <engineSettings> subsection of the <cfScanSettings> section, specify the value 10485760 for the <maxAllowedSize> setting.
on messages exceeding the specified size. To do so, in the <cfScanSettings> section, specify the value
Skip, DeleteMessage or Reject for the <sizeExceededAction> setting.
The default action is Reject.
6. If necessary, you can configure the application to move messages exceeding the specified size to Backup (see
the <backupSizeExceeded> setting.
7. Save the changes made.
8. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
107
A
D M I N I S T R A T O R
'
S
G
U I D E
C
ONFIGURING CONTENT FILTERING BY ATTACHMENT
NAME
To configure content filtering of messages by attachment name:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. Enable content filtering of messages. To do so, in the <engineSettings> subsection of the
<cfScanSettings> section, specify the value 1 for the <enableScan> setting.
4. Specify the names of attached files that are banned. To do so, in the <engineSettings> subsection of the
<cfScanSettings> section, specify the file name masks as the values of the <bannedFileNames> setting.
You can use the "*" and "?" symbols to create a name mask.
If you need to add several file names, each file name must be in a separate <item> section, typed in a new string of the settings file.
Example:
<bannedFileNames>
<item>*.exe</item>
</bannedFileNames>
on messages with attachments that have banned names. To do so, in the <cfScanSettings> section, specify the value Skip, DeleteMessage or Reject for the <bannedFileNameAction> setting.
The default action is Reject.
6. If necessary, you can configure the application to move copies of messages with attachments that have banned
specify the value 1 for the <backupBannedFileName> setting.
7. Save the changes made.
8. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
108
C
O N T E N T F I L T E R I N G
C
ONFIGURING CONTENT FILTERING BY ATTACHMENT
FORMAT
To configure content filtering of messages by attachment format:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. Enable content filtering of messages. To do so, in the <engineSettings> subsection of the
<cfScanSettings> section, specify the value 1 for the <enableScan> setting.
4. Specify the formats of attached files that are banned. To do so, in the <engineSettings> subsection of the
<cfScanSettings> section, specify the value 1 for each setting corresponding to file formats inside the
<bannedFileFormats> subsection:
ď‚·
To block the sending of executable files, in the <executableCategory> subsection specify the value 1 for the settings corresponding to the executable file formats that you want to block.
ď‚·
To block the sending of document files, in the <officeCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to block.
ď‚·
To block the sending of multimedia files, in the <multimediaSubcategory> subsection specify the value
1 for the settings corresponding to the file formats that you want to block.
ď‚·
To block the sending of image attachments, in the <imageCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to block.
ď‚·
To block the sending of archived objects, in the <archiveCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to block.
ď‚·
To block the sending of database files, in the <databaseCategory> subsection specify the value 1 for the settings corresponding to the file formats that you want to block.
on messages with attachments of banned formats. To do so, in the <cfScanSettings> section, specify the value Skip, DeleteMessage or Reject for the <bannedFileFormatAction> setting.
The default action is Reject.
6. If necessary, you can configure the application to move copies of messages with attachments of banned
specify the value 1 for the <backupBannedFileFormat> setting.
7. Save the changes made.
8. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
109
UPDATING KASPERSKY SECURITY
DATABASES
This section contains information about updating Anti-Virus, Anti-Spam, and Anti-Phishing databases.
I
N THIS SECTION
A
BOUT DATABASE UPDATES
Anti-Virus databases, Anti-Spam databases, and Anti-Phishing databases (hereafter also "databases") are files containing records that can be used to detect malicious code in scanned objects. These records contain information about the control sections of malicious code and algorithms used for disinfecting objects that contain such threats.
Virus analysts at Kaspersky Lab detect hundreds of new threats daily, create records to identify them, and include them in database updates packages (or update packages). Update packages consist of one or several files containing records to identify threats that were detected since the previous update package was released. In order to minimize the risk of infecting the protected server, we recommend that you receive database update packages regularly.
As long as the license is in effect, you can receive database update packages from Kaspersky Lab's website automatically on schedule, or download and install them manually.
During installation, Kaspersky Linux Mail Security downloads the latest databases from one of Kaspersky Lab's update servers. If you have configured automatic database updates, Kaspersky Security runs updates according to schedule
(with a frequency of once per 5 minutes).
Kaspersky Linux Mail Security periodically and automatically checks for new update packages on Kaspersky Lab's update servers. By default, if the Kaspersky Linux Mail Security databases have not been updated for a week since
Kaspersky Lab released the last updates, Kaspersky Linux Mail Security logs the event Databases are out of date. If the databases have not been updated for two weeks, Kaspersky Security logs the event Databases are obsolete. You can configure administrator notifications about these events.
110
U
P D A T I N G
K
A S P E R S K Y
S
E C U R I T Y D A T A B A S E S
C
HECKING DATABASE STATE
Databases can exist in one of the three states:
ď‚· up to date (UpToDate);
ď‚· outdated (Outdated);
ď‚· obsolete (Obsoleted).
To check the state of Anti-Virus databases:
# /opt/kaspersky/klms/bin/klms-control --get-avs-bases-info
The application keeps the following information on Anti-Virus databases:
ď‚· state of Anti-Virus databases: up to date (UpToDate), outdated (Outdated), or obsolete (Obsoleted);
ď‚· number of records;
ď‚·
Anti-Virus database release date;
ď‚· the time when Anti-Virus databases were installed in the application.
The following example shows the command output:
Example:
<root>
<status>UpToDate</status>
<recordCount>8095519</recordCount>
<publishingTime>Fri Jun 11 16:40:00 2012</publishingTime>
<installTime>Fri Jun 11 4:53:12 PM 2012</installTime>
</root>
To check the state of Anti-Spam databases:
# /opt/kaspersky/klms/bin/klms-control --get-asp-bases-info
The application shows the following information about Anti-Spam databases:
ď‚· state of Anti-Spam databases: up to date (UpToDate), outdated (Outdated), or obsolete (Obsoleted);
ď‚·
Anti-Spam database release date;
ď‚· the time when Anti-Spam databases were installed in the application.
The following example shows the command output:
Example:
<root>
<status>UpToDate</status>
<publishingTime>Fri Jun 8 11:40:36 2012</publishingTime>
<installTime>Fri Jun 8 11:50:12 AM 2012</installTime>
</root>
111
A
D M I N I S T R A T O R
'
S
G
U I D E
To check the state of Anti-Phishing databases:
# /opt/kaspersky/klms/bin/klms-control --get-aph-bases-info
The application shows the following information about Anti-Phishing databases:
ď‚· state of Anti-Phishing databases: up to date (UpToDate), outdated (Outdated), or obsolete (Obsoleted);
ď‚·
Anti-Phishing database release date;
ď‚· the time when Anti-Phishing databases were installed in the application.
The following example shows the command output:
Example:
<root>
<status>UpToDate</status>
<publishingTime>Fri Jun 8 11:40:36 2012</publishingTime>
<installTime>Fri Jun 8 11:50:12 AM 2012</installTime>
</root>
A
BOUT UPDATE SOURCES
Updates source is a resource containing updates for Kaspersky Security databases.
The main update source is Kaspersky Lab's update servers. These are special Internet sites which contain updates for databases and application modules for all Kaspersky Lab products. If you use a proxy server to connect to the Internet, you should configure its settings.
To reduce the amount of Internet traffic, you can configure Kaspersky Security databases from a custom update source.
In addition, HTTP/FTP servers or local directories on the user's computer can act as user updates sources.
If Kaspersky Security is managed using Kaspersky Security Center, you can specify Kaspersky Security Center as the update source.
S
ELECT UPDATE SOURCE
Kaspersky Lab update servers or custom update sources can be specified as update sources for the Anti-Virus and Anti-
Spam database update tasks (see section "About update sources" on page 112 ).
Kaspersky Security does not support updates from HTTP and FTP servers with authentication.
To select a custom update source:
1. To export update task settings to an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <update task ID> -f <file name> or
--get-settings Updater -n -f <file name>
112
U
P D A T I N G
K
A S P E R S K Y
S
E C U R I T Y D A T A B A S E S
2. Open the XML file to edit the task settings.
3. In the <updateCommonSettings> section, specify Custom as the value of the sourceType setting:
<sourceType>Custom</sourceType>
4. In the <customSources> subsection, specify the custom update source (a local folder on the computer or
HTTP/FTP server).
If you need to add several custom update sources, each new custom update source must be in a separate
<item> section, typed in a new string of the settings file.
Example:
<updateCommonSettings>
<sourceType>Custom</sourceType>
<customSources>
<item>
ftp://172.16.10.145/xz6
</item>
<item>
http://172.16.10.145/xz6
</item>
</customSources>
5. Save the changes made.
6. To import settings from an XML file to an update task, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <update task ID> -f <file name> or
--set-settings Updater -n -f <file name>
To select Kaspersky Lab's update servers as an update source:
1. To export update task settings to an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <update task ID> -f <file name> or
--get-settings Updater -n -f <file name>
2. Open the XML file to edit the task settings.
3. In the <updateCommonSettings> section, specify KLServers as the value of the sourceType setting:
<sourceType>KLServers</sourceType>
4. Save the changes made.
113
A
D M I N I S T R A T O R
'
S
G
U I D E
5. To import settings from an XML file to an update task, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <update task ID> -f <file name> or
--set-settings Updater -n -f <file name>
To select Kaspersky Security Center as an update source:
1. To export update task settings to an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <update task ID> -f <file name> or
--get-settings Updater -n -f <file name>
2. Open the XML file to edit the task settings.
3. In the <updateCommonSettings> section, specify SCServer as the value of the sourceType setting:
<sourceType>SCServer</sourceType>
4. Save the changes made.
5. To import settings from an XML file to an update task, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <update task ID> -f <file name> or
--set-settings Updater -n -f <file name>
C
ONFIGURING THE PROXY SERVER SETTINGS
If you use a proxy server to connect to the Internet, you should configure its settings.
To enable configure the settings of a proxy server for accessing update sources:
1. Export the Kaspersky Security general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-app-settings -f <file name>
2. Open the XML file to edit the task settings.
3. Enable the use of a proxy server for accessing update sources. To do so, specify the values in the following subsections of the <proxySettings> section: a. In the <enable> subsection, specify the value 1 to enable the use of a proxy server.
The proxy server usage option is enabled by default. b. In the <serverAddress> subsection, specify the name or IP address of the proxy server. c. In the <port> subsection, specify the port number for connecting to the proxy server.
The default port number is 8080.
114
U
P D A T I N G
K
A S P E R S K Y
S
E C U R I T Y D A T A B A S E S
d. In the <authenticationType> subsection, specify the value NotRequired if authentication is not required to connect to the proxy server, or Plain if authentication is required. e. If the connection to the proxy server requires authentication, specify the user name and password in the
<user> and <password> subsections. f. In the <proxyBypassLocalAddresses> subsection, specify the value 1 to disable the use of a proxy server for local company addresses, or 0 to enable the use of a proxy server for local company addresses.
By default, the value is set to 1.
4. Save the changes made.
5. To import settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-app-settings -f <file name>
C
ONFIGURING THE UPDATE TASK SCHEDULE
database update tasks manually.
