Kaspersky Anti-Spam 3.0 MP1 CF2 ( RELEASE NOTES

Aus Wiki.csoft.at

Version released on: 2007-07-19

Table of Contents:

 * What's new?
 * Fixed Problems
 * Product Overview
 * System Requirements
 * Product Installation & Upgrade
 * Known Issues & Workarounds

What's new?

The following improvements have been introduced since Kaspersky Anti-Spam 3.0 MP1 (

* Methods for fighting the so-called "graphic" spam, i.e. tools used
  to analyze graphic attachments. New algorithms have been introduced
  for processing and identification of similar images with textual
  content as well as the GSG-8 and GSG-9 technologies.
* FreeBSD 6.2 platform has been added to the list of supported platforms.
* FreeBSD 4.11 platform is no longer supported.
* The uds-rtts.sh utility now has additional functionality
  (a new '-a' option) for testing of proper UDS functioning.

Fixed Problems

The following problems have been fixed as compared to Kaspersky Anti-Spam 3.0 MP1 CF1 (

 * Possible termination or freezing of filtering processes when a list of 
   protected domains is used.
 * Accidental setting of incorrect access rights for the files of application
   components in case if they have been updated earlier using a package of 
   modified application files for previous product versions.

The following problems have been fixed as compared to Kaspersky Anti-Spam 3.0 MP1 (

* Possible termination with an error caused by invalid configuration
  settings has been fixed for kas-pipe (the component for integration
  with postfix and exim).
* Unauthorized users could access some directories of the web-based
  product configuration system.
* The list of protected domains could sometimes be ignored if
  recorded in uppercase style.
* Problems occurring during work with DNSBL servers have been fixed.
* Detailed logging in the kas-qmail component for integration with
  qmail has been improved.
* In the component for integration with Communigate Pro mail system
  (kas-cgpro) processing of configuration settings has been improved
  and correct behaviour in case of anti-spam engine errors ensured.
* Contact information of Kaspersky Lab Technical Support has been
* Product integration with postfix mail systems has been improved.

Product Overview

Kaspersky Anti-Spam 3.0 is a software suite filtering e-mail in order to protect mail system users from unwanted mass mail (spam).

Kaspersky Anti-Spam uses administrator-defined rules to process received messages accordingly. Namely, it delivers a message without modifications, blocks it, generates a notification informing that a message could not be received, adds or modifies message header and performs other actions specified by the administrator.

The application checks every e-mail message for the presence of signs indicating unsolicited mail (spam).

First, it checks various message parameters: the sender's and recipient's addresses (envelope), message size and its various headers (including From and To). In addition, the application runs the following checks as a part of its analysis procedure:

* a check of message sender's address (e-mail and/or IP address)
  using black and white lists;
* the presence of the sender's IP address in a specified DNS-based
  real time black hole list (DNSBL);
* availability of a DNS record for the sending server (reverse DNS
* a check of the sender's IP address for compliance with the list of
  addresses allowed for a domain based on the Sender Policy Framework
* a check of addresses and links to sites in message text using the
  Spam URI Realtime Blocklists (SURBL) service.

Second, the application employs content filtration, i.e. it analyzes the actual message contents (including the Subject header) and attached files. The application uses to that effect linguistic algorithms based on comparison with sample messages and search for typical terms (words and word combinations). In addition, the application uses internal Urgent Detection System technology providing access to the data of spam analysis laboratory in real time.

Kaspersky Anti-Spam also scans attached images comparing them to the signatures of known spam messages. Comparison results are also taken into account when the application decides whether a message should be identified as spam.

Messages with certain signs of unsolicited mail will be processed in accordance with the defined filtration policy.

The administrator can configure the applicable filtration policy using the web-based Control Center interface.

System Requirements

Hardware requirements:

1. Minimum requirements:

  * Intel Pentium III 500 MHz processor or higher. 
  * At least 512 MB of available RAM.

2. Recommended requirements:

  * Intel Pentium IV processor running at 2,4 GHz. 
  * 1024 MB of available RAM.

