Home

Avira AntiVir WebGate v.3.2., Avira WebGate Suite

Contents

1. Example for a Squid proxy server In this configuration you must first start WebGate and then the proxy server Squid proxy has to direct all inquiries to WebGate parent proxy so you have to configure the Squid configuration file squid conf as follows cache peer proxy mycompany com parent 8080 0 no query no digest default acl all sre 0 0 0 0 0 0 0 0 never direct allow all If WebGate is installed on the proxy server machine gt Make sure that WebGate and the proxy server do not respond on the same server ports such as is the case in the above example When a Client asks for data which can be found on the proxy server s cache it will receive its data directly from there These data will not be scanned until the cache is emptied It bears a risk because a new virus might penetrate and it could be forwarded to Clients even if they have updated VDEs If you modify the proxy server s port you have to adapt the settings of the Clients browsers which access the proxy It is usually easier to keep the proxy settings and to adapt the WebGate settings just like in the above example 4 2 Monitoring FTP Traffic Example Avira GmbH WebGate can also be set as real FTP proxy so that it can scan the files transferred through an FTP Client and even block them It scans both downloads and uploads gt In avwebgate conf set the port for the WebGate to communicate with the FTP Clients FTPPort 2121
2. It is also possible to install WebGate on a computer other than the proxy server The settings must be done accordingly In this network configuration a Client could also be a proxy server for example by installing WebGate between two proxies WebGate between Proxy Server and Internet Network Configuration 2 Avira GmbH If you already use a proxy server it is better to install WebGate between the proxy and the Internet In this way malicious software is intercepted by the proxy server WebGate can be installed directly on the proxy server machine or on another one WebGate directs the Clients inquiries through the proxy towards the Internet and scans the answers from the Internet The access to infected files from a Website is blocked and only uninfected ones are forwarded to the Clients through the proxy server Client s Proxy server WebGate Internet client port Proxy HTTPPort WebGate server port Proxy The example assumes the following configuration of the proxy server host proxy mycompany com serverport 3128 So the proxy server responds on port 3128 gt Make the following settings in avwebgate conf example HTTPPort 8080 gt Configure the other proxy server so that it does not directly serve inquiries to the Internet but directs them to WebGate e g port 8080 This port must correspond to the value of HTTPPort in avwebgate conf Avira AntiVir WebGate 21 Configuration
3. LogFileName Path to the scanner s logfile Example LogFileName var log avwebgate scanner log Default LogFileName NONE SyslogFacility The facility that is used when logging to syslog Avira AntiVir WebGate 40 Configuration ReportLevel Example SyslogFacility home Default SyslogFacility user ReportLevel The scanner can be set to log on different levels e 0 Log errors e 1 Log errors and alerts e 2 Log errors alerts warnings 3 Log errors alerts warnings info and debug messages alerts means information about potential malicious code Example ReportLevel 1 Default ReportLevel 0 4 4 3 Updater Configuration in avupdate webgate conf internet srvs master file install dir Avira GmbH Updates ensure that AntiVir WebGate components WebGate scanner VDF and engine which provide security against viruses or unwanted programs are always kept up to date With Avira Updater you can update Avira software on your computers using Avira update servers To configure the update process use the options in etc avira avupdate webgate conf described below All parameters from avupdate webgate conf can be passed to the Updater via command line For example parameter in avupdate webgate conf temp dir tmp command line usr lib AntiVir webgate avupdate webgate bin temp dir tmp internet svrs The list of Internet update servers internet srvs ht
4. Client s WebGate Proxy server Internet HTTPProxy WebGate serverpo rt HTTPPort Proxy WebGate If WebGate and the proxy server are installed on the same computer Q It is usually easier to adapt the settings of the proxy server and to inherit the initial settings of the WebGate In this way you do not need to make any changes on the Clients This example assumes the following proxy server configuration host proxy mycompany com serverport 3128 So the proxy server communicates with the Clients over port 3128 gt Install WebGate on the machine proxy mycompany com gt Make the following settings in avwebgate conf example HTTPPort 3128 L Now the Clients will communicate through WebGate for HTTP and FTP inquiries not directly through the original proxy server The browser settings on the Client computers must not be changed gt Enter the following values in avwebgate conf example TTPProxyServer 127 0 0 1 TTPProxyPort 8080 WebGate forwards the HTTP and FTP inquiries to localhost port 8080 gt Change the port of the original proxy server according to the value of HTTPProxyPort in avwebgate conf so that it can contact WebGate For example serverport 8080 If WebGate is installed on the actual proxy server gt Make sure that WebGate does not respond on the same server port as is the case in the example above Avira GmbH Avira AntiVir WebGate 20 Configuration
5. skip version help where productname is Webgate gt Open the directory in which you have installed Avira Antivir WebGate cd usr lib AntiVir webgate gt Type uninstall product Webgate D The script starts uninstalling the product asking you step by step if you want to keep backups for the license file for the configuration files and logfiles it can also remove the cronjobs you made for WebGate and Scanner gt Answer the questions with y or n and press Enter AntiVir WebGate is removed from your system Avira AntiVir WebGate 17 Configuration 4 Configuration You can configure Avira AntiVir WebGate for optimum performance The most common settings are suggested in this Chapter You can modify these settings anytime to adjust WebGate to your requirements You will be guided step by step through the configuration process e In Monitoring HTTP Traffic Page 18 you can read about the different possibilities for WebGate s network setting e Monitoring FTP Traffic Page 23 is a description of integrating WebGate as FTP proxy e Integration over ICAP Interface Page 24 presents the integration of WebGate over ICAP interface e In Configuration Files Page 26 we describe the parameter entries for Product Scanner Updater and Access Control List 2 e In Templates Configuration Page 46 you find out how to customize various notification web pages and emails generated b
6. G NIT 1 About this Manual 4 1 1 Tie EE 4 1 2 The Structure of the Manual E 5 1 3 Signs and Syma Dols fsa ost canes dei vesvestlacepacaconcusiandies dobsehvasaspiccdestsedepeoosdmsaceasiass 5 deet ERARE EE a 6 2 Product Information E 7 2 1 EE 8 2 2 Licensing CONGEDE eehrieren Eege AATE ET 8 2 3 Modules and Operating Mode of Avira AntiVir WebGate ceeeeeeeees 9 EE WEE 9 3 Installation oona ae EEA N REE RAE E RERA 11 3 1 Choosing the WebGate Computer ssssessssessssesseseeseeseseseesesrrsesessesessessesese 11 3 2 Getting the Installation Files ssc icasdeatetntinindueae aun eenedeaeaclauis 11 ENEE 12 3 4 Installing Avira AntiVir Web Gate i isciscsivcnisutsacacescitccncsonapessramconinariacieises 13 3 5 Reinstalling and uninstalling AntiVir ssascasvsscsuscadctncrncroriees vis seonwonseaianrverdaas 16 4 Configuration feiss asain ste av wk aes eased ae asd to ae 18 4 Monitoring HELP Eege 18 4 2 Monitoring FIP Traffic sesisesiisisesisesiiesiressssisunii sinn eegent 22 4 3 Integration over ICAP Interface EE 23 4A Configuration TE 25 4 4 1 Product Configuration in avwebgate conf eeeseeeeseereerererreeee 25 4 4 2 Scanner Configuration in avwebgate scanner conf eese 39 4 4 3 Updater Configuration in avupdate webgate conf ssssseesssssessess 41 4 4 4 Access Control Configuration in avwebgate acl sesser 44 4 5 Templates Configuration eebe EE 45 4 6 Client Timeout Prevention sessesseeseeeeesesreseeeresrstsesreesirtseststsreere
7. On login the FTP Client should be used just as before i e when it was not using WebGate WebGate acts as proxy between FTP Client and FTP server and scans the transferred data Many FTP Clients allow FTP proxy configuration This enables a certain transparency of a WebGate towards the user i e the user senses no difference at login when using the FTP Client with or without proxy Optionally WebGate allows a parent FTP proxy For example it can be set in avwebgate conf as follows FTPProxyServer 127 0 0 1 FTPProxyPort 21 In this case WebGate does not communicate directly to the FTP server but with the indicated parent FTP proxy Thus more FTP servers can operate consecutively In order to avoid Client timeouts during the transfer of larger files WebGate sends Keepalive messages to the Client The time interval is the value of RefreshInterval or if this is 0 the value of KeepalivelInterval The ClientTimeout range is between 0 and 600 Furthermore WebGate sends NOOP commands to the server within the established KeepalivelInterval so that it also maintains the connection to the server during sending and receiving larger files to or from the Client 4 3 Integration over ICAP Interface If there is a caching server with ICAP support in the network WebGate can be Avira GmbH Avira AntiVir WebGate 23 Configuration integrated with the ICAP interface WebGate can still scan and block incoming RE
8. dump config Shows the currently active configuration values help Shows the list of options with their description Without a working license key WebGate will not start To acquire an evaluation key please send email to sales avira com While downloading large files browsers will not see any progress if the refresh method for preventing timeouts is disabled default This is because WebGate first downloads the entire file and scans it before any part of the data are sent to the client After scanning the whole file is sent to the client very fast LAN Stopping Avira AntiVir WebGate gt Type usr lib AntiVir webgate avwebgate stop The program ends with the following message Stopping AVIRA AntiVir WebGate Stopping avwebgate bin Stopping savapi Avira GmbH Avira AntiVir WebGate 82 Operation Restarting AntiVir WebGate This is used for example after making changes in configuration scripts gt Type usr lib AntiVir webgate avwebgate restart The program restarts after showing the following message Stopping AVIRA AntiVir WebGate Stopping avwebgate bin Stopping savapi Starting AVIRA AntiVir WebGate Starting savapi Starting avwebgate bin Checking AntiVir WebGate status gt Type usr lib AntiVir webgate avwebgate status gt The program shows information on the WebGate daemons Status avwebgate bin running Status savapi runnin
9. Now the FTP Clients can communicate to FTP servers through WebGate which means that the Clients have no direct connection to the FTP servers but to WebGate In order for WebGate to make a substitute connection to FTP servers you need to specify the address and the name of the FTP servers WebGate must receive this information from FTP Clients at login with the USER command USER lt username gt lt host gt lt port gt Compared to making a direct connection to FTP server the connection through WebGate also needs apart from the user name at login the host name separated with the character from the user name or the IP address optionally with port of the FTP server This example illustrates the login procedure when using a standard Unix FTP Avira AntiVir WebGate 22 Configuration Client Assumption WebGate runs on a machine with the IP address 192 168 0 1 and receives inquiries from FTP Clients on port 2121 You should establish a connection to a remote FTP server with the IP address 10 0 0 1 the user name foo and the password bar S ftp 192 168 0 1 2121 Connected to 192 168 0 1 220 AntiVir WebGate FTP proxy Login with lt user name gt lt host gt lt port gt Name 192 168 0 l user foo 10 0 0 1 331 Password required for foo Password bar 230 User foo logged in Remote system type is UNIX Using binary mode to transfer files ftp gt
10. failure or loss change due to incompatibility You can replace programs and storage devices but not your vital business data gt Set up a plan for data protection and recovery gt Your network must be correctly configured and the access rights must be wisely assigned This is a good protection against viruses Avira GmbH Avira AntiVir WebGate 93 This manual was created with great care However errors in design and contents cannot be excluded The reproduction of this publication or parts thereof in any form is prohibited without previous written consent from Avira GmbH Errors and technical subject to change Issued Q2 2011 AntiVir is a registered trademark of the Avira GmbH All other brand and product names are trademarks or registered trademarks of their respective owners Protected trademarks are not marked as such in this manual However this does not mean that they may be used freely live free 2011 Avira GmbH All rights reserved Avira GmbH Telephone 49 7542 500 O Errors and technical subject to change Kaplaneiweg 1 Facsimile 49 7542 500 3000 88069 Tettnang www avira com Germany
