Kaspersky Anti-Virus 5.5 for Proxy Server MP1 (5.5.39)

What's new?

• Added support for Cisco Content Engine, BlueCoat ProxySSG and NetCache appliances.
• Added support of Squid 2.6.
• Added support of 64-bit Linux and FreeBSD distributions.
• Improved the installation and configuration procedure.
• Revised the Administrator's Manual.

kavicapserver

• Added ICAP Preview support. Can be configured by using "PreviewSize".
• ICAP "Allow 204" answer can be configured using "Allow204" parameter.
• Added "processed_traffic" and "clean_traffic" counters in the counters statistics.

keepup2date

• Added PassiveFtp=yes in the default config.
• Implemented Diff updates scheme, which significantly reduces update traffic.

Changed Features

• Changed the distribution file layout:
  • For Linux systems the new file layout conforms to FHS 2.3.
  • For FreeBSD systems the new file layout conforms to hier(7).

kavicapserver

• Antivirus databases can be specified for every user group in the section [icapserver.engine.options]. Section [icapserver.engine] is obsolete.
• Improved handling of core files.
• acktrace now is stored in a separate file. This file is located in the core file directory.
• onfiguring of group parameters has been enhanced. If you want to specify parameters for a group in a separate section, you can specify only parameters you would like to alter in this section. Other parameters will be retrieved from the default group for this section.
• The antivirus scan time limit "MaxScanTime" is now in the section [icapserver.engine.options]. When this time is exceeded, scanned object will produce the "error" verdict).
• All objects which fall under one of the filtering rules obtain the "FILTERED" verdict.
• Filtered objects are shown in the report file if ShowOk is turned on.
• Parameter "HTTPClientIpField" is obsolete.
• Improved performance of statistics.
• Improved performance of ICAP requests handling.

keepup2date

• Changed RegionSettings parameter notation according to ISO 3166.
• Ïàðàìåòðû DiffUtilPath, UploadPatchPath parameters are no longer used.

Fixed Problems

kavicapserver

• License notifications are fixed.
• Possibility of a dead loop in the antivirus engine fixed. If there is a dead loop in the AV bases and MaxScanTime is specified, the scan of the object is cancelled not later than 60 sec after the MaxScanTime is expired.

keepup2date

• Fixed updating from a local directory.
• Fixed return codes.

Product Overview

Kaspersky Anti-Virus for Proxy Server performs Anti-Virus processing of traffic at a proxy server. The product is integrated with a proxy server using the ICAP protocol, thus the proxy must support it. The Kaspersky Anti-Virus for Proxy Server provides the following functionality:

1. Scanning of HTTP traffic for malware, including the following options:
   • Scanning of all infectable object types
   • Scanning of containers (compound objects)
   • Blocking access to an infected/suspicious object
   • Disinfection of an infected object (if possible)
   • Flexible setup of object types to check
   • Possibility to chose AV-database type (standard/extended)
   • AV-engine options configuration
2. Possibility to notify the proxy server administrator on various events, including:
   • Access to an object for a user is blocked by some reason
   • License of the product is expired
   • AV-database of the product is out-of-date
   • Internal product error
3. Possibility to notify an end user through HTTP, in case of:
   • A user tries to upload/download an infected object
   • The license of the product is expired
   • The AV-database of the product is out-of-date
4. Configurable reporting (logging) of events connected to AV-processing and of internal product events.
5. Statistics of two types:
   • Summary counters b
   • Statistics records on processed objects
6. Possibility to specify individual rules for processing of HTTP traffic for particular groups of IP adresses
7. Remote product administration through Webmin module

System Requirements

Hardware requirements:

1. Minimal configuration:
   • Intel Pentium
   • RAM 64MB
   • HDD 200MB for temporary files and 50MB for the product installation

   Above configuration can provide a service at rate:

   • average load: 20 requests/minute
   • average request size: 15KB. (At least 10 end users.)
2. Sample configuration 1:
   • Pentium II 300
   • RAM 128MB
   • HDD 512MB for temporary files and 50MB for the product installation

   The above configuration can provide service at the following rates:

   • average load: 20 requests/minute
   • peak load: 900 requests/minute
   • day traffic: 256MB (Around 50 end users.)
3. Sample configuration 2:
   • Pentium IV
   • RAM 512MB
   • HDD 1GB for temporary files and 50MB for the product installation

   The above configuration can provide service at the following rates:

   • average load: 150 requests/minute
   • peak load: 1300 requests/minute
   • day traffic: 1GB (Around 250 end users.)

Software requirements:

1. Supported operating systems
   • 32-bit OS
     • Red Hat Enterprise Linux Advanced Server 4 Update4
     • Fedora Core 6
     • SUSE Linux Enterprise Server 10
     • SUSE Linux Enterprise Desktop 10 (only for Workstation)
     • openSUSE Linux 10.2
     • Debian GNU/Linux 3.1 updated (r4)
     • Mandriva 2007
     • FreeBSD 5.5, 6.2
   • 64-bit OS
     • Red Hat Enterprise Linux AS/ES 4
     • Fedora Core 6
     • SUSE Linux Enterprise Server 10
     • openSUSE Linux 10.2
     • FreeBSD 6.2
2. Squid 2.6

Product Installation & Upgrade

Installing the product:

To install the product use the system specific command: