Kaspersky Anti-Virus 5.5 for Samba Servers (5.5.9) RELEASE NOTES ================================================================================ Released on (2006-11-14) Contents: * What's new? * Changed Features * Fixed Problems * Product Overview * System Requirements * Product Installation & Upgrade * Known Issues & Workaround What's new? -------------------------------------------------------------------------------- * Added support of 64-bit Linux distributions * Added support of SMP systems * Heavily revised the Administrator's Manual * Extended action lists for the kavscanner and the kavsamba. For both the following actions added: OnCured, OnError, Oncorrupted, OnProtected. kavsamba * Added support of new Samba versions * Added check of permissions for the user accessing a file before the file AV-checking. If the user has no right to access the file, then the access is simply blocked and no AV-checking is performed. kavscanner * Added a possibility to stop scanning and exit on SIGSEGV * Added an option to turn off directory symlinks following (FollowSymlinks) keepup2date * Implemented Diff updates scheme, which significantly reduces update traffic * Added PassiveFtp=yes in the default config licensemanager * Added support of upper case chars in the filename extension for license key files Changed Features -------------------------------------------------------------------------------- * Changed the distribution files layout: - For Linux systems new files layout conforms to FHS 2.3 - For FreeBSD systems new files layout conforms to hier(7) * Only two AV-database sets available: Standard and Extended. Redundant set is merged into the Extended set. * On-Access protection is automatically started right after install. kavscanner * Changed location of the user default config file to: $HOME/.kaspersky/kav4samba.conf keepup2date * Changed RegionSettings parameter notation according to ISO 3166 * DiffUtilPath, UploadPatchPath parameters are no longer used Fixed Problems -------------------------------------------------------------------------------- kavsamba * Fixed: Background scanning * Fixed: Some processes left after kavsamba is stopped. * Fixed: Multiple shares set in kavsamba config, makes kavsamba hung. * Fixed: Incorrectly implemented kavsamba and kavmonitor compatibility. * Fixed: Incorrect backup path leads to some kavsamba processes left. * Fixed: incorrect handling of Cure option. kavscanner * Fixed backup files permissions * Fixed return codes * Fixed files backup procedure keepup2date * Fixed an update from the local directory * Fixed return codes licensemanager * Fixed return codes Product Overview -------------------------------------------------------------------------------- Kaspersky Anti-Virus 5.5 for Samba Servers software application performs anti- virus scanning of objects for Samba servers running Linux or FreeBSD operating systems. The application accomplishes two-level scanning of server file systems both in real-time and in the on-demand scanning mode. If malicious code is detected Kaspersky Anti-Virus can cure or block the infected objects efficiently in order to prevent further spreading of epidemics providing timely notifications to system administrators about such accidents. Kaspersky Anti-Virus for Samba Servers is a package of anti-virus components performing the following functions: * Real-time protection of Samba file server from malicious code (On-Access Scanner). * On-demand searching and neutralization of malicious code in the server file system (On-Demand Scanner). * Notifications to the administrator about detection of infected or suspicious objects. * Maintaining the current status of the anti-virus databases (keepup2date). * Local and remote administration using a web administration module (Webmin). Besides, Kaspersky Anti-Virus offers the following additional functionality to its users: * An opportunity to run user-defined scripts in cases, when events of the "an infected file was detected" type occur. * An opportunity to move infected (or suspicious) objects to a special storage location (quarantine). * Preserving the original infected object prior to its disinfection (Backup) with an opportunity to restore it in a non-standard situation. * Saving information about already scanned files in an operational cache, which allows a considerable increase of file scanning speed during subsequent access to such files (the cache preserves the information until application restart). * An opportunity to restrict the maximum number of files for simultaneous real-time scanning while adding the rest of the requested files to a scanning queue. * An opportunity to suspend automatically the anti-virus background file scanning, when the server load exceeds the user-defined level - and resume operation, when the server load reaches an acceptable level. * An opportunity to define any combination of "scanning on access" and "scanning on saving" modes for each public directory. * An opportunity to define selectively individual anti-virus protection settings for each public directory. * The least loaded updates' server of Kaspersky Lab is detected during the updating of the anti-virus databases. Besides, in cases of line disconnection the updating process after reconnection resumes its work from the place where it left off. * An opportunity to roll back both the updates to anti-virus databases and application