1.1. Whats new in Kaspersky Mail Gateway 5.5
Kaspersky Mail Gateway has been enhanced with the following additional features as compared with Kaspersky SMTP-Gateway 5.5: Checking email traffic for spam presence using the content filtration databases with an opportunity to specify the degree of filtering intensity. Marking of messages identified as spam or probable spam using special headers including an opportunity to use different methods with various groups of senders/recipients.
Storage of messages identified as spam or probable spam in the quarantine directory. Blocking of delivery to recipients for messages identified as spam or probable spam.

1.2. Licensing policy

The licensing policy for Kaspersky Mail Gateway includes a system of product use limitations based on the following criteria:
Number of users protected by the application Email traffic processed daily (MB/day).
Each type of licensing is also limited by a certain period (typically one year or two years after the date of purchase). You can purchase a license limited by one of the above criteria (for example, by the daily mail traffic volume). In addition, you can define during product purchase whether your Kaspersky Mail Gateway will only perform anti-virus scanning of email traffic or it will also filter spam. The application has slightly different configuration parameters, depending on the type of license you have purchased. Thus, if the license is issued for a certain number of users, you will have to create a list of addresses (domains) that will be protected by the application against viruses and spam The application will notify the administrator when the traffic volume reaches critical values or the number of protected accounts is exceeded.
1.3. Hardware and software requirements
Minimum system requirements for normal operation of Kaspersky Mail Gateway are as follows: Intel Pentium processor (Pentium III or Pentium IV recommended). At least 256 B of available RAM At least 100 MB of available space on your hard drive to install the application. Please note that the application working queue, quarantine directory, and archives of incoming and outgoing email are not included in the hard disk space required. If your network
security policy requires the use of the above features, additional disk space will be needed. at least 500 MB of available space in the /tmp file system. One of the following operating systems: Red Hat Enterprise Linux Advanced Server 4. Red Hat Linux 9.0. Fedora Core 4. SuSE Linux Enterprise Server 9.0 (SP3). SuSE Linux Professional 10.0. Debian GNU/Linux 3.1r1. Mandriva 2006. FreeBSD 4.11, 5.4, 6.0.
Perl interpreter, version 5.0 or higher (www.perl.org) and the which utility to install the application. Webmin version 1.070 or higher (www.webmin.com) to install the remote administration module (optional.

If the message satisfies the preliminary processing requirements, it is sent to the working queue to be processed by the scanning module. If all incoming mail should be archived, a copy of any message added to the working queue will be automatically preserved in the archive of received messages. 3. The scanning module receives a message from the working queue and transfers it to the Spamtest filter for inspection. The filter assigns to it a
specific status and returns the message to the scanning module, which then breaks it into individual components and passes them to the AV module for analysis. If you have only purchased a license for anti-virus scanning of email traffic, spam filtering will not be performed. Messages will be immediately delivered to the AV module for analysis. The application will ignore then configuration parameters, which apply to the Spamtest filter. 4. 5. The AV module scans the objects and, if this option is enabled, disinfects them, when necessary. The scanning module handles messages according to the status (see section 4.2 on p. 32) assigned to each object or message during analysis by the Spamtest filter and the AV module (blocks message delivery, deletes infected objects, modifies message headers, adds messages to the quarantine directory, etc.). The actions to be applied are defined in the application configuration file. Each processed message is then added to the ready-to-send message queue. If saving in the quarantine is specified as the action to be performed on a message, a copy of the scanned message will be saved in the quarantine directory concurrently with its transfer to the ready-to-send queue. The application creates a separate quarantine directory for messages identified as spam or probable spam and messages containing infected, suspicious or corrupted objects. Creation of message copy in backup storage or quarantine directory does not block delivery of the original message to the recipient. An additional action blocking its delivery has to be specified, if you want to prevent message delivery to the recipient. 7. The Sender module receives each message from the ready-to-send queue and transfers it via the SMTP protocol to the onward mail agent to be delivered to local end users or rerouted to other mail servers. If your network security policy requires logging of all outgoing email traffic, a copy of each message will be automatically saved after its delivery to the archive of sent messages (see Fig. 3).
Figure 3. Saving messages to the archives of received / sent messages
2.3. Typical deployment scenarios
Depending upon the network architecture, the following options for installation of Kaspersky Mail Gateway are possible: install the application along corporate network perimeter in the demilitarized zone (DMZ) acting as a buffer between internal corporate LAN and external network); install the application inside your existing mail system. to the same server with a running email system; to a dedicated server.

Step 2. Copying application files to destination directories on your server
The installer starts copying the application files to the destination directories on your server. For a detailed description of the directories where the application files will be copied, see section A.1 on p. 95. If you installed the application from an rpm package, then you should run the postinstall.pl script (present by default in the /opt/kav/5.5/scmsmtpgw/setup/ directory) to perform the following steps.
Step 3. Post-installation tasks
The post-installation configuration includes the following steps:
Configuring the smtpgw component (see section 3.4 on p. 24). Installing and registering the license key. If you have no license key at the time of installation (for example, if you purchased the application via the Internet and have not received the
license key yet), you can activate the application after installation before its first use. For details see section 5.6 on p. 60. Please note that if the license key is not installed, the anti-virus and content filtration databases cannot be updated and the smtpgw component cannot be started during the installation process. You will have to do it manually, after the key is installed.
Configuring the keepup2date component. Installation (updating) of the anti-virus and content filtering databases. You must install the anti-virus and content filtration databases before using the application. The procedure of detecting and disinfecting viruses relies on the use of the anti-virus database records that contain description of viruses known at the moment and the methods of disinfecting these viruses. Anti-virus scanning and processing of email messages cannot be performed without the anti-virus database. The application employs its content filtering database for spam detection (analysis of message contents and attached files used to identify the signs of unsolicited mail).
Installing the Webmin module. The Webmin module for remote management of the application can be installed correctly only if the Webmin application is located in the default directory. After the module is installed, you will receive detailed instructions on how to configure it to work with the application.
Launching the smtpgw component. If, after installation, Kaspersky Mail Gateway has not started working as required, check the configuration settings. Pay special attention to the port number you specified for receiving mail traffic. You may also view the application log file.

After you properly complete these steps, a corresponding message on the server console will appear as soon as the installation procedure is over.
3.4. Configuring the application
Immediately after the files have been copied to your server, system configuration process will start. Depending on the package manager you use, the configuration process will either be started automatically or (if the package manager does not allow the use of interactive scripts, such as rpm), some additional actions will have to be performed by the administrator. All settings are stored in the smtpgw.conf file installed by default in the /etc/kav/5.5/scm-smtpgw/ directory.
If you are using the rpm installation package, enter the following command to start configuration after the files are copied to your server: # /opt/kav/5.5/scm-smtpgw/setup/postinstall.pl The configuration procedure includes the following tasks:
Setting up (by the administrator) of the server name that will be used to identify the application in the SMTP commands when creating the DSN and notifications (the Hostname parameter in the [smtpgw.network] section of the smtpgw.conf configuration file). Full domain name of the server must be specified as the parameter value. Setting up the domain name that will be used to: Assign the Postmaster address ([smtpgw.network] section, Postmaster parameter) Assign the senders return address for notifications ([smtpgw.policy] section, NotifyFromAdress parameter) Define the administrators address ([smtpgw.policy] section, AdminNotifyAddress parameter) Allow incoming mail to this domain ([smtpgw.options] section, RelayRule parameter).
Defining the interface and port to listen to the incoming email traffic ([smtpgw.network] section, ListenOn parameter). Type the port name and the IP address in the <x.x.x.x:z> format, where: x.x.x.x is the IP address, and z is the port number.
Specifying local network identifiers ([smtpgw.access] section, RelayRule parameter). This value is used to assign rules for message delivery and processing, for example, rules specific for your organization concerning mail processing, or blocking email messages from certain domains, etc. Specify the values using the following formats: <x.x.x.x> or <x.x.x.x/y.y.y.y>, or <x.x.x.x/y>,where: x.x.x.x is the IP address, and y.y.y.y or y is the subnet mask.
Specifying (when necessary) the server to which all processed messages will be forwarded ([smtpgw.forward] section, the ForwardRoute parameter). Type the host name in the format: <x.x.x.x:z>, where: x.x.x.x is the IP address, and z is the port number.
Specifying the proxy server name ([updater.options] section, ProxyAddress parameter). This option is necessary for computers connected to the Internet via a proxy server. Modifying the application configuration file to fine-tune the operation of the AV module and the Spamtest filter (optional).

4.4. Operation of the AV module
The AV module checks message components for virus presence. During the process of scanning and disinfection of detected infected objects, the AV module uses the anti-virus databases containing descriptions of currently known viruses and methods of disinfection for objects containing them. You are advised to update the anti-virus databases regularly to maximize the efficiency of anti-virus functionality as regards new viruses. Updates for the anti-virus databases are made available on the update servers of Kaspersky Lab every hour. By default, the AV module of the application only scans your email traffic; it does not cure infected objects. To enable disinfection, set the Cure parameter in the [smtpgw.ave] section of the configuration file to true. If disinfection has been successful, the object is
assigned the Disinfected status. Please see section 4.2 on p. 32 for details regarding other statuses that the AV module can assign to objects. The actions performed by the AV module with an object, which has passed scanning, are determined by the respective options in the configuration file (ActionInfected, ActionSuspicious, etc.). Each status corresponds to its respective option. The following actions are available: cure replace the infected object in a message with a disinfected one; The action can be defined for objects with the Disinfected status only (ActionDisinfected parameter). pass transfer the object without modifications, no actions will be applied to the object; remove remove the object from mail message; placeholder replace the object with a notification generated according to a template.
CHAPTER 5. ANTI-VIRUS PROTECTION AND SPAM FILTRATION
Using Kaspersky Mail Gateway, you can arrange anti-virus protection and spam filtering for email traffic transferred through the mail server of your organization. The anti-virus protection and spam filtering system is based on the performance of tasks that represent major functionality of the application. The tasks implemented by Kaspersky Mail Gateway may be divided into three major groups: 1. 2. 3. Updates of the content filtration and anti-virus databases used for spam filtering, anti-virus scanning and disinfection of objects. Spam filtering. Anti-virus protection of email traffic.
Each of the above groups includes more specific tasks. In this chapter, we will discuss the most typical tasks that the administrator can combine and enhance depending on the needs of his/her organization. In order to perform tasks described further some changes should be introduced into the configuration file of the application. You will have to restart the application to apply the modifications. This guide contains a description of how to locally configure and start tasks from the command line. Issues related to starting and managing tasks from remote computers using the Webmin application are not discussed in this document. In all examples below, it is assumed that the administrator has completed all required post-installation tasks and the application operates correctly.

Add disclaimer text to mail message body. The information will be added as plain text; it may contain any statement generated in accordance with the security policy (or other rules) of a specific organization (the AddDisclaimer parameter in the [smtpgw.policy] section). The default message text notifies that the message has been scanned by Kaspersky Mail Gateway. Upon administrators demand the application can modify the information format (e.g., generate disclaimer message as a HTML text).
CHAPTER 7. TESTING APPLICATION OPERABILITY
After you install and configure Kaspersky Mail Gateway, it is recommended that you test its settings and operability by using the following three methods:
Telnet program Mail messages containing test phrases in the Subject header EICAR test virus.
7.1. Testing the application using Telnet
To test the application operation using Telnet it is necessary to: 1. Configure the connection to the server with the installed application using Telnet. To do so, enter the following in the command line: telnet <smtpgw host address> <port> where the host address and port are values assigned to the ListenOn option in the [smtpgw.network] section of the application configuration file. 2. After the connection is established, wait for a response from the smtpgw component. You will see the following information: 220 smtpgw.company.com ESMTP where smtpgw.company.com is the name of the server being tested. 3. After the connection to the server is confirmed, type the following in the command line: EHLO <fqdn> where <fqdn> stands for a full domain name of the host, which establishes connection. You will see the following (or similar) information:
250-smtpgw.company.com hello user [127.0.0.1] 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE DSN where: smtpgw.company.com is the name of the server being tested user is the client host name [127.0.0.1] is the client IP address. Enter in the command line: MAIL FROM: <sender_address> You will see the following (or similar) information: 250 2.1.0 OK Enter in the command line: RCPT TO: <recipient_address> You will see the following (or similar) information: 250 2.1.0 OK Enter in the command line: DATA You will see the following (or similar) information: 354 Start mail input; end with <CRLF>.<CRLF> Enter in the command line: Subject: test test. You will see the following (or similar) information: 250 2.1.0 OK 4. If the response is 250 2.1.0 OK, the test message has been successfully accepted by the server. After this, the message must be checked by Spamtest, scanned for viruses and then sent to the recipient in accordance with the routing table. It is recommended that you check message delivery. To verify the results, view the

CHAPTER 9. FREQUENTLY ASKED QUESTIONS
This chapter contains a discussion of questions most frequently asked by our users regarding the installation, configuration and operation of the application. Question: Is it possible to use Kaspersky Mail Gateway with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky Mail Gateway to avoid software conflicts. Question: Kaspersky Mail Gateway does not rescan files that have been scanned earlier. Why? This is true. The application does not rescan files that have not changed since the last scan. That has become possible due to new iChecker. The technology is implemented in the program using a database of file checksums. Question: Why does Kaspersky Mail Gateway cause a certain decrease in server performance, noticeably loading the CPU? Virus detection is a computationally intensive mathematical problem requiring structural analysis, checksum calculation and mathematical data conversions. Processor time is therefore the main resource consumed by the program, and each new virus added to the anti-virus databases increases the overall scanning time. This is a necessary sacrifice for the security and safety of your data. Other anti-virus products speed up scanning by excluding both viruses which are less easily detectable or less frequent in the geographic location of the anti-virus vendor, and file formats that require complicated analysis (e.g. PDF) from their databases. In contrast, Kaspersky Lab believes that the purpose of its products is to establish real and complete security for its users. Kaspersky Mail Gateway gives its users maximum protection. Experienced users can accelerate anti-virus scanning to the detriment of overall security by disabling scanning of various file types, but we do not recommend doing so for users who want the best protection.
Frequently asked questions
For maximum user protection, Kaspersky Mail Gateway recognizes more than 700 formats of archived and compressed files. This is essential for anti-virus security, because harmful executable code may be hidden inside files of any recognized format. However, despite the daily growth in the number of viruses detected by Kaspersky Mail Gateway (approximately 30 new viruses appear daily) as well as the ever increasing number of recognized file formats, each subsequent version of our product functions faster than the previous one. That is achieved through the use of new, exclusive technologies, such as iChecker, developed at Kaspersky Lab. Question: Why do I need the key file? Will my Kaspersky Mail Gateway work without it? No, Kaspersky Mail Gateway does not work without a license key. If you are still deciding whether or not to purchase Kaspersky Mail Gateway, we can provide you with a temporary key file (trial key), which will only work either for two weeks or for a month. When this period expires, the key will be blocked. Question: What happens when the license expires? After expiration of the license, Kaspersky Mail Gateway will continue operating, but updating of the anti-virus and content filtration databases will be disabled. The Kaspersky Mail Gateway will continue cleaning infected objects but only using the old anti-virus databases. If such a situation arises, notify your system administrator and contact the company where you have purchased Kaspersky Mail Gateway or Kaspersky Lab directly for license renewal. Question: The application does not work. What should I do? First, check if a solution for your problem is provided in this documentation, especially in this section or on our website. In addition, we recommend that you apply for support to the distributor from whom you purchased Kaspersky Mail Gateway or write to our Technical support service (support@kaspersky.com) or to the address contained in the license key information. To make sure your request is answered as soon as possible, follow these suggestions:

In the message header, specify your operating system, the name of Kaspersky Lab product you are experiencing problems with, and briefly describe the problem. For example: FreeBSD 5.3, Kaspersky Mail Gateway 5.5, updating of the anti-virus databases does not function. Compose your messages in plain text format. At the beginning of the message, specify the exact versions of the operating system and Kaspersky Mail Gateway distribution package and provide the number of your license key file. Clearly describe the problem in brief. Keep in mind that, when reading your mail, the technical support service officers do not yet know about your problem. They can only help after fully understanding and reproducing it. Send the following data, packed into one archive, to the Technical Support Service: log file (report file) produced by Kaspersky Mail Gateway while running. configuration file of Kaspersky Mail Gateway your license key file. Make sure to specify in your mail if your computer system contains any of the following: a very old or very new processor, or more than one processor less than 64 MB or more than 2 GB of RAM. Specify the approximate amount of daily traffic and whether or not the server has peak loads.
Question: What are the daily updates for? A few years ago viruses were transmitted on floppy disks, and adequate computer protection could be achieved by installation of an anti-virus program followed by rare updates to its anti-virus database. However, recent virus epidemics spread around the world in several hours, and anti-virus protection with old databases may be helpless against a new threat. In order to resist new viruses, you should update the anti-virus databases every hour. Every year Kaspersky Lab increases the frequency of its updates issued for the anti-virus databases. Currently they are updated every hour.
Spam is a serious problem for all network users being a direct and obvious threat to businesses. According to the latest data, the volume of spam in the Internet is about 75-80 percents of the total mail volume and new types of spam appear constantly. Fast response to appearance of such unwanted message types and blocking of their spreading requires timely updates to the content filtration database employed for spam filtering. New updates to the content filtration database are made available on the update servers of Kaspersky Lab every 20 minutes. Since the update frequency of the anti-virus and content filtration databases are different, you are advised to set up the updates to run at a 20 minutes interval. After connection, the application identifies available updates automatically and downloads them. Question: What are the changes to the updating service of version 5.0? The Kaspersky Lab 5.0 product suite features a new updating service, which has been developed in accordance with the requests of our users. It automates the whole updating procedure, from the preparation of updates in Kaspersky Lab to the moment that relevant files are updated on clients' computers. Advantages of the new updating service include: Ability to resume downloading of files after disconnection. Upon reconnection only files which have not been downloaded are retrieved. Cumulative updates are now half the size. A cumulative update contains the whole anti-virus database, therefore its size exceeds considerably the size of typical updates. The new service employs a special technology which allows using already existing anti-virus database for a cumulative update. Accelerated downloading from the Internet. Kaspersky Mail Gateway picks up a Kaspersky Lab's updates server located in your region. Furthermore, servers are allocated according to their performance, so you will not be sent to an overloaded server while there is another idle server available. Use of key black lists. Unlicensed and illegal users of Kaspersky Mail Gateway are now prevented from using the updating service. Licensed users therefore do not suffer from inability to contact overloaded updates servers. Corporate enterprises can now create a local updates' server. This feature is designed for organizations where a single LAN

StatFilename full name (including the path) of the file that stores the application performance statistics. The default value is: /var/db/kav/5.5/scm-smtpgw/smtpgw.stat. ICheckerDBFilename full name (including the path) of the database file that stores the information about the messages scanned using the iChecker technology. The default value is: /var/db/kav/5.5/scmsmtpgw/smtpgw.sfdb. PrependReceived=true|false if this option is enabled, the smtpgw component will add the Received: header to scanned messages. The default value is: true (the header will be added). DSNTemplate full name (including the path) of the file used as a template for Delivery Status Notification messages. Required parameter. DSNEntireMessage=true|false if this option is enabled, the original message will be entirely included in the corresponding DSN messages. The default value is: false, i.e., the DSN message will contain only the header of the original message. DSNOnRelaying=true|false an option used for generating a DSN message upon successful delivery of a message. The default value is: false. MessageStatistics full name of a file or a socket to which the applications statistical data will be logged. If parameter value is an empty string (MessageStatistics=), the statistical data will not be logged. DropMalformedMail=true|false an option that determines the delivery or removal of mail messages that do not meet the RFC standards. The default value is: false. This also includes an attempt to make the message compliant with the standards, after which certain actions as per the configuration file settings will be performed. If the option is set to true, then the messages that do not comply with the standards, will not be delivered. The [smtpgw.path] section contains paths to archives, control files and the working queue of the application: IncomingArchivePath path to the directory where the archive with all incoming messages is stored. If the option is set to an empty string or if the option is missing altogether, then the received messages will not be archived. OutgoingArchivePath path to the directory where the archive with all outgoing messages is stored. If the option is set to an empty string or if the option is missing altogether, then the sent messages will not be archived. QueuePath path to the directory that stores the working queue of objects to be processed by the application. Required parameter.

At least one of the Senders or Recipients parameters has to be specified. AdminNotifyAddress email address to which the application will send notifications to the administrator regarding the scan results for messages included into this group. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifyFromAddress email address from which the application will send notifications regarding the scan results for messages of this group. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. AVQuarantinePath path to the quarantine directory for messages containing objects that have been assigned the Infected, Disinfected, Suspicious, Protected or Error status while scanning. The default value is: /var/db/kav/5.5/scm-smtpgw/quarantine/av. If this option is not defined, the application will use the value of a similar parameter from the [smtpgw.policy] section. SpamQuarantinePath path to the quarantine directory for messages identified by Spamtest filter as spam or probable spam. The default value is: /var/db/kav/5.5/scm-smtpgw/quarantine/spam. If this option is not defined, the application will use the value of a similar parameter from the [smtpgw.policy] section. IncludeByName defines masks for filtering by the attachment name. The application will filter the objects if their names match the specified masks and do not match the masks used to define exclusions from scanning. If this option is not defined, the application will use the value <"*"> (any name). If several masks have to be specified for filtering, each record must have the following format: IncludeByName=*exe IncludeByName=*.bat The values for the ExcludeByName, IncludeByMime ExcludeByMime options are specified in the same manner. and
ExcludeByName defines masks to exclude from filtering by the attachment name. The application will filter the objects with names not matching these masks and matching the masks used to define inclusions into scanning. IncludeByMime defines masks for filtering by MIME type. The application will filter the objects if their MIME type matches the specified masks and does not match the masks used to define exclusions from scanning. If this option is not defined, the application will use the value <"*"> (any type).

value of a similar parameter from the [smtpgw.policy] section will be used. AddXHeader=true|false an option to include an informational header to messages processed by the application. AddDisclaimer=true|false an option to add disclaimer text generated according to the template specified by the administrator in the DisclaimerTemplate option. The [updater.path] section contains the paths to directories and files required for the keepup2date component to work: BackUpPath path to the directory that stores the archive of the anti-virus and content filtration databases during updating. Required parameter. UploadPatchPath path to the directory that stores application patches. PidFile pid file path. The parameter is used to prevent simultaneous work of several instances of the keepup2date component. If the parameter is missing, no pid file will be created and the application will not perform checks for the presence of other running instances of the component. AVBasesTestPath complete path to the avbasestest utility validating the anti-virus databases. The application uses the utility immediately as soon as it downloads updates. It will copy them from a temporary directory to the storage directory only if the retrieved updates are not corrupted. If the parameter is not specified, then the application will display during update a console notification informing that the anti-virus databases could not be validated and the updates are installed without a check, the message will also be appended to the log. The avbasestest utility will run automatically; it requires no user participation. The [updater.options] section contains various parameters of the keepup2date component operation: KeepSilent=true|false defines console display options for the report of the component work. If set to true, the reports are not output to console. The default value is: false. PostUpdateCmd defines the command that will be executed immediately after updating of the anti-virus and content filtration databases is successfully completed. The value, set in configuration file, included in application distribution kit, will start automatic reloading of the updated anti-virus database and Spamtest filter. You are not advised to change the value of this parameter. UseUpdateServerUrl=true|false an option making the application use the URL specified by the UpdateServerUrl parameter to update the database. The default value is: false.
UseUpdateServerUrlOnly=true|false an option making the application use only the URL specified by UpdateServerUrl to update the database. If this option is set to false, then whenever updating from the UpdateServerUrl address fails, the application will use a different address from the list of update servers. The default value is: true. UpdateServerUrl=http://url/ | ftp://url/ | | /local_path/ defines the path to be used to update the anti-virus and content filtration databases. RegionSettings defines the customer region used to update the anti-virus and content filtration databases from the nearest Kaspersky Lab's update server. The default value is: Russia. In order to see a complete list of regions, run the keepup2date utility with the s key (please see Appendix A.11 on p. 128). ConnectTimeout timeout (seconds) for the network operations during an update of the anti-virus and content filtration databases. The default value is: 20. UseProxy=true|false use a proxy-server to connect to one of Kaspersky Labs update servers. If the parameter value is false proxy server will not be used. If the parameter value is true, proxy server address, defined by the ProxyAddress parameter, will be used. If the value of ProxyAddress parameter is not defined, the value of http_proxy environment variable will be used. If the value of environment variable is not defined proxy server will not be used. ProxyAddress the address of proxy server, used for connection. The parameter is to be specified as: http://username:password@url:port. Username and/or password can be omitted in proxy server address. If the address is not defined, its value will be taken from http_proxy environment variable. PassiveFtp=true|false use passive FTP mode to download updates. The default value is: false. UpdateBases=av|all databases that should be updated. Set the parameter to av, if Kaspersky Mail Gateway performs just anti-virus scanning of mail traffic and you wish to update the anti-virus databases only. The all default value means that both the anti-virus and content filtration databases will be updated. The [updater.report] section contains report output options for the keepup2date component: ReportFilename name of the log file that will store the component performance report. If the option is set to syslog, the component saves the report to the system log. The default value is: TEMP_PATH/keepup2date.log, where TEMP_PATH stands for the value of the TMP environment variable, if TMP is not defined the value of TEMP, and if TEMP is not defined the /tmp directory.

o o o o

Content: Spam, Content: Probable Spam content analysis has assigned the Spam or Probable Spam status to the message.
A message may have several X-SpamTest-Method headers. X-SpamTest-Info header, which may contain more detailed information about the spam signs detected in a message and reflected in the XSpamTest-Method headers. There may be more than one X-SpamTestInfo header in a message. X-SpamTest-Categories header containing the list of categories assigned to a message as a result of content analysis. There may be just one X-SpamTest-Categories header in a message. Keywords the header is added to a message, when the ActionSpam parameter in the [smtpgw.policy] section (or [smtpgw.group:group_name]) of the application configuration file has been assigned the keywords value, and the message is identified as spam or probable spam or when content analysis has assigned certain content categories to the message. Subject the Spamtest filter appends its own labels to the end of the existing Subject header if the ActionSpam parameter in the [smtpgw.policy] section (or [smtpgw.group:group_name]) of the application configuration file has been assigned the subject value.
A.19. Format of messages about anti-virus scanning and spam filtration
The application provides for a possibility to view separately statistical data of the anti-virus component and the Spamtest filter. In order to create a file that will contain the statistical data of the AV module and the Spamtest filter, specify the value for option MessageStatistics=file name in the [smtpgw.options] section of the configuration file. The said statistics file will be used to store the information on each processed object. Each line in the statistics file created will contain data about one processed object using the following format: Time \t Size \t Sender \t Recipients \t Status \t VirusList \t IP \t Message-id \t GroupName \t QueueID E.g.: <user1@example.com> <user2@anotherdomain.com> as/not_detected,av/clean 10.12.10.145 <200512091700.37095.user1@example.com> group1 kFd9oCKU15072 Table 6 contains descriptions of each parameter. If the parameter is optional, the corresponding field in the report line may remain blank.
Table 6. Statistics-related parameters
Symbolic name Time Size Sender Recipients Value Record creation time Record size Senders email address Email addresses of recipients. Several addresses can be listed. List of statuses assigned after the anti-virus scan and Spamtest processing. List of viruses. Required parameter Yes Yes Yes Yes

Status

VirusList
IP-address of the host from which the message was received. Message number. identification

Message-id GroupName

unique second-generation heuristic analyzer efficiently detects unknown viruses. A simple and convenient interface allows users to configure the program quickly making work with it easier than ever. Kaspersky Anti-Virus Personal Pro has the following features: On-demand scan of local disks. Real-time automatic protection of all accessed files from viruses. Mail Filter automatically scans and disinfects all incoming and outgoing mail for any mail client that uses POP3 and SMTP protocols and effectively detects viruses in mail databases. Behavior blocker that provides maximum protection of MS Office applications against viruses. Archive scanning Kaspersky Anti-Virus recognizes over 900 formats of archived and compressed files and ensures automatic anti-virus scanning of their content and removal of malicious code from files within ZIP, CAB, RAR, ARJ, LHA and ICE archives.

Kaspersky Anti-Hacker

Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running any Microsoft Windows operating system. It protects your computer against unauthorized access and external hacker attacks from either the Internet or the local network. Kaspersky Anti-Hacker monitors the TCP/IP network activity of all applications running on your machine. When it detects a suspicious action, Kaspersky AntiHacker blocks the suspicious application from accessing the network. This helps ensure enhanced privacy and 100% security of confidential data stored on your computer.
The products SmartStealth technology prevents hackers from detecting your computer from the outside. In this stealthy mode, the application works seamlessly to keep your computer protected while you are on the Web. The application provides conventional transparency and accessibility of information. Kaspersky Anti-Hacker also blocks most common network hacker attacks and monitors attempts to scan computer ports. Configuration of the application is simply a matter of choosing one of five security levels. By default, the application starts in self-learning mode, which will automatically configure your security system depending on your responses to various events. This makes your personal guard adjustable to your specific preferences and your particular needs. Kaspersky Personal Security Suite Kaspersky Personal Security Suite is a software suite designed for organizing comprehensive protection of personal computers running Microsoft Windows. The suite prevents malicious and potentially dangerous programs from
penetrating through any possible data sources and protects you from unauthorized attempts to access your computers data, as well as blocking spam. Kaspersky Personal Security Suite has the following features: anti-virus protection of data saved on your computer protection against spam for users of Microsoft Office Outlook and Microsoft Outlook Express protection of your computer from unauthorized access, and also from network hacker attacks from your LAN or the Internet.

1.1. Whats new in Kaspersky Mail Gateway 5.6
Kaspersky Mail Gateway has the following additional features as compared to Kaspersky SMTP-Gateway 5.6: The application includes anti-spam module with the following features: Increased performance and stability. Low RAM requirements. Low level of Internet traffic (updates to Kaspersky Mail Gateway databases).
Improved filtration methods are used, namely: Algorithms for parsing of HTML objects in e-mail messages (increasing the efficiency of protection against various spammer tricks devised to bypass filtration systems). System for analysis of e-mail message headers. System for analysis of graphical attachments (GSG). Sender Policy Framework (SPF) and Spam URL Realtime Blocklists (SURBL) services. Internal Urgent Detection System (UDS) service, which allows obtaining information about certain types of spam in real time.
Individual settings available for user groups: certain scanning methods can be enabled/disabled separately for every group; you can also define the actions to be performed over e-mail messages. Collection of configuration data and statistics of application activity via SNMP; the application can be configured to send SNMP traps when certain events occur. Redesigned subsystem accepting incoming mail consumes fewer resources and supports more simultaneous incoming connections.

1.2. Licensing policy

The licensing policy for Kaspersky Mail Gateway 5.6 limits product use based on these criteria: Number of users protected by the application. E-mail traffic processed daily (MB/day).
Each type of license also has a time limit, typically one or two years from the date of purchase. At the time of purchase, you can specify which type of license limitation you require (for example, by the daily e-mail traffic volume). In addition, you can choose during product purchase whether your copy of Kaspersky Mail Gateway will only perform anti-virus scanning of e-mail traffic, or if it will also filter spam. The application has slightly different configuration parameters depending on the type of license you purchased. For instance, if the license is issued for a certain number of users, you will have to create a list of addresses (domains) that will be protected by the application against viruses and spam. The application will
notify the administrator when the license limitations are reached: in this case, when the number of protected accounts is exceeded.
1.3. Hardware and software requirements
The minimum system requirements for normal operation of Kaspersky Mail Gateway are as follows: Hardware requirements: Intel Pentium processor (Pentium III or Pentium IV recommended). At least 256 B of available RAM. At least 100 MB of available space on your hard drive to install the application. Attention! Please note that the applications working queue, quarantine directory, and archives of incoming and outgoing e-mail are not included in the hard disk space required. If your network security policy requires the use of these features, additional disk space will be needed. At least 500 MB of available space in the /tmp file system.

conformity of the addresses transmitted during SMTP session to the set of addresses specified in message headers and a number of other checks.
4.3.2. Content filtration
Message analysis employs the algorithms of content filtering: the application uses artificial intelligence technologies to analyze the actual message content (including the Subject header), and its attachments (attached files) in the following formats: Note The purpose of spam filtering is to decrease the volume of unwanted messages in the mailboxes of your users. It is impossible to guarantee detection of all spam messages, because too strict criteria would inevitably cause filtering of some normal messages as well. The application uses three main groups of methods to detect spam messages: Text comparison with semantic samples of various categories (based on the search for key terms (words and word combinations) in message body and their subsequent probabilistic analysis). The method provides for heuristic search for typical phrases and expressions in text. Fuzzy comparison of a message being examined with a collection of sample messages based on comparison of their signatures. The method helps detect modified spam messages. Analysis of attached images. plain text (ASCII, not multibyte) HTML (2.0, 3.0, 3.2, 4.x, XHTML 1.0).
All the data employed by Kaspersky Mail Gateway for content filtering: classification index (a hierarchical list of categories), message samples, typical terms, etc. are stored in the application databases.
Note The group of spam analysts at Kaspersky Lab works nonstop to supplement and improve Kaspersky Mail Gateway databases. Therefore, you are advised to update the databases regularly. You can also send to Kaspersky Lab samples of spam messages, which Kaspersky Mail Gateway has failed to recognize as well as the samples of messages erroneously classified as spam. The data will help us improve Kaspersky Mail Gateway databases and react in a timely manner to new types of spam. Please refer to Appendix C on page 192 for details on forwarding sample messages.
4.3.3. Checks using external services
In addition to the analysis of message text and headers, Kaspersky Mail Gateway allows a number of the following checks involving external network services: availability of a DNS record for message sender's IP (reverse DNS lookup); the presence of the sender's IP address in a DNS-based real time black hole list or lists (DNSBL); a check of the sender's address for compliance with SPF (Sender Policy Framework) policy for the domain containing the server used to send the message; a check of addresses and links to sites in message text for the presence in the Spam URL Realtime Blocklists database www.surbl.org; recognition of e-mail messages using the UDS (Urgent Detection System) technology.

Protected scanning failed because the object is password-protected (e.g., it is an archive). Error object is an error occurred during the scan. Not_checked object has not been scanned because anti-virus checks have been disabled.
The actions performed by the AV module on an object which has passed scanning are determined by the corresponding options in the configuration file (ActionInfected, ActionSuspicious, etc.). Each message status has a corresponding option. The following actions are available: cure replace the infected object in a message with a disinfected one; Attention! The action can only be defined for objects with Disinfected status (ActionDisinfected parameter). pass transfer the object without modifications, no actions will be applied to the object; remove remove the object from the e-mail message; placeholder replace the object with a notification generated from a template.
CHAPTER 5. ANTI-VIRUS PROTECTION AND SPAM FILTRATION
Kaspersky Mail Gateway can provide anti-virus protection and spam filtering for e-mail traffic transferred through your organizations mail server. The tasks implemented by Kaspersky Mail Gateway may be divided into three major groups: 1. 2. 3. Updates of the anti-spam and anti-virus databases used for spam filtering, anti-virus scanning and disinfection of objects. Spam filtering. Anti-virus protection of e-mail traffic.
Each of these groups comprises more specific tasks. In this chapter, we will discuss some typical tasks that the administrator can combine and enhance in accordance with the needs of his/her organization. Attention! To perform the tasks described, some changes must be made to the applications configuration file, following which the application must be restarted to apply the modifications. This guide describes how to locally configure and start tasks from the command line. Issues related to starting and managing tasks from remote computers using the Webmin application are not discussed in this document. Attention! In the examples below, it is assumed that the administrator has completed all required post-installation tasks and the application operates correctly.
5.1. Updating the anti-virus and antispam databases
Kaspersky Mail Gateway uses the anti-virus and anti-spam databases while processing e-mail traffic.

A.3. Section [options]

The [options] section contains various application parameters that do not belong to other groups: User system account used to run the application components. The default value is kluser. Group system group used to run the application components.
The default value is klusers.
A.4. Section [mailgw.access]
The [mailgw.access] section includes the following options used to control access for SMTP clients: ConnectRule rule that defines whether the application will accept or reject a session during connection establishment. ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) ConnectRule=(allow|deny) <ip>/<netmask_cidr> ConnectRule=(allow|deny) work_name> where: o o any keyword allows any incoming SMTP connection; has_hostname|no_hostname corresponds to the situation when the program can/cannot obtain the name of the calling host at its specified IP address; in_dnsbl|out_dnsbl corresponds to the situation when the hosts address is included/not included in the black lists of DNSBL services specified by the DNSBlackList parameter; for for for for for for for for for any has_hostname no_hostname in_dnsbl out_dnsbl host <hostname_mask> ip <ip> ip <ip>/<netmask> ip

for network <net-

Note Each DNSBL service is assigned a rating reflecting the level of its trustworthiness in the administrator's opinion (see section 5.2.5 on page 56). The in_dnsbl rule will be applied if the sum of ratings of the triggered DNSBL services reaches 100 or exceeds the value. Otherwise, if the sum of ratings is less than 100, the out_dnsbl rule will be applied. o <hostname_mask> corresponds to a host name mask. Wildcards can be used for mask definition: * (asterisk) an arbitrary string of characters. ? (question mark) a single arbitrary character. o o o o <ip> corresponds to the host IP address (in x.x.x.x format). E.g., 192.168.10.1; <ip>/<netmask> mask of the IP addresses of recipients (in x.x.x.x/x.x.x.x format). E.g.: 192.168.0.0/255.255.0.0; <ip>/<netmask_cidr> mask of IP addresses of recipients in CIDR format (recorded as x.x.x.x/y). E.g.: 192.168.0.0/16; <network_name> corresponds to a network with appropriate name defined by the NetworkName parameter in the [mailgw.network] section.

Please refer to section 6.3 on page 80 for details on configuration of the routing tables.
A.7. Section [mailgw.limits]
The [mailgw.limits] section includes options that limit application functionality when e-mail traffic processing is performed: AntiviralSessions=1200 maximum number of concurrently running anti-virus sessions. The default value is 10 (it is used if the parameter is not defined). IncomingSessions=11024 maximum number of open incoming sessions. The default value is 100 (it is used if the parameter is not defined). ReceiverThreads=11024 the number of threads handling incoming connections in the application process. The default value is 10 (it is used if the parameter is not defined). Attention! Total number of e-mail connections processed simultaneously is defined by the IncomingSessions parameter. ReceiverThreads defines the size of threads pool implemented in the Receiver module. Each thread in the pool can handle a large number of incoming connections. Modification of the parameter value is recommended for configuration of application performance only. OutgoingSessions=11024 maximum number of open outgoing sessions. The default value is 20 (it is used if the parameter is not defined). MaximalIncomingHops=1100 maximum number of intermediate hosts for a single message. The default value is 20 (it is used if the parameter is not defined). MaximalIncomingMessageSize=64204800 maximum size (Kb) of an incoming message. The default value is 10240 (it is used if the parameter is not defined). MaximalIncomingMessagesPerSession=11024 maximum number of messages that can be received during one e-mail session. The default value is 20 (it is used if the parameter is not defined).
MaximalIncomingRcptsPerMessage=11024 maximum number of recipients of a single message. The default value is 100 (it is used if the parameter is not defined).
MaximalIncomingSessionSize=642048000 maximum size (KB) of incoming messages transferred within a single e-mail session. The default value is 102400 (it is used if the parameter is not defined).
MaximalIncomingSessionsPerIP=11024 maximum number of open connections for e-mail receipt from a single IP address. The default value is 4 (it is used if the parameter is not defined).
MaximalOutgoingSessionsPerHost=11024 maximum number of simultaneous connections for sending messages to a single host. The default value is 4 (it is used if the parameter is not defined).
MinimalQueueFreeSpaceSize=01000000 minimum amount of available disk space on the partition where the applications working queue is located (MB). If the queue size increases, reducing the available space below the specified limit, the application will temporarily suspend receipt of new messages until the value returns to the defined minimum. If the parameter is set to 0, the requirement for available free space on disk is disabled. The default value is: 0 (it is used if the parameter is not defined).

MaximalOutgoingMessagesPerSession=11024 maximum number of messages that can be sent within a single e-mail session. The default value is 32 (it is used if the parameter is not defined).
A.8. Section [mailgw.network]
The [mailgw.network] section includes the applications network settings: ListenOn this option defines the interfaces and ports used by the Receiver module to receive e-mail traffic. It is specified as a table (list of values). Please refer to section 6.2 on page 79 for details on configuration of the interfaces for incoming connections. If the parameter is set to 0.0.0.0, all available interfaces will be used.
The default value is 0.0.0.0:25 (it is used if the parameter is not defined). Hostname host name that identifies the server on which the application is installed. Required parameter. The installer sets the parameter to localhost during standard application setup. Postmaster e-mail address used by the application as the <postmaster> address. Required parameter. The installer sets the parameter to postmaster@localhost during standard application setup. ProtectedDomains the list of domains for which anti-virus scanning and spam filtering of e-mail traffic is required. Wildcards can be used for mask definition: * (asterisk) an arbitrary string of characters. ? (question mark) a single arbitrary character.
Required parameter. Attention! Make sure you have defined the list of protected domains, which traffic will be protected against malware and spam. NetworkName the option defines the names of subnets, which will be used in access rules (ConnectRule, HeloRule, MailfromRule, RelayRule) and individual user groups. NetworkName NetworkName NetworkName cidr> NetworkName where o <ip> corresponds to a host IP address (record format: x.x.x.x). E.g.: 192.168.10.1; = <networkname> ip <ip> = <networkname> ip <ip>/<netmask> = <networkname> ip <ip>/<netmask = <networkname> host <hostname>
<ip>/<netmask> corresponds to a mask for IP addresses of recipients (record format: x.x.x.x/x.x.x.x). E.g.: 192.168.0.0/255.255.0.0; <ip>/<netmask_cidr> corresponds to a mask for IP addresses of recipients in CIDR format (record format: x.x.x.x/y). E.g.: 192.168.0.0/16; <hostname> corresponds to a mask for host names. Wildcards can be used for mask definition: * (asterisk) an arbitrary string of characters. ? (question mark) a single arbitrary character. You can define several values for the parameter as a list.

