Kaspersky Anti-Virus 8.0 for Linux File Server TR (8.0.0.136) RELEASE NOTES ============================================================================== Version released on: 25.11.2010 Table of Contents: * What's new? * Product Overview * System Requirements * Product Installation * Known Issues & Workaround What's new? -------------------------------------------------------------------------------- The following changes and improvements are introduced in Kaspersky Anti-Virus 8.0 for Linux File Server TR (8.0.0.136) (further 'the application') * the application installation process involves installation of the follwing packages: - Linux RPM's: - kav4fs-8.0.0-136.i386.rpm - klnagent-8.0.0-643.i386.rpm - Linux DEB's - kav4fs_8.0.0-136_i386.deb - klnagent_8.0.0-643_i386.deb - FreeBSD: - kav4fs-8.0.0_136.tgz * The application combines functionality both of previous version of the Kaspersky Anti-Virus 5.7 for Linux File Server and of Kaspersky Anti-Virus 5.5 for SAMBA Servers, being able to intercept file access operations at two levels: a kernel level (kernel module) interceptor and a SAMBA interceptor; * New ways to manage application operation: * support for remote administration using Kaspersky Web Management Console (refer to the Deployment Guide on how to launch and operate the Kaspersky Web Management Console); * full support for remote administration using Kaspersky Administration Kit; * support for remote product installation via Kaspersky Administration Kit * centralized management of the application life cycle and performance of on-demand scan, real-time protection, and Anti-Virus database update tasks; * centralized storage of application configuration settings; * application operation settings are no longer stored in text configuration files. Text files are used only to provide the capability for user to edit the settings using a text editor. To take effect, settings from the text file then have to be imported into the central settings repository. * Enhanced Anti-Virus Protection: * new Kaspersky Anti-Virus Engine; * heuristic engine (emulator) included; * support for archive contents curing; * Enhanced Anti-Virus Protection configuration: * several scan areas could be specified in a single protection task; * scan settings could be specified for each area individually; * scan areas could be specified by: - full file system path name; - device name; - network access type (Shared, Mounted); - network access protocol (SMB/CIFS, NFS); - remote resource name (SAMBA share name, NFS shared folder); * the scan area definition supports ECMA-262 Regular Expressions; * several exclusion rules could be specified for a single scan area; * actions to be taken with objects could be specified based on the type of threat detected; * the task start/stop scheduling capabilities are enhanced; * Enhanced Real-Time Protection configuration: * a list of users/groups could be specified for a scan area that makes the Real-Time Protection check only the specified user file access attempts; * file operation interceptors could be specified; the available interceptors are: kernel-mode interceptor, SAMBA interceptor or both; * the SAMBA shared resources availability in case of the Anti-Virus is inaccessible could be configured * New Quarantine and Backup storage administrative capabilities allow you to: - move objects to quarantine manually; - search for quarantined objects (by object attribute); - delete found objects; - restore found objects; - rescan objects; - save part of the quarantine or backup storage in an archive (to reduce the amount of used disk space); - import objects from the archive into the quarantine or backup storage; - receive SMTP notifications and/or SNMP traps in case the Quarantine/Backup size limit is exceeded; - ACL information is stored in Q/B; * The following application monitoring features have been expanded: * Tools for obtaining - general Anti-Virus information; - Anti-Virus database versions; - license status; - application components status; - Anti-Virus task execution results; - the state of the quarantine and backup storage; - the Anti-Virus Protection tasks statistics; - the Anti-virus Update task statistic; - Quarantine/Backup current state and statistics; - the Virus Activity statistics. * Tools for retrospective analysis of application operation, allowing to: - collect, process, and store the statistics on application operation; - display the application operation statistics collected over a user-specified period of time; - audit the following aspects of application operation: creating/ starting/stopping Anti-Virus tasks, modifying Kaspersky Anti-Virus settings, user actions on objects in the quarantine and backup storage, etc.; * Tools for creating reports on application operation, based on collected statistics, and tools for exporting reports (HTML and CSV formats are supported for command-line control tool, PDF and XLS for the Kaspersky Web Management Console). * Monitoring application operation and virus activity. The data is stored in the centralized repository of application events. The application provides its own tools for searching, displaying, and analyzing data on its operation. The application administration tools allow the user to execute some event storage administration activities, such as event storage cleaning and event storage data rotation. * The Application state and Virus Activity statistics are available via SNMP. * The user notification facilities allow the user to configure SMTP notifications and SNMP traps sending. * The user is allowed to configure an arbitrary external action to be automatically run on each important Anti-Virus event. Product Overview -------------------------------------------------------------------------------- Kaspersky Anti-virus for Linux File Server is designed to provide protection of file servers running Linux and FreeBSD operating systems. Kaspersky Anti-Virus for Linux allows to: * Ensure real-time