Kaspersky Security 8.0 for Microsoft Exchange Servers
Administrator’s Guide PROGRAMM VERSION: 8.0
Dear User! Thank you for choosing our product. We hope that this document will help you in your work and provide answers to the majority of your questions. Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability by applicable law. Any type of reproduction or distribution of any materials, including in translated form, is allowed only with the written permission of Kaspersky Lab. This document and the graphic images it contains may be used exclusively for information, non-commercial or personal purposes. This document may be amended without additional notification. For the latest version, please refer to Kaspersky Lab’s web site at http://www.kaspersky.com/docs. Kaspersky Lab assumes no liability for the content, quality, relevance or accuracy of any materials used in this document for which the rights are held by third parties, or for the potential damages associated with using such documents. The document contains registered trademarks and service marks belonging to their respective owners. Revision date: 22.09.2010 Š 1997-2010 Kaspersky Lab ZAO. All Rights Reserved. http://www.kaspersky.com http://support.kaspersky.com/
2
TABLE OF CONTENTS ABOUT THIS GUIDE .....................................................................................................................................................6 In this document .......................................................................................................................................................6 Document conventions .............................................................................................................................................7 ADDITIONAL SOURCES OF INFORMATION ...............................................................................................................9 Data sources for independent search .......................................................................................................................9 Discussing Kaspersky Lab applications on the web forum ..................................................................................... 10 Contacting the Technical documentation development group ................................................................................ 10 KASPERSKY SECURITY 8.0 FOR MICROSOFT EXCHANGE SERVER 2007 .......................................................... 11 Basic functionality ................................................................................................................................................... 11 Distribution Kit ........................................................................................................................................................ 12 Services for registered users .................................................................................................................................. 12 License agreement ................................................................................................................................................. 12 Hardware and software requirements ..................................................................................................................... 13 APPLICATION ARCHITECTURE ................................................................................................................................ 14 Application components and their purpose ............................................................................................................. 14 Security Server architecture ................................................................................................................................... 14 TYPICAL DEPLOYMENT SCHEMES .......................................................................................................................... 16 Microsoft Exchange Server roles and corresponding configurations ...................................................................... 16 Server protection deployment ................................................................................................................................. 16 Application deployment on a server cluster ............................................................................................................ 17 APPLICATION SETUP................................................................................................................................................. 18 Preparing installation .............................................................................................................................................. 18 Upgrading an earlier version................................................................................................................................... 19 Application setup procedure ................................................................................................................................... 19 Step 1. Installing the required components ....................................................................................................... 19 Step 2. Greeting and License Agreement ......................................................................................................... 20 Step 3. Selecting the type of the installation ..................................................................................................... 20 Step 4. Selecting the application components .................................................................................................. 20 Step 5. Configuring connection to Microsoft SQL Server .................................................................................. 21 Step 6. Copying files ......................................................................................................................................... 21 Getting started. Application configuration wizard .................................................................................................... 22 Configuring updates .......................................................................................................................................... 22 Installing a license key ...................................................................................................................................... 22 Notification settings ........................................................................................................................................... 23 Configuring server protection ............................................................................................................................ 23 Testing the application functionality .................................................................................................................. 23 Restoring the application ........................................................................................................................................ 25 Removing the application ....................................................................................................................................... 25 MANAGING KASPERSKY SECURITY LICENSES ..................................................................................................... 27 Viewing information about installed licenses .......................................................................................................... 28 Installing a license key ............................................................................................................................................ 29 Removing a license key .......................................................................................................................................... 29 Notification about license expiry ............................................................................................................................. 29
3
ADMINISTRATOR'S GUIDE
Creating the list of protected mailboxes and storages ............................................................................................ 30 APPLICATION INTERFACE ........................................................................................................................................ 31 Main window ........................................................................................................................................................... 31 Context menu ......................................................................................................................................................... 33 APPLICATION START AND STOP ............................................................................................................................. 34 DEFAULT MICROSOFT EXCHANGE SERVER PROTECTION STATUS .................................................................. 36 GETTING STARTED.................................................................................................................................................... 37 Starting: Administration Console ............................................................................................................................ 37 Creating the list of protected Microsoft Exchange servers ...................................................................................... 37 Connecting the Administration Console to the Security Server .............................................................................. 39 UPDATING THE ANTI-VIRUS AND ANTI-SPAM DATABASES .................................................................................. 40 Manual update ........................................................................................................................................................ 41 Automatic database updating ................................................................................................................................. 42 Selecting the updates source ................................................................................................................................. 43 Editing the connection settings ............................................................................................................................... 43 ANTI-VIRUS PROTECTION ........................................................................................................................................ 44 Enabling and disabling anti-virus server protection ................................................................................................ 45 Creating rules for object processing ....................................................................................................................... 46 Scanning attached archives and containers ........................................................................................................... 47 Creating scanning exclusions ................................................................................................................................. 47 Configuring protection settings for mail accounts ................................................................................................... 48 Background scan .................................................................................................................................................... 48 ANTI-SPAM PROTECTION ......................................................................................................................................... 50 Configuring the anti-spam analysis ......................................................................................................................... 52 Creating the black and white lists of senders.......................................................................................................... 52 Advanced Anti-Spam configuration ........................................................................................................................ 54 Using external services for spam processing ......................................................................................................... 55 Using additional Anti-Spam functionality ................................................................................................................ 56 BACKUP STORAGE .................................................................................................................................................... 58 Viewing the Backup storage ................................................................................................................................... 59 Viewing properties of a Backed-up object............................................................................................................... 61 Filtering of Backup .................................................................................................................................................. 62 Restoring objects from the Backup ......................................................................................................................... 63 Sending objects for analysis ................................................................................................................................... 63 Deleting objects from Backup. ................................................................................................................................ 64 Configuring the Backup storage settings ................................................................................................................ 64 NOTIFICATIONS ......................................................................................................................................................... 65 Configuring notification settings. ............................................................................................................................. 65 Configuring notification delivery settings. ............................................................................................................... 66 REPORTS .................................................................................................................................................................... 67 Configuring Quick reports settings .......................................................................................................................... 67 Configuring Anti-Virus reports settings ................................................................................................................... 68 Configuring Anti-Spam reports settings .................................................................................................................. 69 View the Ready reports .......................................................................................................................................... 69 Delivery of reports via e-mail .................................................................................................................................. 72
4
TABLE
OF CONTENTS
APPLICATION EVENT LOGS ...................................................................................................................................... 73 Configuring the diagnostics level ............................................................................................................................ 73 Configuration of the logs settings ........................................................................................................................... 74 FREQUENTLY ASKED QUESTIONS .......................................................................................................................... 75 CONTACTING THE TECHNICAL SUPPORT SERVICE ............................................................................................. 77 INFORMATION ABOUT THIRD-PARTY CODE .......................................................................................................... 78 Software code......................................................................................................................................................... 78 BOOST 1.30.0, 1.36 ......................................................................................................................................... 79 BZIP2/LIBBZIP2 1.0.5 ...................................................................................................................................... 80 EXPAT 1.2, 2.0.1 .............................................................................................................................................. 80 FREEBSD LIBC 2.3-2.6 .................................................................................................................................... 80 GECKO SDK 1.8 ............................................................................................................................................... 81 ICU 4.0.1 ........................................................................................................................................................... 87 INFO-ZIP 5.51.................................................................................................................................................. 87 LIBJPEG 6B ...................................................................................................................................................... 88 LIBNKFM 2.0.5 ................................................................................................................................................. 90 LIBPNG 1.2.29 .................................................................................................................................................. 90 LIBSPF2 1.2.9................................................................................................................................................... 90 LIBUNGIF 3.0 ................................................................................................................................................... 90 LIBXDR ............................................................................................................................................................. 91 LOKI 0.1.3 ......................................................................................................................................................... 91 LZMA SDK 4.43 ................................................................................................................................................ 92 MICROSOFT ENTERPRISE LIBRARY 4.1 ...................................................................................................... 92 MICROSOFT VISUAL STUDIO 2008 (MSVCP80.DLL, MSVCR80.DLL) ......................................................... 92 OPENSSL 0.9.8D ............................................................................................................................................. 92 PCRE 7.4, 7.7 ................................................................................................................................................... 95 RFC1321-BASED (RSA-FREE) MD5 LIBRARY ............................................................................................... 96 SPRING.NET 1.2.0 ........................................................................................................................................... 96 SQLITE 3.6.18 .................................................................................................................................................. 98 WPF TOOLKIT 3.5.40128.1 .............................................................................................................................. 99 ZLIB 1.2, 1.2.3 .................................................................................................................................................. 99 Other information .................................................................................................................................................... 99 GLOSSARY ............................................................................................................................................................... 100 KASPERSKY LAB ...................................................................................................................................................... 104 KASPERSKY LAB END USER LICENSE AGREEMENT .......................................................................................... 105 INDEX ........................................................................................................................................................................ 110
5
ABOUT THIS GUIDE Greetings from the team of Kaspersky Lab CJSC (hereinafter referred to as Kaspersky Lab)! We hope that this Administrator's Guide will help you understand basic working principles of Kaspersky Security 8.0 for Microsoft Exchange Servers (hereinafter referred to as KS 8.0 for Exchange Servers or Kaspersky Security). The document is intended for administrators of mail servers using Microsoft Exchange Server 2007 or 2010 (further - Microsoft Exchange Server), who have chosen Kaspersky Security as the protection solution for the mail servers. The aim of the document: assist Microsoft Exchange Server administrators in installing the application components on server, activating the server protection and ensuring its optimal configuration considering the current tasks; provide quickly searchable information about installation-related issues; provide alternate sources of information about the application and the ways of getting technical support.
IN THIS SECTION In this document ................................................................................................................................................................ 6 Document conventions ...................................................................................................................................................... 7
IN THIS DOCUMENT Administrator's Guide for Kaspersky Security 8.0 for Microsoft Exchange Servers consists of the following chapters: About this Guide. The chapter outlines the structure of this Administrator's Guide. Additional sources of information (on page 9). The section describes various sources of information pertaining to the purchase, installation and operation of Kaspersky Security. Kaspersky Security 8.0 for Microsoft Exchange Servers (on page 11). The chapter describes the main features of the application. Application architecture (on page 14). The chapter describes the application components and methods of their interaction. Typical deployment schemes (on page 16). The chapter describes the roles of a Microsoft Exchange server and the schemes for deployment of server protection. Application setup (on page 18). The chapter details the procedure of Kaspersky Security installation. License management (see section "Managing Kaspersky Security licenses" on page 27). The chapter describes the types of licenses and the procedure of license installation and removal. Application interface (on page 31). The chapter describes the user interface of Kaspersky Security. Application start and stop (on page 34). The chapter explains how to start and stop the application. Default protection of Microsoft Exchange Server (on page 36). The chapter describes the peculiarities of Kaspersky Security operation using the default settings. Getting started (on page 37). The chapter explains how to begin using Kaspersky Security, enable the mail server protection and create the list of protected servers.
6
ABOUT
THIS
GUIDE
Updating the Anti-Virus and Anti-Spam databases (on page 40). The chapter describes configuring of the update settings for the databases of Kaspersky Security. Anti-virus protection (on page 44). The chapter is devoted to the configuration of anti-virus protection of mail servers. Anti-Spam protection (on page 50). The chapter describes the opportunities for anti-spam protection of mail servers. Backup (on page 58). The chapter explains the Backup functionality, the methods used to restore objects from Backup as well as Backup configuration. Notifications (on page 65). The chapter describes the methods used to receive notifications about the events occurring in Kaspersky Security. Reports (on page 67). The chapter contains information on creation of reports, their reviewing and delivery via e-mail. Event logs (see section "Application event logs" on page 73). The chapter describes configuration of the settings for reporting of the Anti-Virus and Anti-Spam activity, and other Kaspersky Security events. Frequently asked questions (on page 75). The chapter is devoted to the questions that users ask most often. Contacting the technical support service (on page 77). The chapter describes available technical support options for the application users. Glossary. This section contains the list of terms used in the program and their definitions. Kaspersky lab (on page 104). The chapter contains a brief description of the company. Information about third-party code (on page 78). The chapter contains information about software code and tools of other vendors used in the application development.
DOCUMENT CONVENTIONS Document conventions described in the table below are used in this Document. Table 1.
Document conventions
SAMPLE TEXT
DOCUMENT CONVENTIONS DESCRIPTION
Please note that...
Warnings are highlighted in red and framed. Warnings contain important information, for example, related to the actions which are critical for the computer security. Notes are framed. Notes contain additional and reference information.
It is recommended to use... Example:
Examples are given in sections with the yellow background under the header "Example".
...
7
ADMINISTRATOR'S GUIDE
SAMPLE TEXT
DOCUMENT CONVENTIONS DESCRIPTION
Update is...
New terms are printed in italics.
ALT+F4
Names of the keyboard keys are capitalized and printed in bold type. Names of the keys linked with the "plus" sign mean key combinations.
Enable To configure a task schedule, perform the following steps:
UI elements, for example, names of entry fields, menu options, buttons are in bold. Introductory phrase on an instruction is printed in italics.
help
Commands entered in the command line, or messages displayed on the screen are highlighted with special font.
<IP address of your computer>
The variables are put in angle brackets. You should replace a variable with the corresponding value in each case; angle brackets are omitted.
8
ADDITIONAL SOURCES OF INFORMATION If you have any questions regarding selection, purchasing, installing or using Kaspersky Security, you can quickly find relevant answers. Kaspersky Lab provides various sources of information about the application. You can select the most convenient source, depending on the urgency or importance of your question.
IN THIS SECTION Data sources for independent search ............................................................................................................................... 9 Discussing Kaspersky Lab applications on the web forum .............................................................................................. 10 Contacting the Technical documentation development group ......................................................................................... 10
DATA SOURCES FOR INDEPENDENT SEARCH You may refer to the following sources of information about the application: application page at Kaspersky Lab's web site; application page at the Technical Support web site (in the Knowledge Base); online help system; documentation.
Application page at Kaspersky Lab's web site http://www.kaspersky.com/business On this page you can find general information about Kaspersky Security, its features and peculiarities.
Application page at the Technical Support web site (in the Knowledge Base) http://support.kaspersky.com/exchange This page contains articles published by the Technical Support experts. These articles contain useful information, guidelines, and answers to frequently asked questions pertaining to the operation of Kaspersky Security.
Online help system The online help system contains information on setting up the program components, as well as directions and recommendations on program management. To access the online help system, select Help in the Actions menu of the Administration Console. If you have a question about a certain window or tab in Kaspersky Security, you can use the context help. To open the context help, open the window or the tab that interests you, and press the F1 key.
9
ADMINISTRATOR'S GUIDE
Documentation Administrator's Guide for Kaspersky Security contains complete information necessary for work with an application and is included in the application package.
DISCUSSING KASPERSKY LAB APPLICATIONS ON THE WEB FORUM If your question does not require an urgent answer, you can discuss it with Kaspersky Lab's specialists and other users in our forum located at http://forum.kaspersky.com. In this forum you can view existing topics, leave your comments, create new topics, and use the search engine.
CONTACTING THE TECHNICAL DOCUMENTATION DEVELOPMENT GROUP If you have any questions regarding documentation, have found an error or if you would like to provide feedback, you can contact the Technical documentation development group. Click the Leave feedback link in the top right part of the Help window to open the default email client on your computer. The displayed window will contain automatically substituted address of the documentation development group (docfeedback@kaspersky.com) and the message subject (Kaspersky Help Feedback: Kaspersky Security). Write your feedback and send the email without changing the subject.
10
KASPERSKY SECURITY 8.0 FOR MICROSOFT EXCHANGE SERVER 2007 Kaspersky Security 8.0 for Microsoft Exchange Servers is an application designed for protection of mail servers based on Microsoft Exchange Server against viruses, Trojan software and other types of threats that may be transmitted via email. Malware can cause serious damage; these programs are designed specifically to steal, block, modify or destroy data disrupting the operation of computers and computer networks. Massive virus mailing can quickly spread infection in corporate networks paralyzing both running servers and workstations and resulting in unwanted downtime and damages. Moreover, virus attacks may also cause data losses which can negatively affect your business and the business of your partners. Kaspersky Security provides for anti-spam protection on the level of your corporate mail server saving your employees the trouble of deleting unwanted mail manually.
IN THIS SECTION Basic functionality ........................................................................................................................................................... 11 Distribution Kit ................................................................................................................................................................. 12 Services for registered users........................................................................................................................................... 12 License agreement .......................................................................................................................................................... 12 Hardware and software requirements ............................................................................................................................. 13
BASIC FUNCTIONALITY Kaspersky Security protects mailboxes, public folders and relayed mail traffic passing a Microsoft Exchange Server against malware and spam. The application scans all email traffic passing through the protected Microsoft Exchange Server. Kaspersky Security can perform the following operations: Scan incoming, outgoing mail and the messages stored on a Microsoft Exchange Server (including public folders) checking them for malware presence. While scanning, the application processes the whole message and all its attached objects. Depending upon the selected settings, the application disinfects, removes detected harmful objects and provides to users complete information about such accidents. Filter mail traffic screening out unsolicited mail (spam). The Anti-Spam component scans mail traffic checking it for spam content. In addition, Anti-Spam allows creation of white and black lists of sender addresses and supports flexible configuration of anti-spam analysis intensity. Save backup copies of objects (attachments or message bodies) and spam messages prior to their disinfection or deletion to enable subsequent restoration, if required, thus preventing the risk of data losses. Configurable filters allow easy location of individual stored objects. Notifying the sender, the recipient and the system administrator about messages that contain malicious objects. Maintain event logs, collect statistics and create regular reports on the application activity. The application can create reports automatically according to the schedule or by request.
11
ADMINISTRATOR'S GUIDE
Configure the application settings to match the volume and type of relayed traffic, in particular, define the connection timeout to optimize scanning. Update the databases of Kaspersky Security automatically or in manual mode. Updates can be downloaded from the FTP or HTTP servers of Kaspersky Lab, from a local / network folder that contains the latest set of updates, or from user-defined FTP or HTTP servers. Re-scanning messages for the presence of new viruses, using a schedule. This task is performed as a background scan, and has only a small effect on the mail serverâ&#x20AC;&#x2122;s performance. Manage anti-virus protection on the storage level and create the list of protected storages. Managing licenses. A license is provided for a certain number of mailboxes, not user accounts.
DISTRIBUTION KIT You can purchase Kaspersky Security from our partners, or purchase it online from Internet shops, such as the eStore section of http://www.kaspersky.com. Kaspersky Security is supplied as a part of Kaspersky Security for Mail Server (http://www.kaspersky.com/kaspersky_security_mail_server) or of the Kaspersky Open Space Security products (http://www.kaspersky.com/open_space_security) included into the Kaspersky Enterprise Space Security and Kaspersky Total Space Security solutions. After purchasing a license for Kaspersky Security, you will receive an e-mail containing a link to download the application from the web site of Kaspersky Lab and a key file for license activation, or an installation CD containing the distribution package of the product. Before breaking the seal on the installation disk envelope, carefully read through the EULA.
SERVICES FOR REGISTERED USERS Kaspersky Lab Ltd. offers an extensive service package to all legally registered users of Kaspersky Security, enabling them to boost the application's performance. After purchasing a license, you become a registered user and, during the period of your license, you will be provided with these services: regular updates to the application databases and updates to the software package; support on issues related to the installation, configuration and use of the purchased software product. Services will be provided by phone or via email; information about new Kaspersky Lab products and about new viruses appearing worldwide. This service is available to users who subscribe to Kaspersky Lab's newsletter on the Technical Support Service web site (http://support.kaspersky.com/subscribe/). Support on issues related to the performance and the use of operating systems, or other non-Kaspersky technologies, is not provided.
LICENSE AGREEMENT The End-User License Agreement is a legal agreement between you and Kaspersky Lab that specifies the terms on which you may use the software you have purchased. Read the EULA through carefully! If you do not accept the terms and conditions of the license agreement, you can decline the product offer and receive a refund. Please note that the envelope with the installation CD should remain sealed. By opening the sealed installation disk, you accept all the terms of the EULA.
12
KASPERSKY SECURITY 8.0
FOR
MICROSOFT EXCHANGE SERVER 2007
HARDWARE AND SOFTWARE REQUIREMENTS Hardware requirements The hardware requirements of Kaspersky Security are identical to the requirements of Microsoft Exchange Server. Depending upon the application settings and its mode of operation, considerable disk space may be required for Backup storage and other service folders (the default size of the Backup storage folder can be up to 5120 MB). Hardware requirements of the Administration Console installed with application include: Intel Pentium 400 MHz or faster processor (1000 MHz recommended); 256 MB free RAM; 500 MB disk space for the application files.