Software requirements:

1. Supported operating systems:

  * Red Hat Linux 9.0
  * Fedora Core 3
  * Red Hat Enterprise Linux Advanced Server 3
  * SuSe Linux Enterprise Server 9.0
  * SuSe Linux Professional 9.2
  * Mandrake Linux 10.1
  * Debian GNU/Linux 3.1r0
  * FreeBSD 5.4
  * FreeBSD 6.2

2. Supported e-mail systems:

  * sendmail 8.13.5 with Milter API support
  * postfix 2.2.2
  * qmail 1.03
  * exim 4.50
  * Communigate Pro 4.3.7

3. Required software:

  * Installed bzip2, which and ed utilities.
  * Perl interpreter.

Product Installation & Upgrade

Installation from scratch (if there is no previous product version installed on host): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Kaspersky Anti-Spam 3.0 is distributed in several installation packages:

* .rpm package for most versions of the Linux operating system
  (Red Hat, SuSe, Mandrake, Fedora, etc.). To install the product,
  enter the following in the command line:  
    # rpm -i kas-3-3.0.278-4.i386.rpm
* .deb package for Debian Linux. To install the product, enter the
  following in the command line: 
    # dpkg -i kas-3-3.0.278-4.i386.deb
* .tbz packages for the FreeBSD 5.4 and FreeBSD 6.2 operating systems.
  To install the product, enter the following in the command line: 
    # pkg_add kas-3-3.0.278.tbz

Having installed the filtration server, install the license key and integrate the mail system being used with Kaspersky Anti-Spam.

Your license key matching the purchased license is bundled together with the distribution package of Kaspersky Anti-Spam.

If for some reason you have no license key, contact the Technical Support service of Kaspersky Lab (http://www.kaspersky.com/helpdesk.html).

In order to install a license key, enter the following in the command line:

 # /usr/local/ap-mailfilter3/bin/install-key <key_filename>

If a license key has not been installed or the installed key is invalid, Kaspersky Anti-Spam will not filter mail. Mail system performance will not be affected; its e-mail traffic will just be transferred without analysis.

Kaspersky Anti-Spam integration with host mail system is accomplished by installation of a client plug-in module into that mail system and by addition of necessary modifications into configuration files. These actions are carried out automatically by the universal configuration script. If integration using the universal script is impossible (e.g., when the mail system has a non-standard configuration) you can use to that effect either configuration scripts of that specific e-mail system or configure it manually.

Please refer to the appendix of Kaspersky Anti-Spam Administrator's Guide for details about applicable methods for integration of client plug-in modules into each of the supported mail systems and about the changes introduced into their configuration files.

In order to integrate Kaspersky Anti-Spam with the mail system installed on your server, run the universal configuration script:

 # /usr/local/ap-mailfilter3/bin/MTA-config.pl

The script will identify the type of the mail transfer agent (MTA) and add necessary changes to its configuration files.

Correct integration with Qmail is possible only if Qmail uses the qmailq account and the qmail group (used by default).

Kaspersky Anti-Spam integration with Exim (using the kas-exim client plug-in module) and with Communigate Pro has to be performed by the administrator manually.

Detailed descriptions of peculiarities for each of the client modules and available integration methods can be found in the Kaspersky Anti-Spam Administrator's Guide included into the package.

Upgrading an earlier version (Kaspersky Anti-Spam 2.0): - - - - - - - - - - - - - - - - - - - - - - - - - - - -

