KAV UNIX SDK 5.x KASPERSKY LAB - KASPERSKY UPDATE SYSTEM FOR UNIX
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
KASPERSKY LAB KAV UNIX SDK 5.x KASPERSKY UPDATE SYSTEM FOR UNIX
KAV UNIX SDK 5.X
Kaspersky Update
System for Unix
© Kaspersky Lab
http://www.kaspersky.com
Document version: 5.5.16
Revision date: March, 2007Contents CHAPTER 1. OVERVIEW OF THE KASPERSKY UPDATE SYSTEM ....................... 5 1.1. Key Aspects of the Update System ...................................................................... 6 1.2. Updates distribution scheme................................................................................. 6 1.3. Signature files update procedure.......................................................................... 8 1.4. Types of updates................................................................................................... 9 1.5. Kaspersky Lab’s Update Servers ....................................................................... 10 CHAPTER 2. KASPERSKY UPDATER PACKAGE (X86).......................................... 11 2.1. Hardware and software requirements ................................................................ 11 2.2. Package contents................................................................................................ 11 CHAPTER 3. KASPERSKY UPDATER ON AN OEM-CUSTOMER’S UNIX- BASED SYSTEM (X86) ............................................................................................. 13 3.1. Starting the update process ................................................................................ 13 3.2. Testing newly downloaded update files for integrity........................................... 13 3.3. Updater licensing................................................................................................. 14 CHAPTER 4. KASPERSKY UPDATER ON AN OEM-PARTNER’S UNIX-BASED MIRROR SERVER (X86).......................................................................................... 15 4.1. Starting the update process ................................................................................ 15 4.2. Testing newly downloaded update files for integrity........................................... 16 4.3. Providing customer access to the new signatures............................................. 16 4.4. Updater licensing................................................................................................. 17 CHAPTER 5. KASPERSKY UPDATER PACKAGE FOR ARM PLATFORM............ 18 5.1. Hardware and software requirements ................................................................ 18 5.2. Package contents................................................................................................ 18 5.3. Package usage.................................................................................................... 19 5.4. Updater licensing................................................................................................. 20 APPENDIX A. CONFIGURATION FILE ....................................................................... 21 APPENDIX B. COMMAND-LINE OPTIONS ................................................................ 27 APPENDIX C. EXIT-CODES......................................................................................... 30
APPENDIX D. SAMPLE DOWNLOAD PROCEDURES (X86) ................................... 32 APPENDIX E. SIGNATURE FILES .............................................................................. 35 APPENDIX F. FREQUENTLY ASKED QUESTIONS ................................................. 37 APPENDIX G. TROUBLESHOOTING ......................................................................... 41
CHAPTER 1. OVERVIEW OF THE
KASPERSKY UPDATE
SYSTEM
The Kaspersky Update System performs the essential function of keeping the
Anti-Virus and/or Anti-Spam and/or Anti-Hacker signature databases (henceforth
“signature databases”) up to date, by incorporating Anti-Virus and/or Anti-Spam
and/or Anti-Hacker signature database updates (henceforth "signature update
files" or "update files") into the existing databases. The signature databases are
used by the Kaspersky Anti-Virus / Anti-Spam / Anti-Hacker Engine, which is at
the heart of several other Kaspersky products, including Kaspersky Anti-Virus /
Anti-Spam / Anti-Hacker.
Kaspersky Lab provides scalable technologies and robust solutions to supply
signature update files to OEM partners and their customers. New signature
update files are released by the Kaspersky Anti-Virus Research Center on an
hourly basis. Kaspersky’s on-site Mirror Server technology enables OEM
partners to use their existing update/upgrade infrastructure to deliver signature
update files in a timely fashion.
This document can be used as a guide for the following:
• To gain an overview of the signature update process, as used by
Kaspersky Anti-Virus / Anti-Spam / Anti-Hacker (Chapter 1)
• To understand the structure of the signature database and update files,
and the integrity testing process
• To build an on-site Unix-based Mirror Server for x86 (Chapter 4) and
ARM (Chapter 5) signature update files
• To build an updater system on an OEM-partner’s customer x86 (Chapter
3) and ARM (Chapter 5) systems to update the integrated KAV / KAS /
KAH Engines
• To review license requirements and renewal procedures.6 Kaspersky Update System for Unix
1.1. Key Aspects of the Update
System
The core of the Kaspersky Update System is the proprietary Kaspersky Updater
component.
The Updater component recognizes and reacts to the complex changes in the
signature update files, and it can additionally:
• select the server to download update files from;
• control the downloading process;
• remove files which have been included in the cumulative update file;
• verify the integrity of downloads. If the updating process has been
interrupted for any reason, the updater will download only the uncopied
files rather than re-starting the download from scratch;
• roll back to the previous update version if any update file is corrupted.
Kaspersky Updater is the only component recommended for distributing
Kaspersky Anti-Virus / Anti-Spam / Anti-Hacker signature updates. It is available
for both Unix (x86 and ARM) and Windows platforms.
The Kaspersky Updater package for Unix (x86 platform) consists of the
keepup2date component with its configuration file, and can be used both on an
OEM-customer’s (x86) systems and on mirror servers. Such an established
mirror server will be able to supply both Unix- (x86) and Windows-based
customers’ systems with Kaspersky Updates.
The Kaspersky Updater package for Unix (ARM platform) consists of the
kavupdater component with its configuration file, and can be used both an OEM-
customer’s (ARM) systems and on mirror servers. Such an established mirror
server will supply Unix-based (ARM) customers’ systems with Kaspersky
Updates.
This document covers only the Unix (x86 and ARM) Kaspersky Updater
component. To obtain documentation for the Windows version of Kaspersky
Updater component, please contact your dedicated Project Manager.
1.2. Updates distribution scheme
OEM partners who provide their customers with a real-time signature update
service are strongly advised to follow this scheme for distributing Kaspersky
signature updates (see Figure 1):Overview of The Kaspersky Update System 7
Figure 1. Scheme of Kaspersky Updates distribution
1. Kaspersky Anti-Virus Research Center issues a new signature
update file every hour (or more frequently in case of a virus
outbreak)
• The hourly produced signature update files must pass pre-
release tests at Kaspersky Anti-Virus Research Center
before being uploaded to the Kaspersky Lab update servers.