Software requirements Installation of Kaspersky Security requires one of the following operating systems: Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 x64 R2 Enterprise Edition / Microsoft Windows Server 2008 x64 R2 Standard Edition / Microsoft Windows Server 2008 x64 Enterprise Edition Service Pack 1 / Microsoft Windows Server 2008 x64 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2008 x64 Standard Edition Service Pack 1 / Microsoft Windows Server 2008 x64 Standard Edition Service Pack 2 / Microsoft Windows Server 2003 x64 R2 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2003 x64 R2 Standard Edition Service Pack 2 / Microsoft Windows Server 2003 x64 Enterprise Edition Service Pack 2 / Microsoft Windows Server 2003 x64 Standard Edition Service Pack 2. The following components are required for installation: Microsoft Exchange Server 2007 x64 Service Pack 1 or Microsoft Exchange Server 2010 deployed in at least one of the roles: Hub Transport or Mailbox; MS SQL Server 2005 Express Edition, MS SQL Server 2005 Standard Edition, MS SQL Server 2005 Enterprise Edition, MS SQL Server 2008 Express Edition, MS SQL Server 2008 Standard Edition, MS SQL Server 2008 Enterprise Edition; Microsoft .NET Framework 3.5 Service Pack 1. Installation of the Administration Console requires one of the following operating systems: Microsoft Small Business Server 2008 Standard / Microsoft Small Business Server 2008 Premium / Microsoft Essential Business Server 2008 Standard / Microsoft Essential Business Server 2008 Premium / Microsoft Windows Server 2008 / Microsoft Windows Server 2003 x64 (with Service Pack 2 installed) / Microsoft Windows Server 2003 x64 R2 Standard Edition / Microsoft Windows Server 2003 x64 R2 Enterprise Edition / Microsoft Windows XP x64 (with Service Pack 2 installed) / Microsoft Windows Vista x64 / Microsoft Windows Server 2003 R2 Standard Edition / Microsoft Windows Server 2003 R2 Enterprise Edition / Microsoft Windows Vista / Microsoft Windows Server 2003 (with Service Pack 2 installed) / Microsoft Windows XP (with Service Pack 3 installed) / Windows 7 Professional / Windows 7 Enterprise / Windows 7 Ultimate. The following components are required for installation: Microsoft Management Console 3.0; Microsoft .NET Framework 3.5 Service Pack 1.
13
APPLICATION ARCHITECTURE Kaspersky Security performs anti-virus scanning of all incoming, outgoing mail and messages stored on server, and filters spam. The application analyzes the message body and attached files in any format. The detection of malicious programs is based on records contained in Kaspersky Security's databases. Databases are regularly updated by Kaspersky Lab, and uploaded to Kaspersky Lab's update servers. Additionally, the application uses a special analysis facility called a heuristic analyzer which can detect previously unknown viruses. Spam checks are performed by the Anti-Spam component, which employs a combination of several methods to fight spam. The application scans objects received by the server in real time. The user cannot open and view a new message before it is scanned. The application processes each object using the rules specified by the administrator for different types of object. You can create rules for processing of malicious objects (see section "Creating rules for object processing" on page 46) and spam (see section "Configuring the anti-spam analysis" on page 52). Prior to modifying an object, the application can save a copy of it in a special Backup storage to allow subsequent restoration, or for forwarding to Kaspersky Lab for analysis. The application can send notifications about events as they occur to the anti-virus security administrator, the recipient, and the sender of the infected message, and also places a record of the event in the application log file and in the Microsoft Windows event log.
IN THIS SECTION Application components and their purpose ..................................................................................................................... 14 Security Server architecture ............................................................................................................................................ 14
APPLICATION COMPONENTS AND THEIR PURPOSE The application consists of two basic components: Security Server The component is installed on the protected Microsoft Exchange server, it carries out actual anti-spam filtering of mail traffic and its anti-virus protection. Security Server intercepts the messages arriving on the Microsoft Exchange Server and uses its internal Anti-Virus and Anti-Spam modules to perform anti-virus scanning and anti-spam filtration of that traffic respectively. If infection or spam is detected in a message, it can be saved in Backup or deleted depending upon the Anti-Virus and Anti-Spam settings. Administration Console is a dedicated isolated snap-in integrated into MMC 3.0. Administration Console can be installed locally on the protected Microsoft Exchange server or on a different computer for remote management of the server protection. You can use the Administration Console to create and edit the list of protected Microsoft Exchange servers and manage the Security Server.
SECURITY SERVER ARCHITECTURE The server component of the application, the Security Server, consists of the following main subsystems: The E-mail Interceptor intercepts objects arriving at the Microsoft Exchange Server and forwards them to the anti-virus scan subsystem. It is integrated into the Microsoft Exchange Server processes using either VSAPI 2.6 or Transport Agents, according to the configuration selected during Microsoft Exchange Server deployment. The Anti-Virus performs anti-virus scans of objects. The component is essentially the anti-virus engine running within the program process of Kaspersky Security 8.0 for Microsoft Exchange Servers. The anti-virus scan subsystem also includes storage for temporary objects while scanning objects in RAM. The storage is located in the working folder Store.
14
APPLICATION
ARCHITECTURE
Store folder is a subfolder within the application folder, which must be excluded from the scan scope of any antivirus programs installed in the corporate network. Otherwise the application may function incorrectly. The Anti-Spam component filters unwanted mail. The component is essentially the anti-spam engine running within the program process of Kaspersky Security 8.0 for Microsoft Exchange Servers. Once a message is intercepted, it is transferred to the Anti-Spam engine for analysis. Depending upon the analysis result and the produced verdict, the message will be allowed to pass or deleted in accordance with the spam handling settings. Copies of deleted messages can be stored in Backup. The Internal Application Management and Integrity Control Module is launched in a separate process and is a Microsoft Windows service. The service is called Kaspersky Security 8.0 for Microsoft Exchange Servers, and is launched automatically when either the first message is being transferred, when the Management Console attempts to connect to the Security Server and after the initial configuration wizard has completed. This service does not depend on the state of the Microsoft Exchange Server (that is, whether it is started or stopped), so that the application can be configured even if the Microsoft Exchange Server is stopped. When background scan mode is enabled, the Internal Application Management Module will receive all email messages located in public folders and protected storage areas from the Microsoft Exchange server, in accordance with the current settings. If a message has not been analyzed using the latest anti-virus database, it will be sent to the anti-virus component for processing. Objects are processed in background mode in the same way as in traffic scan mode. For correct operation of the application, the Internal Application Management Module must always be running; stopping this service manually is not recommended.
15
TYPICAL DEPLOYMENT SCHEMES Kaspersky Security should be installed on a Microsoft Exchange server. The application components, which you can install depends upon the role that the Microsoft Exchange Server performs. Kaspersky Security also supports deployment on a server cluster. You are advised to read through this chapter to select the most suitable deployment scheme.
IN THIS SECTION Microsoft Exchange Server roles and corresponding configurations ............................................................................... 16 Server protection deployment ......................................................................................................................................... 16 Application deployment on a server cluster ..................................................................................................................... 17
MICROSOFT EXCHANGE SERVER ROLES AND CORRESPONDING CONFIGURATIONS Successful operation of Kaspersky Security requires that the protected Microsoft Exchange Server should be deployed at least in one of the following roles: Mailbox. Hub Transport. Edge Transport. If Microsoft Exchange Server is deployed as a Mailbox, Kaspersky Security interacts with it using the VSAPI 2.6 standard. In other cases the Transport Agents technology is used. Please note that in the Hub Transport role, objects are first scanned by Kaspersky Security and then processed by Microsoft Exchange Transport Agents. In the Edge Transport role, the procedure is reversed - the objects are first processed by Microsoft Exchange Transport Agents and then by Kaspersky Security.
SERVER PROTECTION DEPLOYMENT The following procedure should be used to deploy the protection system for mail servers: 1.
The Security Server component has to be installed on all protected Microsoft Exchange servers within the network. The installation must be performed from the distribution kit individually for each server.
2.
Management console is installed together with Security server. It provides centralized access to all Security servers of Kaspersky Security from the single administrator's workplace. If necessary, Administration Console can be installed separately on a computer within the corporate network. If several administrators are working jointly, the Administration Console can be installed on each administrator's computer.
3.
Create the list of managed servers (see section "Creating the list of protected Microsoft Exchange servers" on page 37).
4.
Administration Console connects to the Security Server (see section "Connecting the Administration Console to the Security Server" on page 39).
16
TYPICAL
DEPLOYMENT SCHEMES
APPLICATION DEPLOYMENT ON A SERVER CLUSTER Kaspersky Security supports the following cluster types: single copy cluster (SCC); cluster continuous replication (CCR). During setup the application recognizes a server cluster automatically. This means that the order in which the application is installed to different cluster nodes does not matter. The procedure for installing Kaspersky Security on a cluster of servers differs from the usual procedure in that: Before installation of Kaspersky Security is completed on all cluster nodes, the clustered mailbox servers (CMS) must not be moved between different cluster nodes. In the course of installation of Kaspersky Security to all cluster nodes, all installation folders must have the same location. The account used to perform the installation procedure must be authorized to write to the Active Directory configuration section. After installation to a cluster of servers, all application settings are stored in the Active Directory, and all cluster nodes use those parameters. However, parameters which refer to the physical server are set for each cluster node manually. Kaspersky Security automatically defines active cluster nodes, and applies the Active Directory settings to them. The scan results for each cluster node will be displayed only for those messages which were forwarded by the Microsoft Exchange virtual server to this cluster node. The scan results include: the Backup storage content; information presented in reports; the set of events registered in the application logs; The procedure for uninstalling Kaspersky Security from a cluster of servers differs from the usual procedure in that: Clustered mailbox servers (CMS) must not be moved between nodes before application removal is completed. In the process of uninstalling the application from the active cluster node, the cluster resource of the Microsoft Exchange Information Store, and all resources of the Microsoft Exchange Database Instance which depend upon it, are stopped. Once the removal procedure is complete, the original status of these services will be automatically restored.
17
APPLICATION SETUP Kaspersky Security consists of two main components: the Security Server and Administration Console. Security Server is always installed together with the Administration Console. Administration Console can be installed separately on another computer for remote management of a Security Server. Depending upon your corporate server architecture, you can select one of three available installation variants: Security Server will be installed on the computer running Microsoft Exchange Server. Administration Console will be installed to the same host. Security Server and Administration Console will be installed on the computer running Microsoft Exchange Server. Administration Console can be installed on any computer within your corporate network for remote management of the Security Server. Security Server will be installed on a cluster of servers running Microsoft Exchange Server. In that case the Security Server and Administration Console should be installed together on each node of the cluster. Some services of Microsoft Exchange Server have to be restarted after Kaspersky Security installation.
IN THIS SECTION Preparing installation ....................................................................................................................................................... 18 Upgrading an earlier version ........................................................................................................................................... 19 Application setup procedure ............................................................................................................................................ 19 Getting started. Application configuration wizard ............................................................................................................ 22 Restoring the application ................................................................................................................................................. 25 Removing the application ................................................................................................................................................ 25
PREPARING INSTALLATION To install Kaspersky Security, you will need domain administrator privileges. Besides, an Internet connection is necessary for installation of the following required components: .NET Framework 3.5 SP1; Microsoft Management Console 3.0; Microsoft SQL Server 2005 / 2008 (Standard, Express, Enterprise). To create a database on the SQL server, you will need the local access rights for the computer where Kaspersky Security will be installed and administrator privileges on the SQL server. If SQL server is running on a domain controller, you must be a member of the Enterprise Admins and / or Domain Admins group.
18
APPLICATION
SETUP
UPGRADING AN EARLIER VERSION Kaspersky Security does not support upgrading of earlier versions. An earlier application version installed on the computer must be removed before Kaspersky Security setup. The data and settings of the earlier version will not be preserved.
APPLICATION SETUP PROCEDURE Kaspersky Security installer is designed as a wizard providing information about the operations, which you have to perform during each step of the procedure. The Back and Next buttons can be used to navigate between the installation screens (steps) at any time. The Exit and Cancel buttons allow you to exit the installer. The Finish button completes the installation procedure. The installation procedure begins with starting the setup_en.exe file. Further we shall discuss in detail the steps performed by the Setup Wizard.
IN THIS SECTION Step 1. Installing the required components ..................................................................................................................... 19 Step 2. Greeting and License Agreement ....................................................................................................................... 20 Step 3. Selecting the type of the installation.................................................................................................................... 20 Step 4. Selecting the application components ................................................................................................................. 20 Step 5. Configuring connection to Microsoft SQL Server ................................................................................................ 21 Step 6. Copying files ....................................................................................................................................................... 21
STEP 1. INSTALLING THE REQUIRED COMPONENTS During this step you have to make sure that the following required components are installed on your computer: .NET Framework 3.5 SP1. You can install the component by clicking the button Download and install .NET Framework 3.5 SP 1. The computer must be restarted after .NET Framework 3.5 SP1 installation! If you continue setup without restart, it may cause problems in the operation of Kaspersky Security. Microsoft Windows Installer (MSI) 4.5. This component is required to install Microsoft SQL Server 2008 Express Edition. You can install the component by clicking the button Download and install Microsoft Windows Installer 4.5. Microsoft SQL Server 2008 Express Edition or another SQL server. To install the component, click the button Install Microsoft SQL Server 2008 Express Edition. For working with Kaspersky Security, a fresh installation of SQL Server is recommended. Microsoft Management Console 3.0 (MMC 3.0). Microsoft Management Console 3.0 (MMC 3.0) is a part of the operating system in Microsoft Windows Server 2003 R2 and later versions. To install the program in earlier versions of Microsoft Windows Server, you need to upgrade MMC to version 3.0. To do that, click the button Download and install MMC 3.0. You can proceed to the next setup step by clicking the link Kaspersky Security 8.0 for Microsoft Exchange Servers. In addition, you can click the Installation guide button to download and install an installation guide.
19
ADMINISTRATOR'S GUIDE
STEP 2. GREETING AND LICENSE AGREEMENT The welcome screen informs you that Kaspersky Security installation to your computer has been started. Clicking the Next button opens the License Agreement window. License Agreement is an agreement between the application user and Kaspersky Lab. Checking the box I accept the terms and conditions of this Agreement means that you have read the License Agreement and accepted its terms and conditions.
STEP 3. SELECTING THE TYPE OF THE INSTALLATION The installation type selection screen contains two buttons: Standard. Clicking the button will continue the procedure installing the standard set of components, which suits most users. Please see Step 5 for further instructions. Custom. Clicking this button allows you to select manually the application components, which you would like to install. Custom installation mode is recommended for experienced users. Once the installation type is selected, the Setup Wizard proceeds to the next step.
STEP 4. SELECTING THE APPLICATION COMPONENTS If you have selected the Custom setup type, the installer will offer you to select the components which you would like to install. The set of components available for installation will differ depending on whether Microsoft Exchange Server is installed, and how it is configured. If Microsoft Exchange Server is deployed to act both as a Mailbox and Hub Transport, the following components will be available for selection and installation: Management Console; Anti-Spam protection component; Anti-Virus for the Mailbox role; Anti-Virus for the Hub Transport and Edge Transport roles. If Microsoft Exchange Server is deployed to act just as an Edge Transport or Hub Transport only, the following components will be available for selection and installation: Management Console; Anti-Spam protection component; Anti-Virus for the Hub Transport and Edge Transport roles. If Microsoft Exchange Server is deployed to act as a Mailbox only, the following components will be available for selection and installation: Management Console; Anti-Virus for the Mailbox role; In all other cases, only the Management Console is available for installation. The full name for the default installation folder is displayed in the lower part of the window. To change the installation folder, click the Browse button and specify another location. The data storage folder is displayed below. The data folder contains the following items:
20
APPLICATION
SETUP
Anti-Virus database; Anti-Spam database; quarantined objects. If you suppose that the folder will occupy more space than the selected drive has available, you can click the Browse button to change the data folder location. Clicking the Reset button cancels the user-defined selection of components and restores the default selection. Clicking the Disk usage button opens the dialog containing information about free space available on local drives and required for installation of the selected components.
STEP 5. CONFIGURING CONNECTION TO MICROSOFT SQL SERVER The purpose of this step is to configure a connection to an SQL server. To create a database on the SQL server, you will need the local access rights for the computer where Kaspersky Security will be installed and administrator privileges on the SQL server. If SQL server is running on a domain controller, you must be a member of the Enterprise Admins and / or Domain Admins group. If you are using a remote connection to the SQL server, make sure that TCP/IP support is enabled in SQL Server Configuration Manager.
Configuring connection to Microsoft SQL Server In the Name of SQL server field specify the name (or IP address) of the computer and the SQL server instance. Clicking the Browse button next to that field allows you to select an SQL server within the current network segment. To create a database on the SQL server, you will have to choose an account that will be used to create the SQL database. The following options are available: Active account. Current user account will be used then. Other account. In that case you should enter the name and password for the specified user account. You can click the Browse button to select an account. SQL server browser must be started on the computer running the SQL server. Otherwise you will be unable to see the instance of the SQL server that you need. If Kaspersky Security is installed on an Edge Transport while the SQL server is running within a domain, there will be no way to establish a connection to the SQL server. In that case a local SQL server instance should be used.
Select an account for the operation of application service In the next window you will see an offer to choose the account that will be used to connect to the SQL server. The window contains two options: Local System Account. In that case the local system account will be used to establish a connection to the SQL server. Account. In that case you will have to specify the name and password for an account with the privileges sufficient to connect to the SQL server and start the application service.
STEP 6. COPYING FILES To proceed with the installation, press the Install button in the Setup Wizard window. It will initiate copying of the application files to the computer, registration of the components in the system, creation of the corresponding database on the SQL server and restarting some services of Microsoft Exchange Server.
21
ADMINISTRATOR'S GUIDE
GETTING STARTED. APPLICATION CONFIGURATION WIZARD Once the files are copied and the components are registered in the system, the Setup Wizard will display a notification informing about completion of the application setup. Clicking the Next button in the Setup Wizard will start the Application Configuration Wizard. Application Configuration Wizard will assist you in configuring the update settings, installing the license, and testing the application functionality. To start product configuration in the Application Configuration Wizard, click Next.
IN THIS SECTION Configuring updates ........................................................................................................................................................ 22 Installing a license key .................................................................................................................................................... 22 Notification settings ......................................................................................................................................................... 23 Configuring server protection .......................................................................................................................................... 23 Testing the application functionality ................................................................................................................................ 23
CONFIGURING UPDATES You can use the Update settings window of the Application Configuration Wizard to configure the updating settings of Kaspersky Security. To define the update settings, perform the following steps: 1.
Leave the box Enable automatic update checked, if you wish the application to update automatically according to the specified schedule.
2.
To connect to an update server of Kaspersky Lab through a proxy server, enable the option to Use proxy server and specify the corporate proxy address in the Proxy server address line.
3.
Define the proxy server port in the entry field. By default, port 8080 is used.
4.
To enable authentication with the proxy server, check the box Use authentication and enter in the Account and Password fields relevant information about the user account selected for that purpose.
5.
If you wish to download updates from a local corporate server directly, check the box Bypass proxy server for local addresses.
INSTALLING A LICENSE KEY In the Licenses window you can install a license for Kaspersky Security. To install a license, perform the following steps: 1.
Press the Add button.
2.
In the displayed File name dialog specify path to the key file (file with the *.key extension) and click Open. A license will be installed that allows you to use Kaspersky Security with unlimited functionality for specified period. Over the entire period when the license is active, you can download Antivirus and Anti-spam database updates and contact Kaspersky Lab on all the issues related to the use of the application.
22
APPLICATION
SETUP
Removing a license key To remove a license, click the Remove button.
NOTIFICATION SETTINGS The Notification settings window allows you to configure the notifications sent by email. Using notifications, you will always know in time of all the Kaspersky Security events. To define the notification settings, perform the following steps: 1.
In the Web-service address field specify the address of the web service that will be used to mail messages via Microsoft Exchange Server. By default, in the Microsoft Exchange Server it is the following address: https://<client_access_server>/ews/exchange.asmx
2.
Specify in the Account field any account registered on the Microsoft Exchange Server. To do that, click Browse or enter the account name manually.
3.
Type in the Password field the password for the selected account.
4.
In the Administrator address field specify the mail recipient's address.
5.
Click the Test button to send a test message. If the test message arrives in the specified mailbox, it means that delivery of notifications is configured properly.
CONFIGURING SERVER PROTECTION In the Protection settings window, you can configure the anti-virus and anti-spam protection.Anti-virus and anti-spam protection is enabled by default. To define the protection settings, perform the following steps: 1.
Leave the box Enable Anti-Virus protection to start the anti-virus protection.
2.
Leave the box Enable Anti-Spam protection to start the anti-spam protection. If you do not want anti-virus and anti-spam protection to start functioning immediately, uncheck the corresponding boxes. You can enable protection later using the Administration Console.
3.
Click Next to finish setting up the application options.
4.
Click the Finish button in the final window of Application Setup Wizard to quit the wizard.. If the Start Administration Console after Application Configuration Wizard completion flag is left checked, the Administration Console will start automatically.
TESTING THE APPLICATION FUNCTIONALITY After Kaspersky Security is installed and configured, you are advised to verify its settings and operation using a test "virus" and its modification.
23
ADMINISTRATOR'S GUIDE
The test "virus" was specifically designed by EICAR (The European Institute for Computer Antivirus Research) to test anti-virus products. The test "virus" is not a malicious program and it contains no code that can harm your computer. However, most anti-virus products identify it as a virus. You can download the test "virus" from the official web site of EICAR at: http://www.eicar.org/anti_virus_test_file.htm.
Testing the Anti-Virus functionality To send a message with the test "virus", perform the following steps: 1.
Create an email message with an attached EICAR test "virus".
2.
Send the message via Microsoft Exchange Server with installed Kaspersky Security and connected Security Server.
3.
