[. . . ] KASPERSKY LAB Kaspersky Anti-Virus® 5. 5 for Check PointTM Firewall-1® Administrator's Guide KASPERSKY ANTI-VIRUS ® 5. 5 FOR CHECK POINTTM FIREWALL-1® Administrator's Guide © Kaspersky Lab Ltd http://www. kaspersky. com Revision date: November, 2006 Table of Contents CHAPTER 1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Computer viruses and malicious software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Purpose, main functions and structure of Kaspersky Anti-Virus. . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] Specify the percentage of the total volume of the unscanned data that will be held until the scan is complete in the Amount of data to be held until the scan is complete field. The greater the value of this setting, the less will be the possibility of infection when passing unscanned data to the user. In order to allow delivery of files downloaded in parts to the user, check the Allow partial files downloading box. If this box is not checked, the application will break the connection with the source and display a message informing the user that the information can not be downloaded. In order to ensure that objects that do not include standard HTTP protocol serviceinformation are scanned for viruses and delivered to the user, uncheck the Block non-compliant HTTP responses box. Objects will be processed in accordance with the scan settings selected for HTTP traffic. If the box is checked (default option), non-standard HTTP responses will be blocked, will not be sent for anti-virus scanning and therefore will not be delivered to the user. · · · 68 Kaspersky Anti-Virus 5. 5 for Check PointTM Firewall-1® Figure 18. The Actions tab 3. Specify which actions will be performed upon detection of infected, suspicious, protected and corrupted objects on the Actions tab (see Figure 18). In order to do this, select the required action from the drop-down list in the corresponding section. If you select an action that involves replacement of the object, you must create a replacement template. In order to do this, press the Notification template button and enter the notification text in the window that will open (see Figure 19The text of the notification may include information about the virus detected, HTTP address of the infected object and information about the connection error occurred. To include this information add corresponding substitution macros to the template selecting them from the drop-down list accessible via the Macros button. To save copies of clean objects and unchanged files, select the Save copies of clean and passed objects check box. Anti-virus protection 69 When the Save copies of clean and passed objects check box is selected, the Disinfect, save a copy action will be applied to all infected objects instead of the Disinfect action. The original copies of disinfected objects and the objects that cannot be disinfected will also be saved if the Skip, make no changes action is selected for such objects. Figure 19. Creating the replacement template 4. On the Exclusions tab (see Figure 20) provide the list of objects that will not be scanned for the presence of malicious code. In order to do this, check boxes next to the corresponding types of objects in the list. 70 Kaspersky Anti-Virus 5. 5 for Check PointTM Firewall-1® Figure 20. HTTP traffic scan settings The Exclusions tab 5. In order to apply the changes, press the Apply or the OK button. You can restore the default settings by pressing the Restore the default settings button. In order to disable scanning data transferred via HTTP protocol: uncheck the Scan HTTP traffic box on the Settings tab of the HTTP scan settings window (see Figure 17) and press the Apply or the OK button. 7. 5. Scanning FTP traffic In order to configure the settings for scanning data transferred via FTP protocol: 1. Select the node corresponding to the required server in the console tree and follow the FTP traffic settings link in the results pane. Anti-virus protection 71 This will open the FTP scan settings window (see Figure 21). Configure the anti-virus operation settings for scanning FTP traffic on the tabs of this window. The settings are configured similarly to the settings used for HTTP traffic. [. . . ] (i) Kaspersky Lab will provide you with the support services ("Support Services") as defined below for a period of one year following: (a) Payment of its then current support charge, and: (b) Successful completion of the Support Services Subscription Form as provided to you with this Agreement or as available on the Kaspersky Lab website, which will require you to produce the Key Identification File which will have been provided to you by Kaspersky Lab with this Agreement. It shall be at the absolute discretion of Kaspersky Lab whether or not you have satisfied this condition for the provision of Support Services. (ii) Support Services will terminate unless renewed annually by payment of the then-current annual support charge and by successful completion of the Support Services Subscription Form again. (iii) By completion of the Support Services Subscription Form you consent to the terms of the Kaspersky Lab Privacy Policy, which is deposited on ww. kaspersky. com/privacy, and you explicitly consent to the transfer of data to other countries outside your own as set out in the Privacy Policy. [. . . ]