The server addresses are listed in Section 1.5
• To ensure the integrity of signature database files during
download process, a digital signature checksum is used. This
checksum is confirmed by the Updater component before the
new files are used.
2. The Updater component on an OEM-partner’s mirror server is
typically scheduled to pull signature update files from Kaspersky
Lab’s update servers every hour or more frequently, using for
example the cron system. The downloaded files are verified for
authenticity and integrity (see Section 4.2). The keepup2date utility
should be run in Retranslation mode (see Section 4.1). The mirror
server must be configured as a HTTP/FTP server to enable the
OEM’s customers to download signature update files.8 Kaspersky Update System for Unix
3. In the same way, the Updater component on an OEM-customer’s
system is scheduled to pull new signature update files from the
OEM-partner’s mirror server every half-hour or more frequently,
again using for example the cron system. The downloaded files are
verified for authenticity and integrity (see section 3.2).
1.3. Signature files update
procedure
A more detailed description of the updating procedure by keepup2date (on x86
platform of both client and update mirror server systems) is as follows:
1. the Updater component, running on the system requiring updated
files, connects to a server which provides update files.
2. the Updater component downloads a master.xml and updcfg.xml
files. The master.xml file contains the full list of all signature update
files sets, links to corresponding list-files, their issue date and time
and their checksums. Updcfg.xml file contains the list of Kaspersky
Lab’s update servers and their weights; this file is only used by the
Updater component on the mirror servers, not on an OEM-
customer‘s system; that is because the latest is to pull signature
update files only from the corresponding OEM-partner’s mirror
server.
3. if a master.xml file was present before connection, the Updater
component compares the two versions, finds the differences
between them and downloads the update files which are present
only in the new master.xml file or have different attributes. If no
master.xml file existed before the connection, all signature update
files are downloaded, including master.xml.
4. after downloading, each downloaded file is checked for integrity (as
discussed in Sections 3.2 and 4.2).
5. the Updater component terminates the connection.
6. if the retranslation mode is used, the proper folder tree is created
and downloaded files are placed there; in the default mode the
downloaded files are placed in the folder mentioned in the configure
file.
A more detailed description of the updating procedure by kavupdater (on either
ARM platform of client system or x86 platform of update mirror server) is as
follows:Overview of The Kaspersky Update System 9
1. the Updater component, running on the system requiring updated
files, connects to a server taken from servers.lst file.
2. the Updater component downloads an avp.klb file that contains the
full list of all signature update files for ARM platform, their issue date
and time and their checksums.
3. if an avp.klb file was present before connection, the Updater
component compares the two versions, finds the differences
between them and downloads the update files which are present
only in the new avp.klb file or have different attributes. If no avp.klb
file existed before the connection, all signature update files are
downloaded according to avp.klb file downloaded.
4. after downloading each downloaded file is checked for integrity
using their checksums. Additional files check by uploading them to
an KAV Engine module inside Updater are not performed. Please
consult with the dedicated Project Manager about this feature.
5. the Updater component terminates the connection.
6. if the files check is a success, then old files are placed into the
BackUpPath folder and the new downloaded files are placed into
BasesPath folder; these folders are set by the correspondent
options in the configure file.
1.4. Types of updates
Kaspersky Lab releases three types of signature update files:
• Daily updates – an incremental update which grows through the week,
and which is usually updated hourly. The same filename (daily.avc) is
used throughout the week. The current week starts from the previous
Friday, when the last weekly update was released.
• Weekly updates – an accumulation of the week’s daily updates. They
sometimes include additional larger files that are not normally released
during the week. The size of some specific database files, such as
malXXX.avc, virusXXX.avp, trojanXXX.avc, etc, grows incrementally
through weekly updates to include the records released in the previous
week. The weekly update is released every Friday.
• Urgent updates – a non-scheduled updates that are released at any time
as necessary to deal with specific threats or in case of outbreaks.
A more detailed review of signature database files is described in Appendix E.10 Kaspersky Update System for Unix
As of September 2006, the total size of a full set of Anti-Virus signature update
files for x86 platform is about 8.2MB, with an average annual growth rate of 10-
15%. The full set of updates (Anti-Virus, Anti-Spam, Anti-Hacker) is about 35MB.
• The Urgent and Daily update files range from 10 to 300 KB in size.
• The Weekly update files range from 500 KB to 1 MB and sometimes
larger in size.
1.5. Kaspersky Lab’s Update
Servers
To ensure the availability of the database for x86 platform, the following
Kaspersky Lab’s update servers should be used through http/ftp protocols as
master resources for mirror servers. The keepup2date automatically determines
which actual site is used on basis of connection speed and network availability:
http://downloads1.kaspersky-labs.com/
http://downloads2.kaspersky-labs.com/
http://downloads3.kaspersky-labs.com/
http://downloads4.kaspersky-labs.com/
http://downloads5.kaspersky-labs.com/
ftp://downloads1.kaspersky-labs.com/
ftp://downloads2.kaspersky-labs.com/
ftp://downloads3.kaspersky-labs.com/
ftp://downloads4.kaspersky-labs.com/
ftp://downloads5.kaspersky-labs.com/
To ensure the availability of the database for ARM platform, the following
Kaspersky Lab’s update server addresses should be used in the servers.lst file
as master resources for mirror servers by the kavupdater:
ftp://d-eu-1f.kaspersky-labs.com/bases/av/avc/arm/
http://d-eu-1h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-eu-2f.kaspersky-labs.com/bases/av/avc/arm/
http://d-eu-2h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-us-1f.kaspersky-labs.com/bases/av/avc/arm/
http://d-us-1h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-ru-1f.kaspersky-labs.com/bases/av/avc/arm/
http://d-ru-1h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-ru-2f.kaspersky-labs.com/bases/av/avc/arm/
http://d-ru-2h.kaspersky-labs.com/bases/av/avc/arm/CHAPTER 2. KASPERSKY
UPDATER PACKAGE (X86)
The Kaspersky Updater utility for Unix-based systems (x86 platform) is called
keepup2date. Typically keepup2date is scheduled for periodic execution by the
cron daemon.
2.1. Hardware and software
requirements
Mirror servers must be configured as HTTP/FTP servers to enable the
downloading of signature update files by the OEM’s customers. The minimum
requirements for a mirror server are as follows:
• One of the following operating systems:
• Red Hat Enterprise Linux based on the Fedora Core.
• SuSE Enterprise Linux or Pro.
• Debian GNU/Linux 3.0 Woody, Debian GNU/Linux 3.1 Sarge.
• FreeBSD 4.7 or newer.
• CPU: Pentium III-600
• RAM: 128 MB.
• HDD: 128 MB free space for databases and log file.
The minimum hardware requirements for an OEM-customer’s systems are lower
for Kaspersky Anti-Virus/Anti-Spam/Anti-Hacker Engine. Please refer to the
corresponding product documentation for these products.
2.2. Package contents
The Updater package contains the following components:
• /bin/keepup2date – the updater utility;
• /bin/avbasestest - an utility used by the keepup2date utility to check new
signature database files for compatibility with the engine and for integrity.12 Kaspersky Update System for Unix
It is NOT used in retranslation mode of the keepup2date utility, when a
mirror server is established;
• /bin/licensemanager – an utility used for managing the licenses. It allows
to install or delete a license, and to show active license info;
• /doc/kav_updater.conf – the configuration file (see Appendix A);
• /doc/ Update-System-Unix.pdf – the current documentation;
• /man/* - man-pages;
• /var/* - folder tree;
• /version;
• /RELEASE-NOTES;
• /README.
The following elements are not included in the Updater package:
• bash or other familiar script interpreter
• a log file rotation system, (logrotate for example)
• sendmail service for sending e-mail notification to administrators
• ftp/http server.CHAPTER 3. KASPERSKY
UPDATER ON AN OEM-
CUSTOMER’S UNIX-BASED
SYSTEM (X86)
3.1. Starting the update process
On an OEM-customer’s system, the keepup2date utility should be used in default
mode, by running it as follows:
./keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
The detailed description of Kaspersky Updater installation on an OEM-
customer’s system is described in Appendix D.
The list of command line options available for keepup2date is described in
Appendix B.
The keepup2date utility pulls signature update files from the partner’s mirror
server identified by the update server’s URL parameter (UpdateServerUrl ) in the
kav_updater.conf configuration file. Refer to Appendix A for details.
3.2. Testing newly downloaded
update files for integrity
After signature update files have been downloaded from the mirror server into a
temporary folder, a checksum test is performed by keepup2date. If it succeeds, it
ensures that the update files were downloaded with no errors.
If an update file fails the checksum test, keepup2date exits immediately and
returns an exit code of 10.
If the checksum test is successful, a quick "smoke test" is suggested to eliminate
corrupted signatures. This test is performed by the avbasestest utility, which is
automatically launched by keepup2date. Avbasestest checks the update files for
corruption by trying to upload them to the Anti-Virus Engine (included in the14 Kaspersky Update System for Unix
utility). If this test is successful, the update files are moved to the working folder
and are released as a new update.
If errors are detected, the update files in the temporary folder are not released to
the working folder, and an e-mail notification of the errors is sent to the
administrator.
After a successful update process, keepup2date performs the action specified by
the PostUpdateCmd option in the configuration file, and exits with an exit-code 1.
The keepup2date exit-codes are listed in Appendix C.
3.3. Updater licensing
The Kaspersky Updater running on an OEM-customer’s system, uses the
Kaspersky OEM SDK license and requires no additional licenses. This license is
renewed according to the business terms and agreement about Kaspersky OEM
SDK implementation. Contact your dedicated Project Manager in case of
questions about the license.CHAPTER 4. KASPERSKY
UPDATER ON AN OEM-
PARTNER’S UNIX-BASED
MIRROR SERVER (X86)
The general sequence of steps for running a mirror server, which was introduced
in Chapter 1, is now discussed in more detail for a Unix server.
4.1. Starting the update process
On a mirror server, the keepup2date utility should be used in Retranslation
mode.
In this mode the utility pulls the update files into a special folder tree that is
created automatically by the utility on the mirror server. This folder structure is
used by OEM-customer’s Unix- or Windows based Updater components.
To run keepup2date in retranslation mode, the “-u” or “-x” options are used as
followed:
./keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
-u /usr/local/kav_updater/var/mirror/
Use –x option if you need to pull all update files (for KAV and KAS and KAH
products, including Windows binary updates).
Use –u option if you need to pull update filed for only KAV products.
The list of command line options available for keepup2date is described in
Appendix B
Detailed directions for installing Kaspersky Updater on a mirror server are
contained in Appendix D.
Note: the first download process can take a long time because the keepup2date
utility downloads the Anti-Virus database (about 8.2 Mb in September 2006).
Subsequent update downloads are much smaller and faster.16 Kaspersky Update System for Unix
4.2. Testing newly downloaded
update files for integrity
After signature update files have been downloaded into a local temporary folder,
a checksum test is performed by keepup2date. If it succeeds, it ensures that the
update files were downloaded with no errors.
If the checksum test is successful, keepup2date replaces the old update files
with the new ones, and exits with exit-code 1.
If the checksum test fails, keepup2date does not replace the old update files and
exits immediately with an exit code 10.
The keepup2date exit-codes are listed in Appendix C.
Important: although keepup2date has tested downloaded update files
successfully and guarantees their integrity; it is highly desirable you should also
try them to upload to KAV/KAS/KAH engine on mirror server’s side before
issuing them for downloading by customers. It could be done by running an
example of appliance (that is placed on customers’ side) on mirror server and
uploading the latest database into the appliance after each successful update
process. The PostUpdateCmd option in the updater config file could be used for
automatization the routine (is available in the retranslation mode since
September 2006). If uploading to the Engine is a success, update files are
considered to be absolutely correct and could be issued (moved to an ftp/http
root folder) for downloading by customer’s updaters.