Check to make sure that the delivered message contains no virus. If a virus is detected on a server functioning as a Mailbox, the deleted virus will be replaced with a text file. When a virus is detected on a server functioning as a Hub Transport, the application adds to the message subject the prefix: Malicious object deleted. After virus detection the mailbox that you have specified in the Notification Settings (see section "Configuring notifications" on page 23) window of the Initial Configuration Wizard should receive a notification about the intercepted virus.
To view the application report about the detected virus, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
Kaspersky Security 8.0 for Microsoft
2.
In the console tree to the left, select and open the node corresponding to the server which was supposed to process the message containing the "virus".
3.
Select the Reports node.
4.
In the details window to the right, click the Generate report button in the Quick reports and / or Anti-Virus report section.
5.
View the created report in the Ready reports section. To do that, double-click the necessary report to open it. If the report contains information about EICAR infection, the application is properly configured.
To receive the reports to an email address, perform the following steps: 1.
In the details window, use the Quick reports and / or Anti-Virus report sections to check the box Administrator to enable sending notifications to the address, which you have specified in the Notification Settings (see section "Configuring notifications" on page 23) window of the Application Configuration Wizard. If you have not specified the e-mail address in the Initial Configuration Wizard, click the link E-mail sending settings to set up notifications (see section "Configuring notifications" on page 23).
2.
To make sure that reports arrive in the specified mailbox, click the Test button to send a test message.
By default, the application saves a copy of an infected object in Backup. To check, whether a copy of an infected object has been saved in Backup, perform the following steps: 1.
In the console tree, select the node Backup.
2.
Check to make sure that the infected object (message with attached "virus") appears in the details window.
24
APPLICATION
SETUP
Testing the Anti-Spam functionality To test normal functioning of the Anti-Spam, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
Kaspersky Security 8.0 for Microsoft
2.
In the console tree to the left, select and open the node corresponding to the server which will be used to transfer the test message.
3.
Select the Server protection node.
4.
Select the Anti-Spam protection tab in the details window.
5.
Open the White and black list settings section.
6.
Check the box Add sender's address to black list.
7.
Type the sender's e-mail address in the entry line.
8.
Click the addition button
9.
Open the Scan settings section.
to the right of the field.
10. In the Blacklisted field, select Allow. 11. In the same field check the box Add label. 12. Send a message to the administrator's address through the protected mail server. If the message arrives with the [Blacklisted] label in the header, the Anti-Spam component functions correctly.
RESTORING THE APPLICATION If the application encounters a failure while running (for example, if its binary modules get damaged), you can use the restoration functionality provided in the installer. During restoration the installer will preserve the selected settings and user configuration including notifications, paths to the application databases, Quarantine, etc. To restore Kaspersky Security, perform the following steps: 1.
Start the setup_en.exe file.
2.
Click the link Kaspersky Security 8.0 for Microsoft Exchange Servers.
3.
Click the Next button in the welcome screen of the Initial Configuration Wizard.
4.
In the Change, Repair or Remove the application window click the Restore button.
5.
In the Restoring window, click the Repair button.
Restoration of the application will be impossible, if its configuration files are damaged. Removing and reinstalling the application is recommended then.
REMOVING THE APPLICATION To remove Kaspersky Security from a computer, perform the following steps: 1.
Start the setup_en.exe file.
25
ADMINISTRATOR'S GUIDE
2.
Click the link Kaspersky Security 8.0 for Microsoft Exchange Servers to start the Setup Wizard and click Next.
3.
In the Change, Repair or Remove the application window click the Remove button.
4.
In the Remove window click the Remove button.
You can also uninstall the application using the standard software management tools in Microsoft Windows. During Kaspersky Security removal some services of Microsoft Exchange Server will need a restart.
26
MANAGING KASPERSKY SECURITY LICENSES When you purchase Kaspersky Security, you enter into a license agreement with Kaspersky Lab. This agreement grants you the right to use the software you purchased to protect the specified number of mailboxes, and to have access to the attendant services, for a defined period. The anti-virus protection covers both mailboxes and public folders. Therefore, no additional license is needed to protect public folders when working in the Microsoft Exchange environment. When using the application on a cluster of servers, the license is valid for the whole cluster. The following features will be available to you during the license period: use the anti-virus functionality of the application; anti-spam functionality of the application; regular updates for the anti-virus and anti-spam databases; application updates; support on issues related to the installation, configuration and the use of the purchased software product, provided 24 hours a day, by phone or email. The application verifies the validity of the license agreement through the Kaspersky Security license key file, which is an integral part of any Kaspersky Lab product. Kaspersky Security will not work without a license key!
Active license The application can use only one active license key. This license key contains restrictions imposed on the use of Kaspersky Security, which the application verifies using its internal algorithms. If a violation of the terms and conditions of the license agreement is detected: the application functionality will be restricted; a record of the detected violation will be entered into the event logs; if the notification settings are configured, a notification about the violation will be issued and sent by email. You can manage the number of protected mailboxes excluding from the scan scope certain storages (see section "Creating a list of protected mailboxes and storages" on page 30) containing e-mail accounts that the application will not scan. You are advised to purchase a license able to protect all your mailboxes, as any unprotected storage areas increase the possibility of penetration and propagation of viruses via the email system. Once a commercial license expires, the application functionality will remain available, i. e. the application will continue anti-virus and anti-spam traffic scanning; however, database updates and application upgrades will no longer be provided as well as the opportunity to contact the Technical Support service for assistance. The application will continue anti-virus scanning of email traffic, and background scanning of storage areas, but will use outdated database versions. In this case, it is difficult to guarantee comprehensive protection against new viruses and spam, which may appear after the license expires. By default, a notification is sent when the application is running, fifteen days prior to the license expiration date. This message indicates when the currently installed license key will expire, and gives information about renewing a license. The date of the notification and its e-mail destination address can be changed (see section "Notification about license expiry" on page 29).
27
ADMINISTRATOR'S GUIDE
Additional license Once you have installed a commercial license, you can purchase an additional license for the product (see section "Distribution Kit" on page 12) including Kaspersky Security and install it. After the current license expires, the additional license becomes active and the application continues to function without changes. Thus you can ensure uninterrupted protection of your corporate mail servers. Kaspersky Security supports only one additional license.
Trial license You may use a trial license to evaluate the benefits of Kaspersky Security. If a trial license key has been used, upon its expiration the anti-virus functionality of the application will also be disabled in addition to the above limitations. Note that the validity period of a trial key starts from the moment when the first trial key is added. The validity period of all the subsequent trial keys will be adjusted in accordance with the validity period of the first key.
License restrictions In some cases (for example, if the sales contract was terminated or if the license agreement restrictions were changed), Kaspersky Lab terminates the license agreement with the user. In this case, the serial number of the license key will be added to the list of cancelled licenses, the so-called black list. If your active license is found in the black list, the reserve license will not be activated and the application will be disabled except for the management and anti-virus database updating services. If your license has been accidentally blacklisted, you are advised to update your databases and, if the error persists, contact the Technical Support Service.
IN THIS SECTION Viewing information about installed licenses ................................................................................................................... 28 Installing a license key .................................................................................................................................................... 29 Removing a license key .................................................................................................................................................. 29 Notification about license expiry ...................................................................................................................................... 29 Creating the list of protected mailboxes and storages ..................................................................................................... 30
VIEWING INFORMATION ABOUT INSTALLED LICENSES To view information on installed licenses, perform the following steps: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Licenses node. The details window will display information about installed licenses. The following information is displayed: Type - Describes the license key type. Owner. Identifies the license owner. Restrictions. Defines the number of user accounts (mailboxes) supported in the license. Expiration date. Indicates the date of license expiry. License key serial number. Displays the license serial number. Status. Displays the status of the current license.
28
MANAGING KASPERSKY SECURITY
LICENSES
INSTALLING A LICENSE KEY To install a license for Kaspersky Security, perform the following steps: 1.
In the Management Console, select the node Licenses.
2.
Click the Add button in the details window.
3.
In the displayed File name dialog specify path to the key file (file with the *.key extension) and click Open.
Once you have installed a commercial license, you can install an additional license. To install a reserve license, perform the following steps: 1.
Select the Licensing node in the Administration Console.
2.
In the details window, click the Add button in the Additional license section.
3.
In the displayed File name dialog specify path to the key file (file with the *.key extension) and click Open.
REMOVING A LICENSE KEY To remove a license for Kaspersky Security, perform the following steps: 1.
In the Management Console, select the node Licenses.
2.
In the details window, click the Remove button in the Active license or Additional license section.
NOTIFICATION ABOUT LICENSE EXPIRY The application verifies compliance with the license agreement after every database update. The check may return one of the following results: the active key expires within the next few days; the license has expired; the active license was found in the black list; In these cases the application logs an appropriate record and, provided that notifications are configured (see section "Configuring notification settings" on page 65), e-mails the information to the address specified in the settings. By default, a notification will be issued 15 days prior to the expiration of your license period. You can set up an earlier or a later notification date. To configure notifications about expiry of the license to use Kaspersky Security, perform the following steps: 1.
In the Management Console, select the node Licenses.
2.
In the details window, specify in the field Notify about license expiry in the number of days remaining until a license expires when you should be notified about the forthcoming expiry.
3.
Click the Save button.
29
ADMINISTRATOR'S GUIDE
CREATING THE LIST OF PROTECTED MAILBOXES AND STORAGES The application will protect the number of mail boxes specified in the active license. If this number is not sufficient, you must decide which mailboxes should be left unprotected and moved into storage areas not covered by anti-virus protection. By default, the application protects all public folders created on the protected mail server. You can remove protection from public folders if you think that their scan would be redundant. To remove protection from the mailbox storage or public folders storage: 1.
In the Administration Console select the Server protection node.
2.
On the Anti-Virus protection tab, open the Protection for mailboxes configuration section.
3.
In the Protected mailbox storages section check the boxes corresponding to the mailbox storages, which you wish to protect.
4.
In the Protected public folder storages section check the boxes corresponding to the public folder storages, which you wish to protect.
5.
To apply the changes, click the Save button.
The list includes all mailbox storage areas created on the protected Microsoft Exchange server. By default, the application protects the storages that already existed when the application was installed and all new storage areas.
30
APPLICATION INTERFACE The user interface of the application is provided by the Microsoft Management Console (MMC) component. The Management Console is a dedicated isolated facility integrated into MMC.
IN THIS SECTION Main window ................................................................................................................................................................... 31 Context menu .................................................................................................................................................................. 33
MAIN WINDOW Main window of the Administration Console contains (see figure below): Toolbar. It is displayed in the upper part of the main window. The buttons on the toolbar allow direct access to some frequently accessed features of the application. Menu. It is displayed right above the toolbar. The menu provides management functions for files and windows, as well as access to the help system. Console tree. It is located in the left part of the main window. The console tree displays connected Security Servers and the settings of Kaspersky Security. Connected servers and the settings of Kaspersky Security are listed as nodes. You can open parent nodes by clicking the corresponding plus sign. An open node is displayed with the minus sign next to it. Details window. It is located in the right part of the main window. The window displays the contents of the node selected in the tree.
31
ADMINISTRATOR'S GUIDE
Figure 1. Main application window
The topmost node of the console tree is Kaspersky Security 8.0 for Microsoft Exchange Servers. Double-clicking it in the console tree with the mouse opens the list of connected servers running installed Kaspersky Security. The details window also displays connected servers and the Add server button. Left-clicking the connected server node with the mouse displays in the results window general information about protection components installed on the selected server, license type and the application installation folder. Clicking the plus sign next to a connected server opens in the console tree the list of configurable Kaspersky Security settings for that server. You can view and configure the following settings of Kaspersky Security: Server protection – used for viewing and editing the settings for anti-virus and anti-spam protection. Updates – used for viewing and editing the settings for anti-virus and anti-spam database update. Notifications – used for viewing and editing the settings for Email notifications. Backup – used for Backup storage viewing. Reports – used for viewing and editing the settings for anti-virus and anti-spam reports. Settings – used for viewing and editing the settings for notifications, Backup, reporting and statistics. Licenses – used to install or remove licenses and review information about the current license. Selection of any node in the console tree displays in the details window the corresponding configurable settings of that node.
32
APPLICATION
INTERFACE
CONTEXT MENU Each category of objects in the console tree has its own context menu, which opens by right-clicking on the object. In addition to the standard Microsoft Management Console (MMC) commands, this context menu contains commands used for handling particular objects. You can use the context menu to perform the following operations: Add server. In the Administration Console tree, right-click the Kaspersky Security 8.0 for Microsoft Exchange Servers node. Select the Add server command from the context menu. Enable snap-in diagnostics. In the Administration Console tree, right-click the Kaspersky Security 8.0 for Microsoft Exchange Servers node. Select in the context menu the command to Enable snap-in diagnostics. Remove a connected server. In the Administration Console tree, right-click the connected server node. Select the Delete command in the context menu.. Update the Anti-Virus and the Anti-Spam databases. In the Administration Console tree, right-click the Update node. Select in the context menu the command to Update the anti-virus database or Update Anti-Spam database. Configure the settings for delivery of notifications. In the Administration Console tree, right-click the Notifications or the Reports node. Select in the context menu the command to E-mail sending settings.
33
APPLICATION START AND STOP Kaspersky Security is started automatically when Microsoft Exchange Servers loads, at Microsoft Windows startup, when a message passes the protected Microsoft Exchange Server and when the Administration Console connects to the Security Server. If anti-virus protection of the server is enabled (see figure below), it will start immediately after the Microsoft Exchange Server is launched.
Figure 2. Enabling server protection
To enable anti-virus protection on a connected Microsoft Exchange server, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
2.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
3.
Select the Server protection node.
4.
On the Anti-Virus protection tab of the details window, open the Scan settings section.
34
Kaspersky Security 8.0 for Microsoft
APPLICATION
START AND STOP
5.
Check the boxes enabling anti-virus protection for all roles of that Microsoft Exchange Server.
6.
Click the Save button.
7.
To disable protection, uncheck all the anti-virus protection boxes and click the Save button.
8.
You can leave protection enabled for specific roles of Microsoft Exchange Server. To do that, check the boxes enabling anti-virus protection for the selected roles of Microsoft Exchange Server. Click the Save button.
To enable anti-spam protection on a connected Microsoft Exchange server, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
Kaspersky Security 8.0 for Microsoft
2.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
3.
Select the Server protection node.
4.
On the Anti-Spam protection tab of the details window, open the Scan settings section.
5.
Check the box Anti-spam mail scanning.
6.
To disable anti-spam protection of the server, uncheck the box Anti-spam mail scanning.
7.
Click the Save button.
To stop Kaspersky Security, perform the following steps: 1.
Disable the anti-virus and anti-spam protection using the Administration Console (see above).
2.
Stop Kaspersky Security service and set it to the Disabled startup type.
To start the application after automatic startup has been disabled for the Kaspersky Security perform the following steps: 1.
Make sure that Kaspersky Security service is configured for Automatic startup.
2.
Enable the anti-virus and anti-spam protection using the Administration Console (see above).
35
DEFAULT MICROSOFT EXCHANGE SERVER PROTECTION STATUS The anti-virus and anti-spam protection of the Exchange server starts immediately after the Security Server component is installed. The default operation mode of the application in this case is as follows: The application will scan objects for the presence of currently known malicious software: the body of the message, and attached objects in any format, will be scanned, except for container objects with a nesting level above 32. the maximum time for scanning an object is 180 seconds; Selection of the operation performed upon detection of an infected object depends upon the role of the Microsoft Exchange server where the object was found. When an infected object is detected on a server functioning as a Hub Transport or Edge Transport, the object will be deleted automatically and the application saves a copy of the message in Backup and the prefix [Malicious object deleted] will be added to the corresponding message subject. When an infected object is detected on a server functioning as a Mailbox, the application saves a copy of the object (attachment or message body) in Backup storage, and attempts to disinfect the object. If disinfection is impossible, the application deletes the object and replaces it with a text file containing a notification in the following format: Malicious object <VIRUS_NAME> has been detected. The file (<OBJECT_NAME>) was deleted by Kaspersky Security 8.0 for Microsoft Exchange Servers. Server name: <server_name> When a protected or corrupted object is found, the application by default skips such object. Users can select the Delete operation for these categories of objects. In that case the application saves a copy of the message in Backup. The application protects the content of public folders and email messages stored on the server. Anti-spam mail filtering is performed. By default, low intensity level of anti-spam scanning is used. The level provides an optimal combination of scanning performance and quality: "Allow" operation is used to handle all messages; however, mail with the "Spam" verdict will bear a special [!!Spam] label. The "Probable Spam" verdict is enabled. Messages with that verdict will receive the [!!Probable Spam] label. Maximum duration of single message scan is 30 seconds. Maximum size of an object to scan â&#x20AC;&#x201C; 300 KB. External services are used to check the IP addresses and URLs: DNSBL and SURBL. These services allow spam filtering using public black lists of IP addresses and URLs. UDS-service (see section Using external services for spam processing on page 55) is enabled. If during installation the update procedure for Kaspersky Security databases has been enabled, updates will be downloaded regularly from the update servers of Kaspersky Lab using the settings specified in the Application Configuration Wizard.
36
GETTING STARTED The applicationâ&#x20AC;&#x2122;s operation can be controlled from the administrator's workstation, through Management Console. You can connect to the Administration Console any number of Security Servers and manage them both locally and remotely.
IN THIS SECTION Starting: Administration Console ..................................................................................................................................... 37 Creating the list of protected Microsoft Exchange servers .............................................................................................. 37 Connecting the Administration Console to the Security Server ....................................................................................... 39
STARTING: ADMINISTRATION CONSOLE To start the Administration Console, perform the following steps: 1.
In the Start menu, select Programs.
2.
Select Kaspersky Security 8.0 for Microsoft Exchange Servers from the list of programs.
3.
Click Administration Console.
When the Administration Console starts, Kaspersky Security snap-in connects to MMC, so the console tree displays the application icon and the node of Kaspersky Security 8.0 for Microsoft Exchange Servers. The console tree also displays the node of the local Security Server (if it has been installed) connected to the console.
CREATING THE LIST OF PROTECTED MICROSOFT EXCHANGE SERVERS You can create a list of protected Microsoft Exchange servers. To do that, each of the Microsoft Exchange servers that you wish to protect must have the Security Server installed. You can add either the local computer (see figure below) or any protected Exchange server within the network to this list. A connection between the Management Console and the Kaspersky Security can also be established immediately after adding a server. To add a Security Server of Kaspersky Security to the list of protected servers, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
2.
Select the node Kaspersky Security 8.0 for Microsoft Exchange Servers in the console tree.
3.
Select in the context menu of the node the command to Add server or the corresponding item in the Action menu. You can also click the Add server button in the details window.
37
Kaspersky Security 8.0 for Microsoft
ADMINISTRATOR'S GUIDE
Figure 3. Adding a Security Server
4.
Select one of two suggested options: Local computer. Then you will add the Security Server running on the local computer. Custom server. In that case you can connect a Security Server installed on a remote Microsoft Exchange server. To connect to a Security Server located on a remote computer, you should add the Kaspersky Security service to the trusted applications list of the remote computer's firewall, or allow RPC connection.
5.
If you have selected the Custom server option, type its name in the entry field. You can enter the name manually, by specifying one of the following: IP address; fully-qualified domain name (FQDN) in the format <Computer name>.<DNS-domain name>; the computer name in the Microsoft Windows network (NetBIOS name); or select the computer using the Browse button.
6.
Click OK.
38
GETTING
STARTED
You can configure the settings of Kaspersky Security individually for every connected server.
CONNECTING THE ADMINISTRATION CONSOLE TO THE SECURITY SERVER After Kaspersky Security installation the Administration Console will be connected automatically to the local Security Server; the Server will appear then in the Administration Console tree. To connect to a Security Server located on a remote computer, you should add the Kaspersky Security service to the trusted applications list of the remote computer's firewall, or allow RPC connection. To connect to remote server, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
Kaspersky Security 8.0 for Microsoft
2.
Select the node Kaspersky Security 8.0 for Microsoft Exchange Servers in the console tree.
3.
Use the Add server command from the context menu or the corresponding command in the Action menu. You can also click the Add server button in the details window.
4.
Select in the displayed window the Custom server option and click the Browse button to specify its name in the entry field. You can enter the name manually. To do that, specify one of the following: IP address; fully-qualified domain name (FQDN) in the format <Computer name>.<DNS-domain name>; the computer name in the Microsoft Windows network (NetBIOS name);
5.
Click OK.
39
UPDATING THE ANTI-VIRUS AND ANTISPAM DATABASES Kaspersky Lab provides all its users with the opportunity to update (see figure below) Kaspersky Security anti-virus databases, which are used to detect malicious programs, and to disinfect infected objects. The database files contain a description of all currently known malware and methods of disinfection of infected objects, and also a description of potentially dangerous software. The Anti-Spam database is regularly updated, too. To maintain the highest efficiency of anti-spam filtering on a server, you are advised to configure updating of the Anti-Spam database with the minimum interval of five minutes. It is extremely important to keep all databases up-to-date. You are advised to update your databases immediately after your application is installed, because the databases included in the distribution kit will be out of date by the time you install your application. The anti-virus databases on Kaspersky Lab's update servers are updated every hour. The Anti-Spam database is updated every five minutes. You are advised to set up automatic updates to run with the same frequency (on page 42).