To configure the update task startup schedule:
1. To export update task settings to an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <update task ID> -f <file name> or
--get-settings Updater -n -f <file name>
2. Open the XML file to edit the task settings.
4. Save the changes made.
5. To import settings from an XML file to an update task, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <update task ID> -f <file name> or
--set-settings Updater -n -f <file name>
U
PDATE TASK SCHEDULE SETTINGS
The <schedule> section of the file containing the database update task settings is structured as follows:
<schedule>
<ruleType>Once|Monthly|Weekly|Daily|Hourly|Minutely|Manual</ruleType>
<startByTime>
115
A
D M I N I S T R A T O R
'
S
G
U I D E
<year>year</year>
<month>month</month>
<day>day of month|day of week</day>
<hour>hours</hour>
<min>minutes</min>
<sec>seconds</sec>
<dayOfMonth>day of month</dayOfMonth>
<dayOfWeek>day of week</dayOfWeek>
<timePeriod>1</timePeriod>
</startByTime>
<randInterval><minutes></randInterval>
<execTimeLimit><minutes></execTimeLimit>
<runMissed>0|1</runMissed>
</schedule>
S
ETTING
ruleType startByTime randInterval execTimeLimit runMissed
Table 4. Update task schedule settings
D
ESCRIPTION AND POSSIBLE VALUES
The Starting a scheduled task mode.
Possible values include:
ď‚·
Once
– once.
ď‚·
Monthly
– monthly.
ď‚·
Weekly
– weekly.
ď‚·
Daily
– every N day.
ď‚·
Hourly
– every N hour.
ď‚·
Minutely
– every N minutes.
ď‚·
Manual
– manually.
Start time. If you do not specify a start time, the current system date and / or time is set by default (see table below).
Randomize the task launch within a time interval (in minutes) to equalize the load on the mail server while multiple scheduled tasks are running simultaneously. Format
– [0;999].
Limit the duration of the task interval (in minutes). Format
– [0;999].
Run missed tasks.
Possible values include:
ď‚·
1
– run missed tasks the next time the application is started;
ď‚·
0
– run only scheduled tasks.
116
U
P D A T I N G
K
A S P E R S K Y
S
E C U R I T Y D A T A B A S E S
S
ETTING
2013
<month>
<day>,<dayOfMonth>
<hour>
<min>
<sec>
<dayOfWeek>
<timePeriod>
Table 5. Field values of the startByTime setting
T
HE START
B
Y
T
IME SETTING VALUE
year [present year -1;present year +10] month [JAN | FEB | MAR | APR | MAY | JUN | JUL | AUG | SEP | OCT | NOV | DEC] day of month [1;31] hour [00;23] minutes [00;59] seconds [00;59] day of week [MON | TUE | WED | THU | FRI | SAT | SUN] time period [0-999], where 0 indicates the start period is not set.
M
ANUAL DATABASE UPDATE
To update the Kaspersky Security databases manually:
klms-control --start-task Updater -n –progress
117
ADVANCED CONFIGURATION OF
KASPERSKY SECURITY
This section describes how to perform an advanced configuration of Kaspersky Security.
I
N THIS SECTION
C
ONFIGURING GLOBAL BLACK AND WHITE LISTS OF
ADDRESSES
The settings of global black and white lists of addresses are contained in the preset BlackList (ID=2) and WhiteList
(ID=3) message processing rules.
one of the rule modes: reject messages without scanning (in which case the application processes messages according to this rule in the same way as it does according to the BlackList rule) or skip messages without scanning (in which case the application processes messages according to this rule in the same way as it does according to the WhiteList rule).
To configure a global black or white list of addresses:
1. Export the rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
To export the settings of the BlackList rule, execute the command
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings BlackList -n -f <rule settings file name>
To export the settings of the WhiteList rule, execute the command
--get-rule-settings WhiteList -n -f <rule settings file name>
2. Open the XML file to edit the rule settings.
3. Make the required changes in the <belongingCriteria> section, specifying the addresses of the sender and recipient in the <sender> and <recipient> settings, respectively.
If you need to add several sender and recipient email addresses, each new email address must be in a separate <item> section, typed in a new string of the settings file.
118
A
D V A N C E D C O N F I G U R A T I O N O F
K
A S P E R S K Y
S
E C U R I T Y
Example:
<belongingCriteria>
<sender>
<item>
<type>EMailMask</type>
<value>*</value>
</item>
<item>
<type>CIDR</type>
<value>172.16.10.145</value>
</item>
</sender>
<recipient>
<item>
<type>ExternalAccount</type>
<value>CN=test10,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbs2k8,DC=local</value>
</item>
</recipient>
</belongingCriteria>
You can use the symbols "*" and "?" to create a an address mask, and regular expressions beginning with the prefix "re:".
Regular expressions are not case-sensitive.
4. In the <ScanSettings> section, specify 1 as the value of the <active> setting to activate the rule.
5. Save the changes made.
6. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
119
A
D M I N I S T R A T O R
'
S
G
U I D E
S
ETTING THE NUMBER OF SCANNING STREAMS
The number of scanning streams is set to enable you to correctly balance the load on the mail server processors.
To set the number of scanning streams:
1. Export the ScanLogic task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <ScanLogic task ID> -f <settings file name> or
--get-settings ScanLogic -n -f <name of the settings file>
2. Open the XML file of the ScanLogic task to edit the task settings.
3. In the <scanThreads> section, change the number of scan threads. The default number of scan threads is eight.
4. Save the changes made.
5. Import the ScanLogic task settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <ScanLogic task ID> -f <settings file name> or
--set-settings ScanLogic -n -f <name of the settings file>
I
MPORTING
/
EXPORTING SETTINGS
You can export task settings and other application settings to a file for use during installation of the application on a different mail server.
To export Kaspersky Security task settings to a file, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --export-settings -f <name of the settings file>
To import Kaspersky Security task settings from a file, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --import-settings -f <name of the settings file>
To export Kaspersky Security rule settings to a file, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --export-rules -f <name of the settings file>
To import Kaspersky Security rule settings from a file, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --import-rules -f <name of the settings file>
120
INTEGRATING THE APPLICATION WITH AN
EXTERNAL USER SERVICE USING THE
LDAP PROTOCOL
This section contains information about how to integrate Kaspersky Security with an external user service using the
LDAP protocol.
I
N THIS SECTION
A
BOUT INTEGRATION WITH AN EXTERNAL USER SERVICE
VIA
LDAP
Kaspersky Security supports integration with the Active Directory external user service and other LDAP external services.
Integration with an external user service is required to perform the following tasks:
ď‚·
Add senders / recipients from an external user service to message processing rules.
ď‚·
Allow users to maintain personal black and white lists of addresses.
ď‚·
Allow the recipient to view messages in the recipient's personal Backup.
C
ONFIGURING THE APPLICATION CONNECTION TO AN
EXTERNAL USER SERVICE USING
LDAP
To configure the application connection to an external user service using LDAP:
1. Export the Auth process settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings 1 -f <settings file name>
2. Open the XML file for editing.
121
A
D M I N I S T R A T O R
'
S
G
U I D E
3. Specify the preferred type of integration between the application and the external user service via LDAP in the
<integrationType>: section <LDAPGeneric> (for integration with LDAP) or <AD> (for integration with Active
Directory).
4. Depending on the type of integration, specify the values of the following settings in the <LDAPGeneric> or
<AD> sections:
ď‚·
<host>
– address of the server with the openLDAP or Active Directory service, depending on the type of integration selected in the <integrationType> section,
ď‚·
<connectionType>
– the type of connection to Active Directory or server with the openLDAP service:
TLS, LDAP via SSL or without encryption,
ď‚·
<port>
– port of the server with the openLDAP or Active Directory service, depending on the type of connection selected in the <connectionType> section,
ď‚·
<bindDn>
– administrator account,
ď‚·
<password>
– administrator password,
ď‚·
<searchBase>
– account search database.
Example of the <AD> integration type parameters in use:
<host><IP address></host>
<port>389</port>
<bindDn>[email protected]</bindDn>
<password>123456</password>
<searchBase>dc=companyname,dc=com</searchBase>
Example of the <LDAPGeneric> integration type parameters in use:
<host>IP address</host>
<port>389</port>
<bindDn>cn=admin,dc=site</bindDn>
<password>123456</password>
<searchBase>dc=site</searchBase>
5. Specify the timeout for establishing a connection to the openLDAP or Active Directory service in the
<netTimeoutInSeconds> section. If the server does not respond during the specified time, the "Can not contact LDAP server" result is returned.
6. Save the changes made.
7. Import the Auth process settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings 1 -f <name of the settings file>
We recommend using an unprivileged user account when configuring the application connection to an external user service using LDAP.
122
I
N T E G R A T I N G T H E A P P L I C A T I O N W I T H A N E X T E R N A L U S E R S E R V I C E U S I N G T H E
LDAP
P R O T O C O L
C
HECKING THE SERVER CONNECTION USING
LDAP
To check the application connection to an external service using LDAP:
# /opt/kaspersky/klms/bin/klms-control --test-ldap-settings-connection
The response "Auth task connected successfully" indicates a positive result.
A
DDING SENDERS
/
RECIPIENTS FROM AN EXTERNAL USER
SERVICE TO RULES
To add a sender / recipient from an external user service to a message processing rule:
1. Export the rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name>
2. Open the XML file for editing.
3. Create new <item> section in the <sender> subsection (to add a sender) or <recipient> subsection (to add a recipient) of the <belongingCriteria> section.
If you need to add several sender and recipient email addresses, each new email address must be in a separate <item> section, typed in a new string of the settings file.
Both the message sender and recipient must be specified in the rule.
4. In the <type> subsection, set the ExternalAccount value.
5. In the <value> subsection, set the CN value from LDAP settings.
Example:
<belongingCriteria>
<sender>
<item>
<type>EMailMask</type>
<value>*</value>
</item>
</sender>
<recipient>
<item>
<type>ExternalAccount</type>
123
A
D M I N I S T R A T O R
'
S
G
U I D E
<value>CN=test10,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=sbs2k8,DC=local</value>
</item>
</recipient>
</belongingCriteria>
6. Save the changes made.
7. Import the rule settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <new rule ID> -f <rule settings file name>
A
DDING PERSONAL BLACK AND WHITE LISTS OF
ADDRESSES
When user integration with an external service via LDAP is enabled, users are able to maintain their personal black and white lists of senders' addresses.
To add a personal black or white list of addresses:
1. Get a sample rule settings file and save it to an XML file, for example personal_user1.xml, with the following command:
# /opt/kaspersky/klms/bin/klms-control --personal --sample > personal_user1.xml
Sample rule settings file.
Example:
<root>
<blackList>
<item></item>
</blackList>
<whiteList>
<item></item>
</whiteList>
</root>
2. Use the <item> subsection of the <blackList> section to add senders' addresses to the black list of addresses, and the <item> subsection of the <whiteList> section to add senders' addresses to the white list of addresses.
If you need to add several senders' addresses, each new email address must be specified in a separate
<item> section in a new line of the settings file.
124
I
N T E G R A T I N G T H E A P P L I C A T I O N W I T H A N E X T E R N A L U S E R S E R V I C E U S I N G T H E
LDAP
P R O T O C O L
Example:
<root>
<blackList>
<item>
</item>
<item>
</item>
</blackList>
<whiteList>
<item>
</item>
</whiteList>
</root>
3. Save this personal black or white list of addresses for the relevant external service user account (for example, for the account cn=user1001,ou=users,dc=site user account) using the command:
# /opt/kaspersky/klms/bin/klms-control --personal \
--set-settings 'cn=user1001,ou=users,dc=site' -f personal_user1.xml
You can specify the email address of a user instead of the user’s account.