* The recommended method is to remove Kaspersky Anti-Spam 2.0 integration 
  with the host mail system and uninstall Kaspersky Anti-Spam 2.0 in 
  accordance with its Administrator's Guide with a subsequent installation of
  Kaspersky Anti-Spam 3.0 as described above.
* Users who only wish to test Kaspersky Anti-Spam 3.0 evaluating it for a 
  short while (with an opportunity to return to the previous Kaspersky Anti-
  Spam/SpamTest 2.0) can install Kaspersky Anti-Spam 3.0 together with 
  Kaspersky Anti-Spam/Spam Test 2.0. Default settings of version 3.0 
  (installation paths, names of its scripts, used sockets) do not conflict 
  with the defaults of version 2.0. Thus, you can install Kaspersky Anti-
  Spam 3.0, configure it and then replace the old tcp: address 
  in the configuration files of version 2.0 client modules with the new 
  tcp: address. To revert to the original system state and 
  resume using Kaspersky Anti-Spam 2.0, it will be sufficient to return the 
  old address. This upgrade method can only be used as a temporary solution. 
  If you are satisfied with the operation of Kaspersky Anti-Spam 3.0, it is 
  strongly recommended to perform complete integration with   Kaspersky Anti-
  Spam 3.0.

Updating earlier builds of Kaspersky Anti-Spam 3.0: - - - - - - - - - - - - - - - - - - - - - - - - - -

There is no provision for automatic upgrading of earlier Kaspersky Anti-Spam 3.0 builds, therefore we recommend the following:

* Reverse integration of the earlier version with the host mail system. If 
  no changes have been added since the original integration, you can de-
  integrate Kaspersky Anti-Spam by running the following script:
  If the configuration files of the host mail system have been modified, you 
  should reverse integration manually in accordance with the Administrator's 
  Guide of the installed Kaspersky Anti-Spam build.

* Delete the kas-3 package using the method described in the Administrator's 
  Guide of the installed Kaspersky Anti-Spam build.
* If necessary, delete the /usr/local/ap-mailfilter3 directory:
    rm -rf /usr/local/ap-mailfilter3
* Then install the kas-3 package using the method described in the 
  Administrator's Guide from the application package.

Update using a package of modified executable files: - - - - - - - - - - - - - - - - - - - - - - - - - -

Additionally, an updating package of modified executable files kas- is provided. If you use this package, the product installed on your computer have identical features with Kaspersky Anti-Spam 3.0 MP1 CF2 except that the records in the system log of installed software will contain information about the build of Kaspersky Anti-Spam 3.0 installed earlier.

In order to use the update package, unpack archive kas- using command

    tar xfz kas-

and run update script upgrade.sh in folder kas- that will be created. If the scrip is executed successfully, all modified executable files will be saved and a backup copy of all modified files will be saved to the current folder as archive kas3-backup.tgz.

If you are using a Communigate Pro e-mail system, it has to be restarted after completion of the upgrade script.

General Issues & Workarounds

* In certain Linux distributions, when the ServerSpareFilters value
  is set to 1 or greater, and the application is restarted with the
  killall utility (used in kas-restart) a new filtration process may
  appear before the killall completes its work. The killall utility
  in that case will return an error and the kas-restart script will
  inform about its inability to restart the application although it
  has actually been restarted. Such situation can also occur in cases
  when the Control Center is used to invoke kas-restart to make the
  application read its configuration again.    
* Correctness of certain parameters in filter.conf is not validated
  or is validated too strictly.   
* When Kaspersky Anti-Spam 3.0 is installed and running on the same server 
  with Kaspersky Anti-Spam 2.0 or Kaspersky Mail Gateway 5.5, any restart 
  of the filtering processes (ap-mailfilter) by the kas-restart script or 
  the Control Center will cause an attempt to restart the filtering 
  processes of Kaspersky Anti-Spam 2.0 and Kaspersky Mail Gateway 5.5 
  as well. However, the actual restart of the processes belonging to other 
  products is impossible. Consequently, the corresponding warnings will be
  displayed; they should be ignored.
* For kas-qmail with parameter ClientOnError set to reject action
  temporary fail will be displayed in the smtp session during
  processing of the filtering errors. 
* Mandrake package does not include text line editor ed, therefore
  script /usr/local/ap-mailfilter3/bin/enable-updates.sh does not
  include UDS on this operating system. You should either install ed
  before installation of Kaspersky Anti-Spam 3.0 or turn on UDS separately 
  using the Control Center or manually by editing configuration file