11. which ensures the antivirus system is operating correctly Access control to WebGate using IP addresses e ICAP support enables connection through ICAP interface 2 2 Licensing Concept Test Version Full Version Avira GmbH You must have a license to use Avira AntiVir WebGate You are required to accept the license terms see http www avira com en license agreement There are 2 license modes for Avira AntiVir WebGate e Test version e Full version The license depends upon the number of users in the network which are to be protected by Avira AntiVir WebGate The license is given in a license file named hbedv key You will receive it by email from Avira GmbH It contains certain data such as the programs you will use and the time interval of your license The same license file may refer to more Avira products Details about the 30 days Test License can be found on our Website http www avira com The range of Full Version features includes e Download of Avira AntiVir WebGate Versions from the Internet License file by email for activating the Test Version to a Full Version e Complete installation instructions digital Four weeks Installation Support starting from acquisition date Avira AntiVir WebGate 8 Product Information e Newsletter Service per email e Internet Update Service for program files and VDF After installing an AntiVir product you can read the information on your current license
12. Avira AntiVir WebGate 38 Configuration control scheme To use the access control scheme you must create a new configuration file containing the rules describing the desired behavior and have AclConfigFile contain the path to it Syntax AclConfigFile etc avira avwebgate acl Default NONE 4 4 2 Scanner Configuration in avwebgate scanner conf User Group Socket Permissions Avira GmbH A new configuration file has been introduced starting with WebGate v 3 etc avira avwebgate scanner conf It contains configuration options specific to the new scanner backend Usually you don t have to change the options in this file but there might be a few exceptions User Group If you change one of these options you have to make sure that the files avwebgate scanner conf and avwebgate conf contain the same values for these options and that all directories and files are still accessible to this user If you make any changes to this option please be aware to change the file avwg_stats lck appropriately Default User nobody Group antivir Please note that User Group are not supported by SMC Changing these options will prevent SMC communication In etc avira avwebgate scanner conf e Change the owner group of the path given with ListenAddress NOTE the option consists of a path and a socket file Don t forget to stop WebGate before making any changes If the socket file exists delete it and only change the owner
13. SLES 11 Novell SUSE Linux Enterprise Server 10 10 2 SLES 10 Novell SUSE Linux Enterprise Server 9 SLES 9 Debian GNU Linux 4 Debian GNU Linux 5 Debian GNU Linux 6 Ubuntu Server Edition 8 Ubuntu Server Edition 9 Ubuntu Server Edition 10 Ubuntu Server Edition 11 Sun Solaris 9 SPARC Sun Solaris 10 SPARC Avira AntiVir WebGate 10 Installation 3 Installation You can find the current version of Avira AntiVir WebGate on our Website Avira AntiVir WebGate is supplied as packed archive This archive contains the AntiVir Engine and VDF files the Avira Updater the WebGate Main Program and the optional SMC plug in You are guided through the installation process step by step This Chapter is composed of the following Sections e Choosing the WebGate Computer Page 11 e Getting the Installation Files Page 11 e Licensing Page 12 e Installing Avira AntiVir WebGate Page 13 e Reinstalling and uninstalling AntiVir Page 16 3 1 Choosing the WebGate Computer Depending on network and hardware configuration there are more possibilities for choosing an Avira AntiVir WebGate computer as a guard between the user s client and the Internet A connection to the proxy server is especially needed for ensuring a controlled Internet access Avira AntiVir WebGate is adjusted first in terms of network configuration Configuration Page 18 At the time of the installation it must be decided on which compu
14. denied The Avira URL Filtering library is available with every valid WebGate or WebGate Suite license If the Avira URL Filtering library does not find any match for the URL or the category is not blocked in the configuration file the Avira Web Access and Avira AntiVir WebGate 35 Configuration Move Concerning FilesTo Heuristics Level Heuristics Macro Detect Avira GmbH Content Control library OnlineFilter is used It filters requests based on URL categories This feature is only available with the Avira AntiVir WebGate Suite The categories can be specified as single categories or as category ranges You can specify ranges with a between two category numbers 4 9 URL filtering Example BlockCategories 0 2 12 14 61 Default NONE Quarantine directory By default blocked files are deleted But you can specify a quarantine directory to store them Syntax MoveConcerningFilesTo path For example MoveConcerningFilesTo home quarantine Default NONE Win32 Heuristics Sets the detection level of Win32 Heuristics available values are 0 off 1 low 2 medium and 3 high Range minimum 0 maximum 3 Syntax euristicsLevel 0 1 2 3 Example uristicsLevel 1 Default uristicsLevel 2 Macrovirus Heuristics Activates the heuristics for macroviruses in documents This option is activated by default Syntax eurist
15. group of the directory When changing the user and or group here you must also change the options User and Group in WebGate s configuration file etc avira avwebgate conf Adapt the option Socket Permissions to the new user group See below In etc avira avwebgate conf e Change the option User Group SocketPermission The owner and permissions of the scanner backend s socket Avira AntiVir WebGate 39 Configuration ListenAddress PoolScanners Pool Connections PidDir LogFileName SyslogFacility Avira GmbH Example SocketPermissions 0600 ListenAddress ListenAddress in avwebgate scanner conf and ScannerListenAddress in avwebgate conf specify how the scanner backend can be reached Both options must point to the same path the string unix must not be used with the option ScannerListenAddress ListenAddress unix var run avwebgate scanner ScannerListenAddress var run avwebgate scanner PoolScanners The number of AntiVir scanners set in the pool Example PoolScanners 70 Default PoolScanners 105 PoolConnections The maximum number of simultaneous connections WebGate allows to the scanner pool Example PoolConnections 70 Default PoolConnections 192 PidDir Specifies the SAVAPI service PID file location Only absolute paths are accepted If you enter relative paths SAVAPI will exist with an error Example PidDir var temp webgat Default PidDir var temp
16. its components gt Use the command usr lib AntiVir webgate avupdate webgate product webgate As product you can use e Scanner recommended to update the scanner components like engine and vdf files e WebGate complete update WebGate scanner engine and vdf files If you just want to check for a new Avira AntiVir WebGate version without upda ting AntiVir WebGate gt Use the command usr lib AntiVir webgate avupdate webgate check product webgate Automatic updates with cron daemon Avira GmbH Regular updates are made using cron daemon The settings for automatic updates in etc crontab have already been made when you installed Avira AntiVir WebGate with the install script the answer for installing AntiVir Updater and starting it automatically was yes You can find further information on cron daemon in your UNIX documentation Avira AntiVir WebGate 85 Avira GmbH Updates To make or change the settings for automatic updates in crontab manually gt Add or edit the entry in etc cron d avira_updater similar to the example below Example for an hourly update at 23 enter the following command 23 root usr lib AntiVir webgate avupdate webgate product product As product you can use e Scanner recommended to update the scanner components like engine and vdf files e WebGate complete update WebGate scanner engine and vdf files gt Start the update process
17. messages Example SyslogFacility home Default SyslogFacility user The detail level of these messages depends on the settings for Loghevel Avira AntiVir WebGate 28 Configuration LogFile LogLevel DebugLevel Path and name of the logfile All important WebGate operations are logged through a syslog daemon You could specify an additional logfile by entering the full path Example LogFile var log avwebgate log Default NONE Level for log notes This option defines the logging level for WebGate notifications possible values 0 to 7 The higher the level the more information is logged The values correspond to Unix standard levels used in syslog no messages lerts lerts lerts errors and warnings lerts errors and warnings lerts errors and warnings lerts errors warnings and infos lerts errors warnings infos and debug messages e YHA OP WNEF CH DD DD Dm D D Range minimum 0 maximum 7 Example Loghevel 3 Default Loghevel 4 Debug output This is the level of detail for debug output LogLevel 7 Range minimum 0 maximum 5 Example DebugLevel 3 Default DebugLevel 4 HTTP Connection Settings AllowHTTPS Tunnel Avira GmbH Allow HTTPS tunnel WebGate allows tunneling for SSL connections HTTPS As the data is encrypted it is not scanned WebGate does not interfere with the transaction it just forwards the data Due to this fact it can
18. not verify if the protocol being spoken is really HTTP on top of SSL For this reason it allows only connections to ports 443 HTTPS and 563 SNEWS Avira AntiVir WebGate 29 Configuration AllowedHTTP ConnectPorts AddX ForwardedFor Header RemoveX ForwardedFor Header Avira GmbH Syntax AllowHTTPSTunnel YES NO Default AllowHTTPSTunnel NO The data transferred through the HTTPS tunnel will not be scanned by WebGate Tunneling SSL encrypted connections If you want to allow HTTPS connections to non standard ports you can do so by adding the desired ports to this list Each port will be separated by a comma or a whitespace Default AllowedHTTPConnectPorts 443 563 Header analysis In case of a proxy chain network a downstream proxy server can make no analysis based on the Client s IP address because it sees all requests as coming from the same address from the proxy upstream So the proxy knows only the address of its direct communication partners and not the address of the computer issuing the request If the AddXForwardedForHeader option is active WebGate adds a header field X Forwarded For to the HTTP request or adds the IP address of the Client it received the request from In this way WebGate can forward the Client IP address to the downstream proxy servers These are then able to analyze the header field and to use the included indirect data for example f
19. prevention using WebGate this way might be impractical in many situations To enable WebGate to work with Squid icap the following entries are necessary in squid conf icap enable on icap_service service 1 reqmod_precache 0 icap WEBGATE HOST 1344 reqmod icap_service service 2 respmod_precache 0 icap WEBGATE HOST 1344 respmod icap class class 1 service icap class class 2 service 2 icap_access class_1 allow all icap_access class 2 allow all 4 12 3 Apache as Proxy Avira GmbH If you want to use WebGate in conjunction with an apache proxy mod_proxy you can configure WebGate as a remote proxy as follows httpd conf ProxyRequests On ProxyRemote http http lt WebGateHost gt lt WebGatePort gt ProxyRemote ftp http lt WebGateHost gt lt WebGatePort gt lt WebGateHost gt and lt WebGatePort gt must be replaced by the corresponding values Avira AntiVir WebGate 80 Operation 5 Operation After concluding installation and configuration and Avira AntiVir WebGate is running WebGate guarantees continuous monitoring of your system During operation you might have to make occasional changes in settings as described in Configuration Page 18 This Chapter is divided in the following parts e Starting and Stopping Avira AntiVir WebGate manually Page 81 describing the start and stop procedure of WebGate
20. set the value for this interval too low you will receive a redirect loop error from most browsers 4 6 3 Keepalive method If the refresh and redirect methods are not used because they are disabled or they are not appropriate the keepalive method is used Here WebGate sends extended header data X WebGate Status at the specified interval to the client KeepaliveInterval The extended header data is ignored by the client but may be sufficient to reset the timeout This timeout method may not work if a proxy is installed between WebGate and the clients Data trickling Avira GmbH If you encounter client timeout problems because the timeout methods described above are not appropriate in your environment or don t work properly you may enable data trickling by setting KeepaliveMode in avwebgate conf to trickle If this method is used WebGate sends small pieces of the data at the specified KeepalivelInterval until the download and scan is complete Once the file is downloaded and scanned the remainder of the file will be transferred to the client very fast if clean Although data trickling should work in any environment with every client it is not an optimal solution There are some important points that you should keep in mind if you intend to enable data trickling e Because small parts of the data are sent to the client before the file is down loaded and scanned completely there is an unlikely but not to be igno
21. to test the settings usr lib AntiVir webgate avupdate webgate product product where product takes the same values as above If successful a report will appear in the logfile var log avupdate webgate log Avira AntiVir WebGate 86 Service 7 Service 7 1 FAQs 7 1 1 How to watch for SNMP traps on Debian 5 1 Install the snmpd package apt get install snmpd 2 Copy the MIB files from the Avira AntiVir WebGate package to a folder cp antivir webgate prof lt Version gt etc AVIRA MIB txt usr share snmp mibs 3 Configure snmpd in such way that the WebGate MIB files are read echo mibs AVIRA MIB gt gt etc snmp snmp conf echo tmibs AVIRA WEBGATE VO MIB gt gt etc snmp snmp cont 4 Configure snmpd by editing etc snmp snmptrapd conf First we need to tell it to accept WebGate s SNMP traps echo authCommunity log execute net SNMP COMMUNITY gt gt etc snmp snmptrapd conf Replace SNMP_COMMUNITY by the value of the SNMPCommunity config option defaults to Avira Next we can ask snmptrapd to execute a custom program everytime a given SNMP trap is received For example we might use the following line traphandle AVIRA WEBGATE VO MIB wgtAlert usr local bin webgate alert to make snmptrapd run usr local bin webgate_ alert everytime the wgtAlert trap is received For examp
22. using the license tool avlinfo gt Change to usr lib AntiVir webgate and call avlinfo Use avlinfo h to get information about using this tool 2 3 Modules and Operating Mode of Avira AntiVir WebGate Avira AntiVir WebGate security software consists in the following modules e AntiVir Engine e Avira Updater e WebGate Main Program Avira URL Filtering library e Avira Web Access and Content Control library AntiVir Engine AntiVir Engine essentially represents the scanning and repairing modules of Avira software Avira UpdaterAvira Updater downloads current updates from the Avira AntiVir web servers and installs them at regular intervals manually or automatically It can also send update notifications by email You can update Avira AntiVir WebGate entirely or only certain components signatures engine scanner WebGate Main ProgramThe Main Program is the actual WebGate function supervising the HTTP and FTP network access over the Internet It detects viruses and unwanted programs using the Avira AntiVir Engine Avira URL Filtering libraryAvira AntiVir WebGate uses a local filter to determine if an URL is dangerous based on a list of known URLs grouped in three categories Malware Phishing Fraud To increase your security Avira URL Filter is enabled in every valid WebGate or WebGate Suite installation Avira Web Access and Content Control libraryAntiVir WebGate allows clients to filter outgoing requests based on U
23. 21 Recreational Facilities Amusement Theme Parks 22 Art Museums Memorials Monuments 23 Music 24 Literature Books Avira GmbH Avira AntiVir WebGate 72 Configuration 4 10 SNMP Traps Avira GmbH KE DEE Numeric Value Category 42 Dating Relationships 43 Restaurants Bar 44 Travel 45 Fashion Cosmetics Jewelry 46 Sports 47 Building Residence Architecture Furniture 48 Nature Environment Animals 49 Personal Homepages 50 Job Search 51 Investment Brokers Stocks 52 Financial Services Investment Insurance WebGate may be configured so that the administrator is informed about internal errors and malware alerts via SNMP traps A specification of these traps is available in the MIB files SNMP itself does not define which information which variables a managed system should offer Rather SNMP uses an extensible design where the available information is defined by management information bases MIBs MIBs describe the structure of the management data of a device subsystem they use a Avira AntiVir WebGate 73 Configuration wetUp wgtDown wetAlert wgtSuspicious wgtMalware Scanner Unreach wetMatched CategoryBy OnlineFilter wgtMatched CategoryBy RTPSFilter wgtMatched CategoryBy LocalFilter Avira GmbH WebGate provides two
24. 73 if DBSupport is set to YES gt Go to the directory where you have unpacked Avira AntiVir WebGate cd tmp antivir webgate prof lt version gt Installing Avira AntiVir WebGate Depending on the AntiVir products you have already installed on your computer the installation procedure may vary gt Type install gt Confirm the License Agreement Avira GmbH Avira AntiVir WebGate 13 Installation The installation script starts First the AntiVir Core Components are installed Do you agree to the license terms n y creating usr lib AntiVir webgate done copying LICENSE to usr lib AntiVir webgate LICENSE webgate done 1 installing AntiVir Core Components Engine Savapi and Avupdate copying uninstall to usr lib AntiVir webgate done copying uninstall_smcplugin sh to usr lib AntiVir webgate done After you type the path to the key file the installer continues with updates configuration Enter the path to your key file root Desktop HBEDV KEY copying root Desktop HBEDV KEY to usr lib AntiVir webgate hbedv key done installation of AntiVir Core Components Engine Savapi and Avupdate com plete 2 Configuring updates An internet updater is available Would you like to create a link in usr sbin for avupdate webgate y gt Type Y Then the script can create a cron task for automatic Scanner updates linking usr sbin avupdate
25. Default notify when 3 Email recipients Avira AntiVir WebGate 42 Configuration The recipient of notification emails Example email to root localhost Default NONI pH Setting proxy configuration for updates proxy Proxy settings If the machine uses a HTTP proxy server proxy configuration settings must be specified in order to make Internet updates proxy host proxy port proxy username proxy password Default NONE Logfile settings log Logfile Specify a full path with a filename to which AntiVir Updater will write its log messages log var log avupdate webgate log log append Append logfile By default the logfile is overwritten You can use this option to append the logfile log append Setting intranet updates If you prefer to use an intranet update instead of the default Internet one you have to configure some parameters in avupdate webgate conf or you have to provide them in the command line intranet srvs With the Avira Internet Update Manager IUM you can automatically download updates for a large number of your Avira products from the internet The individual client computers in your network do not have to download updates from the internet themselves but easily through your intranet For more information please refer to the Avira IUM user manual http www avira com Specifies a comma separated list of Avira IUM servers product root Avira GmbH Avira AntiVi
26. Elements of the software interface such as menu items window titles and buttons in dialog windows http www avira com URLs Signs and Symbols Page 5 Cross reference within the document 1 4 Abbreviations The manual uses the following abbreviations Abbreviation Meaning ACL Access Control List FTP File Transfer Protocol GUI Graphical User Interface HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure ICAP Internet Content Adaptation Protocol SMTP Simple Mail Transfer Protocol SNEWS Secure News Server SSL Secure Sockets Layer VDF Virus Definition File Avira GmbH Avira AntiVir WebGate 6 Product Information 2 Product Information Internet connection is an underestimated invasion doorway for malware on your computer If you transfer unfiltered data from the Internet on your system you can spread all types of malware throughout the entire network Avira AntiVir WebGate is a reliable protection for your computer by scanning filtering and if necessary blocking access to all files from the Internet Furthermore Avira AntiVir WebGate also scans the entire outgoing traffic Usually company computers access the Internet indirectly via a proxy server Avira AntiVir WebGate co operates with the proxy server and completes it in an ideal way infected Wor k stations e oll bi Leen ae GEI WebGate Proxy server
27. Gate as HTTP FTP proxy Network Configuration 0 and Network Configuration 1Monitoring HTTP Traffic Page 18 If you already have an HTTP FTP proxy in your network and WebGate is installed behind the proxy Network Configuration 2 Monitoring HTTP Traffic Page 18 then you will need to change your proxy s settings instead of the web browser s see 4 12 Proxy Configuration 4 9 URL filtering Avira GmbH WebGate allows clients to filter outgoing requests The filtering is done in two stages The Avira URL Filtering library is used The library tries to determine if an URL is dangerous based on a list of known URLs A category is returned for each dangerous URL Malware Phishing and Fraud If this category is found in the BlockCategories option in the configuration file the request is denied The Avira URL Filtering library is available with every valid WebGate or WebGate Suite license If the Avira URL Filtering library finds no match for the URL or the category is not blocked in the configuration file the Avira Web Access and Content Control library is used This filters requests based on the categories the URL falls into This feature is only available with the Avira AntiVir WebGate Suite The library requires a key file used for encrypting traffic Each kit contains a key file which can Avira AntiVir WebGate 69 Configuration Avira GmbH be found in usr lib AntiVir webgate wskeyfile URL filtering is done after
28. Gate from displaying the refresh screen If the value is set lower than RefreshInterval the value for RefreshInterval is used RefreshSkipFileExtensions Example RefreshSkipFileExtensions xml htm Default RefreshSkipFileExtensions htm html shtml css gif jpg jpeg png swf flv Disable sending of refresh messages when downloading large files with one of the specified extensions RefreshTimeout Avira AntiVir WebGate 63 Configuration CheckHTTPS Handshake UseActiveFTP AllowActive FTPPorts Avira GmbH Range minimum 0 maximum 3600 Example RefreshTimeout 60 Default RefreshTimeout 30 If there is no refresh or redirect request received within the specified timeout interval in seconds plus refresh redirect time the download is aborted automatically CheckHTTPSHandshake Syntax CheckHTTPSHandshake YES NO Default CheckHTTPSHandshake YES By default WebGate tries to determine if a CONNECT request is followed by an actual HTTPS handshake If this is not desired CheckHTTPSHandshake should be set to NO UseActiveFTP Syntax UseActiveFTP YES NO Default UseActiveFTP NO When FTP over HTTP is used the FTP connection from WebGate to the FTP server is made using passive mode However if for some reason passive connections are not desired the user can set UseActiveF TP to 1 and enable the use of active m
29. Helpers 10 Default DNSHelpers 8 The number of DNS helper processes created at startup Allows concurrent DNS lookups thus enhancing the performance The maximum allowed valued is 64 ClientTimeout Range minimum 0 maximum 600 Example ClientTimeout 120 Default ClientTimeout 60 Number of seconds to wait for a request from the client until a timeout occurs and Avira AntiVir WebGate 50 Configuration ServerTimeout OpenMax WorkerPoolSize ScannerPool Size Avira GmbH the session is aborted ServerTimeout Range minimum 0 maximum 600 Example ServerTimeout 240 Default ServerTimeout 120 Number of seconds to wait for a request from the server until a timeout occurs and the session is aborted OpenMax Range minimum 0 maximum 2147483647 Example OpenMax 1000 Default OpenMax 0 Specify the maximum number of opened files for the WebGate process With the default value 0 WebGate will not change any existing system values WorkerPoolSize Range minimum 0 maximum 20000 Example WorkerPoolSize 100 Default WorkerPoolSize 0 The number of threads in the thread pool By default the thread pool is disabled and a new thread is created with each request By setting the value greater than 0 you enable the thread pool ScannerPoolSize Range minimum 0 maximum 250 Example ScannerPoolSize 70 Default ScannerPoolSize 100 The number of persistent connections
30. MIB files to describe the various SNMP traps WebGate can send AVIRA M AVIRA W By default the MIB files are copied in the usr lib AntiVir webgate data folder You can either copy these files in your default SNMP Agent mibs folder or you can configure the SNMP Agent to search for MIB files in the above location Please check your SNMP Agent documentation for instructions on how to do this Be CXE EBGATE V0 M B txt wgtUp WebGate is started wgtDown WebGate is stopped wetAlert The scanner found malware wegtSuspicious The scanner couldn t finish the scan which causes WebGate to treat the request as suspicious Parameters the reason for the suspicion and the URL of the request wgtMalwareScannerUnreach WebGate could not connect to the malware scanner wgtMatchedCategoryByOnlineFilter WebGate has matched the request against a configured category with the online filter Parameters the category name and the URL of the mathched category This feature is available only with a WebGate Suite license wgtMatchedCategoryByRTPSFilter WebGate has matched the request against a configured category with the RTPS filter Parameters the category name and the URL of the matched category This feature is available only with a WebGate RTPS license wgtMatchedCategoryByLocalFilter WebGate has matched the request against a configured category with the offline filter Parameters the categ
31. RL categories such as Violence Gambling Erotic etc To determine the categories for a certain URL the Web Access and Content Control library is used This module is only activated with the license for Avira WebGate Suite To find out more details about the Web Access and Content Control library please refer to WebGate s installation directory 2 3 1 System Requirements Avira AntiVir WebGate asks for the following minimum system requirements e Computer x386 Sparc e OS Linux or Sun Solaris Avira GmbH Avira AntiVir WebGate 9 Product Information Avira GmbH CPU 32 bit or 64 bit UNIX Running AntiVir software on 64 bit UNIX systems requires the ability to exe cute 32 bit binaries For instructions about checking and eventually enabling this behavior please refer to the documentation of your UNIX system HD 10 GB recommended 50 GB space on configured TemporaryDir for downloading and scanning large files and 1 GB temporary space needed for unpacking archives RAM 512 MB recommended 2GB The versions for Linux and Solaris use similar installation and application processes normally only a few file names are different depending on the target system Officially supported distributions for Avira AntiVir WebGate and for Avira WebGate Suite e Red Hat Enterprise Linux 5 Server Red Hat Enterprise Linux 4 Server Red Hat Enterprise Linux 6 Server Novell Open Enterprise Server 10 2 Novell SUSE Linux Enterprise Server 11
32. RT Not all keywords are relevant for all templates for example ALERT has no relevancefor progress templates A available for alert templates B available for blocked templates E available for error templates P available for progress templates W available for Avira Web Access and Content Control templates Keyword Description Availability ALERT Complete alert message A ALERT_DESC Description of alert A ALERT_TYPE Type of alert A BLOCKED_REASON Reason for blocking file B CLIENT_IP IP address of client A B Avira GmbH Avira AntiVir WebGate 46 Configuration Keyword Description Availability DATA_DIRECTION Request or response A B DATA _ PERCENT _RECEIVED Percent of file being downloa P ded DATA_RECEIVED Number of bytes of file being P downloaded DATA_SIZE Number of total expected P bytes of file being downloaded DETERMINED_CLIENT_ADDRESS Address of originating client A B DETERMINED_SERVER_ADDRESS Address of destination server A B ENGINE_VERSION Version of AntiVir engine A B E ERROR_CODE HTTP response code used for E the response ERROR_DESC A short description in text E form of the error ERROR_REASON Description of the HTTP sta E tus code PRODUCT_NAME AntiVir WebGate A B E P W PRODUCT_VERSION Version of WebGate A B E P W PROGRESS_STATUS Downloading scanning P etc PROGRESS_URL URL to abort download when P downloa
33. SPMOD and outgoing REQMOD files gt In avwebgate conf you must set the port through which WebGate will communicate with the ICAP Client ICAPPort 1344 Scanning Incoming Data Traffic Response Modification The ICAP Client sends an HTTP response for WebGate to scan ICAP server If the data is not infected it is returned to the ICAP Client and from there forwarded to the Client If the answer is blocked e g in case of a virus detection WebGate generates an HTML page based on the corresponding HTML template and sends this to the ICAP Client The page is then forwarded to the Client instead of the original answer from the server Internet W e b G ate ICAP Server FA lt lt GA 4 ICAPP ort 5 WebGate ICAP Client Client s Scanning Outgoing Data Traffic Request Modification The ICAP Client sends an HTTP request to WebGate ICAP Server for scanning If the data is not infected it is returned to the ICAP Client and from there it is sent to the destination server If the request is blocked i e in case of a virus detection WebGate generates an HTML page based on the corresponding HTML template and sends this to the ICAP Client In this case the original request is not sent to Avira GmbH Avira AntiVir WebGate 24 Configuration the server anymore Internet WebGate ICAP server ICAP ICAPP ort Client 2 WebGate Client s You can find further detail
34. Se EI Virus free files BE Right from the beginning two really important hints Losing valuable files usually has dramatic consequences Not even the best antivirus e software can fully protect you against file loss gt Ensure regular backups for your files An antivirus program can be reliable and effective only if kept up to date gt Ensure that you maintain your Avira AntiVir WebGate up to date using Automatic Updates You will learn how to do it in this user guide Avira GmbH Avira AntiVir WebGate Product Information 2 1 Features Avira AntiVir WebGate supports a variety of configuration settings for controlling Internet data transfer The essential features are Extended access control for setting rules to allow tunneling for certain types of requests and responses e Local URL filtering using the categories in Avira URL Filtering library e Online URL filtering using the categories in Avira Web Access and Content Control library available in Avira WebGate Suite Real time scanning for viruses unwanted programs e Heuristic detection of macroviruses e Scanning all downloaded files HTTP and FTP e Scanning all outgoing files e g PUT and POST e Recognition of all common archive types e Automatic Internet Update for product scan engine and VDF e Configurable notification functions for the administrator protocol warnings reports sending email warnings SMTP e Self Integrity Program Check
35. arantined deleted source e category received from WebProtector WebCat and RTSP e engine e date e vdf Counters logged Options DBSupport Avira GmbH e number of files blocked because of extension e number of files blocked because of suspicious behavior processing errors par tial unsupported encrypted archives limits reached max size max recur sions etc e number of infected files e number of clean files e number of scanned files e total of bytes received DBSupport Avira AntiVir WebGate 52 Configuration DBodbclIni DBodbcLib DBodbcData Source DBUpdate Delay Avira GmbH If you enable this option WebGate enters statistics in a database The database consists of two tables alerts and counter To set up DBSupport make sure that GUISupport is activated too and the GUI on page 38 certificate options are configured appropriately Syntax DBSupport YES NO Default DBSupport NO DBodbcIni If you have enabled the DBSupport option the ODBC driver manager uses the specified odbc ini file Default setting the installed ODBC driver manager decides which odbc ini file to load Syntax DBodbcIni string Example DBodbcIni path to odbc ini DBodbcIni etc avira avwebgate odbc ini DBodbcLib If you have enabled the DBSupport option WebGate loads the library specified here and uses it as the ODBC driver manager Default
36. assword Example FTPProxyPassword password Default NONE FTPProxyUsername and FTPProxyPassword are set when WebGate uses a FTP parent proxy 4 7 5 ICAP Connection Settings ICAPError ICAPErrorResponseOnBlocked ResponseOn Blocked Syntax CAPErrorResponseOnBlocked YES NO Default CAPErrorResponseOnBlocked NO Changes the ICAP response sent to the ICAP client if a file is blocked By default WebGate sends an ICAP 200 response with an encapsulated HTTP 403 response Avira GmbH Avira AntiVir WebGate 65 Configuration including an HTML page generated from the appropriate HTML template If this option is enabled WebGate sends an ICAP 403 response without a message body to the ICAP client instead 4 7 6 Timeout Prevention Settings KeepaliveDelay KeepaliveMode TrickleDataSize Avira GmbH The timeout prevention method is chosen dynamically based on the type of client and the WebGate configuration settings All settings specify how often repetitively a method is used Valid time multipliers are s for seconds by default a value with no multiplier is considered in seconds m for minutes h for hours KeepaliveDelay Range minimum 0 maximum 600 Example KeepaliveDelay 60 Default KeepaliveDelay 0 This option applies only if the KeepaliveMode is set to trickle In order to minimize the security risks incorporated by this feature the Keepaliv
37. at is a subset of Squid s This feature enables you to set up rules to allow tunneling for certain types of requests and responses This is useful for supporting streaming Internet content or user agents that require using HTTP range requests The access control scheme is saved in a separate file specified with the parameter AclConfigFile in etc avira avwebgate conf Several examples are included in etc avira avwebgate acl example Avira AntiVir WebGate 44 Configuration 4 5 Templates Configuration If you have a valid license file you may customize various notification web pages and emails generated by Avira AntiVir WebGate WebGate will send these for example in case of detecting viruses or unwanted programs alert blocked error or progress template These templates are usually created and saved in usr lib AntiVir webgate templates You may also set another directory using the following entry in etc avira avwebgate conf Syntax usr lib AntiVir webgate avwebgate bin dump config grep i Template Default TemplateDir templates Example TemplateDir home templates You can use different keywords for editing template files Following is a description of the available templates HTML Templates Template Meaning alert html Displayed when an alert is found by AntiVir WebGate blocked html Displayed when AntiVir WebGate has blocked a suspicious file using various block settings in avwebgate c
38. ata to the Client at the specified interval In order to maintain the connection WebGate will send no operation commands to the server during sending or receiving larger files to or from the Client within the specified KeepalivelInterval KeepaliveMode Keepalive Mode Syntax Example Default Avira GmbH KeepaliveMode trickle header KeepaliveMode trickle KeepaliveMode header If you encounter client timeout problems because the timeout methods described above are not appropriate in your environment or do not work prop erly you may enable data trickling by setting KeepaliveMode in avwebgate conf to trickle If this method is used WebGate sends small pieces of the data at the specified KeepalivelInterval until the download and scan is complete Once the file is downloaded and scanned the remainder of the file will be immediately transferred to the client if clean If the default value header is set WebGate will use the above mentioned Refresh Redirect and Keepalive intervals Avira AntiVir WebGate 32 Configuration It is NOT recommended to enable data trickling unless you are experiencing problems using the other timeout prevention methods Be aware of the risks and limitations before you enable this feature By enabling the trickle option the data will be sent in small segments to the client This holds the risk of an infection eventhough WebGate scans everything that is sent to the clie
39. b ACL Request blocked by ACL rules Online filter Request blocked by Online filter Local filter Request blocked by local filter RTPS filter Request blocked by RTPS filter Clean Request was allowed Tunneled Request was tunneled not scanned Unsupported Scanner found an unsupported archive Note other reasons may appear in this column in the future after product updates alertname Depends on reason Alert The name of the alert All other reasons A detailed description of the rea son alerttype additional information on the alert Alert adware backdoor trash dialer heuristic joke program riskware trojan virus worm Note other categories may appear in this column The categories depend on the scanner and may change or new ones may become available after a scanner up date All other reasons short description of the alert name filename The requested URL received by WebGate Avira AntiVir WebGate 59 Configuration Counter table description Avira GmbH Column Description action The action taken deleted quarantined allowed blocked tunneled source The IP of the client that made the request category The categories returned by WebProtector RTPS and UrlCheck if the option BlockCategories is enabled alerturl An URL with more information about the alert in case an alert was found E g for th
40. d according to the configuration see Monitoring HTTP Traffic Page 18 The default is HTTPPort host ip or name 8080 We recommend not to allow access to WebGate from outside your network WebGate should be therefore connected only to the internal network interface If you have installed WebGate as parent proxy on the same computer as your existing proxy server we recommend for example the following settings HTTPPort 127 0 0 1 8080 If neither hostname nor IP address are specified the port is linked to all interfaces Port for scanning FTP connections WebGate can also monitor real FTP connections Unlike FTP over HTTP WebGate communicates with the Client over FTP This entry sets the port on which WebGate responds to Client computers or to the FTP proxy server for FTP connections Example FTPPort hostname or ip 2121 Default NONE Port for ICAP support WebGate can be integrated with the ICAP interface as ICAP server This entry sets the communication port between WebGate and the ICAP Clients Example ICAPPort hostname or ip 1344 Default NONI al Maximum number of connections allowed The maximum number of simultaneous connections allowed to run through WebGate The value sets the limit for the number of connections or threads allowed simultaneously Range minimum 0 maximum 15000 Example MaxConnections 1000 Default MaxConnections 1024 If set to O WebGate will not limi