# /opt/kaspersky/klms/bin/klms-control --personal \
--set-settings <email> -f personal_user1.xml
S
ETTING UP INTEGRATION WITH THE CUSTOM DIRECTORY
SERVICE
Integration with the custom directory service is performed by using scripting. These scripts must be executed with the rights of kluser account. Any supported language can be used to write the scripts.
To configure integration with a custom directory service:
1. Copy custom scripts to any local directory. For example: /opt/usr/sbin.
2. Export the Auth task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control –-get-settings Auth -n -f auth_settings.xml
125
A
D M I N I S T R A T O R
'
S
G
U I D E
3. Set the integration type to Custom in the Auth task settings file with the following command: sed -i 's|<integrationType>.*</integrationType>|<integrationType>Custom
</integrationType>|g' auth_settings.xml
4. Change the path to the custom scripts in the task settings file with the following command: sed -i 's|<binPath>.*</binPath>|<binPath>/opt/usr/sbin</binPath>|g' auth_settings.xml
5. Import Auth ask settings from the XML-file to the program with the following command:
# /opt/kaspersky/klms/bin/klms-control –-set-settings Auth -n -f auth_settings.xml
M
ANAGING UNTRUSTED CERTIFICATES
If you have established an encrypted connection of the application to an external custom directory service via the LDAP
server with the openLDAP or Active Directory service. You can configure the way Kaspersky Security should respond to a situation in which Active Directory or a server with the openLDAP service does not send a certificate to Kaspersky
Security or sends an untrusted certificate.
The response of Kaspersky Security to a missing certificate or an untrusted certificate is configured using the
TLS_REQCERT <level> setting. This setting is located in the configuration file:
/etc/opt/kaspersky/klms/ldap.conf. The format of the ldap.conf file depends on the LDAP library used.
The TLS_REQCERT parameter can take the following values:
ď‚· never. Kaspersky Security does not request a certificate from Active Directory or the server with the openLDAP service.
ď‚· allow. Kaspersky Security requests a certificate from Active Directory or the server with the openLDAP service. If the certificate has not been sent or an untrusted certificate has been sent, the TLS session continues.
This is the default value.
ď‚· try. Kaspersky Security requests a certificate from Active Directory or the server with the openLDAP service. If the certificate is not sent, the TLS session continues. If an untrusted certificate is sent, the TLS session is interrupted.
ď‚· demand / hard. The demand and hard values are equivalent. Kaspersky Security requests a certificate from
Active Directory or the server with the openLDAP service. If the certificate is missing or an untrusted certificate has been sent, the TLS session is interrupted.
After changing the value of the TLS_REQCERT parameter and saving the ldap.conf file, restart Kaspersky Security to apply changes.
126
USING THE APPLICATION VIA THE SNMP
PROTOCOL
This section contains information about how to use Kaspersky Linux Mail Security via the SNMP protocol and configure runtime trap events.
I
N THIS SECTION
A
BOUT RECEIVING RUNTIME INFORMATION VIA THE
SNMP
PROTOCOL
You can use the SNMP protocol to gain access to the following categories of information about Kaspersky Security:
ď‚· general information;
ď‚· runtime statistics since installation;
ď‚· information about runtime events.
Read-only access is granted.
The application uses an SNMP agent to interact via the SNMP protocol. The SNMP agent supports the AgentX protocol
(version 1). Any SNMP agent that supports AgentX can be used as an SNMP manager. Kaspersky Security works with
SNMP managers that support SNMP v2, v2c, v3.
If you plan to take meter readings with utilities from the Net-SNMP package, you need to upgrade the Net-SNMP package to the latest version.
C
ONFIGURING INTERACTION WITH THE APPLICATION VIA
THE
SNMP
PROTOCOL
You can perform the following actions:
ď‚·
Get the ID of the SNMP process.
ď‚·
Enable information exchange via SNMP.
ď‚·
Call MIB objects.
ď‚·
Enable / disable event traps.
ď‚·
View the MIB structure using the snmpwalk command.
127
A
D M I N I S T R A T O R
'
S
G
U I D E
I
N THIS SECTION
G
ETTING THE
ID
OF THE
SNMP
PROCESS
To configure interaction with the application via SNMP, you have to get the ID of the SNMP process.
To get the ID of the SNMP process:
# /opt/kaspersky/klms/bin/klms-control --get-task-list
E
NABLING INFORMATION EXCHANGE VIA THE
SNMP
PROTOCOL
To enable information exchange with the application via the SNMP protocol:
1. Configure the address of the SNMP master agent by specifying the following value in the snmpd.conf file: master agentx
AgentXSocket tcp:0.0.0.0:705
2. Export the SNMP task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <SNMP task ID> -f <file name>
3. Open the XML file to edit the task settings.
4. Specify the address of the SNMP master agent in the following section:
<masterAgentAddress>tcp:127.0.0.1:705</masterAgentAddress>
5. Enable the use of the SNMP protocol by specifying the value 1 in the <enableSNMP> section.
6. Save the changes made.
7. Import the settings from the XML file to the SNMP task using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <SNMP task ID> -f <file name>
After importing the settings, restart Kaspersky Security to apply the changes.
You can now call MIB objects in Kaspersky Security and receive information via the SNMP protocol using OID objects.
Kaspersky Security is distributed with MIB files containing the symbol names of MIB objects, events, and their settings.
When Kaspersky Security is installed, the MIB files are located in the directory: /opt/kaspersky/klms/share/snmp-mibs.
128
U
S I N G T H E A P P L I C A T I O N V I A T H E
S N M P
P R O T O C O L
C
ALLING
MIB
OBJECTS
To be able to access the MIB objects of Kaspersky Security, allow the SNMP master agent to access the MIB files of
Kaspersky Security. To do so, execute the following commands:
# echo "mibdirs +/opt/kaspersky/klms/share/snmp-mibs" >> snmp.conf
# echo "mibs all" >> snmp.conf
E
NABLING
/
DISABLING EVENT TRAPS
The SNMP protocol provides access to runtime statistics and event traps that occur in the operation of Kaspersky
Security. You can enable / disable Kaspersky Security traps.
To enable / disable Kaspersky Security event traps:
1. Export the SNMP task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <SNMP task ID> -f <file name>
2. Open the XML file to edit the task settings.
3. Assign the value 1 to the trapsEnable setting.
4. Save the changes made.
5. Import the settings from the XML file to the SNMP task using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <SNMP task ID> -f <file name>
V
IEWING THE
MIB
STRUCTURE USING THE SNMPWALK COMMAND
To view the MIB structure in Kaspersky Security using the snmpwalk command,
add the following string to the snmpd.conf configuration file: view systemview included .1.3.6.1.4.1.23668.1463
129
MANAGING COMPANY EMPLOYEE
ACCOUNTS
This section describes how you can manage accounts of company employees and configure their settings.
I
N THIS SECTION
A
BOUT A COMPANY EMPLOYEE ACCOUNT
Company employee accounts are intended for company employees tasked with analyzing and managing personal black and white lists of addresses and copies of messages placed in Backup (for example, for Helpdesk employees). This account gives an employee access only to settings and contents of Backup and personal black and white lists of addresses.
A
CTIVATING AND DEACTIVATING A COMPANY EMPLOYEE
ACCOUNT
To activate or deactivate a company employee account:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <name of the settings file>
2. Open the XML file to edit the settings.
3. In the <helpdesk> section, specify one of the following values for the <enable> parameter:
ď‚·
1, to activate accounts for company employees;
ď‚·
0, to deactivate accounts for company employees.
4. Save the changes made.
5. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <name of the settings file>
130
M
A N A G I N G C O M P A N Y E M P L O Y E E A C C O U N T S
C
ONFIGURING SETTINGS OF A COMPANY EMPLOYEE
ACCOUNT
To configure the settings of a company employee account:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <name of the settings file>
2. Open the XML file to edit the settings.
3. To allow or block employees working under the account being configured to access personal white and black lists of addresses, specify one of the following values for the <accessBlackWhiteList> parameter in the
<helpdesk> section:
ď‚·
1, to allow access to personal black or white lists;
ď‚·
0, to block access to personal black or white lists.
4. Save the changes made.
5. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <name of the settings file>
6. To specify the name for a company employee account, run the following command:
# /opt/kaspersky/klms/bin/klms-control --set-web-helpdesk-login <login-name>, where
<login-name> is the account name.
7. To specify the password for a company employee account, run the following command:
# /opt/kaspersky/klms/bin/klms-control --set-web-helpdesk-password <password>, where
<password> is the password.
The names and passwords of all accounts for using the application are located at the following path:
/var/opt/kaspersky/klms/db/passwd.
C
ONFIGURING THE TRANSMISSION OF INFECTED
MESSAGES PLACED IN
B
ACKUP TO USERS
To configure the transmission of infected messages placed in Backup to users:
1. Export the Backup settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings <Backup task ID> -n -f <name of the settings file>
2. Open the XML file to edit the settings.
131
A
D M I N I S T R A T O R
'
S
G
U I D E
3. In the <root> section, specify one of the following values for the <allowAvThreatsRestoration> parameter:
ď‚·
1, to allow users working under the company employee account to send infected messages placed in
Backup to users;
ď‚·
0, to block users working under the company employee account from sending infected messages placed in
Backup to users.
4. Save the changes made.
5. Import the Backup settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings <Backup task ID> -n -f <name of the settings file>
132
BACKUP
This section contains information about Backup and how to use it.
I
N THIS SECTION
A
BOUT
B
ACKUP
Kaspersky Security places copies of messages in Backup. Copies of messages are stored in Backup in unreadable format and therefore do not compromise your computer's security.
Kaspersky Security places copies of the following messages in Backup:
ď‚·
Copies of messages after Anti-Virus engine scanning, before attempting to cure or delete the messages, or deleting an attachment using the Cure, DeleteMessage or DeleteAttachment actions (see section
"Configuring Anti-Virus scan settings for a rule" on page 97 ).
ď‚·
After scanning by the Anti-Spam engine: copies of messages assigned Spam / Probable spam / Blacklisted status, before attempting to delete them using the DeleteMessage action, provided that the application is
Anti-Spam scan settings for a rule" on page 87 ).
ď‚·
After scanning by the Anti-Phishing engine: copies of messages assigned Phishing / Malicious link status, before attempting to delete them using the DeleteMessage action, provided that the application is configured
ď‚·
After content filtering: copies of messages that violate the content filtering criteria, provided that the processing rule is configured to place copies of such messages in Backup when content filter criteria are violated by size
"Configuring content filtering by attachment name" on page 108
Copies of messages are placed in Backup together with attachments.
The default maximum Backup space is 1 GB. As soon as this threshold value is exceeded, the application starts to delete the oldest messages from Backup. When the amount of occupied space is again below the threshold value, the application stops deleting messages from Backup.
133
A
D M I N I S T R A T O R
'
S
G
U I D E
You can perform the following actions on copies of messages in Backup:
ď‚·
ď‚·
ď‚·
Delete message copies from Backup (see section "Deleting message copies from Backup" on page 135 ).
ď‚·
specified as the recipient's email address.
ď‚·
Save messages from Backup to file (see section "Saving messages from Backup to file" on page 135 ).
The local area network administrator can be held liable for unauthorized access to information transmitted in messages stored in Backup.