4.3. Providing customer access to
the new signatures
Kaspersky signature mirroring technology enables OEM partners to provide
better services to their customers. OEM partners are obligated to use this
technology in a manner prescribed by their licensing agreement.
A mirror server must be configured as an HTTP/FTP server to allow OEM-
customers to download signature update files.
Authentication and access control for customer validation are commonly used
licensing enforcement measurements. Some OEM partners also use a secure
connection for their customers’ signature download. In this mode the utility pulls
the update files for all products which use the KAV Engine. During the
downloading a special folder tree is created on the mirror server. This folder
structure is used by OEM-customer’s Unix- or Windows based Updater
components.Overview of The Kaspersky Update System 17
4.4. Updater licensing
Every instance of Kaspersky Updater running on an OEM partner’s mirror server
requires a valid special Kaspersky license key for Mirror Servers, which must be
renewed according to the business terms and agreement.
Contact your dedicated Project Manager to obtain it.18 Kaspersky Update System for Unix
CHAPTER 5. KASPERSKY
UPDATER PACKAGE FOR
ARM PLATFORM
The Kaspersky Updater utility for Unix-based systems on ARM platform is called
kavupdater. Typically kavupdater is scheduled for periodic execution by the cron
daemon.
Package with kavupdater differs from the one with keepup2date and is
distributed as a separate package. It is used in bundle with the Kaspersky Anti-
Virus Engine for ARM. Please contact your dedicated Project Manager to obtain
it.
5.1. Hardware and software
requirements
Requirements for Updater for ARM are the following:
• ARM processor (at least with ARM4 instruction set). Recommended
speed – 500MGz.
• Persistent memory (flash, hard disk) for saving binaries, license key and
anti-virus bases. Binaries ~ 100K, bases ~ 8M + 10% annual growth
• Standard file system in persistent memory
• RAM requirements for the Updater are less the ones for KAV Engine for
ARM, that are: 16Mb – minimal, 32Mb – recommended)
• Linux-based operation system
• wget package installed
5.2. Package contents
The Updater package for ARM contains the following components:
• /bin/armeb/kavupdater - updater for ARM (in the Big Endian format);
• /bin/x86/kavupdater - updater for x86 (for simulation);Overview of The Kaspersky Update System 19
• /conf/kavupdater.conf - configuration file(see Appendix A); should be
corrected to correspond an actual configuration;
• /conf/servers.lst – includes list of servers to download from; edit it before
the binary running;
• /doc/Updater-System-Unix.pdf – the current documentation;
• /man/* - man-pages;
• /var/* - folder tree;
• /version;
• /RELEASE-NOTES;
• /README.
5.3. Package usage
Kaspersky Updater for ARM platform could be used in the following ways:
1. on OEM-Partner’s mirror server for distribution ARM databases. In this case
/bin/x86/kavupdater binary is used with the following contents of the servers.lst:
ftp://d-eu-1f.kaspersky-labs.com/bases/av/avc/arm/
http://d-eu-1h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-eu-2f.kaspersky-labs.com/bases/av/avc/arm/
http://d-eu-2h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-us-1f.kaspersky-labs.com/bases/av/avc/arm/
http://d-us-1h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-ru-1f.kaspersky-labs.com/bases/av/avc/arm/
http://d-ru-1h.kaspersky-labs.com/bases/av/avc/arm/
ftp://d-ru-2f.kaspersky-labs.com/bases/av/avc/arm/
http://d-ru-2h.kaspersky-labs.com/bases/av/avc/arm/
2. as updater on OEM-customer’s Unix-based system (ARM platform). In this
case /bin/armeb/kavupdater binary is used. Servers.lst file should contain the
absolute web-address of the folder with *.arm files on the established OEM-
Partner’s mirror server.
3. as updater on x86 system, that emulates OEM-customer’s Unix-based system
on ARM platform. In this case /bin/x86/kavupdater binary is used. Servers.lst file
should contain the absolute web-address of the folder with *.avc files on the
established OEM-Partner’s mirror server or the following KL addresses:
ftp://d-eu-1f.kaspersky-labs.com/bases/av/avc/i386/
http://d-eu-1h.kaspersky-labs.com/bases/av/avc/i386/20 Kaspersky Update System for Unix
ftp://d-eu-2f.kaspersky-labs.com/bases/av/avc/i386/
http://d-eu-2h.kaspersky-labs.com/bases/av/avc/i386/
ftp://d-us-1f.kaspersky-labs.com/bases/av/avc/i386/
http://d-us-1h.kaspersky-labs.com/bases/av/avc/i386/
ftp://d-ru-1f.kaspersky-labs.com/bases/av/avc/i386/
http://d-ru-1h.kaspersky-labs.com/bases/av/avc/i386/
ftp://d-ru-2f.kaspersky-labs.com/bases/av/avc/i386/
http://d-ru-2h.kaspersky-labs.com/bases/av/avc/i386/
The configure file options are described in the second part of Appendix A.
5.4. Updater licensing
The Kaspersky Updater for ARM (kavupdater) running on an OEM-customer’s
system, uses the Kaspersky OEM ARM SDK license and requires no additional
licenses. This license is renewed according to the business terms and
agreement about Kaspersky OEM SDK implementation. Contact your dedicated
Project Manager in case of questions about the license.APPENDIX A. CONFIGURATION
FILE
This appendix gives information about all the parameters in the configuration file
for keepup2date (x86) and kavupdater (ARM) separately.
The following format is used:
=default value of parameter
Information about the parameter
The following options could be used in the configuration file for the keepup2date
utility:
The [path] section contains parameters that define the paths to critical files; if
these are not correctly defined the program will not work:
BasesPath=/usr/local/kav_updater/var/bases
the folder where the new signature database is stored
BackUpPath=/usr/local/kav_updater/var/bases.backup
the folder where the previous anti-virus database is stored
LicensePath=/usr/local/kav_updater/var/licenses
full path to the folder where the license keys are stored.