Attention! If the application is being remotely controlled via Webmin module, the use of external configuration files is not supported and may cause incorrect application behaviour.
B.3. Control signals for the main application daemon
You can manipulate the application using the TERM (15), QUIT (3), INT (2) special control signals, which terminate application activity.
B.4. Command line application management
You can manage the application from the command line. Command syntax: In Linux: # /opt/kaspersky/mailgw/sbin/mailgwd -x <command> In FreeBSD: # /usr/local/sbin/mailgwd -x <command> Used commands are listed in the table below. stats recv-on recv-off check-on check-off send-on send-off reload-db Display application status statistics. Start the Receiver module. Stop the Receiver module. Start the scanning module. Stop the scanning module. Start the Sender module. Stop the Sender module. Application restart with anti-virus database reloading.
To initiate an action, specify the corresponding command as a command line option. The entered command will be passed on through the application socket ControlSocket ([mailgw.path] section) to the mailgw component, which will perform it.
B.5. Application statistics
Following the stats command of the control script (see section 6.8 on p. 88) the application writes its performance statistics (from application startup to the current moment) to the text file specified by the StatFilename option in the [mailgw.options] section. This txt file contains a set of lines in the following format: parameter_name=parameter_value The table below lists the names and values of the application status parameters. Parameter name Parameter value time_initialized Time when the server was initialized (in unix time format). time_initialized_iso Time when the server was initialized (in ISO8601 format). time_processing Server operation time (seconds). mta_received_messages Number of incoming messages successfully received by the server since its initialization. mta_received_bytes Number of bytes successfully received by the server since its initialization. mta_received_recipients Number of different recipients of incoming messages successfully received by the server since its initialization.
Parameter name Parameter value mta_sent_messages Number of outgoing messages successfully sent by the server since its initialization. mta_sent_bytes Number of bytes successfully sent by the server since its initialization. mta_sent_recipients Number of different recipients of outgoing messages successfully sent by the server since its initialization. mta_stored_messages_current Number of queued messages at the time the report was generated. mta_incoming_connections_total Number of established incoming connections to the server since its initialization. mta_incoming_connections_current Number of established incoming connections to the server at the time the report was generated. mta_incoming_connections_maximum Maximum number of incoming connections to the server since its initialization. mta_incoming_connections_errors Number of incoming connection errors since server initialization. mta_incoming_connections_refused_total Total number of rejected incoming connections to the server since its initialization. mta_incoming_connections_refused_for_relaying Total number of incoming connections rejected by the server because of the relaying rules, since server initialization.

Parameter name Parameter value mta_incoming_connections_refused_for_connections_limit Number of incoming connections rejected by the server because of the limit on the number of simultaneous incoming connections, since server initialization. mta_incoming_connections_refused_for_connections_per_ip_limit Number of incoming connections rejected by the server due to the limit on the number of simultaneous incoming connections from a single IP address, since server initialization. mta_outgoing_connections_total Number of outgoing connections from the server since its initialization. mta_outgoing_connections_current Number of simultaneous outgoing connections at the time the report was generated. mta_outgoing_connections_maximum Maximum number of outgoing connections from the server, since server initialization. mta_outgoing_connections_errors Number of outgoing connection errors, since server initialization. mta_outgoing_connections_failed_total Total number of rejected outgoing connections from the server since its initialization. mta_outgoing_connections_failed_through_cache Total number of rejected outgoing connections to inaccessible servers. mta_routing_queries_total Total number of routing queries since server initialization. mta_dns_queries_total Total number of DNS queries after server initialization.
Parameter name Parameter value mta_dns_queries_failed Total number of rejected DNS queries after server initialization. mta_ incoming_sessions_refused_total Total number of incoming connections rejected by the server since its initialization. mta_ incoming_sessions_refused_for_message_size_limit Total number of incoming connections rejected by the server because of the message size limit, since server initialization. mta_ incoming_sessions_refused_for_session_size_limit Number of incoming messages rejected by the server because of the session size limit. since server initialization. mta_ incoming_sessions_refused_for_hops_limit Number of incoming messages rejected by the server because of the limit on the number of hops, since server initialization. mta_ incoming_sessions_refused_for_messages_per_session_limit Number of incoming messages rejected by the server because of the limited number of messages per session, since server initialization. mta_ outgoing_sessions_failed_total Total number of rejected outgoing messages, since server initialization. mta_ outgoing_sessions_failed_for_message_size_limit Number of outgoing messages rejected because of the size limit, since server initialization. mta_ outgoing_sessions_failed_for_8bitmime Number of outgoing messages rejected because the remote server does not support 8BITMIME SMTP protocol extension, since server initialization. mta_malformed_messages Number of malformed incoming messages received since server initialization.

The component executable file is corrupted.
B.11. Keepup2date command line options
Help options -h Display on the console a summary of the components command line options, and exit. Display the application version on the console and exit. Display a list of update servers with information about their respective regions.
Update options -c <path_to_file> -u <directory> Use the alternative configuration file <path_to_file>. Copy the application update to the local <directory>. Within the specified directory, the utility will reproduce the internal structure of an update server, enabling local computers to update from that directory. Copy updates for all products of Kaspersky Lab to the local <directory>. Within the specified directory, the utility will reproduce the internal structure of an update server, enabling local computers to update from that directory. When updating, create a backup copy of the current anti-virus and anti-spam databases in the <path> directory. Use the <path> directory to store temporary files. Rollback the last update. Updated databases will be replaced by their previous versions.

-x <directory>

-b <path>

-t <path> -r

Disable execution of the command defined by the PostUpdateCmd parameter. Use the specified PID file. Use the server with the specified URL as the source of updates.
-d <path_to_file> -g <url>
Report generation options -l <path_to_file> -q Log work results in the file <path_to_file>. Disable the output of runtime messages produced by the utility. Display critical error messages only.
B.12. Keepup2date return codes
The keepup2date component may return any of these codes on exiting: 0 The anti-virus and content filtration databases do not need an update. The anti-virus and content filtration databases were updated successfully. A critical error occurred; updating was interrupted. An error occurred while rolling back to the previous version of the anti-virus databases. Rollback has been interrupted. The PostUpdaterCmd command could not be executed after the databases were updated or the command was completed with errors. License key information is missing, or no key was found using the path specified in the configuration file. The configuration file either cannot be loaded or contains errors.

128+signal code

The application has exited upon receiving a signal with the corresponding code.

B.13. Templates

Kaspersky Mail Gateway provides an opportunity for creation of custom notification templates for administrators, recipients and senders using a special language for notifications. Further we examine in more detail all components of the language, its syntax and some examples.

B.13.1. Templates language
B.13.1.1. Iteration constructions
An iteration construction is a basic element of the notifications language used for generation of notification templates. Construction syntax: <FOR INAME IOP IVALUE>BODY</FOR> where: <FOR beginning of construction definition The < character, which does not belong to the definition, must be isolated (please refer to section B.13.1.4 on page 175 for details). INAME construction name in 1*(nchar)*(nchar) format; maximum name length is 64 bytes. IOP format comparison operation ==, |, !=; length^ 2 bytes. IVALUE construction value in 1*(vchar)*(vchar) format, maximum length is 4096 bytes. Iteration construction value must be specified in quotes. If construction value is compared with a value containing a quotation mark, an isolating (escape) character has to be used (see section B.13.1.4 on page 175). E.g.: <FOR _macro_name_parent_ == "\"_value_1\""> > the end of definition of an iteration construction, beginning of definition for an iterator body. The > character, which does not belong to the definition, must be isolated (see section B.13.1.4 on page 175).
BODY iterator body in *(char) format. </FOR> end of definition for the iterator body. The < character, which does not belong to the end of iterator body definition, must be isolated (see section B.13.1.4 on page 175). delimiter in *( )*(\t) format. nchar characters belonging to the a-z, A-Z, 0-9, -, _ range. vchar characters belonging to the nchar, *, ? group of symbols. char characters belonging to the range of values.
Sample iteration construction: <FOR _macro_name_ == "*">%_macro_name_%</FOR> During execution of the construction preprocessor parses it into the following conventional constructions: <FOR <FOR <FOR <FOR _macro_name_ _macro_name_ _macro_name_ _macro_name_ == == == == "_value_1">%_macro_name_%</FOR> "_value_2">%_macro_name_%</FOR> "_value_3">%_macro_name_%</FOR> "_value_N">%_macro_name_%</FOR>
These constructions are executed in sequence. Thus, iteration constructions allow detection of a specific macro value and a group of values. E.g., if the %FILTERNAME% macro has values KAVFilter1, KAVFilter2, KAVFilter3, SimpleFilter, then: the following construction: <FOR FILTERNAME == "KAVFilter1">%FILTERNAME%</FOR> will be converted into the following text: KAVFilter1 construction: <FOR FILTERNAME `= "KAVFilter?">%FILTERNAME%, </FOR> will be converted into text: KAVFilter1, KAVFilter2, KAVFilter3
construction: <FOR FILTERNAME != "KAVFilter2">%FILTERNAME%, </FOR> will be converted into text: KAVFilter1, KAVFilter3, SimpleFilter construction: <FOR FILTERNAME != "KAV*">%FILTERNAME%, </FOR> will be converted into text: SimpleFilter