V
IEWING STATISTICS OF MESSAGE COPIES IN
B
ACKUP
You can view statistics of message copies in Backup: the total number of message copies currently in Backup, and the total disk space that they occupy.
To view statistics of message copies in Backup:
# /opt/kaspersky/klms/bin/klms-control --backup --statistics
F
ILTERING THE DETAILS OF MESSAGE COPIES IN
B
ACKUP
You can filter the details of message copies in Backup to get information on the message copies you need.
To filter the details of message copies in Backup:
# /opt/kaspersky/klms/bin/klms-control --backup --query \
--message-id <message ID> --from <sender email address> \
--to <recipient email address> --subject <subject> \
--limit <maximum number of messages>
The application shows information about message copies in Backup, such as:
ď‚·
IP address of the message sender;
ď‚· email address of the message sender;
ď‚· time when the message was sent;
ď‚· time when the message was received;
ď‚· message subject;
ď‚· attachments;
ď‚· message scan and content filtering statuses.
134
B
A C K U P
D
ELETING MESSAGE COPIES FROM
B
ACKUP
You can delete message copies from Backup in several ways:
ď‚· delete one message copy;
ď‚· delete copies of all messages processed according to one rule;
ď‚·
To delete one message copy from Backup, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --backup --remove \
--message-id <message ID>
To delete copies of all messages processed according to one rule, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --backup --remove --\ rule-id <rule ID>
To delete all copies of messages matching the specified filtration criteria, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --backup --query \
--message-id <message ID> --from <sender email address> \
--to <recipient email address> --subject <subject> \
--limit <maximum number of messages> --mass-remove
S
AVING MESSAGES FROM
B
ACKUP TO FILE
You can save a message from Backup to file on the computer. You may need to save a message to file if, for example, you want to open the message in your email client later.
Saving infected and probably infected messages poses a security threat to your computer.
To save a message from Backup to a file, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --backup \
--save –message-id <message ID> --rule-id <rule ID> -file <file name>
D
ELIVERING MESSAGES FROM
B
ACKUP TO RECIPIENTS
If you consider a message in Backup to be safe, you can deliver the message from Backup to the recipients.
Delivering infected and probably infected messages from Backup could pose a security threat to computers.
135
A
D M I N I S T R A T O R
'
S
G
U I D E
To deliver a message from Backup to its recipients, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --backup \
--deliver –message-id <message ID> --rule-id <rule ID> --recipients <recipient email address> <recipient email address>
C
ONFIGURING THE
B
ACKUP SETTINGS
To configure the Backup settings:
1. Export the Backup task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings Backup -n -f <name of the settings file>
2. Open the XML file to edit the rule settings.
3. In the <maxSize> section, specify the maximum size (in bytes) that can be taken up by Backup.
When this limit is exceeded, the application tries to delete the oldest messages from Backup.
4. Save the changes made.
5. Import the rule settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings Backup -n -f <name of the settings file>
136
EMAIL NOTIFICATIONS
This section contains information about mail notifications and how to configure them.
I
N THIS SECTION
A
BOUT EMAIL NOTIFICATIONS
An email notification (or notification) is an email message containing a description of a processed message. The application sends the notification to the recipients or sender of the processed message, or to the mail server administrator. Besides a description of the email message, the notification contains a description of objects deleted from the message. The application also includes the text of the source message in notifications for recipients.
Various events occur during the operation of Kaspersky Security. They reflect changes in the status of Kaspersky
The application provides two types of email notifications:
ď‚· notifications about objects;
ď‚· administrator notifications about events.
Administrator notifications are available for the following events:
ď‚·
licenseExpired, which occurs on expiration of the license;
ď‚·
licenseExpiresSoon, which occurs when the license is due to expire soon;
ď‚·
licenseBlacklisted, which occurs if the key is in the black list;
ď‚·
antiVirusBasesOutdated, which occurs if the Anti-Virus databases are out of date;
ď‚·
antiSpamBasesOutdated, which occurs if the Anti-Spam databases are out of date;
ď‚·
backupCleanupFailed, which occurs if automatic deletion of messages in Backup returns an error;
ď‚·
backupAlmostFull, which occurs if Backup is running out of space;
ď‚·
messageBackupFailed, which occurs if an attempt to place a message in Backup returns an error.
137
A
D M I N I S T R A T O R
'
S
G
U I D E
Kaspersky Security contains templates of notifications for the mail server administrator, or for the sender or recipient of a
E
NABLING DELIVERY OF EMAIL NOTIFICATIONS ABOUT
OBJECTS
To enable delivery of notifications:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. In one of the following subsections of the <notificationSettings> section:
ď‚·
<admin> for delivery of notifications to the administrator;
ď‚·
<sender> for delivery of notifications to the sender;
ď‚·
<recipient> for delivery of notifications to the recipient;
ď‚·
<additional> for delivery of notifications to the additional email addresses you specified (see section
specify the value 1 for the following settings:
ď‚·
<enableInfected> for notifications about infected objects;
ď‚·
<enableEncrypted> for notifications about encrypted objects;
ď‚·
<enableCorrupted> for notifications about corrupted objects or errors during scanning of an object;
ď‚·
<enableCFFail> for notifications about violations of the content filter settings;
ď‚·
<enablePhishing> for notifications about detected phishing.
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
138
E
M A I L N O T I F I C A T I O N S
S
PECIFYING ADDITIONAL EMAIL ADDRESSES FOR
DELIVERY OF EMAIL NOTIFICATIONS ABOUT OBJECTS
To specify additional email addresses for delivery of email notifications about objects:
1. Export rule settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-rule-settings <rule ID> -f <rule settings file name> or
--get-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
2. Open the XML file to edit the rule settings.
3. In the <additional> subsection of the <notificationSettings> section, specify the list of email addresses for delivery of notifications with the following settings:
ď‚·
<emailListInfected> for notifications about infected objects;
ď‚·
<emailListEncrypted> for notifications about encrypted objects;
ď‚·
<emailListCorrupted> for notifications about corrupted objects or errors during scanning of an object;
ď‚·
<emailListCFFail> for notifications about violations of the content filter settings;
ď‚·
<emailListPhishing> for notifications about detected phishing URLs.
If you need to add several email addresses for sending notifications, each new address must be in a separate
<item> section in a new line of the settings file.
Example:
<additional>
<options>
<enableInfected>0</enableInfected>
<enableCorrupted>1</enableCorrupted>
<enableEncrypted>0</enableEncrypted>
<enableCFFail>0</enableCFFail>
<enablePhishing>0</enablePhishing>
</options>
<emailListInfected />
<emailListCorrupted>
<item>
139
A
D M I N I S T R A T O R
'
S
G
U I D E
</item>
</emailListCorrupted>
<emailListEncrypted />
<emailListCFFail />
<emailListPhishing />
</additional>
4. Save the changes made.
5. To import rule settings from an XML file, use the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-rule-settings <rule ID> -f <rule settings file name> or
--set-rule-settings <rule name> -n -f <rule settings file name>
The <rule name> should be enclosed in double quotes if it contains blanks.
C
ONFIGURING DELIVERY OF EMAIL EVENT NOTIFICATIONS
TO THE ADMINISTRATOR
enable delivery of notifications. You can also specify the address from which the application is to send administrator notifications.
To configure the delivery of email event notifications to the administrator:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <file name>
2. Open the XML file to edit the settings.
3. In the <adminEmailAddresses> section, specify the email addresses of the administrator to which notifications are to be sent.
4. In the <replyEmailAddress> section, you can specify the address from which notifications are to be sent.
The default email address is klms@localhost.
5. Save the changes made.
6. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <file name>
7. Export the settings of the Notifier module to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings 9 -f <file name>
140
E
M A I L N O T I F I C A T I O N S
8. Open the XML file to edit the settings.
9. In the <notificationFlags> section, specify the value 1 for the following settings:
ď‚·
<antiVirusBasesOutdated> and <antiVirusBasesObsoleted> for notifications about
antiVirusBasesOutdated events;
ď‚·
<antiSpamBasesOutdated> and <antiSpamBasesObsoleted> for notifications about
antiSpamBasesOutdated events;
ď‚·
<messageBackupFailed> for notifications about messageBackupFailed events;
ď‚·
<backupCleanupFailed> for notifications about backupCleanupFailed events;
ď‚·
<backupAlmostFull> for notifications about backupAlmostFull events;
ď‚·
<licenseExpiresSoon> for notifications about licenseExpiresSoon events;
ď‚·
<licenseExpired> for notifications about licenseExpired events;
ď‚·
<licenseBlacklisted> for notifications about licenseBlacklisted events;
ď‚·
<externalDirectoryServicesError> for notifications about externalDirectoryServicesError events.
10. Save the changes made.
11. Import the settings from an XML file to the Notifier module using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings 9 -f <file name>
E
DITING TEMPLATES OF EMAIL EVENT NOTIFICATIONS
To edit an email event notification template:
1. Export the settings of the Notifier module to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings 9 -f <file name>
2. Open the XML file to edit the settings.
3. In the <notificationTemplates> section, edit the text of the relevant event notification template. You can
If, while editing a template text, you use line breaks or characters that may cause errors during analysis by the
XML parser, you must use the following format: CDATA: <tag><![CDATA[ ... ]]></tag>.
The text fragment inside <![CDATA[ ... ]]>, is not analyzed by the XML parser, and is perceived as an ordinary string that contains only character data and no markup.
4. Save the changes made.
5. Import the settings from an XML file to the Notifier module using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings 9 -f <file name>
141
A
D M I N I S T R A T O R
'
S
G
U I D E
U
SING MACROS IN TEMPLATES OF EMAIL EVENT
NOTIFICATIONS
Macro is a substitution element used in event notification templates. In the text of a notification generated on the basis of a template, a macro is substituted for a certain value.
Macro syntax: %MACRO_NAME%
The following macros can be used in notification texts (see table below).
M
ACRO
%SERVER_NAME%
%PRODUCT_NAME%
%BASES_ISSUE_DATE%
%OUTDATED_DAYS%
%OUTDATED_HOURS%
%SMTP_MESSAGE_ID%
%MESSAGES_COUNT%
%MINUTES%
%ATTEMPTS%
%MESSAGES_SIZE%
%MAX_BACKUP_SIZE%
%LICENSE_NUMBER%
%EXPIRATION_DAYS%
D
ESCRIPTION
E
Table 6. Macros for event notification templates
VENT FOR WHICH THE MACRO IS USED
Mail server name.
Application name.
antiVirusBasesOutOfDate, antiVirusBasesObsolete, antiSpamBasesOutOfDate, antiSpamBasesObsolete, messageBackupFailed, severalMessagesBackupFailed, severalBackupCleanupAttemptsFailed, backupAlmostFull, licenseExpiresSoon,
licenseExpired, licenseBlacklisted
antiVirusBasesOutOfDate, antiVirusBasesObsolete, antiSpamBasesOutOfDate, antiSpamBasesObsolete, messageBackupFailed, severalMessagesBackupFailed, severalBackupCleanupAttemptsFailed, backupAlmostFull, licenseExpiresSoon,
licenseExpired, licenseBlacklisted
Anti-Virus or Anti-Spam database release date.
antiVirusBasesOutOfDate, antiVirusBasesObsolete, antiSpamBasesOutOfDate,
antiSpamBasesObsolete
Number of days since the last update of Anti-Spam or Anti-Spam databases.
antiVirusBasesOutOfDate, antiVirusBasesObsolete,
antiSpamBasesObsolete
Number of hours since last update of Anti-Spam databases.
antiSpamBasesOutOfDate
Message header.
messageBackupFailed, scanStatusAlertForAdmin,
scanStatusAlertForOthers
severalMessagesBackupFailed, backupAlmostFull Number of messages that could not be placed in Backup or total number of messages in Backup.