Figure 4. Anti-virus database update
40
UPDATING
THE
ANTI-VIRUS
AND
ANTI-SPAM
DATABASES
The Kaspersky Security databases can be updated from the following sources: from Kaspersky Lab's update servers on the Internet; from a local updates source, such as a local or a network folder; from another HTTP or FTP server, such as your Intranet server. The updating is performed either manually or automatically, according to a schedule. After the files are copied from the specified update source, the application automatically connects to the new databases, and uses them to scan mail for viruses and spam.
IN THIS SECTION Manual update ................................................................................................................................................................ 41 Automatic database updating .......................................................................................................................................... 42 Selecting the updates source .......................................................................................................................................... 43 Editing the connection settings ........................................................................................................................................ 43
MANUAL UPDATE To view the information about updates to the anti-virus databases and update them, if necessary, perform the following steps: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open the Anti-virus database update parameter sections. Information about database update contains the following data: Result of the last update. Information about the database update status. Database release date. Time when the database currently used in the application was made available on the server of Kaspersky Lab (UTC). Records. The number of virus signatures in the current anti-virus database.
4.
In the Run mode dropdown list, select the Manually element.
5.
Press the Launch the update button.
6.
To stop the update procedure, click the Stop button.
To view the information about updates to the anti-spam databases and update them, if necessary, perform the following steps: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open the Anti-Spam database update parameter sections.
41
ADMINISTRATOR'S GUIDE
Information about database update contains the following data: Result of the last update. Information about the database update status. Database release date. Time when the database currently used in the application was made available on the server of Kaspersky Lab (UTC). 4.
In the Run mode dropdown list, select the Manually element.
5.
Press the Launch the update button.
6.
To stop the update procedure, click the Stop button.
AUTOMATIC DATABASE UPDATING To enable automatic updating of the anti-virus databases, perform the following steps: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open the Anti-virus database update group of settings in the details window.
4.
Select one of the options from the Run mode dropdown list: Periodically. Use the entry field every N minutes, hours, days to define the frequency of future updates. Daily. Define precise time in HH:MM format (UTC). On selected day. Check the boxes next to the days of the week, when you would like to update the database and also specify the update time.
5.
Click the Save button.
6.
To stop the update procedure, click the Stop button. You can only stop the update in progress. The next update will be performed according to the schedule.
To enable automatic updating of the Anti-Spam databases, perform the following steps: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open the Anti-Spam databases update group of settings in the details window.
4.
Select one of the options from the Run mode dropdown list: Periodically. Use the entry field every N minutes, hours, days to define the frequency of future updates. Daily. Define precise time in HH:MM format (UTC). On selected day. Check the boxes next to the days of the week, when you would like to update the database and also specify the update time.
5.
Click the Save button.
6.
To stop the update procedure, click the Stop button. You can only stop the update in progress. The next update will be performed according to the schedule.
42
UPDATING
THE
ANTI-VIRUS
AND
ANTI-SPAM
DATABASES
SELECTING THE UPDATES SOURCE To choose an Anti-Spam database update source: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open the Anti-virus database update group of settings in the details window. Kaspersky Lab's update servers, if you wish to download updates from the servers of Kaspersky Lab. HTTP server, FTP server, local or network folder, if you wish to download updates from any of these sources.
4.
Specify in the entry field the address of the corresponding server, a local or network folder.
5.
Click the Save button.
To choose an Anti-virus database update source: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open the Anti-Spam database update group of settings in the details window. Kaspersky Lab's update servers, if you wish to download updates from the servers of Kaspersky Lab. HTTP server, FTP server, local or network folder, if you wish to download updates from any of these sources.
4.
Specify in the entry field the address of the corresponding server, a local or network folder.
5.
Click the Save button.
EDITING THE CONNECTION SETTINGS To view or modify the network connection settings, perform the following steps: 1.
Start the Administration Console of the application.
2.
In the Administration Console tree select the necessary server node and then the Updates node.
3.
Open in the details window the Connection settings group of settings.
4.
If you connect to the internet using a proxy server, check the Use proxy server box and specify the proxy server address and number of the port used for connection. Default proxy port number is 8080.
5.
If you use a password to access the proxy server, specify the proxy user authentication settings. To do this, check the Use authentication box and fill in the Account and Password fields.
6.
If you wish to download updates from a local corporate server directly, check the box Bypass proxy server for local addresses.
7.
Specify the timeout duration in the Connection timeout field. The default connection timeout is 60 seconds. By default, the timeout is set to 60 seconds.
43
ANTI-VIRUS PROTECTION One of the main purposes of Kaspersky Security is anti-virus scanning of mail traffic, messages in mailboxes and public folders as well as disinfection of infected objects using the current (latest) version of its databases. All email messages arriving at the Microsoft Exchange server are scanned in real time. Both incoming and outgoing email traffic are processed, as are all transit email messages. You can perform the following operations with the messages containing malicious objects: Skip a message with the malicious object, which it contains. Delete malicious object but allow the message to pass. Delete the message together with the malicious object. When a malicious object gets deleted on a server functioning as a Mailbox, the deleted object will be replaced with a text file containing the name of the malicious object, date of the database used to detect the object and the name of the Microsoft Exchange server where the object was detected. When a malicious object is detected on a server functioning as a Hub Transport, the application adds to the message subject the prefix: Malicious object deleted. When traffic scan mode is enabled, the application remains loaded in the computer's RAM, and the E-mail Interceptor analyzes email traffic received from the Microsoft Exchange server and transfers it to the Anti-Virus Scan Subsystem. The Anti-Virus Scan Subsystem processes each email message based on its current settings: it scans and analyzes the message using the anti-virus database; if an email message or its part is infected, the application processes the detected object in accordance with the selected settings; before processing, a copy of the object can be saved in the Backup storage. If anti-virus protection of the server is enabled, traffic scans will start and stop simultaneously with the startup and stopping of the Microsoft Exchange Server. Kaspersky Security does not scan messages created by protected users in the Public folders of unprotected Microsoft Exchange servers. If messages are transferred from the Public folders of an unprotected area to a protected one, the application will scan them. During data replication between protected and unprotected storages, any changes made by the application as a result of the anti-virus scan are not synchronized. Email messages which are stored on the server, and the contents of public folders, are also rescanned on a regular basis using the latest version of the anti-virus database (if the background storage scan is enabled (see section "Background scan" on page 48)). Using background scan mode decreases the load on the servers during busy hours, and increases the security level of the email infrastructure in general. Background scans can be launched either automatically (using a schedule), or manually. Operation of the application in background scan mode may slow down the operation of Microsoft Exchange Server: therefore it is best to use it during periods of minimum load on mail servers, for example at night. When background scan mode is enabled, the Internal Application Management Module will receive all email messages located in public folders and protected storage areas from the Microsoft Exchange server, in accordance with the current settings. If a message has not been analyzed using the latest anti-virus database, it will be sent to the anti-virus component for processing. Objects are processed in background mode in the same way as in traffic scan mode. The application analyzes the message body and attached files in any format. It must be remembered that Kaspersky Security differentiates simple objects, such as executable files, or messages with a simple attachment, from containers, which consist of several objects (such as an archive, or a message with an attachment).
44
ANTI-VIRUS
PROTECTION
When scanning multivolume archives, Kaspersky Security treats and processes each volume as a separate object. In this case, the Kaspersky Security can detect malicious code only if the code is fully located in one of the volumes. If a virus is also divided into parts between volumes, it cannot be detected when only part of the data is loaded. In this situation, the malicious code may propagate after the object is restored as one entity. Multiple-volume archives can be scanned after they are saved to the hard drive by the anti-virus application installed on the user's computer. If necessary, you can define a list of objects that should not be scanned for viruses. The following types of objects can be excluded from the scan scope: archives, all containers with the nesting level above the specified value, files matching specified masks. Files over 1 MB will be saved to the working folder Store for processing. The Store folder is located in the data folder of the application. The Store folder and the temporary file storage folder TMP must be excluded from the scan scope of any anti-virus applications operating in the enterprise local network.
IN THIS SECTION Enabling and disabling anti-virus server protection ......................................................................................................... 45 Creating rules for object processing ................................................................................................................................ 46 Scanning attached archives and containers .................................................................................................................... 47 Creating scanning exclusions.......................................................................................................................................... 47 Configuring protection settings for mail accounts ............................................................................................................ 48 Background scan ............................................................................................................................................................ 48
ENABLING AND DISABLING ANTI-VIRUS SERVER PROTECTION If the anti-virus server protection is enabled, anti-virus scanning of the email traffic will be started or stopped at the same time as Microsoft Exchange Server. If the anti-virus protection settings specify background scanning of storage areas (see section "Background scan" on page 48), scanning can be launched manually or according to the schedule. Please note that disabling the anti-virus server protection considerably increases the risk of malware penetrating the email system. You are advised not to disable anti-virus protection for long periods of time. To enable or disable anti-virus protection, perform the following steps: 1.
Launch Kaspersky Security using the menu Start Exchange Servers Administration Console.
Programs
2.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
3.
Select the Server protection node.
4.
On the Anti-Virus protection tab of the details window, open the Scan settings section.
5.
Check the boxes enabling anti-virus protection for all roles of that Microsoft Exchange Server.
6.
Click the Save button.
7.
To disable protection, uncheck all the anti-virus protection boxes and click the Save button.
8.
You can leave protection enabled for specific roles of Microsoft Exchange Server. To do that, check the boxes enabling anti-virus protection for the selected roles of Microsoft Exchange Server. Click the Save button.
45
Kaspersky Security 8.0 for Microsoft
ADMINISTRATOR'S GUIDE
If you need to disable the Kaspersky Security service manually, perform the following actions: 1.
Disable the anti-virus protection using the Management Console (see above).
2.
Stop Kaspersky Security service and set it to the Disabled startup type.
To start the application after automatic startup has been disabled for the Kaspersky Security, perform the following steps: 1.
Make sure that Kaspersky Security service is configured for Automatic startup.
2.
Enable anti-virus protection using the Management Console (see above).
CREATING RULES FOR OBJECT PROCESSING Object processing rules allow you to select the operation used to handle every type of objects. Following an anti-virus scan, each object is assigned a status which can take the following values: Infected - object contains at least one known virus. Clean â&#x20AC;&#x201C; the object contains no viruses. Protected - the object is password-protected. Corrupted - object is corrupted. To create an object processing rule, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Virus protection tab of the details window, open the Scan settings section.
4.
In the Objects processing rules section use the Infected object dropdown list to select the action: Allow. Allow the message and attached objects to pass unchanged. Delete the object. Delete infected object but allow the message to pass. Delete the message. Delete messages containing an infected object with all attachments.
5.
In the Protected object dropdown list, select the action: Allow. Password protection may prevent anti-virus scanning of protected objects. Select the option to Allow, if you wish to skip such objects. Delete the message. Select this option if you want to delete password-protected objects. The message will be deleted completely.
6.
In the Corrupted object dropdown list, select the action: Allow. Select this option, if you wish to skip such objects. Delete the message. Select this option to delete corrupted objects.
To ensure that a copy of the object is saved to backup storage before the object is processed, check the box Save a copy of the object in the backup storage.
46
ANTI-VIRUS
PROTECTION
SCANNING ATTACHED ARCHIVES AND CONTAINERS To configure scanning of nested archives and containers, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
In the details window, open on the Anti-Virus protection tab the section Rules for exclusion from the scan scope.
4.
Check the box Scan archives, if you want the application to scan archives.
5.
Check the box Scan containers with the nesting level not more than and specify the nesting level value for containers in the entry field. Maximum nesting level is 128.
You can disable scanning of attachments to optimize the operation of Kaspersky Security, decrease the server load and improve traffic processing performance. To do that, uncheck the boxes Scan archives and Scan nested containers. It is not recommended to disable scanning of attachments for a long while, since they may contain viruses and other malicious objects.
CREATING SCANNING EXCLUSIONS To decrease the load on the server imposed by anti-virus scanning, you can limit the list of objects to be scanned. These scanning restrictions will apply both to the email traffic scan, and to the background storage scan. To decrease the load on server, you can disable scanning of archives and containers (see section "Scanning attached archives and containers" on page 47) and specify the masks for files, which will be skipped and the recipients whose mail will be allowed to pass without scanning. To exclude files from scanning using file masks, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
In the details window, open on the Anti-Virus protection tab the section Rules for exclusion from the scan scope.
4.
Check the Do not scan files matching the masks box.
5.
Input in the entry field the mask for the files which will not be scanned. Examples of allowed masks: *.txt - all files with the *.txt extension, for example, readme.txt or notes.txt. readme.??? â&#x20AC;&#x201C; all files named readme with an extension of three characters, for example, readme.txt or readme.doc; test - all files without extension named test.
6.
Click the masks.
button to the right of the field to add the mask from the entry field to the general list of the excluded
7.
Click the Save button.
47
ADMINISTRATOR'S GUIDE
To exclude from the scan scope messages for the selected recipients, perform the following steps: 1.
Check the Do not scan messages for the recipients box.
2.
Specify in the entry field the address of the recipient whose incoming mail will not be scanned.
3.
Click the
4.
To export the list of recipients to a file, click the
5.
In the displayed window, enter the file name in the File name field and click the Save button.
6.
To import a list of recipients in the application, click the
7.
In the displayed window, specify in the File name field the file containing the list of exclusions and click Open.
8.
Click the Save button.
button to the right of the field to add the address to the trusted list. button.
button.
CONFIGURING PROTECTION SETTINGS FOR MAIL ACCOUNTS To enable selective protection of mailboxes, perform the following steps: 1.
In the Administration Console select the Server protection node.
2.
On the Anti-Virus protection tab, open the Protection for mailboxes configuration section.
3.
In the Protected mailbox storages section check the boxes corresponding to the mailbox storages, which you wish to protect.
4.
In the Protected public folder storages section check the boxes corresponding to the public folder storages, which you wish to protect.
5.
To apply the changes, click the Save button.
The list includes all mailbox storage areas created on the protected Microsoft Exchange server. By default, the application protects the storages that already existed when the application was installed and new storage areas.
BACKGROUND SCAN Kaspersky Security performs background anti-virus scanning of the mail stored on server and the content of public folders with user-defined settings. The application checks all public protected folders and mail storage areas. Only those messages which have not been scanned using the current version of the Kaspersky Security database will be scanned. The application scans message bodies and attached files using the general anti-virus scan settings. Background scanning is available only if Microsoft Exchange Server deployed as in Mailbox mode. The application scans public folders and email boxes only in protected storage areas. To ensure that Kaspersky Security scans the email messages stored on the server and the content of public folders: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Virus protection tab of the details window, open the Protection for mailboxes section.
48
ANTI-VIRUS
4.
PROTECTION
In the Background scan section, use the Schedule dropdown list to select the option that suits you best: Manually. Users will start background scanning manually. Daily. Specify precise scan time in the entry field in HH:MM format. On selected day. Check the boxes next to the days of the week, when you would like to perform the background scan, and precise time when the procedure should start - in the entry field in HH:MM format. Monthly. Use the arrows to specify the day of the month for scanning and input the time in the time entry field in HH:MM format.
5.
Enable the option to Scan message body to check message bodies during background scanning.
6.
Check the box Scan recent messages only, to scan just the mail that has arrived within the specified time interval before the background scan.
7.
Specify the number of days in the entry field Scan messages received not later than N days until background scan. Maximum number of days is 364.
8.
Check the box Limit the scan time and define the necessary value for the setting Stop the scan in N hours after scan start to optimize the procedure duration.
9.
To apply the changes, press the Save button.
10. To launch the scan immediately, press the Start scan button. 11. After start you can stop the background scan by clicking the Stop button. Background scanning start and stop actually occur within a minute after the corresponding buttons are pressed.
49
ANTI-SPAM PROTECTION Main purposes of Kaspersky Security include filtering of unwanted messages (spam) in the mail traffic passing a relay server. The Anti-Spam component filters e-mail during its arrival via SMTP, i.e. before the mail appears in the mailboxes of the users. Anti-spam checks are used with the following data types: internal and external traffic via SMTP using anonymous authentication on the server; messages arriving on the server through anonymous external connections (edge server). Anti-spam checks are not used with the following data types: internal corporate traffic; external traffic arriving on the server during authenticated sessions. You can enable scanning of such traffic manually (see section "Using additional Anti-Spam functionality" on page 56). Each e-mail is checked for the presence of spam signs. To do that, the application first checks various message attributes: the sender's and recipients addresses, message size, headers (including From and To). Second, it uses content-based filtration analyzing the actual message content (including the Subject header) and attached files. The application uses unique linguistic and heuristic algorithms based on comparison with sample messages and in-depth analysis of the text, layout and other e-mail attributes. After filtering the application produces one of the following verdicts for the inspected messages: Spam. The application unambiguously recognizes the message as spam. Probable spam. The message may contain spam. Formal notification. An automatic message informing, for example, about mail delivery to the recipient. Object contains no spam. The message has been checked and contains no spam. Blacklisted. E-mail or IP address of message sender is present in the black list of addresses. Administrators can use available flexible settings to choose the type of operation that will be applied to messages with each possible status. The following operations are available for mail handling: Allow. Deliver a message to the recipient without changes. Reject. If you select this operation, the sending server will receive in response a return code informing about an error during message delivery (error code 500). The message will not be delivered to the recipient. Delete. If you select this operation, the sending server will receive in response a notification about message delivery (code 250); however, the message will not be delivered to the recipient. Add SCL value. The application will assign to messages the rating indicating the probability of spam content inside (SCL, Spam Confidence Level). SCL rating can be a number ranging from -1 to 9. Higher SCL rating means higher probability of spam content in a message. To calculate SCL rating, spam rating of a message received after its analysis is divided by 10. The value thus obtained is the SCL rating. If the calculated value exceeds 9, SCL rating is assumed to be equal to 9. Add label. E-mail messages recognized by Kaspersky Security as spam or potential spam are tagged with special [!!SPAM], [??Probable Spam] or [!!Blacklisted] labels in the Subject field. The labels can be modified.
50
ANTI-SPAM
PROTECTION
Furthermore, the application supports flexible configuration of anti-spam analysis intensity. The following intensity levels are available: Maximum. This intensity level should be used if you receive spam frequently. When you select this level, the frequency of false positives rises: that is, useful mail is more often recognized as spam. High. This level is considered as optimal by the experts at Kaspersky Lab as regards anti-spam protection. This level should be used in most cases. Low. This intensity level offers slightly lower protection compared to high level. The level provides an optimal combination of scanning performance and quality. Minimum. This intensity level should be used if you receive spam rarely. By default the application uses Low intensity level of anti-spam protection. You can increase or decrease the level. Depending upon the specified intensity level, the Spam or Probable spam status will be assigned to the scanned messages in accordance with the spam rating received after analysis. Table 2.
Correspondence between the intensity levels and the spam rating thresholds used to assign the Spam and Probable spam status.
INTENSITY LEVEL
PROBABLE SPAM
SPAM
Maximum
50
75
High
50
80
Low
60
90
Minimum
80
100
To ensure more thorough anti-spam filtration, the application supports by default external DNSBL and SURBL services and user-defined DNSBL and SURBL lists. SURBL is a list of hyperlinks to the resources advertised by spam senders. DNSBL is a public list of IP addresses known to generate spam. DNSBL and SURBL are updated with the Anti-Spam database every five minutes. The application calculates spam rating for messages taking into account the responses from DNSBL and SURBL servers. Spam rating is an integer ranging from 0 to 100. During spam rating calculation the application considers the weight assigned to each responding DNSBL and SURBL server. If the summarized rating of the servers that have responded exceeds 100, spam rating of such message will be increased by 100. If it is smaller, spam rating will not be increased. Kaspersky Security allows using a dynamic DNS client. Dynamic DNS client detects potential participation of a sender's IP address in a botnet using reverse lookup of its DNS. The functionality can be used provided that the protected SMTP server has no xDSL or dial-up users. You can enable the SPF technology for anti-spam processing. SPF (Sender Policy Framework) allows validation of the sender's domain to make sure it is not forged. Domains use SPF to authorize certain computers to send mail on their behalf. If message sender is not included into the list of authorized senders, such mail will not be accepted.
IN THIS SECTION Configuring the anti-spam analysis ................................................................................................................................. 52 Creating the black and white lists of senders .................................................................................................................. 52 Advanced Anti-Spam configuration ................................................................................................................................. 54 Using external services for spam processing .................................................................................................................. 55 Using additional Anti-Spam functionality ......................................................................................................................... 56
51
ADMINISTRATOR'S GUIDE
CONFIGURING THE ANTI-SPAM ANALYSIS To configure the anti-spam scanning settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Spam protection tab of the details window, open the Scan settings section.
4.
Check the box Anti-spam mail scanning, if you wish to scan incoming mail using the Anti-Spam component.
5.
Use the slider to set the Intensity level of anti-spam analysis. Kaspersky Security uses four intensity levels to filter messages: Maximum. This intensity level should be used if you receive spam frequently. When you select this level, the frequency of false positives rises: that is, useful mail is more often recognized as spam. High. This level is considered as optimal by the experts at Kaspersky Lab as regards anti-spam protection. This level should be used in most cases. Low. This intensity level offers slightly lower protection compared to high level. The level provides an optimal combination of scanning performance and quality. Minimum. This intensity level should be used if you rarely receive spam, for example, if you are working in protected corporate e-mail environment.