41. ding URL to get file when complete PROXY_HOST Hostname of machine where P WebGate is running QUARANTINE_FILE Filename of quarantined file A B Avira GmbH Avira AntiVir WebGate 47 Configuration Keyword Description Availability REFRESH_URL URL to refresh the progress P page REQUESTED_FILE Filename of file being down A B E P loaded REQUESTED_URL Full URL of file being down A B E P W loaded REQUEST_METHOD GET POST etc A B E RESPONSE_STATUS HTTP response code from ser A B E ver MATCHED_CATEGORIES All the blocked categories that W the requested URL matched MATCHED_CATEGORIES_LI Al the blocked categories that W the requested URL matched represented as a html list The template designer must sur round it with the list directi ves SERVER_IP IP address of server A B VDF_VERSION Version of AntiVir VDF file A B E 4 6 Client Timeout Prevention Avira GmbH WebGate always needs the complete file for scanning Therefore the entire file is downloaded before it is scanned and forwarded to the requesting client Especially when downloading and scanning a large file or if the connection to the Internet is slow this can cause a significant delay during which the client does not receive feedback Thus the client application cannot provide a download progress to the user and may even encounter timeout issues In order to avoid these problems WebGate provides different met
42. dstdomain regexp f path Enables filtering of connections based on the destination domain but for matching regular expressions are used You can use the f switch for reading a list of regular expressions from a file The path towards a file must be marked by quotes Each line in the file represents a regular expression and must have the format i lt regexp gt Avira AntiVir WebGate 76 Configuration Avira GmbH dsturi Syntax acl URIS dsturi i f paths ro list lt uri gt Example acl URIS dsturi i f etc avira list_of uris txt Enables the filtering of connections based on the full destination of URIs URLs When filtering several URIs URLs the logical OR is used dsturi_ regexp Syntax acl URIS dsturi_ regexp 1 lt uri gt Example acl URIS dsturi_ regexp i f etc avira List OF r g x Uxt Enables filtering of connections based on the full destination of URIs URLs but for matching regular expressions are used You can use the f switch for reading a list of regular expressions from a file The path towards a file must be marked by quotes Each line in the file represents a regular expression and must have the format i lt regexp gt req mime type Syntax acl lt name gt req mime type lt regular expression gt Enables searching for lt regexp gt in the request mime type header You can use this element fo
43. e Eicar test file the URL hit car 2DTest 2DSignature is added www avira com en threats q Ei missed Due to internal buffer limits it may be that not ev ery alert can be written to the database If this hap pens the column missed contains the count of alert information which could not be written to the database product Contains the product s name WebGate vdf Version information of the VDF which was used for scanning engine Version information of the engine which was used for scanning hostname The value of MyHostName etc avira avweb gate conf If MyHostName is not set the value returned from gethostname If gethostname fails localhost ou The active organization unit as reported by Policy Manager The rows in the counter table are written periodically The default setting is every completed hour You can change the delay between entries using the configuration option Example DBUpdatel Delay 30m DBUpdateDe lay in etc avira avwebgate conf Writes information to the database every 30 minutes Possible units are no unit s seconds m minutes h hours Avira AntiVir WebGate 60 Configuration 4 7 3 HTTP Connection Settings AllowHTTP AllowHTTPConnect Connect Avira GmbH Column Description id This column is an auto incremented number accepted Total coun
44. eInterval should not be set to a small value lt 30 But sometimes it may be desirable to receive the first bytes shortly after starting the download e g to trigger the Save As dialog box This option specifies the delay time in seconds before trickling data starts KeepaliveMode Syntax KeepaliveMode trickle header Default KeepaliveMode header In order to prevent client timeouts while downloading and scanning large files WebGate by default sends extended header data X WebGate Status to the client at the specified KeepaliveiInterval By setting this option to trickle you can enable data trickling If enabled WebGate sends small parts of the file to the client until the whole file is downloaded and scanned Use this option with caution By using this feature it is theoretically possible for a virus to get through Be aware of the risks and limitations if you intend to enable data trickling see 4 6 Client Timeout Prevention TrickleDataSize Avira AntiVir WebGate 66 Configuration Reserve DataSize Example TrickleDataSize 2 Default TrickleDataSize 1 Size for the packets WebGate sends to the client when using trickling By default the size is specified in bytes An optional quantifier can be used to change this K M and G can be used for Kilobytes Megabytes and Gigabytes For example 1K will be equivalent to 1024 with no quantifier given ReserveDataSize Example Rese
45. ecifies the path to the certificate file to be used in SMC communication and database logging Avira AntiVir WebGate 37 Configuration GuiCertPass GuiHostname Syntax GuiCertFile path Example GuiCertFile usr lib AntiVir webgate gui cert Server Dem Default NONE GuiCertPass Specifies the password for the certificate file Syntax GuiCertPass string Example GuiCertPass antivir default Default NONI Cl Please refer to WebGate s installation directory for more details about advanced configuration options GUI hostname The GuiHostname is used by the command avwg_stats as an interface to listen to connections from SMC Syntax GuiHostname host Default GuiHostname 127 0 0 1 or localhost Access Control Settings Forbidden UserAgents AclConfigFile Avira GmbH Denying access to specific user agents You can specify one or more user agent strings that will be denied access The main purpose is to avoid unnecessary traffic generated by clients issuing range requests such as Microsoft s BITS Background Intelligent Transfer Service or streaming services such as Apple s iTunes Range requests and data streaming are only permitted if specified in AclConfigFile see below Example ForbiddenUserAgents BITS iTunes Default NONE Access control scheme WebGate can also support more complex rules by implementing a Squid like access
46. ecursion 20 Maximum compression rate for archives This option limits the scanning to archives which do not exceed a certain compression level It ensures protection against so called Mail bombs which occupy unexpectedly large amount of memory when decompressed The null value means all archives are completely decompressed regardless of their compression rate Range minimum 0 maximum 1000 Example ArchiveMaxRatio 100 Default ArchiveMaxRatio 150 Blocking suspicious files When activated this option blocks files which are considered as suspicious A file is considered as suspicious if it meets one of the following criteria It is an archive that reached one of the values you set for ArchiveMaxSize ArchiveMaxRecursion or ArchiveMaxRatio It is an archive with a malformed header The file or a file within an archive is detected by heuristic process If this option is deactivated all suspicious files are forwarded Syntax BlockSuspiciousFile YES NO Default UJ lockSuspiciousFile YES Blocking password protected archives If this option is activated WebGate blocks password protected archives Syntax BlockEncryptedArchive YES NO Default BlockEncryptedArchive NO Block partial archives If enabled multi volume archives will be blocked Syntax BlockPartialArchive YES NO Avira AntiVir WebGate 34 Configuration B
47. eeseeessseese 48 4 6 l Refresh method EE 49 E EE 49 4 6 3 Keepalive method geiergert ber 49 icf Adyanc d Options eene 50 EC PLORY EIERE gebuere Egeter 50 47 2 Database SUpport EE 52 4 7 3 HTTP Connection Settings sseseeessessesesesseseseeresresrssersesresrerressrssesees 61 4 7 4 FTP Connection Settings egene K eege 65 4 7 5 ICAP Connection Settihgs ees bk 65 4 7 6 Timeout Prevention Settings Za EENS gie 66 4 7 7 Scan and Re 67 4 7 8 SNMP e 68 4 8 Client Configuration EE 69 4 JURE filtering serere eer 69 Avira GmbH Avira AntiVir WebGate Wa Eh KR EE 73 4 11 WebGate Access BEE 75 ATE LACL elements arn ieena ces aaee E ee EErEE Er estao taste hacen ude Eei EE 75 4112 Acc ss E 78 4 12 Proxy Configuration scrisorii nerin oTe i E AEA Eia 79 AAD WEE EE 79 4 12 2 Using E De 80 4 12 3 Apache as EE 80 5 Operation E 81 5 1 Starting and Stopping Avira AntiVir WebGate manually eee 81 5 2 Testing Avira GEELEN 83 5 3 Procedures when Detecting Viruses or Unwanted Programs seese 84 CU pd ates orean ae und E E Ea EE A Ta 85 6 1 Internet Updates smiri tenaaa A eege 85 TET D a L AE E AOA a Disks eae AA T 87 aA EE 87 7 1 1 How to watch for SNMP traps on Debian 5 sssssseeesssessessrseersese 87 EL EE 88 T Ofline EE 89 BE oN Ca EE 90 8 Appendix aii n A em irra ERREA ENS 91 COREEI D A EEEE EE 91 8 2 Further Information sis 9 csaedadeodesdeh EE 92 8 3 Golden Rules for Protection Against Viruses seseeeeeseeer
48. email gt You can easily acquire Avira AntiVir WebGate using our Online Shop for details visit http www avira com Copying the License File gt Copy the license file hbedv key in the installation directory on your system tmp antivir webgate prof lt version gt Avira GmbH Avira AntiVir WebGate 12 Installation 3 4 Installing Avira AntiVir WebGate Avira AntiVir WebGate installation is performed automatically using an installation script This script performs the following tasks e Checks integrity of the installation files e Checks for the required permissions for installation e Checks for existing installed versions of AntiVir products on the computer e Copies the program files and overwrites the existing obsolete files Copies the configuration files Existing AntiVir configuration files are kept e Installs Avira Updater e Optionally installs the plug in for SMC e Optionally configures the automatic start of Avira AntiVir WebGate and Avira Updater For the first installation you must follow these steps e Preparing Installation Page 13 e Installing Avira AntiVir WebGate Page 13 Preparing Installation gt Login as root Otherwise you don t have the required authorization for the installation and the script returns an error message To run Avira Antivir WebGate on a client with active firewall WebGate needs the Qo following open ports localhost tcp 50358 only for SMC user andudp port 519
49. enough for an Update to load the most recent version of this file 8 2 Further Information You can find further information on viruses worms macro viruses and other unwanted programs at http www avira com Avira GmbH Avira AntiVir WebGate 92 Appendix 8 3 Golden Rules for Protection Against Viruses gt Always keep boot floppy disks for your network server and for your workstations gt Always remove floppy disks from the drive after finishing the work Even if they have no executable programs disks can contain program code in the boot sector and these can serve to carry boot sector viruses gt Regularly backup your files gt Limit program exchange particularly with other networks mailboxes Internet and acquaintances gt Scan new programs before installation and the disk after this If the program is archived you can detect a virus only after unpacking and during installation If there are other users connected to your computer you should set the following rules for protection against viruses gt Use a test computer for controlling downloads of new software demo versions or virus suspicious media floppies CD R CD RW removable drives gt Disconnect the test computer from the network gt Appoint a person responsible with virus infection operations and establish all steps for virus elimination gt Organize an emergency plan as a precaution for avoiding damage due to destruction robbery
50. ererrerree 93 Avira GmbH Avira AntiVir WebGate About this Manual 1 About this Manual This Chapter contains an overview of the structure and content of this manual After a short introduction you can read information about the following issues e The Structure of the Manual Page 5 e Signs and Symbols Page 5 e Abbreviations Page 6 1 1 Introduction Avira GmbH We have enclosed in this manual all the information you need about Avira AntiVir WebGate and it will guide you step by step through installation configuration and operation of the software The appendix contains a Glossary which explains the basic terms The RELEASE NOTES file included in the product kit presents additional current information about Avira AntiVir WebGate For further information and assistance please refer to our Website to the Hotline of our Technical Support and to our regular Newsletter Service Page 87 Your Avira Team Avira AntiVir WebGate 4 About this Manual 1 2 The Structure of the Manual The manual of your AntiVir software consists in a number of Chapters bringing you the following information Chapter Contents 1 About this Manual The structure of the manual signs and symbols 2 Product Information General information about Avira AntiVir WebGate software its modules features system requirements and licensing 3 Installation Instructions to install Avira AntiVir WebGate on your s