Time during which attempts were made to place messages in
Backup or automatically delete messages from it.
severalMessagesBackupFailed,
severalBackupCleanupAttemptsFailed
Number of attempts to automatically delete messages from Backup.
severalBackupCleanupAttemptsFailed
Total size of messages in Backup in megabytes.
backupAlmostFull
Maximum size of Backup.
License key.
Number of days before expiration of the license.
backupAlmostFull
licenseExpiresSoon, licenseExpired,
licenseBlacklisted
licenseExpiresSoon
142
E
M A I L N O T I F I C A T I O N S
M
ACRO
D
ESCRIPTION
E
VENT FOR WHICH THE MACRO IS USED
%EXPIRATION_DATE%
%SENDER%
%ALL_RECIPIENTS%
License expiration date. licenseExpired
Email address of message sender. scanStatusAlertForAdmin,
scanStatusAlertForRecipient,
scanStatusAlertForOthers
Addresses of all recipients of source message.
scanStatusAlertForAdmin, scanStatusAlertForSender,
scanStatusAlertForOthers
%AFFECTED_RECIPIENTS% Addresses of the original message recipients who should be advised of the event described in the notification.
scanStatusAlertForAdmin,
scanStatusAlertForOthers, messageBounce
%AFFECTED_RULES% Original message processing rules that are conditioned by the event described in the notification.
scanStatusAlertForAdmin,
scanStatusAlertForOthers
%MESSAGE_ID%
%SUBJECT%
%DATE%
ID of message in the application.
scanStatusAlertForAdmin,
scanStatusAlertForOthers
Subject (Subject field) of source message.
Message processing date.
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
%MESSAGE_ACTION%
%DATA_BEGIN%
%DATA_END%
%OBJECT_NAME%
%OBJECT_SIZE%
%STATUS%
%OBJECT_ACTION%
Action taken by the application on the email message.
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
Service macro to designate the beginning of the list of macros to be attached.
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
Service macro to designate the end of the list of macros to be attached.
Name of attachment.
Size of attachment.
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
Message status.
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
Action taken by the application on the attachment.
scanStatusAlertForAdmin, scanStatusAlertForSender, scanStatusAlertForRecipient,
scanStatusAlertForOthers
143
RUNTIME REPORTS AND STATISTICS
This section contains information about reports and statistics on the operation of the application.
I
N THIS SECTION
V
IEWING RUNTIME STATISTICS
To view statistics on the operation of the application, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --dashboard
You can view monthly (option --month), weekly (option --week), daily (option --day), or hourly (option --hour) statistics.
Monthly and weekly statistics are given per day; daily statistics per hour; hourly statistics every 5 minutes.
The application displays information as per the following table.
N
AME
threat phishing spam content notScanned clean total
Table 7. Runtime statistics
V
ALUE
Total number of infected, probably infected, corrupted, or encrypted messages, and messages for which Anti-Virus scanning returned an error.
The total number of messages containing phishing threats or links to websites with malware.
Total number of messages containing spam or potential spam, and messages from undesirable senders.
Total number of messages that triggered the application during content filtering by message size, attachment name or format.
Total number of messages that have not been processed for some reason (for example, messages have been excluded from scanning by the administrator, the license has expired, the Anti-Virus engine, Anti-Spam engine, Anti-Phishing engine, or content filtering has been disabled).
Total number of messages scanned by the application and identified as not infected, not containing spam or phishing, and not violating the content filter settings.
Total number of messages processed by the application.
C
REATING REPORTS
Kaspersky Security can generate reports and statistics on the operation of the application.
You can create reports in the following ways:
ď‚·
on demand (see section "Creating on-demand reports" on page 145 );
ď‚·
by schedule (see section "Configuring scheduled reports" on page 147 ).
144
R
U N T I M E R E P O R T S A N D S T A T I S T I C S
You can create on-demand reports for the following periods:
ď‚· today;
ď‚· this month;
ď‚· this year;
ď‚· last couple of days;
ď‚· last seven days;
ď‚· last month;
ď‚· last year;
ď‚· exact time.
The application stores on-demand reports in the directory /var/opt/kaspersky/klms/reports/.
You can create scheduled reports for the following periods:
ď‚· day (DailyReport task, ID=17);
ď‚· week (WeeklyReport task, ID=18);
ď‚· month (MonthlyReport task, ID=19).
The stores scheduled reports in the following directories:
ď‚· daily reports: /var/opt/kaspersky/klms/reports/daily;
ď‚· weekly reports: /var/opt/kaspersky/klms/reports/weekly;
ď‚· monthly reports: /var/opt/kaspersky/klms/reports/monthly.
I
N THIS SECTION
C
REATING ON
-
DEMAND REPORTS
To create an on-demand report, execute the following command:
# /opt/kaspersky/klms/bin/klms-control --report
You can create a report for the following periods:
ď‚· today (option --today);
ď‚· this month (option --this-month);
ď‚· this year (option --this-year);
ď‚· last few days (option --last-days <ndays>, where <ndays> is the number of days; 1 by default);
145
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚· last week (option --last-week);
ď‚· last month (option --last-month);
ď‚· last year (option --last-year);
ď‚· exact time (option --exact-time YYYY[.MM[.DD]], where YYYY is the year, MM is the month, DD is the day). If you use the full date format for an exact-time report, you can specify a report period using the option -ndays <ndays>, where <ndays> is the number of days from the date specified for which you want to get a report.
The following example illustrates how to create a report for the previous month:
Example:
The current month is May 2012. You need a report for April 2012.
Execute the following command:
# /opt/kaspersky/klms/bin/klms-control --report --last-month
The application creates a report for April 2012.
The following example illustrates how to create a report for an exact time:
Example:
You need a report for 4 May 2012.
Execute the following command:
# /opt/kaspersky/klms/bin/klms-control --report --exact-time 2012.05.04
The application creates a report for this one day.
The following example illustrates how to create a report for an exact period:
Example:
You need a report for 6 days starting 4 May 2012.
Execute the following command:
# /opt/kaspersky/klms/bin/klms-control --report --exact-time 2012.05.04 --ndays 6
The application creates a report for the period from 4 May through 9 May.
Different language options are available for all reports (option --lang). The list of languages depends on the application localization packages installed. The default language is English.
The following example illustrates how to create a report in Russian:
Example:
You need a report for today in Russian.
Execute the following command:
# /opt/kaspersky/klms/bin/klms-control --report --today --lang ru_RU
The application generates a report for today in Russian.
146
R
U N T I M E R E P O R T S A N D S T A T I S T I C S
In addition, you can configure the delivery of on-demand reports by email. To do so, use the option --deliver.
The following example illustrates how to configure the delivery of a report for the current month.
Example:
You need to create and deliver a report for this month.
Execute the following command:
# /opt/kaspersky/klms/bin/klms-control --report --this-month \
--deliver <recipient email address> <recipient email address> ...
The application creates a report for this month and delivers it to the email addresses of the recipients that you specified.
C
ONFIGURING SCHEDULED REPORTS
To configure the generation of scheduled reports:
1. Export DailyReport (ID=17), WeeklyReport (ID=18), or MonthlyReport (ID=19) task settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control \
--get-settings <task ID> -f <file name>
2. Open the XML file to edit the task settings.
3. Specify 1 as the value of the <enableReport> setting to enable the generation of scheduled reports.
4. Specify the settings of the report generation schedule:
ď‚·
<dayOfMonth>
– day of month [1;31] (for MonthlyReport task);
ď‚·
<dayOfWeek>
– day of week [MON | TUE | WED | THU | FRI | SAT | SUN] (for WeeklyReport task);
ď‚·
<hour>
– hours [00;23] (for DailyReport, WeeklyReport, or MonthlyReport task);
ď‚·
<min>
– minutes [00;59] (for DailyReport, WeeklyReport, or MonthlyReport task).
5. If you want to enable the delivery of scheduled reports by email:
ď‚· in the <sendOptions> section, specify the value 1 for the <enableSend> setting;
ď‚· in the <recipientsAddresses> section, specify the email addresses to which scheduled reports are to be sent.
6. Specify the language of the scheduled reports using the <lang> setting. The list of languages depends on the application localization packages installed.
7. Save the changes made.
8. Import the settings from an XML file to a DailyReport, WeeklyReport, or MonthlyReport task using the command:
# /opt/kaspersky/klms/bin/klms-control \
--set-settings <task ID> -f <file name>
147
EVENT LOG
This section contains information about the Event log and how to configure it.
I
N THIS SECTION
E
VENT LOG
Various events occur during the operation of Kaspersky Security. They reflect changes in the status of Kaspersky
Security. Information about these events is stored in the Event log.
The application keeps the Event log in the system log of the operating system (syslog) in the Mail category. If necessary, you can change the category of the system log in which the application should log events. The application designates
Kaspersky Security events with the abbreviation KLMS to distinguish them from other events stored in the Mail category.
Events can have the following levels of importance:
ď‚·
Error
– events involving application errors.
ď‚·
Info
– informational events. At this level, the log stores email addresses of senders and receivers, the IP address of the computer transmitting the message, as well as detailed information on message scan results.
By default, the application logs only error events (i.e., events with the Error level of importance) in the event log (see table below). You can configure all application events to be recorded in the log.
E
VENT
D
ESCRIPTION
Table 8.
RuleSettingsChangedEvent Message processing rule settings have been changed.
TaskSettingsChangedEvent Task settings have been changed.
MessageProcessedEvent Message has been processed.
MessageNotProcessedEvent Message has not been processed.
MessageQuarantinedEvent Messages has been placed in Backup.
ProductStartEvent
Application has been started.
ScheduledReportError Error creating scheduled report.
ScheduledReportGenerated Scheduled report has been generated.
BackupLimitReachedEvent
Backup limit size has been reached.
BackupRestoreAvThreatEvent Message from Backup has been saved to file or sent to recipients.
BackupAddErrorEvent Error adding message to Backup.
BackupRotateErrorEvent
AvUpdateErrorEvent
Error automatically freeing up space in Backup.
Error updating Anti-Virus databases.
Events in the event log
I
MPORTANCE
LEVEL
Info
Error
Info
Info
Info
Error
Error
Error
Info
Info
Info
Info
Info
148
E
V E N T L O G
E
VENT
AspUpdateErrorEvent
ApUpdateErrorEvent
AvBasesAttachedEvent
ApBasesAttachedEvent
AspBasesAttachedEvent
NothingToUpdateEvent
AvBasesOutdatedEvent
AspBasesOutdatedEvent
ApBasesOutdatedEvent
AvBasesObsoleteEvent
AspBasesObsoleteEvent
ApBasesObsoleteEvent
AvBasesAppliedEvent
AspBasesAppliedEvent
ApBasesAppliedEvent
LicenseBlacklistedEvent
LicenseExpiredEvent
LicenseExpiresSoonEvent
LicenseErrorEvent
LicenseInstalledEvent
LicenseRevokedEvent
TaskCrashEvent
TaskRestartEvent
D
ESCRIPTION
Error updating Anti-Spam databases.
