Kaspersky Anti-Spam MP1 RELEASE NOTES

Aus Wiki.csoft.at

Version issued on: (2006-11-14)


wget ftp://ftp.downloads1.kaspersky-labs.com/products/release/english/antispam/rpm/kas-3-3.0.255-0.i386.rpm


What's new?

The following improvements have been introduced since Kaspersky Anti-Spam

1. Improved filtering methods.

  Methods for fighting the so-called "graphic" spam (that is methods
  used for analyzing graphic attachments, processing animated images,
  etc.) have been improved. In particular:
  * Technology GSG-7 for processing and identification of similar
    images with textual content has been introduced.
  * Animated images are now processed using GSG-A technology that
    allows extracting relevant important frames from the animation.  
2. UDS: data transfer protocol has been extended, an ability to repeat
  requests in order to rule out the possibility of accidental loss of
  packages between KAS 3.0 MP1 and UDS servers has been added.

Changed Features

The following problems have been fixed as compared to Kaspersky Anti-Spam

* The stat application used for collecting statistics could exit with
  an error if it encountered extra long lines in the e-mail messages
  processing log /usr/local/ap-mailfilter3/log/filter.log 
* If an error occurred when the e-mail message was returned to the
  original process q-mail, module kas-qmail used for integration with
  qmail did not return the corresponding error to the SMTP sessions.
* In some cases kas-license module used for verification of the
  license policy could exit with an error.

Product Overview

Kaspersky Anti-Spam 3.0 is a software suite filtering e-mail in order to protect mail system users from unwanted mass mail (spam).

Kaspersky Anti-Spam uses administrator-defined rules to process received messages accordingly. Namely, it delivers a message without modifications, blocks it, generates a notification informing that a message could not be received, adds or modifies message header and performs other actions specified by the administrator.

The application checks every e-mail message for the presence of signs indicating unsolicited mail (spam).

First, it checks various message parameters: the sender's and recipient's addresses (envelope), message size and its various headers (including From and To). In addition, the application runs the following checks as a part of its analysis procedure:

* a check of message sender's address (e-mail and/or IP address)
  using black and white lists;   
* the presence of the sender's IP address in a specified DNS-based
  real time black hole list (DNSBL);    
* availability of a DNS record for the sending server (reverse DNS
* a check of the sender's IP address for compliance with the list of
  addresses allowed for a domain based on the Sender Policy Framework
* a check of addresses and links to sites in message text using the
  Spam URI Realtime Blocklists (SURBL) service.   

Second, the application employs content filtration, i.e. it analyzes the actual message contents (including the Subject header) and attached files. The application uses to that effect linguistic algorithms based on comparison with sample messages and search for typical terms (words and word combinations). In addition, the application uses internal Urgent Detection System technology providing access to the data of spam analysis laboratory in real time.

Kaspersky Anti-Spam also scans attached images comparing them to the signatures of known spam messages. Comparison results are also taken into account when the application decides whether a message should be identified as spam.

Messages with certain signs of unsolicited mail will be processed in accordance with the defined filtration policy.

The administrator can configure the applicable filtration policy using the web-based Control Center interface.

System Requirements

Hardware requirements:

1. Minimum requirements:

  * Intel Pentium III 500 MHz processor or higher. 
  * At least 512 MB of available RAM.
2. Recommended:

  * Intel Pentium IV processor running at 2,4 GHz. 
  * 1024 MB of available RAM.

Software requirements:

1. Supported operating systems:

  * RedHat Linux 9.0.
  * Fedora Core 3.
  * RedHat Enterprise Linux Advanced Server 3. 
  * SuSe Linux Enterprise Server 9.0. 
  * SuSe Linux Professional 9.2. 
  * Mandrake Linux 10.1.
  * Debian GNU/Linux 3.1. 
  * FreeBSD 4.10.
  * FreeBSD 5.4.
2. Supported e-mail systems:

  * Sendmail 8.13.5 with Milter API support.
  * Postfix 2.2.2.
  * Qmail 1.03.
  * Exim 4.50.
  * Communigate Pro 4.3.7.
3. Required software:

  * Installed bzip2, which and ed utilities.
  * Perl interpreter.

Product Installation & Upgrade

Installation from scratch (if there is no previous product version installed on host):

Kaspersky Anti-Spam 3.0 is distributed in several installation packages:

* .rpm package for most versions of the Linux operating system
  (RedHat, SuSe, Mandrake, Fedora, etc.). To install the product,
  enter the following in the command line:  

    # rpm -i kas-3-3.0.255-0.i386.rpm
* .deb package for Debian Linux. To install the product, enter the
  following in the command line: 

    # dpkg -i kas-3-3.0.255-0.i386.deb
* .tgz package for the FreeBSD 4.10 operating system. To install the
  product, enter the following in the command line: 

    # pkg_add kas-3-3.0.255.tgz
* .tbz package for the FreeBSD 5.4 operating system. To install the
  product, enter the following in the command line: 

    # pkg_add kas-3-3.0.255.tbz

Having installed the filtration server, install the license key and integrate the mail system being used with Kaspersky Anti-Spam.

Your license key matching the purchased license is bundled together with the distribution package of Kaspersky Anti-Spam.

If for some reason you have no license key, contact the Technical Support service of Kaspersky Lab http://www.kaspersky.com/helpdesk.html

In order to install a license key, enter the following in the command line:

 # /usr/local/ap-mailfilter3/bin/install-key <license_key_filename>

If a license key has not been installed or the installed key is invalid, Kaspersky Anti-Spam will not filter mail. Mail system performance will not be affected; its e-mail traffic will just be transferred without analysis.