6.
In the Rules for spam processing section select one of the operations available for each of the verdicts: Allow. The message will be delivered to recipients unchanged. Reject. If you select this operation, the sending server will receive in response a return code informing about an error during message delivery (error code 500). The message will not be delivered to the recipient. Delete. If you select this operation, the sending server will receive in response a notification about message delivery (code 250); however, the message will not be delivered to the recipient.
7.
Specify other operations that you wish to perform with the mail. To do that, selectively check the following boxes as necessary: Add SCL value. The application will add to the message the rating indicating the probability of spam content in it (SCL, Spam Confidence Level). SCL rating can be a number ranging from -1 to 9. Higher SCL rating means higher probability of spam content in a message. Save a copy. Copy of the message can be saved in the Backup storage. Add label. E-mail messages recognized by Kaspersky Security as spam, potential spam or blacklisted mail are tagged with special [!!SPAM], [??Probable Spam] or [!!Blacklisted] labels in the Subject field. The labels can be modified.
CREATING THE BLACK AND WHITE LISTS OF SENDERS You can create lists of senders whom you trust (white list) or do not trust (black list). You may specify an e-mail or an IP address of the sender. Once you have created the list, click the Save button to apply the changes.
52
ANTI-SPAM
PROTECTION
To configure theblack and white lists, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Spam protection tab of the details window, open the White and black list settings configuration section.
Creating the black and white lists of mail addresses To create the white list of senders, perform the following steps: 1.
Check the box Add sender's address to white list.
2.
In the entry field specify the address of the sender whose mail will not be checked by the Anti-Spam component.
3.
Click the
4.
To delete a selected record from the list, click the
5.
To export the list to a file, click the
6.
To import the list from a file, click the
button to add to the list the record from the entry field. button.
button. button.
To create the black list of senders, perform the following steps: 1.
Check the box Add sender's address to black list.
2.
Specify in the entry field the address of the sender whose mail will be recognized as spam.
3.
Click the
4.
To delete a selected record from the list, click the
5.
To export the list to a file, click the
6.
To import the list from a file, click the
button to add to the list the record from the entry field. button.
button. button.
Creating the black and white lists of sender IP addresses To create the white list of IP addresses, perform the following steps: 1.
Check the box for the Add the sender's address to the white list of IP addresses setting.
2.
Enter in the IP address entry field the sender whose mail will not be checked by the Anti-Spam component.
3.
Click the
4.
To delete a selected record from the list, click the
5.
To export the list to a file, click the
6.
To import the list from a file, click the
button to add to the list the record from the entry field. button.
button. button.
53
ADMINISTRATOR'S GUIDE
To create the black list of IP addresses, perform the following steps: 1.
Check the box for the Add the sender's address to the black list of IP addresses setting.
2.
Specify in the entry field the IP-address of the sender whose mail will be recognized as spam.
3.
Click the
4.
To delete a selected record from the list, click the
5.
To export the list to a file, click the
6.
To import the list from a file, click the
button to add to the list the record from the entry field. button.
button. button.
Creating the white list of recipients' addresses To add recipients to the white list, perform the following steps: 1.
Check the box for the Add recipient's address to white list setting.
2.
Enter in the SMTP address entry field the recipient whose incoming mail will not be checked by the Anti-Spam component.
3.
Click the
4.
To delete a selected record from the list, click the
5.
To export the list to a file, click the
6.
To import the list from a file, click the
button to add to the list the record from the entry field. button.
button. button.
ADVANCED ANTI-SPAM CONFIGURATION You can use advanced Anti-Spam configuration to fine-tune the anti-spam scanning settings. Advanced configuration allows you to increase the spam rating of a message based on the analysis of its sender's address, subject and foreign language in the content. To increase mail spam rating based on the analysis of its sender's address, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Spam protection tab of the details window, open the Advanced settings section.
4.
In the Increase spam rating while parsing the sender's address group selectively check the following boxes as necessary: If the "To" field is empty. Spam rating of a message will be increased if its "To" field is empty. If the sender's address contains digits. Spam rating of a message will be increased if the address of its sender and / or recipients contain digits. If the senderâ&#x20AC;&#x2122;s address (in message body) contains no domain. Spam rating of a message will be increased if the address of its sender contains no domain name.
54
ANTI-SPAM
PROTECTION
To increase mail spam rating based on the analysis of its subject, perform the following steps: 1.
On the Anti-Spam protection tab of the details window, open the Advanced settings section.
2.
In the Increase spam rating while analyzing message subject: group of settings selectively check the following boxes as necessary: If the subject is longer than 250 characters. Spam rating of a message will be increased, if its subject contains more than 250 characters. If the subject of the message contains many spaces and/or full stops. Spam rating of a message will be increased, if its subject contains multiple spaces and / or dots. If the message subject contains a timestamp. Spam rating of a message will be increased, it its subject contains a digital ID or a timestamp.
In the Increase spam rating for messages written in: group of settings, check the boxes for the languages, mail in which you believe to contain spam: Chinese, if you consider messages in the Chinese language as spam. Korean, if you consider messages in the Korean language as spam. Thai, if you consider messages in the Thai language as spam. Japanese, if you consider messages in the Japanese language as spam.
USING EXTERNAL SERVICES FOR SPAM PROCESSING Kaspersky Security can use external services for spam processing. External services are publicly available Internet resources and services, for example, black lists of IP addresses, etc. You can also use the UDS (Urgent Detection System) technology. UDS service creates on the client side an irreversible message signature (it cannot be used to restore message subject, text or recipient / sender addresses) and sends it to a UDS server. If the signature is found in the black lists of the UDS server, spam rating of the message will be increased. Service functioning requires opening the following ports: 7060 for UDS1 and 7080 for UDS2. Connection is established over UDP. To use external services checking IP addresses and URLs, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Spam protection tab of the details window, open the Using external services section. Check the box Use external services for validation of IP or URL addresses to detect spam if you want the anti-spam checks to use additionally external services.
4.
In the DNSBL configuration group of settings, check the box Use default list of DNSBL servers, to employ DNSBL (Domain Name System Block List) services for the purposes of anti-spam analysis. DNSBL is a public list of IP addresses known to generate spam.
5.
Check the box Use custom list of DNSBL servers to enable the corresponding option. When enabled, the option allows you to create a custom list below. To add a record to the list, specify the DNS name of the server and its weighting coefficient in the corresponding fields and click the button. You can use the buttons
6.
and
button. To remove a record, click the
respectively to import and export the list.
In the SURBL configuration group of settings check the box Use default list of SURBL servers, to analyze messages using the default SURBL (Spam URI Realtime Block List). SURBL is a list of hyperlinks to the resources advertised by spam senders. Thus, if a message contains an URL from that list, it will be identified as spam.
55
ADMINISTRATOR'S GUIDE
7.
Check the box Use custom list of SURBL servers to enable the corresponding option. When enabled, the option allows you to create a custom list below. To add a record to the list, specify the DNS name of the server and its weighting coefficient in the corresponding fields and click the button. You can use the buttons
and
button. To remove a record, click the
respectively to import and export the list.
8.
To perform reverse DNS lookup for the sender's IP address, check the box Check sender IP for presence in DNS.
9.
To use the SPF (Sender Policy Framework) technology, check the box Use SPF.
10. To check, whether the sender's IP belongs to a botnet, enable the option to Check if the senderâ&#x20AC;&#x2122;s IP is found in dynamic DNS. In case of positive check result, message spam rating will be increased. 11. Specify in the entry field the timeout for DNS requests. By default, the timeout is set to 10 seconds. To use the UDS technology, perform the following steps: 1.
Check the Use the Urgent Detection Service (UDS).
2.
Specify in the entry field the timeout for UDS requests. By default, the timeout is set to 10 seconds.
USING ADDITIONAL ANTI-SPAM FUNCTIONALITY You can use additional functionality of the Anti-Spam component. Additional features include certain analysis methods, the settings for inspection of documents and other options. To specify scanning restrictions based on procedure duration and object size, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Server protection node.
3.
On the Anti-Spam protection tab of the details window, open the Additional settings section. In the Scan settings section, use the Maximum time for scanning a message (sec.) entry field to specify the necessary value. If the scanning procedure takes longer than specified, the scan will be skipped. The default value is 30 seconds. The application will produce for such objects the clean object verdict, but if service headers are enabled, they will contain a record informing about exceeded scan duration.
4.
In the Scan settings section, use the Maximum object size to scan entry field to specify the necessary value. If an object exceeds the specified size, its scan will be skipped. The default value is 300 KB. The application will produce for such objects the clean object verdict, but if service headers are enabled, they will contain a record informing about exceeded object size.
To configure the scan settings for documents, perform the following steps in the Scan settings for Microsoft Office files configuration section: 1.
Check the box Scan DOC files to scan the documents in Microsoft Word format.
2.
Check the box Scan RTF files, to scan RTF documents.
To configure additional settings, use the Other settings configuration section to: 1.
Check the box Use the "Probable Spam" verdict, if you want to application to use the "Probable Spam" rating for suspicious messages.
2.
Check the box Use image analysis, if you want the application to analyze images in mail attachments using the GSG (image analysis) technology. It is used to analyze images checking them against the samples in the antispam database. If a match is found, spam rating of such message will be increased.
56
ANTI-SPAM
PROTECTION
3.
Check the box Enable storage and use of spam samples in UTF-8 encoding (Anti-Spam databases update is required), to enable storage and use of spam samples in UTF8 encoding. The mode helps avoid data losses in spam samples in East Asian languages but slightly increases the time necessary to process each message. Enabling it is recommended if UTF8 encoding is used in correspondence. Modification of this setting will become effective after the Anti-Spam database is updated.
4.
Check the box Enable service headers to enable addition of x-headers containing information about the scan results to messages.
5.
Check the box Scan authorized connections to enable scanning of the mail received via a Trusted Connection.
6.
Check the box Skip anti-spam scanning for messages sent to the Postmaster address to disable scanning of messages arriving for the Postmaster address.
If a received message has SCL rating of -1, Kaspersky Security will not perform its anti-spam checks.
57
BACKUP STORAGE Kaspersky Security allows duplicates of untreated objects to be placed in Backup storage before the object is processed. Subsequently, objects located in Backup storage may be: saved to disk to retrieve the data in the object. Additionally, you can restore the infected object and have the application re-scan it using an updated anti-virus database; deleted; sent for analysis to Kaspersky Lab - only for suspicious files containing a modification of a known virus, or an unknown virus. Our specialists will analyze the file, attempt to recover the data, and if the file is infected with malicious code, make an entry in the anti-virus database. Then, when you re-scan this file using the updated database, you can disinfect it and recover the data intact; sent to the recipients. Saved objects will be delivered to the recipient(s). A backup copy of the object scanned by the Anti-Virus is created only if in the anti-virus protection settings the box Save a copy of the object in the backup storage is checked. Objects processed by the Anti-Spam component are saved in Backup, too. The object is stored in Backup in encrypted form, which ensures: no risk of infection, as the object is not accessible without decoding; better performance for the anti-virus application, as encrypted files stored in Backup storage are not identified as infected and are not rescanned. The data volume that can be stored in the Backup storage may be restricted by one of the two following parameters: The total number of objects in the backup storage should not exceed one million. This restriction cannot be lifted. The user can additionally specify restrictions on the Backup storage size, and the length of an objectâ&#x20AC;&#x2122;s storage period. The application checks compliance with these restrictions regularly (every minute). The application performs the following actions: if the allowed number of objects in the backup storage is exceeded, the application will remove the required number of the "oldest" objects; if the backup storage size is limited and there is not enough free disk space to save the new object, the application will free the required space by again deleting the "oldest" objects; if the object storage period is limited, the application will remove objects which have been stored for longer than the limit. You can use the Backup node to perform the following operations: view the Backup storage content; manage backed-up copies of objects: view their properties, restore them, send them to recipients, send them for analysis and remove them. Quick data filtering can be configured to enable convenient viewing and searching of the Backup storage area (see section "Filtering of Backup" on page 62).
58
BACKUP
STORAGE
IN THIS SECTION Viewing the Backup storage ............................................................................................................................................ 59 Viewing properties of a Backed-up object ....................................................................................................................... 61 Filtering of Backup .......................................................................................................................................................... 62 Restoring objects from the Backup ................................................................................................................................. 63 Sending objects for analysis............................................................................................................................................ 63 Deleting objects from Backup.......................................................................................................................................... 64 Configuring the Backup storage settings ......................................................................................................................... 64
VIEWING THE BACKUP STORAGE In the Backup (see figure below) you can view all stored objects listed in a table with specific headers. Each column header indicates a certain type of information about the listed objects. The lower left part of the details window displays the total number of objects in Backup, the disk space occupied by these items and the number of objects displayed in the details window after a filter is applied. To view the Backup content, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Backup node. The list of objects' copies saved in Backup will appear in the details window. By default, you can view the following information about each object in Backup: From. The email addresses of senders of the message To. The email addresses of recipients of the message Subject. Message subject. Verdict. Message status. Reception time. Precise time of message arrival on Microsoft Exchange server.
59
ADMINISTRATOR'S GUIDE
Figure 5. Viewing the Backup storage
To configure the details window view, perform the following steps: 1.
To add more columns to the details window, click the button Add / remove columns.
2.
In the displayed dialog check the boxes corresponding to the data types, which you would like to review in the details window.
You can perform ascending and descending sorting of the data contained in the table by any column. To do that, click one of the headers, for example From, To, Subject, etc. The sorting can also be performed using filters (see section "Filtering of Backup" on page 62). The number of objects that the details window can display at a time is limited. To view other objects, use the navigation buttons in the lower right corner of the details window. Current window number is displayed between the two pairs of navigation buttons. To proceed to the next wizard step, press the > button. To proceed to the previous wizard step, press the < button. To proceed to the last wizard step, press the >> button. To return to the first wizard step, press the << button.
60
BACKUP
STORAGE
VIEWING PROPERTIES OF A BACKED-UP OBJECT To view the Backup content, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Backup node.
3.
Select in the details window an objects stored in Backup.
4.
Press the Properties button. If the details window has insufficient space to display the Properties button, click the Additionally button and select the Properties menu item. The Message properties dialog will appear. You can view the following information in the properties: Virus. Virus name will appear in this field, if a message is infected. Database release date. Release date of the databases. From. The sender's address To. Recipient address. Cc. Copy recipient(s). Size on disk. Disk space occupied by the message. Subject. Message subject. Path. Path where the message is stored. Reception time. Precise time of message delivery (day, month, year, hour, minute). Message creation date. Precise time of message creation (day, month, year, hour, minute). Size. Message size (bytes).
You can select several objects and view their properties. To do that, select the objects, click the button Additionally and select Properties in the displayed menu. You can use the displayed Properties of the selected objects window to review the verdicts for all selected objects.
61
ADMINISTRATOR'S GUIDE
FILTERING OF BACKUP The use of filters (see figure below) allows searching and structuring of the data contained in Backup storage, as only the information complying with the filtering parameters becomes available. This feature is helpful as the number of objects in the Backup storage increases. The filter can be used, for example, to search for objects that must be restored.
Figure 6. Configuring the Backup filters
To configure Backup filters, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Backup node.
3.
Select from the dropdown list at the top of the details window one of the criteria that will be used to filter the objects in Backup. You can select one of the suggested options: Only spam. In that case the details window will only display objects with the "Spam" verdict. Only viruses. In that case the details window will only display infected messages or mail containing viruses in attachments, message body, etc. Search for words. If you select this option, specify in the entry field the key words, which will be used to search for matching messages. The application will search the Subject field and the addresses of message senders and recipients. Custom filter. In that case select the criterion for the filter from the dropdown list, define its condition based on a certain value (e.g., is equal to or is not equal to) and specify that value. For the Message creation date, Reception time and Database release date criteria specify the value using the calendar. For the Verdict criterion, select the sought verdict from the dropdown list. For other criteria input the value manually in the entry field.
4.
Press the Search button. Applied filter will appear above the details window while the window itself will list the objects matching the search criteria.
62
BACKUP
5.
To reset a filter, click the Remove button to the right of the filter.
6.
To delete all objects, click the Remove all button.
STORAGE
You can also sort the data in the table in the ascending or descending order by any column. To do that, click one of the headers, for example From, To, Subject, etc.
RESTORING OBJECTS FROM THE BACKUP To restore an object from the Backup, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Backup node.
3.
Select in the details window the object, which you would like to restore.
4.
Press the Save to disk button. If the details window has insufficient space to display the button Save to disk, click the Additionally button and select from the displayed menu Save to disk.
5.
In the window that will open, specify the folder to which you wish to save the restored object, and if necessary, enter or modify the object name.
6.
Click the Save button.
The application will decode the encrypted object, move it to the specified folder and save it with the specified name. The restored object will be identical to its original state before it was first processed by the application. After the object is successfully restored, a corresponding notification is displayed on the screen. Please keep in mind that restoring such objects may cause infection of your computer. You can also send a copy of a message stored in Backup to its original recipients. To do that, click the Additional button and select from the displayed menu Send to recipients.
SENDING OBJECTS FOR ANALYSIS Objects can only be sent for analysis by Kaspersky Lab's specialists if they have the status suspicious. Before you send objects for analysis, you should configure the general notification settings (see section "Configuring notification settings." on page 65). To send an object for examination, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Backup node.
3.
Use the table displaying backup storage contents to select an object with the Suspicious status, which you wish to send for analysis. You can use a filter to search for objects (see section "Filtering of Backup" on page 62).
4.
Select in the context menu the Send for analysis command.
As a result, the application will create an email message, with the selected object as an attachment, on the computer where the managed Security Server is installed and send it to Kaspersky Lab. The object is sent in encrypted form, and therefore will not be detected by Kaspersky Security again. After the message is sent, a notification confirming that the file has been sent will be displayed by the computer from which the administration is run.
63
ADMINISTRATOR'S GUIDE
DELETING OBJECTS FROM BACKUP. The following objects are automatically deleted from Backup: The "oldest" object, if adding a new object will exceed the restriction imposed on the total number of objects in backup storage. The maximum number of files in this version is limited to one million. "Older" objects if there is a restriction imposed on the backup storage size, and if there is not enough space to store a new object. Objects whose storage period has expired, if there is a restriction imposed on the storage period. Objects may also be manually removed from Backup storage. This feature may prove useful to delete objects that have been successfully restored or sent for analysis, and to create free space in the Backup storage if automatic object removal methods did not help. To delete objects from the Backup, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Backup node.
3.
Select in the details window the object(s), which you would like to delete. You can use a filter to search for objects (see section "Filtering of Backup" on page 62).
4.
Click the Delete button.
5.
To delete all objects at once, click the Remove all button. The objects will be deleted from Backup.
CONFIGURING THE BACKUP STORAGE SETTINGS The backup storage is created during installation of the Security Server component. The backup storage settings have default values that can be altered by the administrator. To change the Backup settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Settings node.
3.
In the details window, check in the Data storage configuration section the box Restrict the Backup storage size.
4.
Specify in the Backup size cannot exceed entry field the maximum allowed Backup size. The default value is 5120 Mb.
5.
Check the box Restrict the duration of object storage in Backup and specify the necessary number of days in the Store objects no longer than field. The default value is 30 days. If none of the options is enabled, the backup storage size will only be restricted by the number of objects stored. The limit in this application version is one million objects. To apply the changes, press the Save button.
64
NOTIFICATIONS Kaspersky Security can send notification messages about infected, protected and corrupted objects that it discovers during scans. Notifications can be delivered using the following methods: by sending email messages, which requires you to edit the general settings that will be used to send notifications; by registering the event in the Microsoft Windows system log on the computer where the Security Server component is installed. In this case, the information is accessible through the use of Events viewer, a standard Microsoft Windows logs viewing and management tool. Notifications can be sent to inform senders and message recipients about infected, protected and corrupted objects. This allows the sending of notification messages to additional recipients, such as the administrator or a security officer.
IN THIS SECTION Configuring notification settings. ..................................................................................................................................... 65 Configuring notification delivery settings. ........................................................................................................................ 66
CONFIGURING NOTIFICATION SETTINGS. To define the notification settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Notifications node. In the details window you can configure notifications for the following types of objects: Infected objects. To configure notifications about infected objects, open the Notify about infected objects configuration section. Corrupted objects. To configure notifications about corrupted objects, open the Notify about corrupted objects configuration section. Protected objects. To configure notifications about protected objects, open the Notify about protected objects configuration section. System errors. To configure notifications about system errors, open the Notify about system errors configuration section. Sender and recipient notifications for that type of objects are not supported.
3.
Define notification settings for each type of objects in the Notify by e-mail section.
4.
Check the box Administrator, if you want to have the notifications sent to the administrator's address.
5.
Check the box sender, if you want to have the notifications sent to the sender of the message where the corresponding object is detected.
6.
Check the box recipient, if you want to have the notifications sent to the recipient of the message where the corresponding object is detected.
65
ADMINISTRATOR'S GUIDE
7.
Check the box the following recipients and specify in the entry field the mail address(es) where notifications should be sent.
8.
To record the event in the Microsoft Windows system log, enable the checkbox Register in Windows event log.
CONFIGURING NOTIFICATION DELIVERY SETTINGS. To define the notification sending settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Notifications node.