The [updater.options] section contains parameters which control the functioning
of the updater component:
UseProxy=no
this mode enables the use of a proxy server. To enable the mode set this
parameter to yes and enter a proxy server IP address as a value of the
ProxyAddress parameter.
ProxyAddress=
IP address of a proxy server, if used. The default value is blank. It may
contain address and authentication information, for example:
ProxyAddress=ftp://user:password@ftp.example.com:8080
PostUpdateCmd=22 Kaspersky Update System for Unix
full path to any post-processing user-level script; is fully available in the
standard mode of the Updater and available in the retranslation mode since
September 2006. Example:
PostUpdateCmd=/usr/local/kav_updater/bin/a_script.sh
UseUpdateServerUrl=no
if this parameter is set to yes, the database is updated from the address
specified by UpdateServerUrl.
UseUpdateServerUrlOnly=no
If this parameter is set to yes, the database is updated from an address
included in the list of update servers. The address specified by the
UpdateServerUrl parameter is not used.
UpdateServerUrl=
update server address. This parameter is blank by default. The parameter
could be mentioned in the config file several times to set several custom
servers to download from.
RegionSettings=
user location. This parameter is used to select the nearest update server. For
example you can use the following values: Europe, US, Russia, China.
ConnectTimeout=
network connection timeout (in seconds); blank means 30 seconds.
The [updater.path] section contains parameters that define the paths to critical
updater files:
# AVBasesTestPath=/usr/local/kav_updater/bin/avbasestest
Full path to the avbasestest utility. This option isn’t used during retranslation
by a mirror server, so please comment it out with “#”. If you use the utility on
an OEM-customer’s system, please do not comment it.
# UploadPatchPath=/usr/local/kav_updater/var/patches
Full path to downloaded patches.
The [updater.report] section contains the parameters controlling the generation
of reports by keepup2date:
Append=yes
the mode in which new messages are added to the existing report file. To
disable the mode set the parameter to no.Command-line options 23
ReportFileName=/usr/local/kav_updater/var/log/keepup2date.log
the name of the report file in which the component’s work results are logged.
ReportLevel=4
level of detail of the report. This parameter's value can be between 1 and 10,
where 10 is a debug level.
The following options could be used in the configuration file for the updater for
ARM platforms (kavupdater):
The [path] section contains parameters that define the paths to critical files; if
these are not correctly defined the program will not work:
BasesPath=/var/db/kav/bases
Location of the antivirus database files. Must be an absolute path. That
directory must only contain antivirus database files. Be warned that
kavupdater will delete all unknown files from that directory without
warning. This is the required option.
KeysPath=/var/db/kav/licenses
Path to the directory where the license key files are. Invalid or expired key
files are silently ignored. "LicensePath" can be used as a synonym for
"KeysPath". This is the required option.
The [locale] section contains global localization settings used by all KAV
components
DateFormat = %d-%m-%Y
strftime(3) format for representing the date. Used for all log file records.
TimeFormat = %H:%M:%S
strftime(3) format for representing the time. Used for all log file records.
The [aveserver.path] section contains options controlling the location of
aveserver files and directories.
PidPath = /var/run/aveserver.pid
Name of the file to write the pid of aveserver to. Like any pidfile, it can be
used to automatically obtain the pid of running aveserver instance. This24 Kaspersky Update System for Unix
file is used by kavupdater to communicate a signal to aveserver upon
successful database update. This parameter can be omitted, in which
case no pid file will ever be created by aveserver.
Default: none
The [updater.path] section contains options controlling the location of files
and directories used solely by kavupdater.
BackUpPath = /var/db/kav/bases.backup
Path to the directory where a backup copy of antivirus database is kept.
This copy is created by kavupdater before it installs fresh database to the
BasesPath directory. If no path is set, then kavupdater will not create
backup copy before updating the files. This saves some 5-7 Mb of disk
space at expense of higher risk: if the update was not successful, then
there will be no working database copy to rollback to.
Default: none
UpdateServersFile = /etc/kav/servers.lst
Full name of the file with the list of URLs to download the database files
from. Depending on the options, kavupdater will pick an URL from that list
and try to download fresh database files from there. If failed, next URL will
be tried, and so on until the update is finally successful, or all servers are
not responding.
Default: servers.lst file in the same directory where config file is.
TempPath = /tmp
Absolute path to the folder where kavupdater will download the new
database files to. Kavupdater will create a temporary subfolder with
unique name and download all files into it. The partition behind this folder
must have enough disk free space. The filesystem behind this folder must
support symlinks. "TmpPath" is accepted as a synonim.
Default: first of ($TEMP, $TMP, "/tmp") which exists and is writeable
The [updater.resource] section contains the options to define how much
system resources can be used by kavupdater. The only important resource at
this stage is disk space used by the antivirus database files.
TempDir_MaxUsed = 0
How much space in the TempPath can be used by kavupdater process. '0'
is a special value, meaning use as much temp space as required.
Base_MaxSize = 0Command-line options 25
Set the maximum size of the antivirus database which can be installed on
this box. Basically, this parameter defines how much permanent store can
be used to keep the database files. '0' is a special value, meaning no limit.
The [updater.options] section contains parameters which control the
functioning of the updater component.
BaseSet = extended
Name of the antivirus database set which should be downloaded. The
antivirus database distributed by Kaspersky Lab is split into several files.
These files are grouped in the "sets", each set described by its respective
index file. Currently, distributed sets are: "short", "standard" and
"extended". Short set is a subset of the standard set, which is in turn a
subset of the extended set. Technically, one might download the biggest
set (i.e. get all the database files) and don't bother setting this option. This
is the default behaviour, and such behaviour will let the aveserver load
and use any of available subsets. However if it is desireable to reduce the
amount of downloaded and stored database files, it's reasonable to
download only the set which is going to be used by the aveserver (see
LoadBaseSet option in kavdaemon.conf file).
KeepSilent = no
If set to "yes", no message will ever get printed by kavupdater to stdout.