51. eric Value Category 25 Humor Comics 26 General News Newspapers Magazines 27 Web Mail 28 Chat 29 Newsgroups Bulletin Boards Blogs 30 Mobile Telephony 31 Digital Postcards 32 Search Engines Web Catalogs Portals 33 Software Hardware Distributors 34 Communication Services 35 IT Security IT Information 36 Website Translation 37 Anonymous Proxies 38 Ilegal Drugs 39 Alcohol 40 Tobacco 41 Self Help Addiction 42 Dating Relationships 43 Restaurants Bar 44 Travel 45 Fashion Cosmetics Jewelry 46 Sports 47 Building Residence Architecture Furniture 48 Nature Environment Animals 49 Personal Homepages 50 Job Search 51 Investment Brokers Stocks 52 Financial Services Investment Insurance 53 Banking Home Banking 54 Vehicles Transportation 55 Weapons Military 56 Health 57 Abortion 59 Spam URLs 60 Malware 61 Phishing URLs 62 Instant Messaging Avira GmbH Avira AntiVir WebGate 71 Configuration 5 Governmental Organizations 6 Non Governmental Organizations 7 Cities Regions Countries 8 Education 9 Political Parties 10 Religion 11 Sects 12 Illegal Activities 13 Computer Crime 14 Political Extreme Hate Discrimination 15 Warez Hacking Illegal Software 16 Violence Extreme 17 Gambling Lottery 18 Computer Games 19 Toys 20 Cinema Television
52. from the console e In Procedures when Detecting Viruses or Unwanted Programs Page 84 you can learn what you should do in case of an infection in your network 5 1 Starting and Stopping Avira AntiVir WebGate manually You must log in as root or you must have the required permissions in order to start or ga stop Avira AntiVir WebGate If you have installed WebGate as described in Installing Avira AntiVir WebGate Page 13 it will start automatically by system start Starting Avira AntiVir WebGate gt Type usr lib AntiVir webgate avwebgate start The program starts with the following message Starting AVIRA AntiVir WebGate Starting savapi Starting avwebgate bin If during installation you have set WebGate to start automatically then you will not have to worry about this This is the recommended way of starting WebGate If you want to use different parameters for the avwebgate bin binary you can do that by changing the DAEMONPARAMS variable from the avwebgate script Command line parameters avwebgate bin C lt file gt Specifies an alternate configuration file Default is etc avira avwebgate conf N Starts WebGate without daemonizing D Sets the DebugLevel 1 5 V version Shows the WebGate version number Avira GmbH Avira AntiVir WebGate 81 Operation filter version Shows version information about the used scanner and filters status Shows if WebGate is running as configured
53. g 5 2 Testing Avira AntiVir WebGate After completing the installation and configuration you can test the functionality of AntiVir WebGate using a test virus This will not cause any damage but it will force the security program to react when the computer is scanned Testing Avira AntiVir WebGate with a Test Virus gt Start WebGate usr lib AntiVir webgate avwebgate start gt Type the following URL in your Web browser http www eicar org gt Read the information about the test virus eicar com gt Download the test virus on your computer Avira GmbH Avira AntiVir WebGate 83 Operation D Avira AntiVir WebGate will block the access to the file and issues a warning in the browser RES Edt Mer W e pimein be D r eg E IR hep wen gh ogdonda E Moet visited Smart B wise kmarks gt Getting Started ELatest Headines e Avira WebGate ALERT gt Check the logfile for detailed notifications about the detection 5 3 Procedures when Detecting Viruses or Unwanted Programs If correctly configured Avira AntiVir WebGate is set to deal automatically with all the tasks on your computer e The infected file is repaired or at least deleted e If it could not be repaired the access to the file is blocked and according to the configuration the file is renamed or moved This eliminates the risk of infection You should however follow these guidelines gt Try to detect the way the infection sneaked on y
54. g_ stats to interrogate the database usr lib AntiVir webgate gui bin avwg stats S If successful the tool will print the following Avira GmbH Avira AntiVir WebGate 56 Configuration Print CSV list Avira GmbH usr lib AntiVir webgate gui bin avwg_stats S Using these settings ODBC ini lt using system s odbc ini gt ODBC library libodbc so 1 ODBC source WebGate Preparing connection gt OK Connecting gt OK Disconnecting gt OK Successfully verified database connectivity and something similar if errors occur example for MySQL the error message may vary depending on the error type Using these settings ODBC ini lt using system s odbc ini gt ODBC library libodbc so 1 ODBC source WebGate Preparing connection gt OK Connecting Failed to connect to ODBC data source error code 2 MySQL ODBC 3 51 Driver Lost connection to MySQL server at reading initial communication packet system error 111 WebGate is able to print the tables contents as a CSV comma separated value list By default only the alerts table is printed You can choose another table using the command line option t The first line of the resulting list contains the column names All other lines are the Avira AntiVir WebGate 57 Configuration table s rows The results are not sorted Example Print the alerts table usr lib AntiVir webgate
55. gui bin avwg_ stats o csv Print the counter table usr lib AntiVir webgate gui bin avwg_ stats o csv t counter CSV separator Specify a field separator using one character Z0 CSV S Du You must quote the separator for it to be interpreted by the shell Example Print the alerts table and separate by usr lib AntiVir webgate gui bin avwg stats o esvi Time ranges You can limit the result to only list rows within a specific time range R YYYY MM DD HH MM SS YYYY MM DD HH MM SS Example Print the alerts table limited to a specific time range usr lib AntiVir webgate gui bin avwg stats o csv R 2011 04 13 00 00 00 2011 04 13 15 35 43 This will list all alerts which were logged between 2011 04 13 00 00 00 and 2011 04 13 15 35 43 Alerts table description When a mail is blocked information about the alert s is immediately written to Avira GmbH Avira AntiVir WebGate 58 Configuration Avira GmbH the database Column Description id This column is an auto incremented number reason The reason why the request was blocked The fol lowing reasons exist Alert Scanner found malware Suspicious Scanner detected a suspicious file Error An error occurred during the scan Incomplete Not completely scanned Encrypted Scanner found an encrypted file Extension File extension was blocked Archive bomb Scanner found an archive bom
56. hods for preventing client timeouts refresh redirect and keepalive The timeout prevention method is chosen dynamically based on the type of client and or the WebGate configuration settings WebGate first checks if the refresh method would be appropriate If not WebGate checks if the redirect method would Avira AntiVir WebGate 48 Configuration be appropriate If not WebGate checks if the keepalive method would be appropriate If none of the timeout methods is appropriate then WebGate will not attempt any form of timeout prevention 4 6 1 Refresh method The refresh method is used for clients identified as browser WebGate sends HTML pages containing the current progress status that will be refreshed at a specified interval RefreshInterval After downloading and scanning the file the user can get the file from WebGate by clicking on the link provided with the last progress message If the file is blocked an HTML page with an alert message is generated from the appropriate template and is sent to the client 4 6 2 Redirect If the refresh method is not used because it is disabled or the client is a non browser HTTP redirect messages can be sent to the client at the specified interval Redirect Interval The client is redirected to a dynamically generated URL that can be identified by WebGate and uniquely associated with the appropriate download Note that this method does not work with every client If you
57. icsMacro YES NO Default euristicsMacro YES Detection of other types of unwanted programs Besides viruses there are some other types of harmful or unwanted software You can activate their detection using the following options DetectADSPY YES Avira AntiVir WebGate 36 Configuration SMC Settings GUL GuiSupport GuiCAFile GuiCertFile Avira GmbH DetectAPPL NO DetectBDC YES DetectDIAL YES DetectGAME NO DetectHEUR DBLEXT YES DetectJOKE NO DetectPCK NO DetectPHISH YES DetectSPR NO If you want to enable detection for all the categories above you can uncomment the following parameter Note that this will enable detection for all the unwanted programs overwriting their individual values Syntax DetectAllTypes YES NO Default DetectAllTypes YES SSL parameters for secure communication with Avira SMC The following options must be activated for a secure communication with SMC GuiSupport This option enables the use of the Console of the Avira Security Management Center SMC to manage WebGate remotely Syntax GuiSupport YES NO Default GuiSupport NO GuiCAFile Specifies the path to the certificate authority file to be used in SMC communication Syntax GuiCAFile path Example GuiCAFile usr lib AntiVir webgate gui cert cacert pem Default NONE GuiCertFile Sp
58. ime when a certain event occurs Generic term for foreign bodies of any type These can be interferences such as viruses or other software which the user generally considers as unwanted see also Unwanted Programs The directory where infected files are stored to block the user s access to them The user with unlimited access rights such as system administrator on Windows Secure AntiVirus Application Programming Interface Avira AntiVir WebGate 91 Appendix Item Signature Script SMC SMP Symmetric Multi Processing SMTP syslog daemon Unwanted programs VDF Virus Definition File Meaning A bytes combination used for recognizing a virus or unwanted program A text file containing commands to be executed by the system similar to batch files in DOS Avira Security Management Center Unix SMP Unix version for computers with parallel processors Simple Mail Transfer Protocol protocol for email transport on the Internet A daemon used by programs for logging various information These reports are written in different logfiles The syslog daemon configuration is in etc syslog conf The name for programs that do not directly harm the computer but are not desired by the user or administrator These can be backdoors dialers jokes and games Avira AntiVir WebGate detects various types of unwanted programs A file with known signatures for viruses and unwanted programs In many cases it is
59. l data from the computer without the user s knowledge This program is manipulated by third parties using a remote backdoor control software over the Internet or network Avira AntiVir WebGate detects backdoor control programs A daemon which starts other programs on specified times A background process for administration on Unix systems On average there are about a dozen daemons running on a computer These processes usually start up and shut down with the computer Paid dialing program When installed on your computer this program builds a Premium Rate Number Internet connection charging you at higher rates This can lead to huge phone bills Avira AntiVir WebGate detects Dialers The scanning module of Avira AntiVir software The systematic process of solving a problem using general and specific rules drawn from previous experience The solution is however not guaranteed Avira AntiVir WebGate uses a heuristic process for detecting unknown macro viruses When typical virus like functions are found the respective macro is classified as suspicious Avira Internet Update Manager The individual client computers in your network do not have to download updates from the internet themselves but easily through your intranet The base component of a Unix operating system which performs elementary functions e g memory and process administration also Report file A file containing reports generated by the program at run t
60. le usr local bin webgate alert might look like this Avira GmbH Avira AntiVir WebGate 87 Service 1 bin bash name url while read oid val do if oid AVIRA WEBGATE VO MIB wgtMalwareName 0 then name val fi if oid AVIRA WEBGATE VO MIB wgtRequestURL 0 then url val fi done echo WebGate found name when accessing url 5 Run the following snmptrapd f c etc snmp snmptrapd conf M usr share snmp mibs m AVIRA MIB AVIRA WEBGATE VO MIB and wait for AntiVir WebGate to send the wgtAlert trap you could try to send the Eicar test virus through AntiVir WebGate to trigger this You should then see the following output in the terminal where you started snmptrapd WebGate found Bicar Test Signature virus Contains code of the Eicar Test Signature virus when accessing http www eicar org download eicar com 7 2 Support Avira GmbH Our website http www avira com contains all the necessary information on our extensive support service The expertise and experience of our developers is available to you The experts from Avira answer your questions and help you with difficult technical problems During the first 14 days after you have purchased a license you can use our AntiVir Installation Support by phone email or by online form For further information on the support for your product please refer to http www avira co