Error updating Anti-Phishing databases.
Anti-Virus databases have been updated.
Anti-Phishing databases have been updated.
Anti-Spam databases have been updated.
No update required.
Anti-Virus databases are out of date.
Anti-Spam databases are out of date.
Anti-Phishing databases are out of date.
Anti-Virus databases are obsolete.
Anti-Spam databases are obsolete.
Anti-Phishing databases are obsolete.
Anti-Virus databases have been downloaded.
Anti-Spam databases have been downloaded.
Anti-Phishing databases have been downloaded.
Key is in the black list of keys.
License has expired.
License expires soon.
Key related error.
Key has been added.
Key has been deleted.
Process returned an error.
Process has been restarted.
In PostgreSQL, the Log level is higher than the Error level. For details, see http://www.postgresql.org/docs/9.1/static/runtime-config-logging.html#RUNTIME-CONFIG-SEVERITY-LEVELS .
I
MPORTANCE
LEVEL
Info
Info
Error
Error
Info
Error
Info
Info
Error
Info
Info
Info
Info
Info
Info
Info
Error
Error
Info
Info
Info
Info
Info
C
HANGING THE SYSTEM LOG CATEGORY FOR STORING
EVENTS
To change the syslog category for storing events:
1. Export the Event log settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings 20 -f <file name>
2. Open the XML file to edit the settings.
3. Specify the value of the <facility> setting to indicate the syslog category where the application is to log events.
The default category is Mail.
149
A
D M I N I S T R A T O R
'
S
G
U I D E
4. Save the changes made.
5. Import the Event log settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings 20 -f <file name>
C
ONFIGURING EVENT LOGGING IN THE EVENT LOG
To configure the logging of events in the event log:
1. Export the Event log settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-settings EventLogger -n \
-f <file name>
2. Open the XML file to edit the settings.
3. Specify the level of importance of events that the application is to record in the Event log. To do so, specify one of the following values for the <logLevel> setting:
ď‚·
Error
– events involving application errors (this is the default value).
ď‚·
Info
– informational events. In this case the program writes to event log informational events and error events.
4. Save the changes made.
5. Import the Event log settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-settings \
<ID of the EventLogger task> -f <file name>
Kaspersky Security installed on a computer running the FreeBSD operating system cannot record symbols that have encoding other than ASCII in the event log. For this reason, any text having encoding other than ASCII is displayed incorrectly when recorded in the event log.
For text having encoding other than ASCII to be displayed correctly in the event log, execute the following commands:
1. echo 'syslogd_flags="-s -8"' >> /etc/rc.conf.
2. /etc/rc.d/syslogd restart.
150
TRACE LOG
This section contains information about the Trace log and how to configure it.
I
N THIS SECTION
A
BOUT THE TRACE LOG
If a problem occurs during the operation of Kaspersky Security (for example, Kaspersky Security or an individual task has crashed) and you would like to diagnose it, you can create a trace log that saves all application events and send it to the Support Service.
By default, trace log files are stored in the directory /var/log/kaspersky/klms. You can specify the location of the trace log
on the hard drive (see section "Configuring the location of the trace log" on page 153 ).
The following levels of detail of the trace log are available for selection:
ď‚·
Fatal
– critical errors.
ď‚·
Error
– events involving application errors.
ď‚·
Warning
– important events. The value of the smtp header that could not be decoded is recorded in the trace log.
ď‚·
Info
– informational events.
ď‚·
Debug
– debugging information. The trace log records the message subjects and addresses of senders and recipients, attachment names, and other information about processed messages, as well as the full details of message search queries. The log also records data from external sources and all links to web resources contained in the messages. When milter is used, the trace log records all message headers.
The highest level of detail is Debug, at which all events are recorded in the trace log; the lowest level of detail is Fatal, at which only critical events are recorded in the trace log. The default level of detail is set to Error.
At the Debug level, the trace log takes up a large amount of disk space and main contain confidential user information.
151
A
D M I N I S T R A T O R
'
S
G
U I D E
E
NABLING THE TRACE LOG
To enable or disable the trace log:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <file name>
2. Open the XML file to edit the settings.
3. In the <tracerSettings> section, specify one of the following values for the <Enable> setting:
ď‚·
1, to enable the trace log;
ď‚·
0, to disable the trace log.
4. Save the changes made.
5. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <file name>
6. Restart the application. Execute the following command:
# /etc/init.d/klms restart
C
ONFIGURING THE LEVEL OF DETAIL OF THE TRACE LOG
To configure the level of detail of the trace log:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <file name>
2. Open the XML file to edit the settings.
3. Specify the level of detail of the trace log. In the <
Editing Task Settings> section, specify one of the following values for the <level> setting:
ď‚·
Fatal
– critical errors.
ď‚·
Error
– events involving application errors.
ď‚·
Warning
– important events.
ď‚·
Info
– informational events.
ď‚·
Debug
– debugging information.
4. Save the changes made.
5. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <file name>
6. Restart the application. Execute the following command:
# /etc/init.d/klms restart
152
T
R A C E L O G
C
ONFIGURING THE LOCATION OF THE TRACE LOG
To configure the location of the trace log:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <file name>
2. Open the XML file to edit the settings.
3. You can specify the location of the trace log on the hard drive. To do so, specify one of the following values as a
<destination> value for the <tracerSettings> setting:
ď‚·
Files, if you want the application to keep the trace log in a separate file in the directory
/var/log/kaspersky/klms (this is the default value).
ď‚·
Syslog, if you want the application to record all events in the system log of the operation system.
4. Save the changes made.
5. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <file name>
6. Restart the application. Execute the following command:
# /etc/init.d/klms restart
C
ONFIGURING THE ROTATION OF TRACE FILES
You can configure the settings of rotation of trace files, such as maximum trace file size and number of trace files to be saved. When these limits are exceeded, the old trace files are overwritten with new trace files. The trace file rotation settings make it possible to limit the volume of memory that can be taken up by the trace log.
To configure the trace file rotation settings:
1. Export the application's general settings to an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --get-app-settings -f <file name>
2. Open the XML file to edit the settings.
3. Specify the trace file rotation settings. To do so, specify the values of the following settings in the
<tracerSettings> section: a. Specify one of the following values in the <rotationPeriod> subsection:
ď‚·
NoRotation. Old trace files are overwritten with new trace files when the values of the
<rotationFileSize> setting or the <maxFileCount> setting are exceeded.
ď‚·
Monthly. Old trace files are overwritten with new trace files monthly when the values of the
<rotationFileSize> setting or the <maxFileCount> setting are exceeded.
ď‚·
Weekly. Old trace files are overwritten with new trace files weekly when the values of the
<rotationFileSize> setting or the <maxFileCount> setting are exceeded.
153
A
D M I N I S T R A T O R
'
S
G
U I D E
ď‚·
Daily. Old trace files are overwritten with new trace files daily when the values of the
<rotationFileSize> setting or the <maxFileCount> setting are exceeded.
ď‚·
Hourly. Old trace files are overwritten with new trace files hourly when the values of the
<rotationFileSize> setting or the <maxFileCount> setting are exceeded.
The default value is NoRotation. b. In the <rotationFileSize> subsection, specify the maximum size of the trace file (in bytes). When this limit is exceeded, the old trace file is overwritten with a new trace file.
By default, the value is set to 100 MB. c. In the <maxFileSize> subsection, specify the maximum number of trace files that can be stored at any one time. When the number of trace files exceeds this limit, the trace files are overwritten with new files.
By default, the value is set to 10.
4. Save the changes made.
5. Import the application's general settings from an XML file using the command:
# /opt/kaspersky/klms/bin/klms-control --set-app-settings -f <file name>
154
TESTING THE APPLICATION OPERATION
This section provides information about how to ensure that the application detects viruses and their modifications and performs the correct actions on them.
I
N THIS SECTION
A
BOUT THE
EICAR
TEST FILE
You can make sure that the application detects viruses and disinfects infected files by using a EICAR test file. The
EICAR test file has been developed by the European Institute for Computer Antivirus Research (EICAR) in order to test the functionality of anti-virus applications.
The EICAR test file is not a virus. The EICAR test file does not contain any program code that could damage your computer. However, a major part of anti-virus applications identify the EICAR test file as a virus.
The EICAR test file is not intended for testing the functionality of the heuristic analyzer or searching for malware at the system level (rootkits).
Do not use real viruses to test the functionality of anti-virus applications! This may damage your computer.
Do not forget to resume the anti-virus protection of Internet traffic and files after you have finished with the EICAR test file.
A
BOUT THE TYPES OF THE
EICAR
TEST FILE
You can test the application's functioning by creating various modifications of the EICAR test file. The application detects the EICAR test file (or a modification of it) and assigns it a status depending on the results of the scan. The application takes specified actions on the EICAR test file if they had been selected in the settings of the component that has detected the EICAR test file.
The first column of the table (see the table below) contains prefixes that you can use when creating modifications of the
EICAR test file. The second column lists all possible statuses assigned to the file, based on the results of the scan by the application. The third column indicates how the application processes files with the specified status.
155
A
D M I N I S T R A T O R
'
S
G
U I D E
Prefix
No prefix, standard test virus.
CURE-
DELE-
WARN-
SUSP-
CORR-
ERRO-
File status
Table 9.
File processing information
Modifications of the EICAR test file
Infected.
File contains code of a known virus. File cannot be disinfected.
The application identifies this file as a file containing a virus that cannot be disinfected.
The action set for infected files is applied to the file. By default, the application displays an on-screen notification that the file cannot be disinfected.
Infected.
File contains code of a known virus. File can be disinfected.
The file contains a virus that can be disinfected or deleted. The application disinfects the file; the text of the virus body is replaced with the word CURE.
The application displays an on-screen notification that a disinfected file has been detected.
Infected.
File contains code of a known virus. File cannot be disinfected.
The application identifies the file as a virus that cannot be disinfected, and deletes it.
The application displays an on-screen notification that the disinfected file has been deleted.
Possibly infected.
File is probably infected.
File contains code of an unknown virus. File cannot be disinfected.
The application applies the action set for probably infected files on the file. By default, the application displays an on-screen notification that a probably infected file has been detected.
Possibly infected.
File contains modified code of a known virus.
File cannot be disinfected.
The application detected a partial correspondence of a section of file code with a section of code of a known virus. When a probably infected file is detected, the application databases do not contain a description of the full code of the virus.
The application applies the action set for probably infected files on the file. By default, the application displays an on-screen notification that a probably infected file has been detected.
Corrupted.
The application does not scan this type of file because its structure is damaged (for example, the file format is invalid). You can find the information that the file has been processed in the report on the application's operation.
Scan error. An error occurred during the scan of a file. The application could not access the file, since the integrity of the file has been breached (for example, no end to a multivolume archive) or there is no connection to it (if the file is scanned on a network drive). You can find the information that the file has been processed in the report on the application's operation.
T
ESTING APPLICATION PERFORMANCE USING THE
EICAR
TEST FILE
You can test the effectiveness of anti-virus scanning of messages using one of the EICAR test files.
Do not forget to resume the anti-virus protection of messages after you have finished using the EICAR test file.
To test anti-virus protection of messages using one of the EICAR test files:
1. Download am EICAR test file from the official EICAR website at http://www.eicar.org/anti_virus_test_file.htm
.