Useful for automated invokation of kavupdater from scripts when no user-
readable output is required.
RandomServerOrder = no
If set to "yes", then kavupdater will pick a random URL from the
UpdateServersFile. If set to "no", then kavupdater will try the URLs in the
order they appear in the ServersListFile. A failed or unavailable server will
not be tried twice even if random pick mode is on.
ReloadApplication = no
Whether to send a SIGHUP to the aveserver process after a successful
update. PidFile of aveserver must be specified for this feature to work.
ExtraWgetOptions =
Kavupdater uses "wget" - an external utility for actual downloading files
from some URL. This utility must be in $PATH, lest kavupdater will be
unable to use it. Kavupdater can use either GNU wget or busybox wget
utility. If some special options have to be passed to wget (for example,
proxy authorization options), then this parameter is the place to put these
extra options.26 Kaspersky Update System for Unix
Default: no extra options
ShowExternalCmdOutput = no
If set to "yes", all output of wget is echoed to the stdout and to the logfile.
If set to "no", all output of wget is supressed.
The [updater.report] section contains the parameters controlling the
generation of reports by kavupdater:
Append = false
Whether to overwrite the log file each time the kavupdater is started, or
append new messages to existing file.
ReportFileName = /tmp/kavupdater.log
Name of the log file to create. Special value 'syslog' means sending all log
messages to the syslog facility.
Default: none
ReportLevel = 0
Detail level of log messages generated by the kavupdater. Valid values are
[0...10].Command-line options 27
APPENDIX B. COMMAND-LINE
OPTIONS
This appendix gives information about command-line options for keepup2date
(x86) and kavupdater (ARM) separately.
keepup2date has the following syntax:
./keepup2date [-v|h|r|s] [-c cfile] [-b bpath] [-t tpath]
[-u rdir] [-x rdir] [-l log] [-g url]
The following command line options for keepup2date are available:
-v Display the component version and exit.
-h Output help for the component to the console.
-r Rollback the latest update
-s Show the list of update sites
-c cfile Use an alternative configuration file
Prior to updating, make a backup of the existing anti-virus database
-b bpath
in the directory
-t tpath Use the directory to store temporary files.
Retranslate only Anti-Virus updates for Unix products to the
-u rdir
directory.
Retranslate all (Anti-Virus, Anti-Spam, Anti-Hacker) updates to the
-x rdir
directory, including binary updates for Windows products.
Log the component's activity into the file . To log into
-l log
syslog, enter 'syslog' here (w/o quotes).
Updating from the source specified in command line.
-g url
The key overrides the settings file. All components will be updated
despite the content of the settings file. Retranslation will not be28 Kaspersky Update System for Unix
performed.
-k Skip execution of PostUpdateCmd command after a successful
update.
-I Show the list of installed Kaspersky Lab products.
Examples:
./keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
./keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
-u /usr/local/kav_updater/var/mirror/retranslation/
./keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
-x /usr/local/kav_updater/var/mirror/retranslation/
kavupdater has the following syntax:
./kavupdater [-v|h|r] [-c cfile] [-l lfile] [-b bpath] [-s
sfile] [-t tpath]
The following command line options for the updater for ARM (kavupdater) are
available:
-v Show program version and exit
-h Show this message and exit
-r Reload applications if update has been performed
-n Do not backup old AV databases, even if configuration is set to
-c cfile Use file as a configuration file
-l lfile Write log in file . You can also use 'syslog' as filename
-b bpath Back up existing AV databases to the pathCommand-line options 29
-s sfile Use file as a server list
-t tpath Set temp files path to
Examples:
./kavupdater
-c /usr/local/kav_updater/conf/kav_updater.confAPPENDIX C. EXIT-CODES
This appendix gives information about exit-codes of keepup2date (x86) and
kavupdater (ARM) separately.
keepup2date returns one of the following exit-codes:
0 No updates are required for the anti-virus databases.
1 Update procedure has been finished successfully.
10 Critical error, the update was interrupted before completion.
An error while rolling back to the previous version of the anti-virus
12 databases. Rollback has been interrupted. Could be got after two
rollbacks one after another.
The PostUpdaterCmd command could not be executed after updating
30
the anti-virus databases.
License information is missing: the license key indicated in the
60
configuration file has not been found.
75 Configuration file could not be loaded or contains errors.
128 +
signal Application has exited upon a signal with the corresponding code
code
kavupdater returns one of the following exit-codes:
0 Clean exit. No errors.
8 The user already has most up-to-date AV base. There's nothing new to
download
10 Any error during installation of downloaded databases which is not
covered by codes 55 and 60. Inability to create backup copies, lack of
disk free space during copy of temporary files, etc.Sample download procedures (x86) 31
35 Cannot properly download any file from any of the servers listed in
servers.lst. Most likely, this means that a local internet connection is
down.
55 The engine was unable to load AV databases for whatever reason.
60 Downloaded bases were created after the license expiration date. The
engine will be unable to use them, so they are discarded.
64 Configured KeysPath contain no license files for this product. Or all
licenses are expired.
65 Could not load configuration file, configuration file does not provide
required parameters, configuration file has syntax errors or logical
inconsistency.
70 Cannot create temporary directory for downloaded files.
71 Cannot open list of update servers (servers.lst file) or this list is empty or
its format is invalid.
73 Cannot create the log file
74 Cannot find wget utility in $PATH
75 Cannot verify Kaspersky Lab digital signature on the kavupdater
executable file
76 Kavupdater is exiting due to SIGTERM or SIGINT
79 Kavupdater was invoked for information purposes: to print help page or
version info. No pulling was tried
81 The download exceeded maximum size of database directory
82 Lack of disk available space in temp folder
127 Cannot fork() or cannot execvp wget32 Kaspersky Update System for Unix
APPENDIX D. SAMPLE
DOWNLOAD PROCEDURES
(X86)
In this example, Kaspersky Updater keepup2date running Fedora Core 3 will be
configured. The formats of some system commands (like “chown”, “adduser”,
etc.) on FreeBSD x.x differ from the mentioned ones for FC3. So use the correct
ones in the OS used.