61. lockArchive Bomb Block Unsupported Archive Block Extensions Block Categories Avira GmbH Default BlockPartialArchive NO Block archive bombs If enabled WebGate blocks files detected as possible archive bombs Syntax BlockArchiveBomb YES NO Default BlockArchiveBomb YES This option is not affected by ArchiveMaxSize ArchiveMaxRecursionand ArchiveMaxRatio Block unsupported archives Archives which the scanner does not support are blocked Syntax BlockUnsupportedArchive YES NO Default BlockUnsupportedArchive YES Blocking certain file extensions WebGate can block files that have certain extensions It will also apply for file names in archives Syntax BlockExtensions extl ext2 ext3 Example BlockExtensions exe scr pif Default NONE URL filtering First the access control ACL rules are evaluated which means a rule allowing tunneling for a request will not be blocked by URL filters Connections that are not tunneled would still pass through the URL filter module similar to the scanning behavior Then the Avira URL Filtering library LocalFilter applies The library tries to determine if an URL is dangerous based on a list of known URLs A category is returned for each dangerous URL Malware 60 Phishing 61 Fraud 63 If this category is found in the BlockCategories configuration option the request is
62. lt create db sql Enter password 2 Install iODBC You should choose a thread safe library Please consult the distribution manual to check if your ODBC library was built with thread support apt get install libiodbc2 3 Install the corresponding database driver for your database You should choose a thread safe driver Please consult the distribution manual to check if your ODBC driver is thread safe Example for MySQL ODBC driver apt get install libmyodbc 4 Set up odbc ini see 5 for an example odbc ini There are different ways to perform the setup e Create and or edit etc odbc ini or e Copy etc avira avwebgate odbc ini to etc odbc ini and edit it or e Edit etc avira avwebgate odbc ini and set the configuration option DBodbcIni in etc avira avwebgate conf to etc avira avwebgate odbc ini If you want to configure the odbc ini path from the Avira Security Management Center SMC please notice that it is not possible to define the file via the SMC GUI You may copy the path manually to the client for example with the help of SCP or WinSCP or you may use the file copy function of the SMC Please make sure that the file has the appropriate write permission You can set the permission manually via SSH or you may use the chmod workaround bin chmod a w usr lib AntiVir agent webgate odbc ini When you configure the DB support by editing the avwebgate odbc ini file please be aware of the accuracy of your ent
63. luation If a regular expression starts with i followed by space it has to be escaped by i Sre Avira AntiVir WebGate 75 Configuration Avira GmbH Syntax acl lt name gt src lt ip netmask gt acl lt name gt src lt ipl ip2 netmask gt Enables filtering of connections based on the IP address You can specify a single IP or a range of IP addresses When filtering several addresses the logical OR is used Example acl lt name gt src lt ipl netmask ip2 netmask ip3 netmask gt The ACL element considers a match if at least one IP address matches port Syntax acl lt name gt port lt number gt acl lt name gt port lt range gt Enables filtering of connections based on the destination port You can specify a single port or a range of ports When filtering several ports the logical OR is used dstdomain Syntax acl lt name gt dstdomain lt domain gt acl lt name gt dstdomain lt file gt Enables filtering of connections based on the destination domain When filtering several domains the logical OR is used Example acl antivir dstdomain antivir de The ACL element matches antivir de You can define domains in a separate file by separating them by blanks or by writing the domains on separate lines To include a file you have to start and end the path with quotes dstdomain regexp Syntax acl lt name gt dstdomain regexp 1 lt regexp gt acl lt name gt
64. m en support for business Before you contact our Hotline we recommend that you visit our section for Frequently Asked Questions at http www avira com en support for business faq Avira AntiVir WebGate 88 Service There is also a message board in which you can participate for free http forum avira com Please use the Search option your questions may already have been answered for another user and posted on the board Support via email can be obtained at http www avira com 7 3 Online Shop Avira GmbH Would you like to buy our products per mouse click You can visit Avira Online Shop at http www avira com and buy upgrade or extend AntiVir licenses fast and safely The Online Shop guides you step by step through the orders menu A multi language Customer Care Center explains to you the ordering process the payment transaction and the delivery Resellers can order by invoice and use a reseller panel Avira AntiVir WebGate 89 Service 7 4 Avira GmbH Contact Avira GmbH Kaplaneiweg 1 88069 Tettnang Germany You can find further information about us and our products by visiting http www avira com Avira AntiVir WebGate 90 Appendix 8 Appendix 8 1 Glossary Item Backdoor BDC cron daemon Daemon Dialer Engine Heuristic IUM Kernel Logfile Malware Quarantine directory root SAVAPI Avira GmbH Meaning A backdoor is a program infiltrated in order to stea
65. mplemented by Avira URL Filtering library This filter is enabled by default with every WebGate or WebGate Suite license By setting this to NO the filter will be disabled OnlineFilter Syntax OnlineFilter YES NO Default OnlineFilter YES Controls the usage of Avira Web Access and Content Control Library This is enabled by default with every WebGate Suite license By setting this to NO the Avira Web Access and Content Control Library will be disabled 4 7 8 SNMP Settings SNMP Recipient SNMPSender Avira GmbH SNMPRecipient Example SNMPRecipient snmp example com Default NONE The host that listens for SNMP traps sent by WebGate If this value is disabled no SNMP traps are sent SNMPSender Example SNMPSender 192 0 0 1 Avira AntiVir WebGate 68 Configuration SNMP Community Default SNMPSender 127 0 0 1 Set up sender for SNMP traps This option can be used to define which IP address is specified as the sender address in SNMP traps If a hostname is specified this will be used to determine the IP address being used by means of DNS lookup SNMPCommunity Example SNMPCommunity CompanyName Default SNMPCommunity Avira The community string used when sending SNMP traps A SNMP host can receive traps from WebGate only if it has the same community string or has no community string set 4 8 Client Configuration Once WebGate is running web browsers will need to set Web
66. nfirm with Enter You can change these settings later The automatic system start is configured setting up boot script done installation of main program complete D Then you are asked if you want to install WebGate with the optional plug in for AntiVir Security Management Center 4 activate SMC support If you are going to use AVIRA Security Management Center SMC to manage this software remotely you need this Would you like to activate SMC support y If you are using Avira SMC gt Type Y or confirm with Enter The plug in is installed and the installation process completed Installation of the following features complete AntiVir Core Components Engine Savapi and Avupdate AVIRA Internet Updater AVIRA WebGate AntiVir SMC plugin gt Finally you can start Avira AntiVir WebGate usr lib AntiVir webgate avwebgate start Modified binaries will not run For example if binaries are prelinked Either disable prelinking or add 2 usr lib AntiVir webgate as an excluded prelink path in etc prelink conf Avira GmbH Avira AntiVir WebGate 15 Installation Gi Starting with version 3 0 0 a new scanner backend is used Old scanner specific configuration options that are not known to WebGate must be moved from etc avira avwebgate conf to the scanner specific configuration file etc avira avwebgate scanner conf It is highly recommended that you perform an update after installation to e
67. ng as a proxy server WebGate Internet Client s gt Make the following settings in avwebgate conf example HTTPPort 8080 gt Configure the browser according to the Clients If WebGate is installed on the actual Client we recommend the following settings in avwebgate conf HTTPPort 127 0 0 1 8080 gt For HTTP Proxy enter the IP address 127 0 0 1 or Localhost The real settings can differ from those given in the example but for a correct configuration the settings in avwebgate conf must be compatible with the Client s browser configuration WebGate between Client and Proxy Server Network Configuration 1 Q Avira GmbH In this configuration the other proxy server can be attacked by malicious software Ifyou want complete protection for your proxy server normally network configuration 2 is recommended See WebGate between Proxy Server and Internet Network Configuration 2 Page 21 This configuration is suitable when the proxy is connected to other servers and the Clients need to be protected from infection WebGate can be installed directly on the proxy server or on another computer WebGate directs the Client s inquiries through the proxy server to the Internet and scans the answers from the Internet which are received through the proxy server The access to infected files from a Website is blocked and only not infected files are Avira AntiVir WebGate 19 Configuration directed to the Clients
68. nsure up to date protection This can be done by running usr lib AntiVir webgate avupdate webgate product WebGate For more details on updating see Updates Page 85 3 5 Reinstalling and uninstalling AntiVir You can re launch the installation script anytime There are more situations possible Installing a new version upgrade The installation script checks the previous version and installs the necessary new components The configuration set tings already made are not overwritten but inherited Configuration Page 18 Later installation of some components Activating or deactivating the automatic start of Avira AntiVir WebGate or Avira Updater Reinstalling Avira AntiVir WebGate The procedure is the same in all cases listed above gt Go to the temporary directory where you have unpacked AntiVir WebGate cd tmp antivir webgate prof lt version gt gt Type install D The installation script runs as described above see Installing Avira AntiVir WebGate Page 13 gt Make the necessary changes during installation Avira AntiVir WebGate is installed with the desired settings Uninstalling AntiVir Avira GmbH If you want to uninstall Avira Antivir WebGate you can use the uninstall script Avira AntiVir WebGate 16 Installation Avira GmbH located in your installation directory The syntax is uninstall product productname no interactive inf in file force
69. nt Since the trickle interval controls the sending of data at a pre set rate and s specific size the download speed shown to the client is not related to the actual download speed Scan and Filter Settings ArchiveScan d Archive Mas Size ArchiveMax Recursion Avira GmbH Scanning archives By default all files in archives are unpacked on access and scanned according to the settings for ArchiveMaxSize ArchiveMaxRecursion and ArchiveMaxRatio It is recommended not to deactivate these options Syntax ArchiveScan YES NO Default ArchiveScan YES If ArchiveScan is set to NO Avira AntiVir WebGate will not scan compressed replies from servers Maximum size of archived files This option limits the scanning process to the files with unpacked size smaller than ArchiveMaxSize in Bytes The null value means no limit Syntax ArchiveMaxSize integer K M G Example ArchiveMaxSize 1G Default ArchiveMaxSize 2G Maximum recursion level When scanning recursive archives the level of the recursion can be limited The null value means all archives are completely unpacked regardless of their recursion level Range minimum 0 maximum 1000 Syntax ArchiveMaxRecursion integer Avira AntiVir WebGate 33 Configuration ArchiveMax Ratio Block Suspicious File Block Encrypted Archive BlockPartial Archive Avira GmbH Example ArchiveMaxRecursion 10 Default ArchiveMaxR
70. ode This option has effect only if HTTP over FTP is used ie using a browser to view the files on an FTP server If WebGate is used as FTP proxy active passive mode is set by the FTP client used AllowActiveFTPPorts Example AllowActiveFTPPorts 33323 Default AllowActiveFTPPorts 0 Normally if active FTP connections are made in FTP over HTTP mode the port the server is asked to connect to is chosen at random WebGate also allows the user to specify a list of ports it tries to bind to instead of arandom one One or more single ports e g 15673 60754 or port ranges can be specified Ranges are specified with a between two port numbers e g 1025 65535 Note that there are no whitespaces allowed between the two port numbers and the dash Avira AntiVir WebGate 64 Configuration when specifying a range If the list contains port numbers under 1024 WebGate must be run as root by setting OQ User and Group in avwebgate conf to root This presents a security risk and should be avoided 4 7 4 FTP Connection Settings FTPDefault ETPDefaultServer Server Example FTPDefaultServer ftp example com 21 Default NONE Specifies an FTP server to which WebGate will connect by default when running as FTP proxy May be useful to protect a single FTP server transparently FTPProxy FTPProxyUsername Username Example FTPProxyUsername user example Default NONE FTPProxy FTPProxyPassword P