2. Save the EICAR test file.
156
T
E S T I N G T H E A P P L I C A T I O N O P E R A T I O N
3. Send an email message with the EICAR test file to a computer with Kaspersky Security installed.
Kaspersky Security informs you that a threat has been detected and blocks the attempt to save the object.
To test anti-virus protection of messages using one of the EICAR test files:
1. Download am EICAR test file from the official EICAR website at http://www.eicar.org/anti_virus_test_file.htm
.
2. Save the EICAR test file.
You can use any text or hypertext editor to do this.
4. Save the resulting file under a name corresponding to the type of the EICAR file. For example, by adding the
DELE- prefix, save the resulting file under the name eicar_dele.com.
5. Send an email message with the eicar_dele.com file in the attachment to a computer with Kaspersky Security installed.
Kaspersky Security informs you that a threat has been detected and performs the action configured in the scan settings.
157
ADMINISTRATION OF THE APPLICATION
THROUGH KASPERSKY SECURITY CENTER
This section describes how you can manage Kaspersky Security 8.0 for Linux Mail Server through Kaspersky Security
Center.
I
N THIS SECTION
S
TARTING AND STOPPING
K
ASPERSKY
S
ECURITY ON A
CLIENT COMPUTER
To start or stop Kaspersky Security on a client computer:
1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed computers folder of the console tree, open the folder with the name of the administration group to which the relevant client computer belongs.
3. In the results pane, select the Computers tab.
4. In the list of client computers, select the computer on which you want to start or stop Kaspersky Security.
5. Do one of the following:
ď‚·
Right-click to display the context menu of the client computer. Select Properties.
ď‚·
In the Actions menu, select Computer properties.
A client computer properties window opens.
6. In the client computer properties window, select the Applications section.
A list of Kaspersky Lab applications that are installed on the client computer appears in the right part of the client computer properties window.
7. Select the application Kaspersky Security 8.0 for Linux Mail Server.
8. Do the following:
ď‚·
To start Kaspersky Security, click the button on the right of the list of Kaspersky Lab applications or do the following: a. Right-click to display the context menu of Kaspersky Security 8.0 for Linux Mail Server and select
Properties, or click the Properties button under the list of Kaspersky Lab applications.
The Kaspersky Security 8.0 for Linux Mail Server application settings window opens on the
General tab. b. Click the Start button.
158
A
D M I N I S T R A T I O N O F T H E A P P L I C A T I O N T H R O U G H
K
A S P E R S K Y
S
E C U R I T Y
C
E N T E R
ď‚·
To stop Kaspersky Security, click the button on the right of the list of Kaspersky Lab applications or do the following: a. Right-click to display the context menu of Kaspersky Security 8.0 for Linux Mail Server and select
Properties, or click the Properties button under the list of applications.
The Kaspersky Security 8.0 for Linux Mail Server application settings window opens on the
General tab. b. Click the Stop button.
M
ANAGING TASKS
This section describes how you can manage tasks for Kaspersky Security 8.0 for Linux Mail Server. View the Kaspersky
Security Center Administrator Guide for details on the concept of task management through Kaspersky Security Center.
I
N THIS SECTION
A
BOUT TASKS FOR
K
ASPERSKY
S
ECURITY
8.0
FOR
L
INUX
M
AIL
S
ERVER
Kaspersky Security Center controls the activity of Kaspersky Lab applications on client computers by means of tasks.
There is currently a task that allows to add and remove an active key for Kaspersky Security.
You can create the following types of tasks to administer Kaspersky Security 8.0 for Linux Mail Server through Kaspersky
Security Center:
ď‚· local tasks that are configured for a separate client computer;
ď‚· group tasks that are configured for client computers within one or more administration groups;
ď‚· tasks for sets of computers outside administration groups.
Tasks for sets of computers outside administration groups apply only to client computers that are specified in the task settings. If new client computers are added to a set of computers for which a task is configured, this task does not apply to these new computers. To apply the task to these computers, create a new task or edit the settings of the existing task.
As part of remote administration of Kaspersky Security 8.0 for Linux Mail Server, you can create a key addition task: while performing this task, the application adds a key for application activation, including an additional key.
You can manage tasks as follows:
ď‚· start a task;
ď‚· create new tasks;
ď‚· edit task settings.
159
A
D M I N I S T R A T O R
'
S
G
U I D E
C
REATING A LOCAL TASK
To create a local task:
1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed computers folder of the console tree, open the folder with the name of the administration group to which the relevant client computer belongs.
3. In the results pane, select the Computers tab.
4. In the list of client computers, select a computer for which you want to create a local task.
5. Do one of the following:
ď‚·
Right-click to display the context menu of the client computer. Select Properties.
ď‚·
In the Actions menu, select Computer properties.
A client computer properties window opens.
6. Select the Tasks tab.
7. Click the Add button.
The Task Wizard starts.
8. Follow the instructions of the Task Wizard.
C
REATING A GROUP TASK
To create a group task:
1. Open the Administration Console of Kaspersky Security Center.
2. In the console tree, open the Managed computers folder.
3. In the results pane, select the Tasks tab.
4. Do one of the following:
ď‚·
Click the Create task button.
ď‚·
Right-click to display the context menu. Select Create
→ Task.
The Task Wizard starts.
5. Follow the instructions of the Task Wizard.
C
REATING A TASK FOR A SET OF COMPUTERS
To create a task for a set of computers:
1. Open the Administration Console of Kaspersky Security Center.
2. In the console tree, open the Tasks for sets of computers folder.
160
A
D M I N I S T R A T I O N O F T H E A P P L I C A T I O N T H R O U G H
K
A S P E R S K Y
S
E C U R I T Y
C
E N T E R
3. Do one of the following:
ď‚·
Click the Create task button.
ď‚·
Right-click to display the context menu. Select Create
→ Task.
The Task Wizard starts.
4. Follow the instructions of the Task Wizard.
S
TARTING A TASK
Security Center. If Kaspersky 8.0 for Linux Mail Server is stopped, the running tasks are aborted, and it is no longer possible to manage tasks on this client computer through Kaspersky Security Center.
V
IEWING GENERAL INFORMATION ON THE OPERATION OF
K
ASPERSKY
S
ECURITY IN A COMPUTER CLUSTER
To view general information on the operation of Kaspersky Security 8.0 for Linux Mail Server in a cluster of computers:
1. Open the Administration Console of Kaspersky Security Center.
2. In the Managed computers folder of the console tree, open the Kaspersky security for Linux Mail Server folder.
3. Go to the Clusters and server arrays folder.
4. In the details pane, select the cluster for whose computers you want to view information on the operation of
Kaspersky Security 8.0 for Linux Mail Server.
5. Right-click to open the context menu of the cluster. Select Properties.
The cluster properties window opens.
6. Select the Dashboard section.
A table with information on the operation of Kaspersky Security 8.0 for Linux Mail Server for each computer in the cluster appears in the right part of the window.
161
CONTACTING THE TECHNICAL SUPPORT
SERVICE
This section provides information about how to obtain technical support and the requirements for receiving help from
Technical Support.
I
N THIS SECTION
H
OW TO OBTAIN TECHNICAL SUPPORT
If you cannot find a solution for your issue in the application documentation or in any of the sources of information about
Kaspersky Lab Technical Support. Technical Support specialists will answer your questions about installing and using the application.
Before contacting Technical Support, please read the support rules ( http://support.kaspersky.com/support/rules ).
You can contact Technical Support in one of the following ways:
ď‚·
By telephone. This method allows you to consult with specialists from our Russian-language or international
Technical Support.
ď‚·
By sending a query from your Kaspersky Account on the Technical Support Service website. This method allows you to contact Technical Support specialists through a request form.
Technical support is only available to users who purchased a license for the application. No technical support is available to users of trial versions.
T
ECHNICAL SUPPORT BY PHONE
If an urgent issue arises, you can call specialists from Russian-speaking or international Technical Support http://support.kaspersky.com/support/contacts by phone.
Before contacting Technical Support, please read the support rules http://support.kaspersky.com/support/rules . This will allow our specialists to help you more quickly.
162
C
O N T A C T I N G T H E
T
E C H N I C A L
S
U P P O R T
S
E R V I C E
O
BTAINING TECHNICAL SUPPORT VIA
P
ERSONAL
C
ABINET
Personal Cabinet is your personal area ( https://support.kaspersky.com/PersonalCabinet ) on the Technical Support website.
To access Personal Cabinet, complete registration on the registration page
( https://support.kaspersky.com/personalcabinet/registration/ ) and receive a customer ID and password for accessing
Personal Cabinet. To do so, you need to specify an activation code or key file.
In Personal Cabinet, you can perform the following actions:
ď‚· contact Technical Support and the Virus Lab;
ď‚· contact Technical Support without using email;
ď‚· track the status of your requests in real time;
ď‚· view a detailed history of your Technical Support requests;
ď‚· receive a copy of the key file if it is lost or deleted.
Technical Support by email
You can send an online request to Technical Support in English, Russian, German, French, or Spanish.
In the fields of the online request form, specify the following data:
ď‚· request type;
ď‚· application name and version number;
ď‚· request description;
ď‚· customer ID and password;
ď‚· email address.
Technical Support sends a response to your query to Personal Cabinet and the email address that you specified in the online request.
Online request to the Virus Lab
Some requests must be sent to the Virus Lab instead of Technical Support.
You can send requests to the Virus Lab in the following cases:
ď‚·
If you suspect that a file or website contains a virus, but Kaspersky Security does not detect any threat. Virus
Lab specialists analyze the file or URL that you send. If they detect a previously unknown virus, they add a corresponding description to the database, which becomes available whenKaspersky Lab anti-virus applications are updated.
ď‚·
If Kaspersky Security detects a virus in a file or on a website, but you are certain that this file or website is safe.
You can also send requests to the Virus Lab from the request form page
( http://support.kaspersky.com/virlab/helpdesk.html
) without being registered in Personal Cabinet. On this page, you do not have to specify the application activation code.
163
A
D M I N I S T R A T O R
'
S
G
U I D E
U
SING A TRACE FILE
After you notify Technical Support specialists of a problem encountered, they may ask you to create a report that should contain information about your operating system, and send it to the Technical Support Service. Technical Support
file allows you to trace the process of performing application commands step by step and determine the stage of application operation at which an error occurs.
E
XTENDED DIAGNOSTICS OF APPLICATION OPERATION
To perform extended diagnostics of problems in the operation of the application, you can use certain application administration commands that are not described in the Administrator's Guide. A Technical Support representative will send you these commands if necessary.
164
APPENDICES
This section provides information that complements the document text.
I
N THIS SECTION
A
PPLICATION FILE LOCATIONS ON A COMPUTER RUNNING
L
INUX
After Kaspersky Security has been installed on a computer running a Linux operating system, the application files are arranged as follows by default:
/etc/opt/kaspersky/klms: this directory contains the Kaspersky Security configuration files: kavscanner_defaults.conf
– configuration file of the kavscanner utility; klms_filters.conf
– configuration file of the mail agent's filter.