3.
Open the window E-mail sending settings using the context menu of the Notifications node or the E-mail sending settings link in the details window.
Figure 7. Configuring the e-mail delivery settings
4.
In the Web service address field specify the address of the web service that will be used to mail messages via Microsoft Exchange Server. By default, in the Microsoft Exchange Server it is the following address: https://<client_access_server>/ews/exchange.asmx
5.
Specify in the Account field any account registered on the Microsoft Exchange Server. To do that, click Browse or enter the account name manually.
6.
Type in the Password field the password for the selected account.
7.
In the Administrator address field specify the mail recipient's address.
8.
Click the Test button to send a test message. If the test message arrives in the specified mailbox, it means that delivery of notifications is configured properly.
You can also configure delivery of notifications in the Notification Settings section of the Settings node.
66
REPORTS Kaspersky Security supports creation and reviewing of reports on the activity of the Anti-Virus and Anti-Spam components. You can use the reports to review the statistics of application activity for a specific time interval. The application generates for each component a separate report covering time interval ranging from a day to one month. The reports may be standard and detailed. Standard reports contain information about objects processed during the entire time period without additional indication of the time when each individual event occurred. Detailed reports provide more precise time frame for each event. Minimum time interval reflected in the detailed report is one hour. Reports can be generated automatically according to schedule or manually. You can view the reports in the application or receive them via e-mail. E-mailed reports are attached to a message. The message contains explanatory text as follows: Attached file contains an activity report of Kaspersky Security 8.0 for Microsoft Exchange Servers. Furthermore, you can create Quick reports about all events that occurred within a user-defined time interval. Quick reports can be generated separately for the Anti-Virus and the Anti-Spam components. Quick reports are used if you wish to define manually the reporting period.
IN THIS SECTION Configuring Quick reports settings .................................................................................................................................. 67 Configuring Anti-Virus reports settings ............................................................................................................................ 68 Configuring Anti-Spam reports settings ........................................................................................................................... 69 View the Ready reports ................................................................................................................................................... 69 Delivery of reports via e-mail ........................................................................................................................................... 72
CONFIGURING QUICK REPORTS SETTINGS To configure Quick reports settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Reports node and open in the details window the Quick reports configuration section.
3.
Enter in the Report name field the name for the report being created.
4.
Select one of the options from the Type dropdown list: Anti-Virus. A report for the Anti-Virus component will be generated. Anti-Spam. A report for the Anti-Spam component will be generated.
5.
Select one of the options from the Detail level dropdown list: Standard. The report will contain brief information about objects processed during the entire reporting period without additional indication of the time frame when each individual event occurred. Detailed. The application will generate a detailed report indicating the time frame for each event depending upon the length of the reported period. If the period is equal to one day, the minimum time frame for each event is one hour. If the period is equal to a week, the minimum time frame for each event is six hours. If the period is equal to one month, the minimum time frame for each event is one day.
67
ADMINISTRATOR'S GUIDE
6.
Select one of the options from the Interval dropdown list: per day. The report will cover the last 24 hours; per week. The report will cover the last week; per month. The report will cover the last month.
7.
Specify in the Start with field the beginning date of the reported period or pick the necessary date from the calendar.
8.
To create a quick report using the defined settings, click the Generate report button.
9.
To apply the changes, click the Save button.
CONFIGURING ANTI-VIRUS REPORTS SETTINGS To configure Anti-Virus reports settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Reports node and open in the details window the Anti-Virus report configuration section.
3.
Check the box in the Use schedule to generate reports automatically field if you want the application to generate the reports on the Anti-Virus activity in accordance with the specified schedule.
4.
Enter in the Report name field the name for the report being created.
5.
Select one of the options from the Detail level dropdown list: Standard. The report will contain information about objects processed during the entire reporting period without indication of the time frame for each individual event. Detailed. The application will generate a detailed report indicating the time frame for each event depending upon the length of the reported period. If the period is equal to one day, the minimum time frame for each event is one hour. If the period is equal to a week, the minimum time frame for each event is six hours. If the period is equal to one month, the minimum time frame for each event is one day.
6.
Select one of the options in the Report schedule dropdown list: Daily. If you choose this option, specify the precise report creation time in the entry field. Weekly. If you choose this option, use the dropdown list to select the day of the week when the report should be created. Specify in the entry field precise time for report generation. Monthly. If you choose this option, select the day of the month when you want to have the report generated. Specify in the entry field precise time for report generation.
7.
To create an Anti-Virus report using the defined settings, click the Generate report button.
8.
To apply the changes, click the Save button.
68
REPORTS
CONFIGURING ANTI-SPAM REPORTS SETTINGS To configure Anti-Spam reports settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Reports node and open in the details window the Anti-Spam report configuration section.
3.
Check the box Use schedule to generate reports automatically, if you want the application to generate the reports on the Anti-Spam activity in accordance with the specified schedule.
4.
Enter in the Report name field the name for the report being created.
5.
Select one of the options from the Detail level dropdown list: Standard. The report will contain information about objects processed during the entire reporting period without indication of the time frame for each individual event. Detailed. The application will generate a detailed report indicating the time frame for each event depending upon the length of the reported period. If the period is equal to one day, the minimum time frame for each event is one hour. If the period is equal to a week, the minimum time frame for each event is six hours. If the period is equal to one month, the minimum time frame for each event is one day.
6.
Select one of the options in the Report schedule dropdown list: Daily. If you choose this option, specify the precise report creation time in the entry field. Weekly. If you choose this option, use the dropdown list to select the day of the week when the report should be created. Specify in the entry field precise time for report generation. Monthly. If you choose this option, select the day of the month when you want to have the report generated. Specify in the entry field precise time for report generation.
7.
To create an Anti-Spam report using the defined settings, click the Generate report button.
8.
To apply the changes, click the Save button.
VIEW THE READY REPORTS To view the reports on the operation of application components, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Reports node and open in the details window the Ready reports configuration section. You can use the table of ready reports to review all created reports. The table displays the following information about each report: Name. Default name or user-defined name. Type. The component that the report describes. Date. Report creation time in the DD.MM.YYYY format. Detail level. Standard or Detailed. Interval. Time interval covered in the report.
69
ADMINISTRATOR'S GUIDE
3.
To view a specific report, select it in the list and click the Display button.
Figure 8. View the Ready reports
Viewing an Anti-Virus report The header of the standard Anti-Virus report contains the following information: Report type. Name of the server running the reported component. Time interval covered in the report. Day, month, year of report creation (UTC). You can view the following information in the standard Anti-Virus report table: Verdict. Object status after Anti-Virus processing. Number of objects. The number of objects with the specified verdict.
70
REPORTS
Percentage. The share of objects with the specified verdict compared to the total number of objects. Size. The size of objects (MB). The header of the detailed Anti-Virus report contains the following information: Report type. Name of the server running the reported component. Time interval covered in the report. Day, month, year of report creation (UTC). You can view the following information in the detailed Anti-Virus report table: The time interval. Time frame of object(s) detection. Clean objects. Not infected objects. Disinfected objects. Objects that the application managed to disinfect. Infected objects. Infected objects. Suspicious objects. Objects that may contain an unknown virus. Protected objects. Password-protected objects, for example, archives. Corrupted objects. The total number of corrupted objects. License violation. Objects that have not been scanned because of a violation of the Kaspersky Security licensing terms and conditions. Anti-Virus database error. Scanning error caused by an incorrect database. Processing error. Objects, which triggered an error during their processing. Total objects. Total number of received objects. All Anti-Virus reports contain information about the size of processed objects. The For the entire period column displays the total number of objects processed during the whole reported period.
Viewing an Anti-Spam report The header of the standard Anti-Spam report contains the following information: Report type; Name of the server running the reported component; Time interval covered in the report; Day, month, year of report creation (UTC). You can view the following information in the standard Anti-Spam report table: Verdict. Object status after Anti-Spam processing. Number of messages. The number of messages with the specified verdict.
71
ADMINISTRATOR'S GUIDE
Percentage. The share of messages with the specified verdict compared to the total number of messages. Size. Size of messages. The header of the detailed Anti-Spam report contains the following information: Report type; Name of the server running the reported component; Time interval covered in the report; Day, month, year of report creation (UTC). You can view the following information in the detailed Anti-Spam report table: The time interval. Time frame during which messages arrived for processing. Contains no spam. Messages containing no spam. Trusted. Messages from trusted senders. Spam. Messages containing spam. Probable spam. Messages that may contain spam. Formal notification. Messages about mail delivery and other service notifications. Blacklisted. The sender address was added to the black list. Not scanned. Messages that were not scanned by the Anti-Virus component. All Anti-Spam reports contain information about the size of processed messages. The For the entire period column displays the total number of messages processed during the whole reported period.
DELIVERY OF REPORTS VIA E-MAIL To configure delivery of reports by e-mail, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Reports node and open in the details window the group of settings for the reports which you would like to receive to an e-mail address.
3.
In the Send report to the e-mail address section check the Administrator box if you want to send the reports to the administrator's address.
4.
Check the box The following recipients: and type in the entry field the address where the reports will be sent.
5.
Click the Save button to save the report delivery settings.
6.
Click the Test button to send a test message. If the test message arrives in the specified mailbox, it means that the delivery settings are correct. If the test message has not arrived, make sure that the e-mail delivery settings (see section "Configuring notification delivery settings" on page 66) are defined properly.
72
APPLICATION
EVENT LOGS
APPLICATION EVENT LOGS Kaspersky Security can register application events in both the Microsoft Windows application event logs and the Kaspersky Security application log file. The level of detail entered into the logs depends on the diagnostics levels specified in the application settings. Events registered in the Microsoft Windows events log can be viewed using the Events Viewer, a standard Microsoft Windows component. For events originated by Kaspersky Security, the Source column will contain the text KSCM8. The Kaspersky Security events logs are maintained in several formats, with file names which depend on the format, as follows: kselog.yyyyddmm[N].log – main application log where N stands for the log file number. The log number appears if several log files have been created during the rotation period. antivirus_updater_tracelog_yyyyddmm[N].log – the Anti-Virus database update log. antispam_updater_tracelog_yyyyddmm[N].log – the Anti-Spam database update log. By default, a new log is created on a daily basis. New records recorded in application event logs are added to the end of the newest file. Default log size restriction is 100 MB. The value can be modified. Once the size limit is reached, the application archives the log and creates a new file. The application logs can be viewed using a standard program associated with text files (for example, Notepad). Logs are stored in the Logs subfolder within the application folder on server located as defined during the product installation.
IN THIS SECTION Configuring the diagnostics level ..................................................................................................................................... 73 Configuration of the logs settings .................................................................................................................................... 74
CONFIGURING THE DIAGNOSTICS LEVEL The amount and completeness of information entered in the logs depend on the selected diagnostics levels. To configure the diagnostics level, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Settings node.
3.
Select Minimum in the Detail level dropdown list of the Diagnostics section. The logs will contain minimum amount of information then. To configure detailed logging of the necessary events for troubleshooting purposes, click the Settings button and check in the displayed Configuring diagnostics window the components and events for which detailed logging should be enabled. Click OK in the Configuring diagnostics dialog. The Detail level dropdown list will display Other. Please keep in mind that detailed logging may slow down the application.
4.
Press the Save button in the details window.
73
ADMINISTRATOR'S GUIDE
CONFIGURATION OF THE LOGS SETTINGS To define the logging settings, perform the following steps: 1.
In the console tree, select the node of the connected server and open it by clicking the corresponding plus sign or double-clicking the server name.
2.
Select the Settings node.
3.
Select one of the values from the Record new log file dropdown list in the Diagnostics section: Daily. A new log file will be created every day. Weekly. A new log file will be created every week. Monthly. A new log file will be created every month. If file exceeds maximum size. A new log file will be created if the specified maximum log size is exceeded.
4.
Specify the Maximum file size value in the corresponding entry field. The fileâ&#x20AC;&#x2122;s maximum size is 100 MB.
5.
Check the box Notify about occurring errors by e-mail to receive e-mail notifications about occurring errors in addition to their registration in log (see section "Configuring notification delivery settings" on page 66). Notifications will be sent to the administrator.
6.
Click the Save button.
74
FREQUENTLY ASKED QUESTIONS This chapter is devoted to questions most frequently asked by users regarding the installation, configuration, and operation of Kaspersky Security 6.0 for Microsoft Exchange Server 2007. Question: Can the application be used with other vendors' anti-virus software? Kaspersky Security is an anti-virus and anti-spam e-mail application designed to be used in corporate networks. Therefore, it can be used with Kaspersky Open Space Security applications (such as Kaspersky Anti-Virus 6.0 for Windows Workstations or Kaspersky Anti-Virus 6.0 for Windows Servers), deployed on the network. Anti-virus and Anti-Spam products of other vendors can run on a Microsoft Exchange server deployed as a Hub Transport or Edge Transport together with Kaspersky Security interceptors for those configurations. The system load in this case increases as well as the requirements to the administrator who must coordinate the settings of the antivirus and anti-spam products. Therefore, it is recommended to remove third-party anti-virus and anti-spam products before installing the Kaspersky Security application. Kaspersky Security does not work with anti-virus products of other vendors on a Microsoft Exchange server deployed as a Mailbox! Question: Why does the application decrease my computer performance and impose a considerable load on the processor? The process of virus detection and anti-spam filtering is a purely computational task which involves the analysis of structures, checksum calculation, and mathematical data transformation. Therefore, the main resource consumed by the application is processor time. Moreover, each new virus added into the anti-virus database adds to the overall scanning time. Some other anti-virus software vendors speed up the scan process by excluding viruses from their databases, such as: viruses that are less easily detectable; viruses which occur less frequently in the geographic location of the antivirus vendor, and file formats that require complicated analysis (e.g. PDF files). By contrast, Kaspersky Lab believes that the purpose of an anti-virus application is to provide genuine anti-virus security. Kaspersky Security allows experienced users to accelerate the anti-virus scan and anti-spam filtering process by disabling the scanning of various file types. However, note that this leads to lowering the security level of your computer. Kaspersky Security recognizes over 700 formats of archived and packed files. That is very important for anti-virus security because each recognized format can contain executable malicious code that activates only after decompression / unpacking. Question: Why do I need a Kaspersky Security license? Will my application function without it? Kaspersky Security will not work without a license key. If you are still undecided about whether or not to purchase the application, we can provide you with a temporary key file (trial key), which will only work for either two weeks or for a month. When this period expires, the key will be blocked. Question: What happens when my Kaspersky Security license expires? After the license expires, Kaspersky Security will continue operating, but the database updating feature will be disabled. Kaspersky Security will continue performing the anti-virus and anti-virus email traffic and background storage scan, but it will be using outdated databases. When this happens, contact either the dealer from whom you purchased your copy of Kaspersky Security, or Kaspersky Lab directly. Question: How often the updates should be performed?
75
ADMINISTRATOR'S GUIDE
Several years ago viruses were distributed via floppy disks and at that time it was sufficient for computer protection to update the anti-virus database from time to time. However recent virus outbreaks spread over the world in a matter of hours, and an anti-virus application using old anti-virus databases may not be able to protect you against a new threat. Therefore, to ensure protection against new viruses you should update your anti-virus databases on at least a daily basis, and more frequently if possible. The Anti-Spam database should be updated every five minutes. Such frequency will maintain current and adequate anti-spam protection of the server. The appearance of viruses that use new technologies to hide their modification of infected objects requires updating not only of the anti-virus databases, but also of the application modules. Question: Can an intruder replace my Kaspersky Security database? All anti-virus databases are supplied with a unique signature which the application verifies before it uses them. If the signature does not match the signature assigned by Kaspersky Lab, or if the database is issued on a more recent date than your license's expiry date, the application will not use this database. Question: I use a proxy server and cannot perform updates. What should I do? Possibly, you are using a proxy server that does not support HTTP 1.0 completely. In this case you are advised to use a different proxy server. Question: After adding new storages to the Microsoft Exchange Server they do not appear in the list of protected storage areas. What should I do? The storages will appear after the Kaspersky Security service is restarted. Then, to enable their protection, open the Server protection node, the Anti-Virus protection tab, Protection for mailboxes configuration section and check manually the boxes next to their corresponding names. Question: Sometimes email files in msg format attached to a message become corrupted during delivery so that they cannot be opened. Is this caused by a Kaspersky Security scan? The situation has been reproduced during application testing. As a result, it has been found that files in this format can be damaged during delivery by Microsoft Exchange server.
76
CONTACTING THE TECHNICAL SUPPORT SERVICE If you have already purchased Kaspersky Security, you can obtain information about it from the Technical Support Service, either over the phone or via the Internet. Technical Support service specialists will answer any of your questions about installing and using the application. They will also help you to eliminate the consequences of malware activities if your computer has been infected. Before contacting the Technical Support service, please read the support rules (http://support.kaspersky.com/support/rules).
An email request to the Technical Support Service You can send your question to the Technical Support Service specialists by filling out a Helpdesk web form (http://support.kaspersky.com/helpdesk.html). You can send your question in Russian, English, German, French or Spanish. To send an email message with your question, please, indicate your client number obtained during registration at the Technical Support website along with your password. If you are not yet a registered user of Kaspersky Lab's applications, fill out a registration form (https://support.kaspersky.com/ru/personalcabinet/Registration/Form/?LANG=en). Specify application activation code or key file name during registration process. The Technical Support service will respond to your request in your Personal Cabinet (https://support.kaspersky.com/ru/personalcabinet?LANG=en) and to the e-mail address you specified in your request. Describe the problem you have encountered in the request web form providing as much detail as possible. Specify the following in the required fields: Request type. Select the topic that describes encountered problem most closely, for example, "Product installation/removal problems" or "Virus scan/removal problems". If you have not found the best topic, select "General Question". Application name and version number. Request text. Describe the problem with as much details as possible. Client number and password. Enter the client number and password you have received during registration at the Technical Support website. Email address. Technical Support will send answer to your question to this email address.
Technical support by phone If you encounter a problem, which requires an urgent assistance, you can call your nearest Technical Support office. Before contacting Russian-speaking (http://support.kaspersky.ru/support/support_local) or international (http://support.kaspersky.com/support/international) technical support specialists, please collect the information (http://support.kaspersky.com/support/details) about your computer and the anti-virus software installed on it. This will help our support specialists to resolve your issue as soon as possible.
77
INFORMATION ABOUT THIRD-PARTY CODE Third-party code has been used in the development of the application.
IN THIS SECTION Software code ................................................................................................................................................................. 78 Other information ............................................................................................................................................................ 99
SOFTWARE CODE Information about third-party software code used in the development of the application.
78
INFORMATION
ABOUT THIRD-PARTY CODE
IN THIS SECTION BOOST 1.30.0, 1.36 ........................................................................................................................................................ 79 BZIP2/LIBBZIP2 1.0.5 .................................................................................................................................................... 80 EXPAT 1.2, 2.0.1 ............................................................................................................................................................ 80 FREEBSD LIBC 2.3-2.6 .................................................................................................................................................. 80 GECKO SDK 1.8 ............................................................................................................................................................. 81 ICU 4.0.1 ......................................................................................................................................................................... 87 INFO-ZIP 5.51 ................................................................................................................................................................ 87 LIBJPEG 6B .................................................................................................................................................................... 88 LIBNKFM 2.0.5 ................................................................................................................................................................ 90 LIBPNG 1.2.29 ................................................................................................................................................................ 90 LIBSPF2 1.2.9 ................................................................................................................................................................. 90 LIBUNGIF 3.0.................................................................................................................................................................. 90 LIBXDR ........................................................................................................................................................................... 91 LOKI 0.1.3 ....................................................................................................................................................................... 91 LZMA SDK 4.43 .............................................................................................................................................................. 92 MICROSOFT ENTERPRISE LIBRARY 4.1 ..................................................................................................................... 92 MICROSOFT VISUAL STUDIO 2008 (MSVCP80.DLL, MSVCR80.DLL)........................................................................ 92 OPENSSL 0.9.8D ............................................................................................................................................................ 92 PCRE 7.4, 7.7 ................................................................................................................................................................. 95 RFC1321-BASED (RSA-FREE) MD5 LIBRARY ............................................................................................................. 96 SPRING.NET 1.2.0 ......................................................................................................................................................... 96 SQLITE 3.6.18 ................................................................................................................................................................ 98 WPF TOOLKIT 3.5.40128.1 ............................................................................................................................................ 99 ZLIB 1.2, 1.2.3................................................................................................................................................................. 99
BOOST 1.30.0, 1.36 Copyright (C) 2003, Christof Meerwald Copyright (C) 2008, Beman Dawes -----------------------------------------------------------------------------
79
ADMINISTRATOR'S GUIDE
Boost Software License - Version 1.0 - August 17th, 2003 Permission is hereby granted, free of charge, to any person or organization obtaining a copy of the software and accompanying documentation covered by this license (the "Software") to use, reproduce, display, distribute, execute, and transmit the Software, and to prepare derivative works of the Software, and to permit third-parties to whom the Software is furnished to do so, all subject to the following: The copyright notices in the Software and this entire statement, including the above license grant, this restriction and the following disclaimer, must be included in all copies of the Software, in whole or in part, and all derivative works of the Software, unless such copies or derivative works are solely in the form of machine-executable object code generated by a source language processor. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
BZIP2/LIBBZIP2 1.0.5 Copyright (C) 1996-2007, Julian R Seward -----------------------------------------------------------------
EXPAT 1.2, 2.0.1 Copyright (C) 1998, 1999, 2000, Thai Open Source Software Center Ltd ----------------------------------------------------------------------------Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FREEBSD LIBC 2.3-2.6 Copyright (C) 1992-2005, The FreeBSD Project ----------------------------------------------------------------Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
80
INFORMATION
ABOUT THIRD-PARTY CODE
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
GECKO SDK 1.8 Copyright (C) 1998-2008, Mozilla Foundation ----------------------------------------------------------------------------Mozilla Public License Version 1.1 1. Definitions 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. 1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications. 1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. 1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. 1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data. 1.5. "Executable" means Covered Code in any form other than Source Code. 1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. 1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. 1.8. "License" means this document. 1.8.1. "Licensable"
81
ADMINISTRATOR'S GUIDE
means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: a. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. b. Any new file that contains any part of the Original Code or previous Modifications. 1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. 1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. 1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. 2. Source Code License. 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: a. under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and b. under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). c. the licenses granted in this Section 2.1 (a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. d. Notwithstanding Section 2.1 (b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices. 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, nonexclusive license
82
INFORMATION
ABOUT THIRD-PARTY CODE
a. under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and b. under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). c. the licenses granted in Sections 2.2 (a) and 2.2 (b) are effective on the date Contributor first makes Commercial Use of the Covered Code. d. Notwithstanding Section 2.2 (b) above, no patent license is granted: 1) for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor. 3. Distribution Obligations. 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. 3.3. Description of Modifications. You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. 3.4. Intellectual Property Matters (a) Third Party Claims If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. (b) Contributor APIs If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the legal file.