Kaspersky Anti-Spam integration with host mail system is accomplished by installation of a client plug-in module into that mail system and by addition of necessary modifications into configuration files. These actions are carried out automatically by the universal configuration script. If integration using the universal script is impossible (e.g., when the mail system has a non-standard configuration) you can use to that effect either configuration scripts of that specific e-mail system or configure it manually.

Please refer to the Kaspersky Anti-Spam documentation Appendices for details about applicable methods for integration of client plug-in modules into each of the supported mail systems and about the changes introduced into their configuration files.

In order to integrate Kaspersky Anti-Spam with the mail system installed on your server, run the universal configuration script:

 # /usr/local/ap-mailfilter3/bin/MTA-config.pl

The script will identify the type of the mail transfer agent (MTA) and add necessary changes to its configuration files.

Correct integration with Qmail is possible only if Qmail uses the qmailq account and the qmail group (used by default).

Kaspersky Anti-Spam integration with Exim (using the kas-exim client plug-in module) and with Communigate Pro has to be performed by the administrator manually.

Detailed descriptions of peculiarities for each of the client modules and available integration methods can be found in the documentation for Kaspersky Anti-Spam.

Upgrading an earlier version:

* The recommended method is to remove KAS 2.0 integration with the
  host mail system and uninstall KAS 2.0 in accordance with its
  documentation with a subsequent installation of KAS 3.0 as
  described above.   
* Users who only wish to test KAS 3.0 evaluating it for a short while
  (with an opportunity to return to the previous KAS/SpamTest 2.0)
  can install KAS 3.0 together with KAS 2.0. Default settings of
  version 3.0 (installation paths, names of its scripts, used
  sockets) do not conflict with the defaults of version 2.0. Thus,
  you can install KAS 3.0, configure it and then replace the old
  tcp: address in the configuration files of version 2
  client modules with the new tcp: address. To revert
  to the original system state and resume using KAS 2.0, it will be
  sufficient to return the old address. This upgrade method can only
  be used as a temporary solution. If you are satisfied with the
  operation of KAS 3.0, you are strongly recommended to perform
  complete integration with KAS 3.0.  

Updating from release KAS 3.0:

There is new provision for automatic updating from Kaspersky Anti-Spam, therefore we recommend the following:

* Reverse integration of the earlier version with the host mail
  system. If no changes have been added since the original
  integration, you can de-integrate Kaspersky Anti-Spam by running
  the following script:  
  If the configuration files of the host mail system have been
  modified, you should reverse integration manually in accordance
  with the documentation of Kaspersky Anti-Spam

* Delete the kas-3 package using the appropriate OS tools. In
  FreeBSD, run the following command:  
    pkg_delete kas-enterprise-3-3.0.242
  In RPM-based Linux distributions:
    rpm -d kas-enterprise-3-3.0.242
  In Debian:
    aptitude purge kas-3
* Delete the /usr/local/ap-mailfilter3 directory manually (if it has
  not been deleted):  
    rm -rf /usr/local/ap-mailfilter3
* Then install kas-3 distribution package following the "Installation
  from scratch" section.  

Additionally, an updating package of modified executable files kas- is provided. If you use this package, the product installed on your computer have identical features with KAS 3.0 MP1 except that the records in the installed software system log will contain information about installed KAS rather than about KAS

In order to use the update package, unpack archive kas- to a location you select using command

    tar xfz kas-

and run update script upgrade.sh in folder kas- that will be created. If the scrip is executed successfully, all modified executable files will be saved and a backup copy of all modified files will be saved to the current folder as archive kas3-backup.tgz.

General Issues & Workarounds

* In certain Linux distributions, when the ServerSpareFilters value
  is set to 1 or greater, and the application is restarted with the
  killall utility (used in kas-restart) a new filtration process may
  appear before the killall completes its work. The killall utility
  in that case will return an error and the kas-restart script will
  inform about its inability to restart the application although it
  has actually been restarted. Such situation can also occur in cases
  when the Control Center is used to invoke kas-restart to make the
  application read its configuration again.    
* Correctness of certain parameters in filter.conf is not validated
  or is validated too strictly.   
* When KAS 3.0 is installed and running on the same server with KAS
  2.0 or Kaspersky Mail Gateway 5.5, any restart of the filtering
  processes (ap-mailfilter) by the kas-restart script or the Control
  Center will cause an attempt to restart the filtering processes of
  KAS 2.0 and Kaspersky Mail Gateway 5.5 as well. However, the actual
  restart of the processes belonging to other products is
  impossible. Consequently, the corresponding warnings will be
  displayed; they should be ignored.  
* Domain names in the lists of e-mail addresses and Protected domains
  are case-sensitive, therefore we recommend that you enter them
  using the lower case.  
* If the limit for the processed message ClientFilteringSizeLimit is
  exceeded module of integration with kas-qmail will enter a message
  of exceeded priority into the log: it is marked as an error, but in
  fact it is an information message.  
* For kas-qmail with parameter ClientOnError set to reject  action
  temporary fail will be displayed in the smtp session during
  processing of the filtering errors. 
* Mandrake package does not include text line editor ed, therefore
  script /usr/local/ap-mailfilter3/bin/enable-updates.sh does not
  include UDS on this operating system. You should either install ed
  before installation of KAS 3.0 or turn on UDS separately using the
  Control Center or manually by editing configuration file

See also