updates. System Requirements -------------------------------------------------------------------------------- Minimal hardware requirements: * Intel PentiumR 133 MHz CPU or better. * 64 MB RAM. * 100 MB of disk space for application installation and storage of temporary files. Software requirements: 1. Supported operating systems: a. 32-bit platforms: * RedHat Linux 9.0. (kernel: 2.4.20-8) * RedHat Enterprise Linux Advanced Server 4 UPD3. (kernel: 2.6.9-34EL (amd64)) * SUSE Linux Enterprise Server 9.0 SP3. (kernel: 2.6.5-7.97) * SUSE Linux Professional 10.1. (kernel: 2.6.16.13-4) * Debian GNU/Linux 3.1 R2. (kernel: 2.4.27-2) * Mandriva 2006. (kernel: 2.6.12-12mdksmp) * FreeBSD 4.11. (kernel: GENERIC/SMP) * FreeBSD 5.4. (kernel: GENERIC/SMP) * FreeBSD version 6.1. (kernel: GENERIC/SMP) b. 64-bit platforms: * RedHat Enterprise Linux Advanced Server 4 UPD3. (kernel: 2.6.9-34EL (amd64)) * RedHat Fedora Core 5. (kernel: 2.6.15-1.2054_FC5) * SUSE Linux Professional 10.1. (kernel: 2.6.16.13-4) * SUSE LES 9 SP3. (kernel: 2.6.5-7.97) 2. Perl interpreter - version 5.0 or higher (www.perl.org). 3. The which utility installed. 4. Installed Samba server from 2.2.7 up to 3.0.0-3.0.23a. 5. [optional] Webmin package (www.webmin.com) - for remote administration of Kaspersky Anti-Virus. Product Installation & Upgrade -------------------------------------------------------------------------------- Installation from scratch: To install the product use the system specific command: on Linux/RPM: rpm -i .rpm on Linux/Debian: dpkg -i .deb on FreeBSD: pkg_add .tgz Upgrade from the previous version: IMPORTANT! Upgrade option is not supported by this product version. If you have previous version of the Kaspersky Anti-Virus for Samba Servers installed, please uninstall it first before installing new version. Known Issues & Workarounds -------------------------------------------------------------------------------- * Debian GNU/Linux 3.1 has a bug in Webmin 1.180-3 which prevents work with 3rd party modules. Thus it is impossible to use a Webmin module included in the Kaspersky Anti-Virus for Samba Server distribution. There are the following workarounds for this issue: * Either install original version of Webmin from www.webmin.com. * Or execute the following commands after installation of the Kaspersky Anti-Virus for Samba Server: # cd /usr/local/share/webmin # ln -s ../../../share/webmin/web-lib-funcs.pl # ln -s ../../../share/webmin/ui-lib.pl # ln -s ../../../share/webmin/web-lib.pl # cp /usr/local/share/webmin/kavsamba/config /etc/webmin/kavsamba/config * Possible problems using an extended set of the anti-virus databases. While using extended databases the Anti-Virus starts detecting even programs, which are not viruses proper but still match the malware criteria for the corresponding set of databases. It should be noted that a program detected using the extended databases will also be considered malware. The application will apply to it the same actions it uses with malware. The anti-virus verdict for the program will include the phrase not-a-virus, so that the verdict looks like: Brick1.ex INFECTED not-a-virus:Joke.Win32.Brick. The Action=remove setting may be a particular problem when using extended databases. It should be noted that some programs detected as malware in that mode may be used by system administrators for their own purpose being trusted software allowed on a computer. Thus, it is important to exercise extreme caution using that setting with extended anti-virus databases. We recommend enabling automatic file backup (through the BackupPath variable in the product configuration file) whenever it is used. If a system administrator wishes to exclude a specific program from detection, he/she should use the ExcludeDirs setting adding there a full path to the program to be excluded from anti-virus scanning. * If you have a previous version of the product installed, then the Samba daemon must be stopped manually before the old version uninstallation * (12500) Sometimes a warning displayed in the console after the product installation from .rpm on FC5 and Mandriva-2006: useradd: warning: the home directory already exists. Not copying any file from skel directory into it. Kaspersky Anti-Virus for Unix has been installed successfully but needs to be properly configured before using. Unfortunately, RPM is not able to run scripts interactively, so please run /opt/kav/5.5/kav4samba/setup/postinstall.pl script by yourself to configure it. No workaround needed, please simply ignore this warning message. * (13637) If the cure mode is activated, then an attempt to cure accessed file will be performed independently on accessing user's rights for this file (either R/O or R/W) in case if the file is located on the filesystem mounted with ACL. * (15037) Sometimes on FreeBSD 4.11 after pkg_add the product Webmin module does not appear in the section "Others" of the Webmin. The problem is in the Webmin itself and exists in Webmin versions from 1.90 to 1.170 inclusively. The Webmin installation script sets incorrect permissions for Webmin users. There are 2 possible workarounds: * To Upgrade your Webmin to V1.180 and to reinstall the product Webmin module * To correct Webmin permissions manually by setting required rights for appropriate webmin user in "Webmin->User Configuration" * (15225) vox.sh cannot be user as an Exec argument. It functions only as a standalone utility.