/opt/kaspersky/klms/
– root folder of Kaspersky Security, which includes:
/opt/kaspersky/klms/bin/
– folder containing the executable files of Kaspersky Security: klms-control
– executable file of the Kaspersky Security control utility; klms-setup.pl
– initial configuration script for Kaspersky Security;
/opt/kaspersky/klms/lib/
– folder containing Kaspersky Security libraries;
/opt/kaspersky/klms/lib64/
– folder containing additional 64-bit libraries of Kaspersky Security;
/opt/kaspersky/klms/libexec/
– folder containing service executable files of Kaspersky Security;
/opt/kaspersky/klms/libexec/cleanup.sh
– script for cleaning up data remaining after Kaspersky Security removal;
/opt/kaspersky/klms/share/
– folder storing font files, files of the Kaspersky Security help system (manual pages), localization packages, source code of Kaspersky Security modules, MIB files, and files with the text of the End User
License Agreement:
/opt/kaspersky/klms/share/man/
– folder storing files of the Kaspersky Security help system (manual pages);
/opt/kaspersky/klms/share/locale
– folder storing localization packages;
/opt/kaspersky/klms/share/src/
– folder storing source code of Kaspersky Security modules;
/opt/kaspersky/klms/share/snmp-mibs/
– folder storing MIB files of Kaspersky Security.
/opt/kaspersky/klmsui/lib/
– folder storing libraries of the Kaspersky Security web interface.
/opt/kaspersky/klmsui/bin/klmsui-setup.pl
– initial configuration script for the web interface of Kaspersky Security.
165
A
D M I N I S T R A T O R
'
S
G
U I D E
/opt/kaspersky/klmsui/share/htdocs
– folder storing all hml resources of the Kaspersky Security web interface.
/opt/kaspersky/klmsui/libexec/
– folder storing service executable files of the Kaspersky Security web interface:
/opt/kaspersky/klmsui/libexec/cleanup.sh
– script for cleaning up data remaining after removal of the Kaspersky
Security web interface;
/opt/kaspersky/klmsui/libexec/mod_klwi.so
– module of the Apache web server.
/var/opt/kaspersky/klms/
– folder storing Kaspersky Security data:
/var/opt/kaspersky/klms/backup
– Backup for message copies;
/var/opt/kaspersky/klms/reports/
– on-demand reports;
/var/opt/kaspersky/klms/reports/weekly
– scheduled weekly reports;
/var/opt/kaspersky/klms/reports/daily
– scheduled daily reports;
/var/opt/kaspersky/klms/reports/monthly
– scheduled monthly reports;
/var/opt/kaspersky/klms/postgresql/
– Kaspersky Security database;
/var/opt/kaspersky/klms/update/
– folder storing Kaspersky Security update packages;
/var/opt/kaspersky/klms/update/asbases
– folder storing Anti-Spam database update packages downloaded from update sources;
/var/opt/kaspersky/klms/update/avbases
– folder storing Anti-Virus database update packages downloaded from update sources;
/var/opt/kaspersky/klms/update/aspbases
– folder storing compiled Anti-Spam databases;
/var/opt/kaspersky/klms/update/avbases-backup
– folder storing backup copies of Anti-Virus database update packages;
/var/opt/kaspersky/klms/update/asbases-backup
– folder storing backup copies of Anti-Spam database update packages.
/var/log/kaspersky/klms/
– folder storing trace files of Kaspersky Security.
/var/run/klms/
– folder storing service files of Kaspersky Security.
A
PPLICATION FILE LOCATIONS ON A COMPUTER RUNNING
F
REE
BSD
After Kaspersky Security has been installed on a computer running a FreeBSD operating system, the application files are arranged as follows by default:
/usr/local/libexec/kaspersky/klms
– folder containing Kaspersky Security libraries;
/usr/local/lib/kaspersky/klms
– folder containing Kaspersky Security libraries;
/usr/local/bin/
– folder containing the executable files of Kaspersky Security:
/usr/local/bin/kavscanner
– configuration file of the kavscanner utility;
/usr/local/bin/klms-control
– executable file of the Kaspersky Security control utility;
166
A
P P E N D I C E S
/usr/local/bin/klms-disable_content_reputation.pl
– script for disabling content filtering and clearing the quarantine.
/usr/local/bin/klms-setup.pl
– initial configuration script for Kaspersky Security;
/usr/local/bin/klms-uninstall_filters.pl
– script for disintegrating from the mail server;
/usr/local/etc/rc.d/klms
– application launch script;
/usr/local/etc/rc.d/klmsdb
– database launch script;
/usr/local/man/
– folder storing files of the Kaspersky Security help system (manual pages);
/usr/local/share/doc/klms/
– folder storing font files, images, localization packages, files with the text of the End User
License Agreement, MIB files, source code of modules:
/usr/local/share/klms/fonts
– folder storing font files;
/usr/local/share/klms/images
– folder storing images;
/usr/local/share/klms/locale
– folder storing localization packages;
/usr/local/share/klms/snmp-mibs
– folder storing the MIB files of Kaspersky Security;
/usr/local/share/klms/srcsrc/
– folder storing source code of Kaspersky Security modules.
/var/db/kaspersky
– folder storing application files and data:
/var/db/kaspersky/klms/cleanup.sh
– script for cleaning up data remaining after Kaspersky Security removal;
/var/db/kaspersky/klms/backup
– folder storing copies of Backup messages;
/var/db/kaspersky/klms/postgresql
– Kaspersky Security database;
/var/db/kaspersky/klms/reports
– on-demand reports;
/var/db/kaspersky/klms/reports/daily
– scheduled daily reports;
/var/db/kaspersky/klms/reports/monthly
– scheduled monthly reports;
/var/db/kaspersky/klms/reports/weekly
– scheduled weekly reports.
/var/db/kaspersky/klms/update
– folder storing Kaspersky Security update packages:
/var/db/kaspersky/klms/update/asbases
– folder storing Anti-Spam database update packages downloaded from update sources;
/var/db/kaspersky/klms/update/asbases-backup
– folder storing backup copies of Anti-Spam database update packages;
/var/db/kaspersky/klms/update/avbases
– folder storing Anti-Virus database update packages downloaded from update sources;
/var/db/kaspersky/klms/update/avbases-backup
– folder storing backup copies of Anti-Virus database update packages;
/var/db/kaspersky/klms/update/aspbases
– folder storing compiled Anti-Spam databases.
/var/log/kaspersky/klms/
– folder storing trace files of Kaspersky Security.
167
KASPERSKY LAB ZAO
Kaspersky Lab software is internationally renowned for its protection against viruses, malware, spam, network and hacker attacks, and other threats.
In 2008, Kaspersky Lab was rated among the world’s top four leading vendors of information security software solutions for end users (IDC Worldwide Endpoint Security Revenue by Vendor). Kaspersky Lab is the preferred developer of computer protection systems among home users in Russia, according to the COMCON survey "TGI-Russia 2009".
Kaspersky Lab was founded in Russia in 1997. Today, it is an international group of companies headquartered in
Moscow with five regional divisions that manage the company's activity in Russia, Western and Eastern Europe, the
Middle East, Africa, North and South America, Japan, China, and other countries in the Asia-Pacific region. The company employs more than 2000 qualified specialists.
Products
. Kaspersky Lab’s products provide protection for all systems—from home computers to large corporate networks.
The personal product range includes anti-virus applications for desktop computers, notebooks, Tablet PCs, smartphones and other mobile devices.
Kaspersky Lab delivers applications and services to protect workstations, file and web servers, mail gateways, and firewalls. Used in conjunction with Kaspersky Lab’s centralized management system, these solutions ensure effective automated protection for companies and organizations against computer threats. Kaspersky Lab's products are certified by the major test laboratories, are compatible with the software of many suppliers of computer applications, and are optimized to run on many hardware platforms.
Kaspersky Lab’s virus analysts work around the clock. Every day they uncover hundreds of new computer threats, create tools to detect and disinfect them, and include them in the databases used by Kaspersky Lab applications. Kaspersky
Lab's Anti-Virus database is updated hourly; and the Anti-Spam database every five minutes.
Technologies. Many technologies that are now part and parcel of modern anti-virus tools were originally developed by
Kaspersky Lab. It is no coincidence that many other developers use the Kaspersky Anti-Virus kernel in their products, including: SafeNet (USA), Alt-N Technologies (USA), Blue Coat Systems (USA), Check Point Software Technologies
(Israel), Clearswift (UK), CommuniGate Systems (USA), Critical Path (Ireland), D-Link (Taiwan), M86 Security (USA),
GFI (Malta), IBM (USA), Juniper Networks (USA), LANDesk (USA), Microsoft (USA), NETASQ (France), NETGEAR
(USA), Parallels (Russia), SonicWALL (USA), WatchGuard Technologies (USA), ZyXEL Communications (Taiwan).
Many of the company’s innovative technologies are patented.
Achievements. Over the years, Kaspersky Lab has won hundreds of awards for its services in combating computer threats. For example, in 2010 Kaspersky Anti-Virus received several top Advanced+ awards in a test administered by
AV-Comparatives, a respected Austrian anti-virus laboratory. But Kaspersky Lab's main achievement is the loyalty of its users worldwide. The company’s products and technologies protect more than 300 million users, and its corporate clients number more than 200,000.
Kaspersky Lab’s website: http://www.kaspersky.com
Virus encyclopedia:
Virus Lab: http://www.securelist.com [email protected]
(only for sending probably infected files in archive format) http://support.kaspersky.com/virlab/helpdesk.html
Kaspersky Lab’s web forum:
(for queries addressed to virus analysts) http://forum.kaspersky.com
168
INFORMATION ABOUT THIRD-PARTY CODE
Information about third-party code is contained in the file legal_notices.txt, in the application installation folder.
169
TRADEMARK NOTICES
Registered trademarks and service marks are the property of their respective owners.
Apache and Apache feather logo are trademarks of Apache Software Foundation.
Active Directory, Internet Explorer are trademarks of Microsoft Corporation registered in the United States of America and elsewhere.
Linux is a registered trademark of Linus Torvalds registered in the USA and elsewhere.
Sendmail and other names and product names are trademarks or registered trademarks of Sendmail, Inc.
The FreeBSD mark is the registered trademark of the FreeBSD Foundation.
Intel, Xeon, Core are trademarks of Intel Corporation registered in the United States of America and elsewhere.
Red Hat Enterprise Linux is a trademark of Red Hat Inc. registered in the United States of America and elsewhere.
Novell is a trademark of Novell Inc. registered in the United States of America and elsewhere.
Debian is a registered trademark of Software in the Public Interest, Inc.
Mozilla, Firefox are trademarks of Mozilla Foundation.
Google Chrome is a trademark owned by Google, Inc.
170
INDEX
A
Activating the application.............................................................................................................................................. 72
Anti-Spam .................................................................................................................................................................... 84
Anti-Virus protection ..................................................................................................................................................... 92
B
Backup ....................................................................................................................................................................... 133
C
Content filtering .......................................................................................................................................................... 105
E
EICAR ........................................................................................................................................................................ 155
H
Hardware requirements ................................................................................................................................................ 15
I
Installing the File Anti-Virus component ....................................................................................................................... 24
K
Kaspersky Lab ZAO ................................................................................................................................................... 168
N
Notifications ................................................................................................................................................................ 137
P
Preparing ...................................................................................................................................................................... 19
U
Update........................................................................................................................................................................ 110
Updates source .......................................................................................................................................................... 112
171
![](http://s3.manualzz.com/store/data/024352672_1-8fd533d406727f97119b361c966d46fe-210x147.png)
Advertisement
Key features
- Anti-Spam protection
- Anti-Virus protection
- Anti-Phishing protection
- Content filtering
- User account management
- Report generation
- Integration with other security solutions
- Easy to install and configure
- User-friendly web interface