In case of variable redefining within the borders of its visibility, the new value will be substituted after every new definition. Thus, the following construction: <DEF __NAME__= "NAME_1"/>Here we shall see the first value: %__NAME__%. <DEF __NAME__= "NAME_2"/>Here we shall see the second value: %__NAME__%. will be converted into the following text: Here we shall see the first value: NAME_1. Here we shall see the second value: NAME_2. A variable can use a macro as its value. <DEF _var_name_ = %_macro_name_%/> In that case preprocessor will first replace the variable with macro and then with its value.
B.13.1.4. Language syntax
Service characters % < > </ /> \ == Macro indicator. A macro is recorded between two "%" characters. Example: %VIRUSNAME% Opening tag bracket. Example: <FOR FILTERNAME == "KAVFilter1"> Closing tag bracket. Example: <FOR FILTERNAME == "KAVFilter1"> Opening bracket of the closing tag. Example: </FOR> Closing bracket of a bodyless construction tag. Example: <DEF __NAME __= "_1"/> escape character. Cancels the token following it. Example: \%VIRUSNAME\% Comparison: mask or value match. Example: <FOR FILTERNAME == "KAVFilter1"> Example: <FOR FILTERNAME == "KAVFilter*"> Comparison: non-match of mask or value. Example: <FOR FILTERNAME != "KAVFilter1"> Example: <FOR FILTERNAME != "KAVFilter*"> All possible values of unlimited size. The character is only used within tags during comparison with templates. Example: <FOR FILTERNAME == "KAV*"> All possible single character values. The character is only used within tags during comparison with templates. Example: <FOR FILTERNAME == "KAVFilter?"> Comment mark, parser ignores all characters beginning with # until the end of line.
Service words FOR Definition of an iteration construction. Example: <FOR FILTERNAME = "KAVFilter1">
Variable definition (construction without closing tag). Example: <DEF __NAME__= "NAME_1"/>

6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation. (ii) You accept all responsibility for the selection of this Software to meet your requirements. Kaspersky Lab does not warrant that the Software and/or the Documentation will be suitable for such requirements nor that any use will be uninterrupted or error free. (iii) Kaspersky Lab does not warrant that this Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. (iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or refund of the Software if reported to Kaspersky Lab or its designee during the warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving the defective item. (v) The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended, or (c) use the Software other than as permitted under this Agreement. (vi) The warranties and conditions stated in this Agreement are in lieu of all other conditions, warranties or other terms concerning the supply or purported supply of, failure to supply or delay in supplying the Software or the Documentation which might but for this paragraph (vi) have effect between the Kaspersky Lab and you or would otherwise be implied into or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or as to the use of reasonable skill and care). 7. Limitation of Liability. (i) Nothing in this Agreement shall exclude or limit Kaspersky Lab's liability for (a) the tort of deceit, (b) death or personal injury caused by its breach of a common law duty of care or any negligent breach of a term of this Agreement, or (c) any other liability which cannot be excluded by law. (ii) Subject to paragraph (i) above, the Supplier shall bear no liability (whether in contract, tort, restitution or otherwise) for any of the following losses or damage (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue;
(b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money; (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill; (h) Loss of reputation; (i) Loss of, damage to or corruption of data, or: (j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraphs (ii), (a) to (ii), (i). (iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software. 8. (i) This Agreement contains the entire understanding between the parties with respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Lab, whether oral or in writing, which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the matters aforesaid shall cease to have effect as from the Effective Date. Save as provided in paragraphs (ii) - (iii) below, you shall not have any remedy in respect of an untrue statement made to you upon which you relied in entering into this Agreement ("Misrepresentation") and Kaspersky Lab shall not have any liability to the other than pursuant to the express terms of this Agreement. (ii) Nothing in this Agreement shall exclude or limit Kaspersky Lab's liability for any Misrepresentation made thereby if aware that it was untrue. (iii) The liability of Kaspersky Lab for Misrepresentation as a fundamental matter, including a matter fundamental to the maker's ability to perform its obligations under this Agreement, shall be subject to the limitation of liability set out in paragraph 7(iii).

Appendix F

(3) Permission for use of this software is granted only if the user accepts full responsibility for any undesirable consequences; the authors accept NO LIABILITY for damages of any kind. These conditions apply to any software derived from or based on the IJG code, not just to the unmodified library. If you use our work, you ought to acknowledge us. Permission is NOT granted for the use of any IJG author's name or company name in advertising or publicity relating to this software or products derived from it. This software may be referred to only as "the Independent JPEG Group's software". We specifically permit and encourage the use of this software as the basis of commercial products, provided that all warranty or liability claims are assumed by the product vendor. ansi2knr.c is included in this distribution by permission of L. Peter Deutsch, sole proprietor of its copyright holder, Aladdin Enterprises of Menlo Park, CA. ansi2knr.c is NOT covered by the above copyright and conditions, but instead by the usual distribution terms of the Free Software Foundation; principally, that you must include source code if you redistribute it. (See the file ansi2knr.c for full details.). However, since ansi2knr.c is not needed as part of any program generated from the IJG code, this does not limit you more than the foregoing paragraphs do. The Unix configuration script "configure" was produced with GNU Autoconf. It is copyright by the Free Software Foundation but is freely distributable. The same holds for its supporting scripts (config.guess, config.sub, ltconfig, ltmain.sh). Another support script, install-sh, is copyright by M.I.T. but is also freely distributable. It appears that the arithmetic coding option of the JPEG spec is covered by patents owned by IBM, AT&T, and Mitsubishi. Hence arithmetic coding cannot legally be used without obtaining one or more licenses. For this reason, support for arithmetic coding has been removed from the free JPEG software. (Since arithmetic coding provides only a marginal gain over the unpatented Huffman mode, it is unlikely that very many implementations will support it.) So far as we are aware, there are no patent restrictions on the remaining code. The IJG distribution formerly included code to read and write GIF files. To avoid entanglement with the Unisys LZW patent, GIF reading support has been removed altogether, and the GIF writer has been simplified to produce "uncompressed GIFs". This technique does not use the LZW algorithm; the resulting GIF files are larger than usual, but are readable by all standard GIF decoders. We are required to state that "The Graphics Interchange Format(c) is the Copyright property of