This installation scenario could be used on both the mirror server and OEM’s
customer machine. The differences between them are described in line.
The script language used is bash, and the ftp server will be vsftpd. Here are the
suggested steps:
1. Log on to the host as root.
2. Create a user/group account called keepup2date for the
keepup2date utility. The account is not permitted to logon and does
not have a home directory:
adduser keepup2date -s /bin/false
-d /dev/null
3. Create working folders.
mkdir -p /usr/local/kav_updater/var/mirror
mkdir -p /usr/local/kav_updater/var/bases
mkdir -p
/usr/local/kav_updater/var/bases.backup
mkdir -p /usr/local/kav_updater/var/patches
mkdir –p
/usr/local/kav_updater/var/licenses
mkdir -p /usr/local/kav_updater/var/tmp
mkdir -p /usr/local/kav_updater/var/log
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/mirror
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/bases
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/bases.backupSample download procedures (x86) 33
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/patches
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/licenses
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/tmp
chown -R keepup2date.keepup2date
/usr/local/kav_updater/var/log
4. Copy the following binaries, configuration file and the license key
file to the binary folder /usr/local/mirror:
• keepup2date
• avbasestest (only for using on an OEM-customer’s system)
• kav_updater.conf
• keepup2date.log
Make the binaries executable:
chmod +x
/usr/local/kav_updater/bin/keepup2date
# only for use on an OEM-customer’s system
chmod +x
/usr/local/kav_updater/bin/avbasestest
5. The options for kav_updater.conf file are described in Appendix A.
Here are some additional notes.
• the [path] section may need to be modified, if the suggested
storage and binary folders are customized;
• if you are setting up a mirror server, please comment out the
option AVBasesTestPath using the “#” symbol so that the
avbasestest utility is not used in retranslation mode. Do not
comment it out if an OEM-customer’s system is being
configured.
• if an http proxy server is in use, the proxy server information
must be added:
ProxyAddress=http://user:pass@proxy.server.
com:8080
UseProxy=yes34 Kaspersky Update System for Unix
6. Create a crontab for the account keepup2date to execute
keepup2date hourly by running:
crontab -e -u keepup2date
and add the following lines:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/
kav_updater
MAILTO=root
HOME=/
##############################################
# if you establish a Mirror Server
#
15 * * * * keepup2date
/usr/local/kav_updater/bin/keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
-u /usr/local/kav_updater/var/mirror
##############################################
# if you use Updater at an OEM customer site
#
# 15 * * * * keepup2date
/usr/local/kav_updater/bin/keepup2date
-c /usr/local/kav_updater/conf/kav_updater.conf
##############################################
7. As good practice, you are advised to include
/usr/home/mirror/log/keepup2date.log in the logrotate system to
prevent it from becoming extremely large. To do this, create a file
etc/logrotate.d/keepup2date with the following content:
/usr/local/kav_updater/var/log/keepup2date.log
{
missingok
notifempty
size 100k
create 0600 keepup2date keepup2date
}APPENDIX E. SIGNATURE FILES
Kaspersky provides signature file sets for both KAV Engine on x86 and ARM
platforms. Signature files have *.avc extension for x86 platform, and *.arm
extension for ARM platform. Both *.avc and *.arm files contain signatures of
malware and detection algorithms. The names, the size, the quantity and update
frequency of these files are not fixed and may be changed at any time. Likewise,
the name of each file does not necessarily describe the signatures contained in
the given file. However now some names are self-explaining, file naming
convention may also be changed in the future. Basing your software on any
assumption on quantity, name, size and content of these files is unsafe.
Kaspersky Lab does not recommend the practice of removing either some or all
special control files in attempt to save storage space of a machine.
The only guarantee provided by Kaspersky Lab is that KAV Engine will be able to
load the Anti-Virus Database contained in these files and downloaded by
Kaspersky Updater utility from Kaspersky sites.
*.klb - download control file, contains list of files with checksums and creation
dates used for periodic AVDB updates. This file is used only by update
utilities.
*.set - database set description file, contains list of antivirus database files which
should be loaded by the engine.
There are two types of update file sets for x86 platform: standard and extended.
There are tree types of update file sets for ARM platform: standard, extended
and short.
Standard database is a subset of extended database, and short database is a
subset of standard one. Thus, one may download, say, an extended database
(avp.klb), and use only short database (avp_shrt.set) for scanning by KAV
Engine.
avp.klb, avp_ext.set - pair of index files for extended database
avp_std.klb, avp.set - pair of index files for standard database
avp_shrt.klb, avp_shrt.set - pair of index files for short database
ca.avc, ca.arm - heuristic algorithms
daily.avc, daily.arm - most frequently updated records, all new records
also are added to these files first
eicar.avc, eicar.arm - eicar virus detection
ext*.avc, ext*.arm - signatures for detecting not-a-virus riskware; are
included in extended set only
fa.avc, fa.arm - records used to prevent false positive detection
gen*.avc, gen*.arm - heuristic algorithms36 Kaspersky Update System for Unix
kernel.avc, krn.avc, kernel.arm, krn*.arm - generic information required for
virus detection
mail.avc, mail.arm - mail formats extractor
ocr.avc, ocr.arm - image password extraction
scansets.cfg - special file with database sets description
smart.avc, smart.arm - file type recognition algorithm
troj*.avc, troj*.arm - signatures for detecting trojans
virus*.avc, virus*.arm - virus detection database set
unp*.avc, unp*.arm - decompression algorithms
The following files are the special ones used only by the Updater for x86 platform
(keepup2date) only:
avp.vnd - keyring file used in database integrity test
avp_x.set - super secure set control file
engine.* - engine configuration files
master.xml, updcfg.xml - special files, downloaded and used by keepup2date
for download process run and controlAPPENDIX F. FREQUENTLY
ASKED QUESTIONS
Question: Can the Kaspersky Anti-Virus signature be forged?