83
ADMINISTRATOR'S GUIDE
(c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4 (a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Sections 3.1, 3.2, 3.3, 3.4 and 3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. 4. Inability to Comply Due to Statute or Regulation. If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the legal file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. 5. Application of this License. This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. 6. Versions of the License. 6.1. New Versions Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. 6.2. Effect of New Versions Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent
84
INFORMATION
ABOUT THIRD-PARTY CODE
version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. 6.3. Derivative Works If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) 7. Disclaimer of warranty Covered code is provided under this license on an "as is" basis, without warranty of any kind, either expressed or implied, including, without limitation, warranties that the covered code is free of defects, merchantable, fit for a particular purpose or non-infringing. The entire risk as to the quality and performance of the covered code is with you. Should any covered code prove defective in any respect, you (not the initial developer or any other contributor) assume the cost of any necessary servicing, repair or correction. This disclaimer of warranty constitutes an essential part of this license. No use of any covered code is authorized hereunder except under this disclaimer. 8. Termination 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: a. such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. b. any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. Limitation of liability Under no circumstances and under no legal theory, whether tort (including negligence), contract, or otherwise, shall you, the initial developer, any other contributor, or any distributor of covered code, or any supplier of any of such parties, be liable to any person for any indirect, special, incidental, or consequential damages of any character including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses, even if such party shall have been informed of the possibility of such damages. This limitation of liability shall not apply to liability for death or personal injury resulting from such party's negligence to the extent applicable law prohibits such limitation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this exclusion and limitation may not apply to you.
85
ADMINISTRATOR'S GUIDE
10. U.S. government end users The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. 11. Miscellaneous This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. 12. Responsibility for claims As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. 13. Multiple-licensed code Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the MPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. Exhibit A - Mozilla Public License. "The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License.
The Original Code is ______________________________________.
The Initial Developer of the Original Code is ________________________. Portions created by ______________________ are Copyright (C) ______ _______________________. All Rights Reserved.
Contributor(s): ______________________________________.
Alternatively, the contents of this file may be used under the terms of the _____ license (the "[___] License"), in which case the provisions of [______] License are applicable instead of those above. If you wish to allow use of your version of
86
INFORMATION
ABOUT THIRD-PARTY CODE
this file only under the terms of the [____] License and not to allow others to use your version of this file under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the [___] License. If you do not delete the provisions above, a recipient may use your version of this file under either the MPL or the [___] License." NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.
ICU 4.0.1 Copyright (C) 1995-2009, International Business Machines Corporation and others ----------------------------------------------------------------ICU License COPYRIGHT AND PERMISSION NOTICE Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting documentation. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder.
INFO-ZIP 5.51 Copyright (C) 1990-2007, Info-ZIP ----------------------------------------------------------------------------Info-ZIP license
This is version 2007-Mar-4 of the Info-ZIP license. The definitive version of this document should be available at ftp://ftp.info-zip.org/pub/infozip/license.html indefinitely and a copy at http://www.info-zip.org/pub/infozip/license.html.
Copyright (c) 1990-2007 Info-ZIP. All rights reserved.
87
ADMINISTRATOR'S GUIDE
For the purposes of this copyright and license, "Info-ZIP" is defined as the following set of individuals:
Mark Adler, John Bush, Karl Davis, Harald Denker, Jean-Michel Dubois, Jean-loup Gailly, Hunter Goatley, Ed Gordon, Ian Gorman, Chris Herborth, Dirk Haase, Greg Hartwig, Robert Heath, Jonathan Hudson, Paul Kienitz, David Kirschbaum, Johnny Lee, Onno van der Linden, Igor Mandrichenko, Steve P. Miller, Sergio Monesi, Keith Owens, George Petrov, Greg Roelofs, Kai Uwe Rommel, Steve Salisbury, Dave Smith, Steven M. Schweda, Christian Spieler, Cosmin Truta, Antoine Verheijen, Paul von Behren, Rich Wales, Mike White.
This software is provided "as is," without warranty of any kind, express or implied. In no event shall Info-ZIP or its contributors be held liable for any direct, indirect, incidental, special or consequential damages arising out of the use of or inability to use this software.
Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the above disclaimer and the following restrictions: 1. Redistributions of source code (in whole or in part) must retain the above copyright notice, definition, disclaimer, and this list of conditions. 2. Redistributions in binary form (compiled executables and libraries) must reproduce the above copyright notice, definition, disclaimer, and this list of conditions in documentation and/or other materials provided with the distribution. The sole exception to this condition is redistribution of a standard UnZipSFX binary (including SFXWiz) as part of a selfextracting archive; that is permitted without inclusion of this license, as long as the normal SFX banner has not been removed from the binary or disabled. 3. Altered versions--including, but not limited to, ports to new operating systems, existing ports with new graphical interfaces, versions with modified or added functionality, and dynamic, shared, or static library versions not from Info-ZIP-must be plainly marked as such and must not be misrepresented as being the original source or, if binaries, compiled from the original source. Such altered versions also must not be misrepresented as being Info-ZIP releases--including, but not limited to, labeling of the altered versions with the names "Info-ZIP" (or any variation thereof, including, but not limited to, different capitalizations), "Pocket UnZip," "WiZ" or "MacZip" without the explicit permission of Info-ZIP. Such altered versions are further prohibited from misrepresentative use of the Zip-Bugs or Info-ZIP e-mail addresses or the Info-ZIP URL(s), such as to imply Info-ZIP will provide support for the altered versions. 4. Info-ZIP retains the right to use the names "Info-ZIP," "Zip," "UnZip, "UnZipSFX," "WiZ," "Pocket UnZip," "Pocket Zip," and "MacZip" for its own source and binary releases.
LIBJPEG 6B Copyright (C) 1991-1998, Thomas G. Lane ----------------------------------------------------------------LEGAL ISSUES ============ In plain English: We don't promise that this software works. (But if you find any bugs, please let us know!)
88
INFORMATION
ABOUT THIRD-PARTY CODE
You can use this software for whatever you want. You don't have to pay us. You may not pretend that you wrote this software. If you use it in a program, you must acknowledge somewhere in your documentation that you've used the IJG code. In legalese: The authors make NO WARRANTY or representation, either express or implied, with respect to this software, its quality, accuracy, merchantability, or fitness for a particular purpose. This software is provided "AS IS", and you, its user, assume the entire risk as to its quality and accuracy. This software is copyright (C) 1991-1998, Thomas G. Lane. All Rights Reserved except as specified below. Permission is hereby granted to use, copy, modify, and distribute this software (or portions thereof) for any purpose, without fee, subject to these conditions: (1) If any part of the source code for this software is distributed, then this README file must be included, with this copyright and no-warranty notice unaltered; and any additions, deletions, or changes to the original files must be clearly indicated in accompanying documentation. (2) If only executable code is distributed, then the accompanying documentation must state that "this software is based in part on the work of the Independent JPEG Group". (3) Permission for use of this software is granted only if the user accepts full responsibility for any undesirable consequences; the authors accept NO LIABILITY for damages of any kind. These conditions apply to any software derived from or based on the IJG code, not just to the unmodified library. If you use our work, you ought to acknowledge us. Permission is NOT granted for the use of any IJG author's name or company name in advertising or publicity relating to this software or products derived from it. This software may be referred to only as "the Independent JPEG Group's software". We specifically permit and encourage the use of this software as the basis of commercial products, provided that all warranty or liability claims are assumed by the product vendor. ansi2knr.c is included in this distribution by permission of L. Peter Deutsch, sole proprietor of its copyright holder, Aladdin Enterprises of Menlo Park, CA. ansi2knr.c is NOT covered by the above copyright and conditions, but instead by the usual distribution terms of the Free Software Foundation; principally, that you must include source code if you redistribute it. (See the file ansi2knr.c for full details.) However, since ansi2knr.c is not needed as part of any program generated from the IJG code, this does not limit you more than the foregoing paragraphs do. The Unix configuration script "configure" was produced with GNU Autoconf. It is copyright by the Free Software Foundation but is freely distributable. The same holds for its supporting scripts (config.guess, config.sub, ltconfig, ltmain.sh). Another support script, install-sh, is copyright by M.I.T. but is also freely distributable. It appears that the arithmetic coding option of the JPEG spec is covered by patents owned by IBM, AT&T, and Mitsubishi. Hence arithmetic coding cannot legally be used without obtaining one or more licenses. For this reason, support for arithmetic coding has been removed from the free JPEG software. (Since arithmetic coding provides only a marginal gain over the unpatented Huffman mode, it is unlikely that very many implementations will support it.) So far as we are aware, there are no patent restrictions on the remaining code. The IJG distribution formerly included code to read and write GIF files. To avoid entanglement with the Unisys LZW patent, GIF reading support has been removed altogether, and the GIF writer has been simplified to produce "uncompressed GIFs". This technique does not use the LZW algorithm; the resulting GIF files are larger than usual, but are readable by all standard GIF decoders. We are required to state that
89
ADMINISTRATOR'S GUIDE
"The Graphics Interchange Format(c) is the Copyright property of CompuServe Incorporated. GIF(sm) is a Service Mark property of CompuServe Incorporated."
LIBNKFM 2.0.5 Copyright (C) KUBO Takehiro -----------------------------------------------------------------------------
LIBPNG 1.2.29 Copyright (C) 2004, 2006-2008, Glenn Randers-Pehrson -----------------------------------------------------------------
LIBSPF2 1.2.9 Copyright (C) 2005, Shevek and Wayne Schlitt ----------------------------------------------------------------The code in the libspf2 distribution is Copyright 2005 by Shevek and Wayne Schlitt, all rights reserved. Copyright retained for the purpose of protecting free software redistribution. The two-clause BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIESOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
LIBUNGIF 3.0 Copyright (C) 1997, Eric S. Raymond ----------------------------------------------------------------The GIFLIB distribution is Copyright (c) 1997 Eric S. Raymond
90
INFORMATION
ABOUT THIRD-PARTY CODE
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
LIBXDR Copyright (C) Sun Microsystems, Inc ----------------------------------------------------------------Sun RPC is a product of Sun Microsystems, Inc. and is provided for unrestricted use provided that this legend is included on all tape media and as a part of the software program in whole or part. Users may copy or modify Sun RPC without charge, but are not authorized to license or distribute it to anyone else except as part of a product or program developed by the user.
SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
Sun RPC is provided with no support and without any obligation on the part of Sun Microsystems, Inc. to assist in its use, correction, modification or enhancement. SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC OR ANY PART THEREOF. In no event will Sun Microsystems, Inc. be liable for any lost revenue or profits or other special, indirect and consequential damages, even if Sun has been advised of the possibility of such damages. Sun Microsystems, Inc. 2550 Garcia Avenue Mountain View, California 94043
LOKI 0.1.3 Copyright (C) 2001, Andrei Alexandrescu ----------------------------------------------------------------------------Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to
91
ADMINISTRATOR'S GUIDE
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
LZMA SDK 4.43 -----------------------------------------------------------------------------
MICROSOFT ENTERPRISE LIBRARY 4.1 Copyright (C) 2008, Microsoft Corporation ----------------------------------------------------------------------------Distributed under the terms of the Microsoft Public License (Ms-PL).
MICROSOFT VISUAL STUDIO 2008 (MSVCP80.DLL, MSVCR80.DLL) Copyright (C) Microsoft Corporation -----------------------------------------------------------------------------
OPENSSL 0.9.8D Copyright (C) 1998-2007, The OpenSSL Project ----------------------------------------------------------------------------LICENSE ISSUES
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License
Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
92
INFORMATION
ABOUT THIRD-PARTY CODE
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ===============================================================
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License
Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
93
ADMINISTRATOR'S GUIDE
All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
94
INFORMATION
ABOUT THIRD-PARTY CODE
The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]
PCRE 7.4, 7.7 Copyright (C) 1997-2008, University of Cambridge -----------------------------------------------------------------------------
PCRE LICENCE
PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language.
Release 7 of PCRE is distributed under the terms of the "BSD" licence, as specified below. The documentation for PCRE, supplied in the "doc" directory, is distributed under the same terms as the software itself.
The basic library functions are written in C and are freestanding. Also included in the distribution is a set of C++ wrapper functions.
THE BASIC LIBRARY FUNCTIONS
Written by:
Philip Hazel
Email local part: ph10 Email domain:
cam.ac.uk
University of Cambridge Computing Service, Cambridge, England.
Copyright (c) 1997-2007 University of Cambridge All rights reserved.
THE C++ WRAPPER FUNCTIONS
Contributed by: Google Inc.
95
ADMINISTRATOR'S GUIDE
Copyright (c) 2007, Google Inc. All rights reserved.
THE "BSD" LICENCE
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the University of Cambridge nor the name of Google Inc. nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
RFC1321-BASED (RSA-FREE) MD5 LIBRARY Copyright (C) 1999, 2002, Aladdin Enterprises -----------------------------------------------------------------------------
SPRING.NET 1.2.0 Copyright (C) 2008, SpringSource -----------------------------------------------------------------------------
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
96
INFORMATION
ABOUT THIRD-PARTY CODE
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: You must give any other recipients of the Work or Derivative Works a copy of this License; and You must cause any modified files to carry prominent notices stating that You changed the files; and You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own
97
ADMINISTRATOR'S GUIDE
attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NONINFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
SQLITE 3.6.18 -----------------------------------------------------------------------------
98
INFORMATION
ABOUT THIRD-PARTY CODE
WPF TOOLKIT 3.5.40128.1 Copyright (C) 2010, Microsoft Corporation ----------------------------------------------------------------------------Distributed under the terms of the Microsoft Public License (Ms-PL)
ZLIB 1.2, 1.2.3 Copyright (C) 1995-2005, Jean-loup Gailly and Mark Adler -----------------------------------------------------------------------------
OTHER INFORMATION Additional information about third-party code Digital signature verification is performed using the "Agava-C" software data protection library developed by R-Alpha LLC.
99
GLOSSARY A ADDITIONAL LICENSE The license that was installed in a Kaspersky Lab application but has not been activated. An additional license becomes active when the current license expires.
ADMINISTRATION CONSOLE Kaspersky Security application component. Provides the user interface for managing the applicationâ&#x20AC;&#x2122;s administrative services, and enables configuration of the application and management of the server component. The management module is implemented as an extension of the Microsoft Management Console (MMC).
ADMINISTRATORâ&#x20AC;&#x2122;S WORKSTATION Computer with the installed Administration Console component of Kaspersky Security. It is used to configure and manage the server part of the application - the Security Server.
B BACKUP COPYING Creation of a backup object copy before its processing and addition of that copy to Backup storage. Later objects in Backup can be restored, sent to Kaspersky Lab for examination or deleted.
BACKUP STORAGE Special storage for backup copies of objects saved before their disinfection, removal or replacement. It is a service subfolder in the application data folder created during Security Server installation.
BLACK LIST OF KEY FILES Database containing information about the keys blocked by Kaspersky Lab. The black list file content is updated along with the product databases.
C CONTAINER OBJECT An object consisting of several objects, for example, an archive, a message with an attached letter. Please see also simple object.
D DISINFECTION The method for handling of infected objects, which allows the processing application to perform complete or partial data recovery, or conclude that objects cannot be disinfected. Disinfection is based on the records in product databases. Prior to object disinfection, the application processing it creates its backup copy unless that functionality is disabled. Some data can be lost during disinfection. To restore an object in the original condition its backup copy can be used.
F FORMAL MESSAGE Notifications automatically generated and sent by mail programs, robots (for instance, informing about inability to deliver a letter or confirming user registration on a web site).
100
GLOSSARY
I INFECTED OBJECT An object containing malicious code. It is detected when a section of the object's code completely matches a section of the code of a known threat. Kaspersky Lab does not recommend using such objects since they may infect your computer.
INTERCEPTOR Subcomponent of the Security Server responsible for scanning of specific types of e-mail messages. The set of interceptors, which will be installed, depends upon the role or combination of roles selected during Microsoft Exchange Server deployment.
K KASPERSKY LAB'S UPDATE SERVERS The list of Kaspersky Lab's HTTP and FTP servers from which the application downloads databases and module updates to your computer.
KASPERSKY SECURITY DATABASES Database maintained by the experts at Kaspersky Lab and containing detailed descriptions of all existing threats to computer security, methods of their detection and neutralization. The database is constantly updated at Kaspersky Lab as new threats emerge.
KEY FILE File with the .key extension, which contains your personal product key necessary for work with a Kaspersky Lab application. The key file is included into the distribution kit (if you purchased it from distributors of Kaspersky Lab) or it arrives in e-mail, if you bought the product online.
L LICENSE VALIDITY PERIOD Time period during which you are entitled to use complete functionality of a Kaspersky Lab application. Typically, validity period of a license is one calendar year since its installation. After the license expires, the application has reduced functionality. You will not be able to update the application databases.
LIST OF ALLOWED SENDERS (also known as the white list of addresses) The list of e-mail addresses which send messages that should not be scanned by Kaspersky Lab application.
LIST OF BLOCKED SENDERS (also known as the black list of addresses) The list of e-mail addresses which send messages that should be blocked by the Kaspersky Lab application, regardless of their content.
M MESSAGE DELETION Method of processing an e-mail message which implies physical removal of the message. It is advised to apply this method to messages which unambiguously contain spam or malicious objects. Before deleting a message, a copy of it is saved in the Backup (unless this option is disabled).
101
ADMINISTRATOR'S GUIDE
O OBJECT REMOVAL Method of objects processing, which implies its physical removal from computer. Such treatment is recommended for infected objects. Prior to object removal, the application processing it creates its backup copy unless that functionality is disabled. You can use the copy to restore the original object.
OBJECT SUBSTITUTION It is a method of object processing, which implies replacing the original object with placeholder text (message body) or txt file (attachment) generated according to a replacement template.
R RESTORATION Relocation of a backup object copy from Backup storage to the administrator-defined folder, its decryption and saving under the specified name. The restored file will have the same format it had when it was first processed by the application.
S SECURITY SERVER Server component of Kaspersky Security. The Security Server which scans email traffic for viruses and spam, performs anti-virus database updates, ensures the integrity of the application and its data storage, and enables administrative services for remote management and configuration. The component includes one or several interceptors.
SIMPLE OBJECT Message body or plain attachment, for example, an executable file. See also container object.
SKIPPING OF AN OBJECT Processing method, which means that an object is allowed to pass to the user unchanged. Please note that selection of that method may result in computer infection.
SPAM Unsolicited mass e-mail, most often containing advertising messages.
STORAGES SCAN Anti-virus scanning of messages stored on e-mail server and the content of public folders using the latest database version. Background scans can be launched either automatically (using a schedule), or manually. The scan involves all protected public folders and mailbox storages. Scanning may reveal new viruses that had not been included into the database during earlier scans.
SUSPICIOUS OBJECT Object containing modified code of a known virus or code that resembles a virus yet unknown to Kaspersky Lab. Suspicious objects are revealed using the heuristic analyzer.
T TRAFFIC SCANNING Real-time anti-virus and anti-spam scanning of e-mail messages that arrive on a Microsoft Exchange server using the current (latest) version of the anti-virus and anti-spam database.
102
GLOSSARY
U UNKNOWN VIRUS A new virus that is not yet registered in databases. Generally unknown viruses are detected by the application in objects using the heuristic analyzer, and those objects are classified as potentially infected.
UPDATE The procedure of replacing/adding new files (databases or application modules) retrieved from the update servers of Kaspersky Lab.
103
KASPERSKY LAB Kaspersky Lab was founded in 1997. Today it is the leading Russian developer of a wide range of high-performance information security software products, including anti-virus, anti-spam and anti-hacking systems. Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has offices in the United Kingdom, France, Germany, Japan, the Benelux countries, China, Poland, Romania and the USA (California). A new company office, the European Anti-Virus Research Centre, has recently been established in France. Kaspersky Lab's partner network includes over 500 companies worldwide. Today, Kaspersky Lab employs over a thousand highly qualified specialists, including 10 MBA degree holders and 16 PhD degree holders. Senior experts holding membership in the Computer Anti-Virus Researchers Organization (CARO). The company's most valuable assets are the unique knowledge and collective expertise accumulated during fourteen years of continuous fighting against computer viruses. A thorough analysis of computer viruses activity enables the company's specialists to anticipate trends in the development of malware, and to provide our users with timely protection against new types of attacks. Resistance to future attacks is the basic policy implemented in all Kaspersky Lab's products. The company's products always remain one step ahead of other vendors in delivering anti-virus coverage to our clients. Years of hard work have made the company one of the top anti-virus software developers. Kaspersky Lab was one of the first businesses of its kind to develop the highest standards for anti-virus defense. The company's flagship product, Kaspersky Anti-VirusÂŽ, provides full-scale protection for all tiers of a network, including workstations, file servers, mail systems, firewalls, Internet gateways, and hand-held computers. Its convenient and easy-to-use management tools maximize the degree of automation of anti-virus protection of computers and corporate networks. Many well-known manufacturers use the Kaspersky Anti-Virus kernel in their products, including: Nokia ICG (USA), Aladdin (Israel), Sybari (USA), G Data (Germany), Deerfield (USA), Alt-N (USA), Microworld (India), and BorderWare (Canada). Kaspersky Lab's customers benefit from a wide range of additional services that ensure both stable operation of the company's products, and compliance with specific business requirements. We design, implement and support corporate anti-virus systems. Kaspersky Lab's anti-virus database is updated every hour. The company provides its customers with 24-hour technical support service in several languages If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to assist you in any matters related to our product by phone or via email. Rest assured that all of your recommendations and suggestions will be thoroughly reviewed and considered. Kaspersky Labâ&#x20AC;&#x2122;s web site:
http://www.kaspersky.com
Virus Encyclopedia:
http://www.viruslist.com
Anti-Virus Lab:
newvirus@kaspersky.com (only for sending suspicious objects in archives) http://support.kaspersky.ru/virlab/helpdesk.html?LANG=en (for queries to virus analysts)
104
KASPERSKY LAB END USER LICENSE AGREEMENT IMPORTANT LEGAL NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT BEFORE YOU START USING THE SOFTWARE. BY CLICKING THE ACCEPT BUTTON IN THE LICENSE AGREEMENT WINDOW OR BY ENTERING CORRESPONDING SYMBOL(-S) YOU CONSENT TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. SUCH ACTION IS A SYMBOL OF YOUR SIGNATURE AND YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT AND AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY YOU. IF YOU DO NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, CANCEL THE INSTALLATION OF THE SOFTWARE AND DO NOT INSTALL THE SOFTWARE. IF LICENSE CONTRACT OR SIMILAR DOCUMENT ACCOMPANIES SOFTWARE, TERMS OF THE SOFTWARE USE DEFINED IN SUCH DOCUMENT PREVAIL OVER CURRENT END USER LICENSE AGREEMENT. AFTER CLICKING THE ACCEPT BUTTON IN THE LICENSE AGREEMENT WINDOW OR AFTER ENTERING CORRESPONDING SYMBOL(-S) YOU HAVE THE RIGHT TO USE THE SOFTWARE IN ACCORDANCE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT.
1.
Definitions
1.1. 1.2.
Software means software including any Updates and related materials. Rightholder (owner of all rights, whether exclusive or otherwise to the Software) means Kaspersky Lab ZAO, a company incorporated according to the laws of the Russian Federation. Computer(s) means hardware(s), including personal computers, laptops, workstations, personal digital assistants, ‘smart phones’, hand-held devices, or other electronic devices for which the Software was designed where the Software will be installed and/or used. End User (You/Your) means individual(s) installing or using the Software on his or her own behalf or who is legally using a copy of the Software; or, if the Software is being downloaded or installed on behalf of an organization, such as an employer, "You" further means the organization for which the Software is downloaded or installed and it is represented hereby that such organization has authorized the person accepting this agreement to do so on its behalf. For purposes hereof the term "organization," without limitation, includes any partnership, limited liability company, corporation, association, joint stock company, trust, joint venture, labor organization, unincorporated organization, or governmental authority. Partner(s) means organizations or individual(s), who distributes the Software based on an agreement and license with the Rightholder. Update(s) means all upgrades, revisions, patches, enhancements, fixes, modifications, copies, additions or maintenance packs etc. User Manual means user manual, administrator guide, reference book and related explanatory or other materials.
1.3.
1.4.
1.5. 1.6. 1.7.
2.
Grant of License
2.1.
The Rightholder hereby grants You a non-exclusive license to store, load, install, execute, and display (to "use") the Software on a specified number of Computers in order to assist in protecting Your Computer on which the Software is installed, from threats described in the User Manual, according to the all technical requirements described in the User Manual and according to the terms and conditions of this Agreement (the "License") and you accept this License: Trial Version. If you have received, downloaded and/or installed a trial version of the Software and are hereby granted an evaluation license for the Software, you may use the Software only for evaluation purposes and only during the single applicable evaluation period, unless otherwise indicated, from the date of the initial installation. Any use of the Software for other purposes or beyond the applicable evaluation period is strictly prohibited. Multiple Environment Software; Multiple Language Software; Dual Media Software; Multiple Copies; Bundles. If you use different versions of the Software or different language editions of the Software, if you receive the Software on multiple media, if you otherwise receive multiple copies of the Software, or if you received the Software bundled with other software, the total permitted number of your Computers on which all versions of the Software are installed shall correspond to the number of computers specified in licenses you have obtained
105
ADMINISTRATOR'S GUIDE
from the Rightholder provided that unless the licensing terms provide otherwise, each acquired license entitles you to install and use the Software on such a number of Computer(s) as is specified in Clauses 2.2 and 2.3. 2.2. 2.3. 2.4.
2.5.
If the Software was acquired on a physical medium You have the right to use the Software for protection of such a number of Computer(s) as is specified on the Software package. If the Software was acquired via the Internet You have the right to use the Software for protection of such a number of Computers that was specified when You acquired the License to the Software. You have the right to make a copy of the Software solely for back-up purposes and only to replace the legally owned copy if such copy is lost, destroyed or becomes unusable. This back-up copy cannot be used for other purposes and must be destroyed when you lose the right to use the Software or when Your license expires or is terminated for any other reason according to the legislation in force in the country of your principal residence or in the country where You are using the Software. From the time of the Software activation or after license key file installation (with the exception of a trial version of the Software) You have the right to receive the following services for the defined period specified on the Software package (if the Software was acquired on a physical medium) or specified during acquisition (if the Software was acquired via the Internet): Updates of the Software via the Internet when and as the Rightholder publishes them on its website or through other online services. Any Updates that you may receive become part of the Software and the terms and conditions of this Agreement apply to them; Technical Support via the Internet and Technical Support telephone hotline.
3.
Activation and Term
3.1.
If You modify Your Computer or make changes to other vendorsâ&#x20AC;&#x2122; software installed on it, You may be required by the Rightholder to repeat activation of the Software or license key file installation. The Rightholder reserves the right to use any means and verification procedures to verify the validity of the License and/or legality of a copy of the Software installed and/or used on Your Computer. If the Software was acquired on a physical medium, the Software can be used, upon your acceptance of this Agreement, for the period that is specified on the package commencing upon acceptance of this Agreement. If the Software was acquired via the Internet, the Software can be used, upon your acceptance of this Agreement, for the period that was specified during acquisition. You have the right to use a trial version of the Software as provided in Clause 2.1 without any charge for the single applicable evaluation period (30 days) from the time of the Software activation according to this Agreement provided that the trial version does not entitle You Updates and Technical support via the Internet and Technical support telephone hotline. Your License to Use the Software is limited to the period of time as specified in Clauses 3.2 or 3.3 (as applicable) and the remaining period can be viewed via means described in User Manual. If You have acquired the Software that is intended to be used on more than one Computer then Your License to Use the Software is limited to the period of time starting from the date of activation of the Software or license key file installation on the first Computer. Without prejudice to any other remedy in law or in equity that the Rightholder may have, in the event of any breach by You of any of the terms and conditions of this Agreement, the Rightholder shall at any time without notice to You be entitled to terminate this License to use the Software without refunding the purchase price or any part thereof. You agree that in using the Software and in using any report or information derived as a result of using this Software, you will comply with all applicable international, national, state, regional and local laws and regulations, including, without limitation, privacy, copyright, export control and obscenity law. Except as otherwise specifically provided herein, you may not transfer or assign any of the rights granted to you under this Agreement or any of your obligations pursuant hereto.
3.2. 3.3. 3.4.
3.5. 3.6.
3.7.
3.8.
3.9.
4.
Technical Support
4.1.
The Technical Support described in Clause 2.5 of this Agreement is provided to You when the latest Update of the Software is installed (except for a trial version of the Software). Technical support service: http://support.kaspersky.com
5.
Limitations
5.1.
You shall not emulate, clone, rent, lend, lease, sell, modify, decompile, or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non-waivable right granted to You by applicable legislation, and you shall not otherwise reduce any part of the Software to human readable form or transfer the licensed Software, or any subset of the licensed Software, nor permit any third party to do so, except to the extent the foregoing restriction is expressly prohibited by applicable law. Neither Softwareâ&#x20AC;&#x2122;s binary code nor source may be used or reverse engineered to re-create the program algorithm, which is proprietary. All rights not expressly granted herein are reserved by Rightholder and/or its suppliers, as applicable. Any such unauthorized use of the Software shall result in immediate and automatic termination of this Agreement and the License granted hereunder and may result in criminal and/or civil prosecution against You.
106
KASPERSKY LAB END USER LICENSE AGREEMENT
5.2. 5.3. 5.4. 5.5. 5.6. 5.7.
You shall not transfer the rights to use the Software to any third party. You shall not provide the activation code and/or license key file to third parties or allow third parties access to the activation code and/or license key which are deemed confidential data of Rightholder. You shall not rent, lease or lend the Software to any third party. You shall not use the Software in the creation of data or software used for detection, blocking or treating threats described in the User Manual. The Rightholder has the right to block the key file or to terminate Your License to use the Software in the event You breach any of the terms and conditions of this Agreement and without any refund to You. If You are using the trial version of the Software You do not have the right to receive the Technical Support specified in Clause 4 of this Agreement and You don’t have the right to transfer the license or the rights to use the Software to any third party.
6.
Limited Warranty and Disclaimer
6.1.
The Rightholder guarantees that the Software will substantially perform according to the specifications and descriptions set forth in the User Manual provided however that such limited warranty shall not apply to the following: (w) Your Computer’s deficiencies and related infringement for which Rightholder’s expressly disclaims any warranty responsibility; (x) malfunctions, defects, or failures resulting from misuse; abuse; accident; neglect; improper installation, operation or maintenance; theft; vandalism; acts of God; acts of terrorism; power failures or surges; casualty; alteration, non-permitted modification, or repairs by any party other than Rightholder; or any other third parties’ or Your actions or causes beyond Rightholder’s reasonable control; (y) any defect not made known by You to Rightholder as soon as practical after the defect first appears; and (z) incompatibility caused by hardware and/or software components installed on Your Computer. You acknowledge, accept and agree that no software is error free and You are advised to back-up the Computer, with frequency and reliability suitable for You. The Rightholder does not provide any guarantee that the Software will work correctly in case of violations of the terms described in the User Manual or in this Agreement. The Rightholder does not guarantee that the Software will work correctly if You do not regularly download Updates specified in Clause 2.5 of this Agreement. The Rightholder does not guarantee protection from the threats described in the User Manual after the expiration of the period specified in Clauses 3.2 or 3.3 of this Agreement or after the License to use the Software is terminated for any reason. THE SOFTWARE IS PROVIDED "AS IS" AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESSED OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. YOU ASSUME ALL FAULTS, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DISCLOSED TO THE RIGHTHOLDER .
6.2. 6.3. 6.4. 6.5.
6.6.
7.
Exclusion and Limitation of Liability
7.1.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE RIGHTHOLDER OR ITS PARTNERS BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION, FOR BUSINESS INTERRUPTION, FOR LOSS OF PRIVACY, FOR CORRUPTION, DAMAGE AND LOSS OF DATA OR PROGRAMS, FOR FAILURE TO MEET ANY DUTY INCLUDING ANY STATUTORY DUTY, DUTY OF GOOD FAITH OR DUTY OF REASONABLE CARE, FOR NEGLIGENCE, FOR ECONOMIC LOSS, AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE, THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT OR OTHER SERVICES, INFORMATON, SOFTWARE, AND RELATED CONTENT THROUGH THE SOFTWARE OR OTHERWISE ARISING OUT OF THE USE OF THE SOFTWARE, OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS AGREEMENT, OR ARISING OUT OF ANY BREACH OF CONTRACT OR ANY TORT (INCLUDING NEGLIGENCE, MISREPRESENTATION, ANY STRICT LIABILITY OBLIGATION OR DUTY), OR ANY BREACH OF STATUTORY DUTY, OR ANY BREACH OF WARRANTY OF THE RIGHTHOLDER OR ANY OF ITS PARTNERS, EVEN IF THE RIGHTHOLDER OR ANY PARTNER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
107
ADMINISTRATOR'S GUIDE
YOU AGREE THAT IN THE EVENT THE RIGHTHOLDER AND/OR ITS PARTNERS ARE FOUND LIABILE, THE LIABILITY OF THE RIGHTHOLDER AND/OR ITS PARTNERS SHALL BE LIMITED BY THE COSTS OF THE SOFTWARE. IN NO CASE SHALL THE LIABILITY OF THE RIGHTHOLDER AND/OR ITS PARTNERS EXCEED THE FEES PAID FOR THE SOFTWARE TO THE RIGHTHOLDER OR THE PARTNER (AS MAY BE APPLICABLE). NOTHING IN THIS AGREEMENT EXCLUDES OR LIMITS ANY CLAIM FOR DEATH AND PERSONAL INJURY. FURTHER IN THE EVENT ANY DISCLAIMER, EXCLUSION OR LIMITATION IN THIS AGREEMENT CANNOT BE EXLUDED OR LIMITED ACCORDING TO APPLICABLE LAW THEN ONLY SUCH DISCLAIMER, EXCLUSION OR LIMITATION SHALL NOT APPLY TO YOU AND YOU CONTINUE TO BE BOUND BY ALL THE REMAINING DISCLAIMERS, EXCLUSIONS AND LIMITATIONS. 8.
GNU and Other Third Party Licenses
8.1.
The Software may include some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar free software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code ("Open Source Software"). If such licenses require that for any software, which is distributed to someone in an executable binary format, that the source code also be made available to those users, then the source code should be made available by sending the request to source@kaspersky.com or the source code is supplied with the Software. If any Open Source Software licenses require that the Rightholder provide rights to use, copy or modify an Open Source Software program that are broader than the rights granted in this Agreement, then such rights shall take precedence over the rights and restrictions herein.
9.
Intellectual Property Ownership
9.1.
You agree that the Software and the authorship, systems, ideas, methods of operation, documentation and other information contained in the Software, are proprietary intellectual property and/or the valuable trade secrets of the Rightholder or its partners and that the Rightholder and its partners, as applicable, are protected by civil and criminal law, and by the law of copyright, trade secret, trademark and patent of the Russian Federation, European Union and the United States, as well as other countries and international treaties. This Agreement does not grant to You any rights to the intellectual property including any the Trademarks or Service Marks of the Rightholder and/or its partners ("Trademarks"). You may use the Trademarks only insofar as to identify printed output produced by the Software in accordance with accepted trademark practice, including identification of the Trademark ownerâ&#x20AC;&#x2122;s name. Such use of any Trademark does not give you any rights of ownership in that Trademark. The Rightholder and/or its partners own and retain all right, title, and interest in and to the Software, including without limitation any error corrections, enhancements, Updates or other modifications to the Software, whether made by the Rightholder or any third party, and all copyrights, patents, trade secret rights, trademarks, and other intellectual property rights therein. Your possession, installation or use of the Software does not transfer to you any title to the intellectual property in the Software, and you will not acquire any rights to the Software except as expressly set forth in this Agreement. All copies of the Software made hereunder must contain the same proprietary notices that appear on and in the Software. Except as stated herein, this Agreement does not grant you any intellectual property rights in the Software and you acknowledge that the License, as further defined herein, granted under this Agreement only provides you with a right of limited use under the terms and conditions of this Agreement. Rightholder reserves all rights not expressly granted to you in this Agreement. You agree not to modify or alter the Software in any way. You may not remove or alter any copyright notices or other proprietary notices on any copies of the Software.
9.2.
10.
Governing Law; Arbitration
10.1.
This Agreement will be governed by and construed in accordance with the laws of the Russian Federation without reference to conflicts of law rules and principles. This Agreement shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. Any dispute arising out of the interpretation or application of the terms of this Agreement or any breach thereof shall, unless it is settled by direct negotiation, be settled by in the Tribunal of International Commercial Arbitration at the Russian Federation Chamber of Commerce and Industry in Moscow, the Russian Federation. Any award rendered by the arbitrator shall be final and binding on the parties and any judgment on such arbitration award may be enforced in any court of competent jurisdiction. Nothing in this Section 10 shall prevent a Party from seeking or obtaining equitable relief from a court of competent jurisdiction, whether before, during or after arbitration proceedings.
11.
Period for Bringing Actions
11.1.
No action, regardless of form, arising out of the transactions under this Agreement, may be brought by either party hereto more than one (1) year after the cause of action has occurred, or was discovered to have occurred,
108
KASPERSKY LAB END USER LICENSE AGREEMENT
except that an action for infringement of intellectual property rights may be brought within the maximum applicable statutory period. 12.
Entire Agreement; Severability; No Waiver
12.1.
This Agreement is the entire agreement between you and Rightholder and supersedes any other prior agreements, proposals, communications or advertising, oral or written, with respect to the Software or to subject matter of this Agreement. You acknowledge that you have read this Agreement, understand it and agree to be bound by its terms. If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, void, or unenforceable for any reason, in whole or in part, such provision will be more narrowly construed so that it becomes legal and enforceable, and the entire Agreement will not fail on account thereof and the balance of the Agreement will continue in full force and effect to the maximum extent permitted by law or equity while preserving, to the fullest extent possible, its original intent. No waiver of any provision or condition herein shall be valid unless in writing and signed by you and an authorized representative of Rightholder provided that no waiver of any breach of any provisions of this Agreement will constitute a waiver of any prior, concurrent or subsequent breach. Rightholderâ&#x20AC;&#x2122;s failure to insist upon or enforce strict performance of any provision of this Agreement or any right shall not be construed as a waiver of any such provision or right.
13.
Rightholder Contact Information
Should you have any questions concerning this Agreement, or if you desire to contact the Rightholder for any reason, please contact our Customer Service Department at: Kaspersky Lab ZAO, 10 build. 1, 1 Moscow, 123060 Russian Federation Tel: +7-495-797-8700 Fax: +7-495-645-7939 E-mail: info@kaspersky.com Web site: www.kaspersky.com
st
Volokolamsky Proezd
Š 1997-2010 Kaspersky Lab ZAO. All Rights Reserved. The Software and any accompanying documentation are copyrighted and protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties.
109
INDEX A Anti-Spam black list .................................................................................................................................................................. 52 importing the list of allowed senders ....................................................................................................................... 52 list of allowed senders ............................................................................................................................................ 52 list of blocked senders ............................................................................................................................................ 52 potential spam rating .............................................................................................................................................. 56 sensitivity level........................................................................................................................................................ 52 white list .................................................................................................................................................................. 52 Application components ............................................................................................................................................... 14 APPLICATION INTERFACE ........................................................................................................................................ 31 APPLICATION SETUP................................................................................................................................................. 18 Attachments ................................................................................................................................................................. 47
B Background scan ......................................................................................................................................................... 48 Backup purging Backup....................................................................................................................................................... 64 viewing the backup copy......................................................................................................................................... 61 Black list Anti-Spam ............................................................................................................................................................... 52
C Checking functioning .................................................................................................................................................... 23 Clusters ........................................................................................................................................................................ 17
D Diagnostics................................................................................................................................................................... 73
E EICAR .......................................................................................................................................................................... 23 EVENT LOG ................................................................................................................................................................. 73 Exclusions .................................................................................................................................................................... 47
K Kaspersky lab............................................................................................................................................................. 104
M Main window ................................................................................................................................................................ 31 Console tree ........................................................................................................................................................... 31
N Notifications.................................................................................................................................................................. 65
P Protection for mailboxes ............................................................................................................................................... 30 Protection of public folders ........................................................................................................................................... 30 Protection of storages .................................................................................................................................................. 30
110
INDEX
R REPORTS .................................................................................................................................................................... 67
S Security Server ............................................................................................................................................................. 14 Server adding ............................................................................................................................................................... 37 Starting Administration Console ........................................................................................................................................... 37
T Toolbar ......................................................................................................................................................................... 31
U UPDATE....................................................................................................................................................................... 40
W White list Anti-Spam ............................................................................................................................................................... 52
111