protection of the file system against malicious code: intercept and analyze attempts to access files, disinfect and delete infected objects. * Scan objects on-demand: search infected and suspicious files (including files in the specified scan scopes); analyze files; disinfect or delete infected files. * Quarantine suspicious and infected files. * Create a copy of an infected object in the backup storage before disinfect or delete attempt to make it possible to restore such an object. * Update the anti-virus databases; the database could be updated from the Kaspersky Lab's updates servers, the Customer update server, the Kaspersky Administration Kit server or from a local folder. * Control and configure Kaspersky Anti-Virus using the command-line configuration utility and the Kaspersky Web Management Console. System Requirements -------------------------------------------------------------------------------- Minimal hardware requirements: * processor Intel Pentium II 400 MHz or higher; * 512 MB RAM. * 1 GB of swap * 2 GB free hard drive space for installation of the application and storage of temporary files. Software requirements: 1. Supported operating systems: 32-bit operating systems * Red Hat Enterprise Linux 6 Server 2.6.32-71.el6.i686 * Red Hat Enterprise Linux 5.5 server 2.6.18-186.el5 * Fedora 13 2.6.33.3-85.fc13.i686.PAE * CentOS-5.5 2.6.18-194.el5 * SUSE Linux Enterprise Server 10 SP3 2.6.16.60-0.54.5-default * SUSE Linux Enterprise Server 11 SP1 2.6.32.12-0.7-pae * Novell Open Enterprise Server 2 SP2 2.6.16.60-0.54.5-default * openSUSE Linux 11.3 2.6.34-12-desktop * Debian GNU/Linux 5.0.5 2.6.26-2-686 * Mandriva Enterprise Server 5.1 2.6.27.45-desktop-1mnb * Ubuntu 10.04 Server Edition 2.6.32-21-generic * FreeBSD 7.3-RELEASE * FreeBSD 8.1-RELEASE 64-bit operating systems * Red Hat Enterprise Linux 6 Server 2.6.32-71.el6.x86_64 * Red Hat Enterprise Linux 5.5 server 2.6.18-194.el5 * Fedora 13 2.6.33.3-85.fc13.x86_64 * CentOS-5.5 2.6.18-194.el5 * SUSE Linux Enterprise Server 10 SP3 2.6.16.60-0.54.5-default * SUSE Linux Enterprise Server 11 SP1 2.6.32.12-0.7-default * Novell Open Enterprise Server 2 SP2 2.6.16.60-0.54.5-default * openSUSE Linux 11.3 2.6.34-12-desktop * Debian GNU/Linux 5.0.5 2.6.26-2-amd64 * Ubuntu 10.04 Server Edition 2.6.32-21-generic * FreeBSD 7.3-RELEASE * FreeBSD 8.1-RELEASE 2. Kaspersky Web Management Console supports the following web browsers: * Internet Explorer 7, * Internet Explorer 8, * Mozilla Firefox 3.5.x, * Mozilla Firefox 3.6.x, 3. Perl interpreter - version 5.0 or higher (www.perl.org). 4. The which utility installed. 5. Software compilation packages installed (gcc, binutils, glibc-devel, make, ld), Linux kernel sources for compiling the kernel-mode interceptor. 6. libc6-i386 module should be installed on 64-bit Debian and 64-bit Ubuntu prior to the Anti-Virus packages installation. 7. lib32 package should be installed onto 64-bit FreeBSD before installing the Kaspersky Anti-Virus. Product Installation -------------------------------------------------------------------------------- Installation from scratch: To install the product on Linux run the following commands: - using rpm package manager: # rpm -i kav4fs-8.0.0-136.i386.rpm # /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl # rpm -i klnagent-8.0.0-643.i386.rpm # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - using dpkg package manager: # dpkg -i kav4fs_8.0.0-136_i386.deb # /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl # dpkg -i klnagent_8.0.0-643_i386.deb # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - on 64-bit OS's - using rpm package manager: # rpm -i kav4fs-8.0.0-136.i386.rpm # /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl # rpm -i klnagent-8.0.0-643.i386.rpm # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - using dpkg package manager: # dpkg -i --force-architecture kav4fs_8.0.0-136_i386.deb # /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl # dpkg -i -force-architecture klnagent_8.0.0-643_i386.deb # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl To install the product on FreeBSD run the following commands: # pkg_add kav4fs-8.0.0_136.tgz # /usr/local/bin/kav4fs-setup.pl To enable Web Management Console and Kaspersky Anti-Virus services start after you install them to a server running FreeBSD, add to the /etc/rc.conf configuration file the following strings: kav4fs_supervisor_enable="YES" kav4fs_wmconsole_enable="YES" NOTE: Upgrade from older versions is not available instalation Known Issues & Workarounds * The symlinks are not checked by the Real-Time Protection and On-Demand Scan. Workaround: make sure the file name (not a symlink) matches the desired scan-area. * The CurlFtpFS hangs machine when the Anti-Virus denies access to a file located on a remote FTP shared resource mounted as read/write on the protected server when the FTP user has no write access to the shared resource. Workaround: you should upgrade to curlftpfs v0.9.2 or higher and libcurl v7.19.4 or higher. * In case there are several hardlinks to a file checked by the Anti-Virus, and Quarantine action is applied (or the file is moved to Backup before disinfect or delete attempt), the file is stored in the Quarantine/Backup storage with the name, it was checked with. The restore from Quarantine/Backup procedure will make the file copy with that particular hardlink name. * It is possible to overload Kaspersky Administration Kit policy settings via the local console administration tool and Kaspersky Web Management Console interfaces regardless of whether the policy is "locked" or not (for a short beriod of time between 2 synchronizations). * There is no possibility to control via Kaspersky Administration Kit Anti-Virus installed on FreeBSD operating system. * On FreeBSD the Real-Time Protection does not protect resources shared via kernel-mode NFS server. Workaround: use user-space NFS server instead (unfs3). * The product does not check boot MBR for viruses