To ensure the integrity of the signature database, a hash process is used
to create a digital signature for the signature update file. The digital
signature is checked by the updater utility to verify the file’s integrity and
also guarantee its authenticity. If the verification fails, the download
process will cease. The digital signature is based on the MD5 hash
process, and ensures that the signature update file cannot be forged.
Question: Will keepup2date work without a license key file?
No, it won't. It requires a valid license key file.
Question: Are root permissions required to launch keepup2date?
No. It can be run by a regular user who is granted the following
permissions:
• to execute the keepup2date utility;
• to read the license key and the configuration file;
• to write to the database;
• to backup the database folders and log files.
• to execute avbasestest utility (if required)
Question: Can keepup2date configuration file be placed in a customized
directory?
Yes. The corresponding path must be modified in the configuration files.
The keepup2date utility can be executed by the following command line:
./keepup2date –c38 Kaspersky Update System for Unix
Question: Can keepup2date use proxy servers?
Yes. The value of the UseProxy parameter should be set to yes in the
configuration file and the value of ProxyAddress should be:
http://:@:
For example,
ProxyAddress=http://user:password@example.com:8080
or if authorization is not required:
ProxyAddress=http://example.com:8080
Question: What ports and protocols does keepup2date use?
It uses either http/ftp or proxy server’s port.
Question: What is the default location of the list of servers?
First keepup2date accesses the updcfg.xml file in the folder defined by
the BasesPath parameter. updcfg.xml contains the server list, which lists
the servers’ locations and weights. keepup2date uses the value of the
RegionSettings parameter in the configuration file to select the closest
server from the servers list, based on the server's weight and some
random data. If no updcfg.xml file is found in the path, it is downloaded
from the Kaspersky Lab’s server (or the server that is specified in
UpdateServerUrl option).
If the keepup2date utility is being used in retranslation mode, the
updcfg.xml file is put into the /index/ folder.
Question: What information do master.xml and kavset.xml contain?
After the server has been selected, keepup2date accesses the file
/index/master.xml, which defines the paths of updates
folders. Next it accesses the file kavset.xml in that folder, and may
download the necessary update files.
Question: Does keepup2date require wget?Frequently Asked Questions 39
No, this requirement has been phased out.
Question: How can keepup2date be configured to download signatures
from a mirror server?
Make these changes in the configuration file:
• UseUpdateServerUrl=yes
• UseUpdateServerUrlOnly=yes
• UpdateServerUrl=ftp:///
Question: Can I force keepup2date to download the updates from a
non-root folder on a mirror server? For example, from
ftp://ftp.domain.com/folder/?
Yes, you may use a sub-folder in a mirrored-server address, so this folder
became a root folder for Kaspersky update files, even if it is not a root-
folder on the http/ftp server. The sub-folder must have the proper
structure, containing the sub-folders /bases, /index and /AutoPatched. For
the example mentioned above, the file master.xml should be located at
the following address ftp://ftp.domain.com/folder/index/master.xml and the
correct shape of the UpdateServerUrl option should be with the “/”
character at the end of the line as follows:
UpdateServerUrl=ftp://ftp.domain.com/folder/
Question: How can I use extended database set?
By default the keepup2date utility fetches the extended signature
database files set from a server, so no configuration changes are
necessary.
But using any Kaspersky Anti-Virus Engine, you can choose the set of
database files to upload to the Engine with help of special options of its
configuration file.
For example, in case of using the KAS_Server package and running the
aveserver from it, define the parameter LoadBaseSet inside the
[kavdaemon.options] section of the kavdaemon.conf configuration file.40 Kaspersky Update System for Unix
The following values are possible:
• LoadBaseSet=extended – for uploading the extended set of
signature database files to the Engine
• LoadBaseSet=standard – for uploading the standard set of
signature database files to the Engine
Question: Keepup2date reports that it has downloaded a file called
.closed. What does this mean? The file does not exist on my system or
on the ftp site.
The .closed file appears on our servers if the replication process is in
progress: it means that the database may be momentarily inconsistent.
Question: How can the signature files be rolled back to the previous
version?
Executing the command
./keepup2date -r
will use the backup copy of the signature database in the bases.backup
folder to overwrite the signature files in the bases folder.
Question: Are there any other recommended update ways without
keepupdate or kavupdater usage?
Kaspersky Lab does recommend only keepupdate and/or kavupdater
utilities to both perform update on a system and using on a mirror server.
Any other ways are not recommended and not supported.
Question: Does Kaspersky Lab provide notification for each release of a
new signature update file?
Kaspersky Lab does not provide notification for its hourly signature file
releases. For each urgent update, an e-mail notification will be sent to a
special mail list. OEM partners are subscribed to this list upon request.
Actually the "current week" starts on Fridays, between 18:00 and 19:00
Moscow time (GMT +3)Frequently Asked Questions 41
APPENDIX G.
TROUBLESHOOTING
The communication process with Kaspersky OEM Department in case of a
problem with the Updater should be as follows:
• during integration process all problems and questions are handled and
resolved in bundle with dedicated Project Manager from Kaspersky’s
OEM Department.
• after signing a contract and completing both the integration and QA
stages, OEM-Partner receives a notification from Project Manager
about the fact the support stage of the Partner starts. On this stage all
questions and problems reports are to be sent to a dedicated Kaspersky
OEM Support Team e-mail box, mentioned in the notification.
• the Updater’s log file on the debug level should be sent to Kaspersky
OEM Support Team in case of any problem with Updater.
• all requests for new features of Updater should be sent to Project
Manager directly.
Here are some frequent issues that could be seen during update procedure.
Situation: Update procedure finishes without success. The
kavupdater.log file contains the following lines:
Download failure
or
Download error
The problem might be for the high load of servers. Please inform
Kaspersky OEM Support Team about the issue and forward the
kavupdater.log file. As servers might be overloaded, it will take some
time for the situation to become stabilize. Please start update procedure a
bit later.
Situation : Update procedure finishes without success. It can be seen in
the file kavupdater.log that the update procedure fails on
downloading one certain file. The kavupdater.log file contains the
following line:
Download failureYou can also read
