CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine...Install Kaspersky support package 2. Supply...
Transcript of CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine...Install Kaspersky support package 2. Supply...
CYAN SECURE WEB HOWTO
Anti Virus with Kaspersky Engine
Apr. 4, 2008
Applies to: SECURE WEB Version 1.4 and above
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
Anti Virus with Kaspersky EngineThis document provides stepbystep instructions on how to install, activate and configure anti virus scanning in CYAN SECURE WEB using the Kaspersky anti virus engine.
Overview1. Install Kaspersky support package2. Supply the Kaspersky license file3. Initiate the update of the Kaspersky virus data files4. Configure automatic update of virus data files5. Enable virus scanning in SECURE WEB6. Test the virus scanner
Note: the various steps need to be performed with proper user permissions. The user is specified with each step as “Proceed as”. Depending on the Linux distribution used, the way to impersonate the proper account differes.
Debian
On Debian systems you either login as root, or login as a user and you change identity to root by executing
su
Ubuntu
On Ubuntu systems typically no root login is permitted. All system administration level tasks are executed by a user having the permission to do so, using the sudo command:
sudo aptget update
Redhat Enterprise Linux 5
On RHEL 5 systems you either login as root, or login as a user and change identity to root by executing:
su
© 2008 CYAN Networks Software GmbH 1
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
1. Install Kaspersky support packageProceed as: root
Install on Debian
To install the support package for Kaspersky, start by making sure that the CYAN repository is configured in your Debian system:
Test for the repository:
proxy:~# grep cyan /etc/apt/sources.listdeb http://deb.cyannetworks.com/ debian/etch stableproxy:~#
In case the repository is not configured yet execute the following command:
echo "deb http://deb.cyannetworks.com/ debian/etch stable" >> /etc/apt/sources.list
To update the software index execute
aptget update
Finally install the Kaspersky support package for CYAN SECURE WEB
aptget install cyansweb1.4vscankaspersky
Install on Ubuntu
To install the support package for Kaspersky, start by making sure that the CYAN repository is configured in your Ubuntu system:
Test for the repository:
proxy:~# grep cyan /etc/apt/sources.listdeb http://deb.cyannetworks.com/ ubuntu/feisty stableproxy:~#
© 2008 CYAN Networks Software GmbH 2
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
In case the repository is not configured yet execute the following command:
echo "deb http://deb.cyannetworks.com/ ubuntu/feisty stable" >> /etc/apt/sources.list
To update the software index execute:
sudo aptget update
Finally install the Kaspersky support package for CYAN SECURE WEB:
sudo aptget install cyansweb1.4vscankaspersky
Install on Redhat Enterprise Linux 5
To install the support package for Kaspersky, start by making sure that the CYAN repository is configured in your Redhat system:
Test for the repository:
proxy:~# ls l /etc/yum.repos.d/cyan.reporwrr 1 root root 118 *date* *time* /etc/yum.repos.d/cyan.repoproxy:~#
In case the repository is not configured yet, execute the following command:
echo '[cyanyum] name=CYAN Networks Secure Webbaseurl=http://yum.cyannetworks.com/redhat5/stable/enabled=1gpgcheck=0' > /etc/yum.repos.d/cyan.repo
To update the software index execute:
yum update
Finally install the Kaspersky support package for CYAN SECURE WEB
© 2008 CYAN Networks Software GmbH 3
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
yum install cyansweb1.4vscankaspersky
Install on any Linux system using the generic installer
For SUSE linux enterprise, Debian, Ubuntu and Redhat enterprise:The Kaspersky antivirus should be installed by the generic installation of CYAN SECURE WEB.
© 2008 CYAN Networks Software GmbH 4
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
2. Supply the Kaspersky license fileTo operate CYAN SECURE WEB with the Kaspersky anti virus engine, a valid license must be supplied with the installation. Please contact CYAN Networks (sales@cyannetworks.com) if you do not have such license file.
To supply the license file for CYAN SECURE WEB, enter the Web interface by entering the link in your browser:
https://<yourproxyserver>:9992/
Replace <yourproxyserver> by either the host name or the IP address of your proxy installation.
Change to ADMIN / LICENSE and you will see this picture:
Now enter the path of your kaspersky license (or search for it via the “Browse” button) and click on “Upload License”.
© 2008 CYAN Networks Software GmbH 5
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
3. Initiate an update of the Kaspersky virus data filesProceed as: sweb
The installation of the Kaspersky support package includes a script for downloading and updating the virus pattern files. You can execute this script directly from the command line to trigger the initial download:
/opt/cyan/sweb/bin/keepup2date c /opt/cyan/sweb/data/kav_updater.conf
4. Configure automatic update of virus data filesProceed as: root
Virus data files should be kept up to date to maintain the security and reliability of the anti virus scanning. For this purpose we strongly recommend to schedule the automatic execution of the update script at least once a day.
The following command, executed as root, will install a crontab entry that executes the update script every night at 1:00
echo "0 1 * * * /opt/cyan/sweb/bin/keepup2date c /opt/cyan/sweb/data/kav_updater.conf" | crontab u sweb
Install on Ubuntu
Simply put sudo before the crontab command:
echo "0 1 * * * /opt/cyan/sweb/bin/keepup2date c /opt/cyan/sweb/data/kav_updater.conf" | sudo crontab u sweb
To retrieve the current crontab schedule proceed with the following command:
proxy:~# crontab u sweb l0 1 * * * /opt/cyan/sweb/bin/keepup2date c /opt/cyan/sweb/data/kav_updater.conf
© 2008 CYAN Networks Software GmbH 6
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
5. Enable Virus scanning in SECURE WEBTo enable virus scanning in SECURE WEB you need to open the web administration interface. Use your web browser to connect to the URL
https://<yourproxyserver>:9992/
Replace <yourproxyserver> by either the host name or the IP address of your proxy installation.
In the menu SERVER / VIRUS SCAN / SETUP verify that virus scanning is enabled:
Work path: defines the path in which the download and scanning will be processed.
Quarantine path: infected files are moved into this directory for later investigation by the system administrator. All files within this directory may contain harmful viruses.
Note: paths in CYAN SECURE WEB can be specified in two ways, as a path relative to the installation directory – in this case the path begins with any letter or other character that may start a directory name – or as an absolute path, in which case the name must start with the character '/'.
Next, in the menu SERVER / VIRUS SCAN / ENGINE, select Kaspersky as the virus engine:
© 2008 CYAN Networks Software GmbH 7
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
You now have to “Save” your selection.
You will be prompted to accept the END USER LICENCE AGREEMENT of the Kaspersky virus scan engine:
After accepting the Kaspersky EULA, you will find the following settings specifying the details for the scan engine:
© 2008 CYAN Networks Software GmbH 8
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
Path to Kaspersky license: Enter the path to the location of the Kaspersky license file.Path to virus data (IDE): Enter the path to the location of the Kaspersky virus pattern files.
Note: do not forget to click the UPDATE button to notify SECURE WEB that it should reload the configuration.
© 2008 CYAN Networks Software GmbH 9
CYAN SECURE WEB HOWTO Anti Virus with Kaspersky Engine
6. Test virus scanningTo test your virus scan engine open for example:
http://www.eicar.org/anti_virus_test_file.htm
and download the file: eicar_com.zip.
If virus scanning is active and working properly, you should see a page indicating, that the file download was denied:
© 2008 CYAN Networks Software GmbH 10