User manual F-SECURE ANTI-VIRUS LINUX SERVER SECURITY ADMINISTRATOR GUIDE

[. . . ] F-Secure Anti-Virus Linux Server Security Administrator's Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered trademarks of F-Secure Corporation. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. [. . . ] 84 83 84 B. 1 Introduction This section describes how to install required kernel modules manually. You may need to do this in the following cases: > > You forgot to use Software Installation Mode and the system is not working properly. In large installations some hosts may not include development tools or kernel source. B. 2 Before Installing Required Kernel Modules Before installing required kernel modules, you must do the following: > > Make sure that the running kernel version is the same as the version of the kernel sources installed. On some distributions, such as older SUSE distributions, you may need to go to /usr/src/linux and run commands make cloneconfig and make modules_prepare before the kernel sources match the installed kernel. B. 3 Installation Instructions Follow the instructions below to install required kernel modules: 1. Run the following command as the root user: /opt/f-secure/fsav/bin/fsav-compile-drivers 2. If the summary page in the user interface does not show any errors, the product is working correctly. CHAPTER B Installing Required Kernel Modules Manually fsav-compile-drivers is a shell script that configures and compiles the Dazuko driver automatically for your system and for the product. You can download the Dazuko driver from www. dazuko. org and use it with the product, but it is not recommended. The product has been extensively tested only with the Dazuko version that ships with the product, which is installed in /opt/f-secure/fsav/ dazuko. tar. gz. If your Linux distribution has a preinstalled Dazuko, it cannot be used as Dazuko depends on the included patches and configuration options, which are likely different in the preinstalled Dazuko. Uninstall the preinstalled Dazuko or make sure that it is not run during the system startup and follow the installation instructions above to install Dazuko with all required patches and configuration options. 85 C Riskware Types Riskware Categories and Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 86 CHAPTER C Riskware Types 87 C. 1 Riskware Categories and Platforms Use the following list of riskware categories and platforms to exclude specific riskware from the riskware scan. Category: Platform: > > > > > > > > > > > > > > > > > > > Adware AVTool Client-IRC Client-SMTP CrackTool Dialer Downloader Effect FalseAlarm Joke Monitor NetTool Porn-Dialer Porn-Downloader Porn-Tool Proxy PSWTool RemoteAdmin RiskTool > > > > > > > > > > > > > > > > > > > Apropos BAT Casino ClearSearch DOS DrWeb Dudu ESafe HTML Java JS Linux Lop Macro Maxifiles NAI NaviPromo NewDotNet Palm 88 Category: Platform: > > > > > Server-FTP Server-Proxy Server-Telnet Server-Web Tool > > > > > > > > > > > > > Perl PHP Searcher Solomon Symantec TrendMicro UNIX VBA VBS Win16 Win32 Wintol ZenoSearch CHAPTER C Riskware Types 89 D List of Used System Resources Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Installed Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Network Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Memory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 CPU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 90 CHAPTER D List of Used System Resources 91 D. 1 Overview This appendix summarizes the system resources used by the product. D. 2 Installed Files All files installed by the product are in the following directories: /opt/f-secure /etc/opt/f-secure /var/opt/f-secure In addition, the installation creates the following symlinks: /usr/bin/fsav -> /opt/f-secure/fssp/bin/fsav /usr/bin/fsic -> /opt/f-secure/fsav/bin/fsic /usr/bin/fsui -> /opt/f-secure/fsav/bin/fsui /usr/share/man/man1/fsav. 1 -> /opt/f-secure/fssp/man/fsav. 1 /usr/share/man/man8/fsavd. 8 -> /opt/f-secure/fssp/man/fsavd. 8 D. 3 Network Resources When running, the product reserves the following IP ports: Interface lo Protocol tcp Port 28005 Comment Web User Interface internal communication port PostgreSQL alert database Local Web User Interface access Remote SSL Web User Interface access (if enabled) lo lo any tcp tcp tcp 28078 28080 28082 92 D. 4 Memory The Web User Interface reserves over 200 MB of memory, but since the WebUI is not used all the time, the memory is usually swapped out. The other product components sum up to about 50 MB of memory, the on-access scanner uses the majority of it. The memory consumption depends on the amount of file accesses on the system. If several users are logged in to the system and all of them access lots of files, the memory consumption grows. D. 5 CPU The load on the processor depends on the amount of file accesses on the system, as the on-access scanner scans every file that is opened and closed. The CPU usage grows when many users are logged in to the system at the same time. Some software products are designed to access many files and the on-access scanning can slow down these products noticeably. E Troubleshooting User Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 F-Secure Policy Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] # # Possible values: # auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6, local7 - auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6, local7 # daemonSyslogFacility daemon # # Obsolete setting. # # Possible values: # 0 - No # 1 - Yes # 2 - Auto # daemonStandalone 0 # # Specify the level of messages to log to the debug logfile. # # Possible values: # 0 - Nothing APPENDIX G Config Files # 1 - Emergency # 2 - Alert # 3 - Critical # 4 - Error # 5 - Warning # 6 - Notice # 7 - Info # 8 - Debug # 9 - Everything # debugLogLevel 0 199 # # Specify the full name of the debug logfile. # debugLogFile /var/opt/f-secure/fssp/fssp. log # # The keycode entered during installation. [. . . ]