71. ogressHost RefreshDelay RefreshSkipFile Extensions Refresh Timeout Avira GmbH downloaded file was requested from WebGate at least once using the Get file link provided with the final progress page This allows a client to retrieve the temporarily cached file multiple times If no request is received within the specified time the file is deleted By default a file is immediately deleted after it is sent once to the client For Squid version lt 2 5 STABLE9 this should be set to something greater than 0 since Squid retries a request three times if a 403 response is submitted but after the first request WebGate deletes the requested page ProgressHost Example ProgressHost home security 80 Default ProgressHost Avira WebGate 80 The hostname used for the progress URL You may specify a real name or address if you encounter problems with DNS lookups performed by the browser or proxy for example If WebGate is used as a transparent proxy server the browser will send a request to the specified host and to the specified port The request will be redirected to WebGate In this case make sure that you have given the correct port number to ProgressHost RefreshDelay Range minimum 0 maximum 600 Example RefreshDelay 60 Default RefreshDelay 3 Specifies the delay time in seconds before the first progress message is sent to the client This is used for slow loading pages to stop Web
72. onf cache peer lt WebGateHost gt parent lt WebGatePort gt 0 no query no digest default acl ALL src 0 0 0 0 0 0 0 0 never direct allow ALL lt WebGateHost gt and lt WebGatePort gt must be replaced by the corresponding values Because the data transferred over SSL tunnel connections established using the HTTP CONNECT method ARE NOT SCANNED by WebGate you may want to configure the proxy to bypass WebGate for these connections in case the proxy is also used for HTTPS This can be done with the following configuration squid conf cache peer lt WebGateHost gt parent lt WebGatePort gt 0 no query no digest default acl SSL method CONNECT acl ALL sre 0 0 0 0 0 0 0 0 always direct allow SSL never direct allow ALL Another way is to tell squid explicitly to forward only HTTP and FTP requests to WebGate and to bypass WebGate for all other types squid conf cache peer lt WebGateHost gt parent lt WebGatePort gt 0 no query no digest default acl SCAN ACL proto HTTP acl SCAN ACL proto FTP cache peer access lt WebGateHost gt allow SCAN ACL cache peer access lt WebGateHost gt deny SCAN ACL never direct allow SCAN ACL If WebGate is used as parent proxy you need to start WebGate before the proxy is started Avira AntiVir WebGate 79 Configuration 4 12 2 Using Squid ICAP WebGate can also be used in ICAP mode with Squid ICAP Since ICAP does not provide any form of timeout
73. onf error html Displayed if an error occurred while processing the Avira GmbH user s request progress_downloading html Displayed while a file is being downloaded this template is used only when the refresh method for timeout prevention is used progress_scanning html Displayed while a file is being scanned this template is used only when the refresh method for timeout prevention is used progress_complete html Displayed after a file has been downloaded and scanned this template is used only when the refresh method for timeout prevention is used Avira AntiVir WebGate 45 Configuration Template progress_aborted html ws_blocked html Email Templates Template alert mail blocked mail Meaning Displayed if the user has aborted the download this template is used only when the re timeout prevention is used fresh method for Displayed if the page was part of a category blocked by the user Meaning Used when an alert is found by AntiVir WebGate Used when AntiVir WebGate has blocked a suspicious file using various block settings in avwebgate conf In order for WebGate to be able to send email messages an MTA must be configured WebGate can use either mail or sendmail WebGate searches for usr sbin sendmail usr lib sendmailor usr local bin main bin mail usr bin mail Template Keywords Keywords are specified with enclosed characters for example ALE
74. or access control mechanisms or for logging purposes This option could also enable the use of ACLs for a Squid proxy which is configured by WebGate as parent proxy The parent proxy must certainly hold the necessary functionality for header analysis Syntax AddXForwardedForHeader YES NO Default AddXForwardedForHeader NO Header analysis This option removes the X Forwarded For Header from a request received by WebGate Syntax RemoveXForwardedForHeader YES NO Default RemoveXForwardedForHeader NO Avira AntiVir WebGate 30 Configuration AddViaHeader AddIcapDate Header Header analysis This option adds a Via Header when WebGate is used in ICAP mode Syntax AddViaHeader YES NO Default AddViaHeader NO Header analysis This option adds a Date header when WebGate is used in ICAP mode By default WebGate does not send a Date header when replying to an ICAP request To enable sending the Date header with each reply this option should be set to YES Syntax AddIcapDat ader YES NO Default AddIcapDat ader NO Example AddIcapDat ader YES Timeout Prevention Settings Refresh Redirect Keepalive Interval Refresh Interval Avira GmbH Contains setting that control how WebGate tries to keeps the connection to the client opened while processing the request Avoiding Client timeouts by large downloads Some brow
75. ory name and the URL of the mathched category Avira AntiVir WebGate 74 Configuration wetLicense ExpiredOr Invalid wetLicenseWill ExpireSoon wgtLicenseExpiredOrInvalid The WebGate s license has expired or is invalid wgtLicenseWillExpireSoon The license will expire in less than 30 days Parameters the number of days the license will still be valid 4 11 WebGate Access Control WebGate implements a Squid like access control scheme The access control scheme is within a separate file specified in the configuration file etc avira avwebgate conf Each line in this configuration file is limited to 4096 characters WebGate offers a subset of Squid s to ensure access control You also may run a Squid proxy server together with Webgate Like Squid WebGate s access control scheme has two components ACL elements and access lists 4 11 1 ACL elements ACL elements Avira GmbH ACL elements An ACL element has the following format acl lt name gt lt type gt lt rule gt Each ACL element has a unique name If multiple elements have identical names an error will be reported The element a 1 1 matches any request or reply and is implicitly defined by WebGate You cannot redefine it WebGate uses the following types of ACL elements browser Syntax acl lt name gt browser i lt regexp gt Enables filtering of connections based on the User Agent The i flag generates a case insensitive regexp eva
76. ou want to limit the allowed connections to the ports 443 HTTPS and 563 SNEWS ProgressAutoSend Syntax ProgressAutoSend YES NO Default ProgressAutoSend NO After showing the download progress as refreshing HTML pages send the downloaded file automatically to the client once the download has finished may not work with every client ProgressFilesizeThreshold Example ProgressFilesizeThreshold 1K Default ProgressFilesizeThreshold 20M Valid sizes are K for kilobytes M for megabytes and G for gigabytes If files larger than the specified value are downloaded progress messages are sent to the client independent of its content type or file extension A value of 0 means that the file size doesn t affect the decision regarding which timeout prevention method is used ProgressHoldTime Range minimum 0 maximum 36000 Example ProgressHoldTime 2400 Default ProgressHoldTime 1800 Number of seconds to wait for a refresh or redirect request from the client once the download has finished after showing download progress If no request is received within the specified time the file is discarded ProgressHoldTimeAfterGetFile Range minimum 0 maximum 7200 Example ProgressHoldTimeAfterGetFile 1200 Default ProgressHoldTimeAfterGetFile 0 Number of seconds to wait for subsequent requests from the client after the Avira AntiVir WebGate 62 Configuration Pr
77. oup in the file etc avira avwebgate conf as well as in etc avira avwebgate scanner conf Scanner Location WebGate no longer starts the SAVAPI daemon Instead it connects to a running instance using a UNIX socket Avira AntiVir WebGate 27 Configuration Temporary Dir CacheDir EmailTo Default ScannerListenAddress var run avwebgate scanner Ifyou modify this parameter you must also change the value for ListenAddress in etc avira avwebgate scanner conf See Scanner Configuration in avwebgate scanner conf Page 40 Temporary directory You can change the name of the temporary directory The standard is tmp This directory contains for example the files during scanning Default TemporaryDir tmp var tmp for Solaris binaries Cache directory This directory contains RTPS and Webprotector cache files Example CacheDir home cache Default CacheDir var cache webgate Email messages Avira AntiVir WebGate is able to send emails with additional information for example about the relevant file if it detects a virus or unwanted program There is no default value In order to send emails you must enter a recipient address Example EmailTo root examplehost Default EmailTo root localhost Logging Settings Syslog Facility Avira GmbH Syslog facility WebGate sends notifications to syslog daemon for all important operations You can specify the facility for these
78. our system gt Perform targeted scanning on the data storage that might be infected gt Inform your team superiors or partners gt Inform your system administrator and security provider Submitting Infected Files to Avira GmbH gt Please send us the malware or suspicious files that our product does not yet recognize or remove Upload the virus or file packed gzip WinZIP PKZip Arj via http analysis avira com samples index php Oo When packing use the password infected This way the file will not be deleted by virus scanners on email gateway Avira GmbH Avira AntiVir WebGate 84 Updates 6 Updates With Avira Updater you can update Avira software on your computers using Avira update servers The program can be configured either by editing the configuration file Updater Configuration in avupdate webgate conf Page 41 or by using parameters in the command line It is recommended to run the Updater as root If the Updater does not run as root it does not have the necessary rights to restart Avira AntiVir WebGate daemons so the restart has to be made manually as root Advantage any running processes of Avira AntiVir WebGate daemons such as Scanner Engine WebGate are automatically updated with the current antivirus files without interrupting the running scan processes It is thus ensured that all files are scanned 6 1 Internet Updates Manually If you want to update Avira AntiVir WebGate or some of
79. port you have to install an ODBC driver manager and set it up There are two driver managers available iODBC www iodbc org recommended unixODBC www unixodbc org Below is a description on how to install and set up ODBC on Debian 5 0 please consult the distribution or driver manager manual on how to install and set up ODBC if you use another operating systems Warning WebGate is a 32 bit binary and can t use a 64 bit shared object This means it will not be able to use a 64 bit ODBC driver manager For 64 bit machines you should make sure that the ODBC connector is a 32 bit shared object For details about how to set up database support in WebGate on a 64 bit machine see the file README db support SLES10 SP2 64bit This file contains an example setup for ODBC on SuSE Linux Enterprise 10 SP2 Avira AntiVir WebGate 54 Configuration Avira GmbH 1 Set up the database If you haven t already set up a user with access rights to the database you should set one up now Please consult your database s manual for information on how to adda user to your database and grant the user access See the file usr lib AntiVir webgate create db sql for details on the database layout The database layout is the script to create a MySQL database You can use this script to create the database example for MySQL with the server running on the specified host mysql u lt db user gt p h lt your sql server host name gt
80. r WebGate 43 Configuration Specifies the root of the update on the IUM server set to update intranet Specifies that the update will be made from the intranet rather than from the Internet Example intranet svrs http iumserver 7080 product root update intranet Setting fallback update servers If you like to set up fallback update servers for example in case the intranet servers do not work appropriately and you like to update from Internet servers you can do a setup by adding the option peak handling srvs in the configuration file or in the command line The option has the same syntax as intranet srvs Example peak handling srvs http dll pro antivir de http d1l2 pro antivir de d1l3 pro anitivir de Integration into Avira Security Management Center SMC In order to configure updates via Avira Security Management Center SMC it is necessary to add the update plug in package to the SMC repository Once added a new product Avira Updater will be available for installation on machines administered by the SMC The Avira Updater product allows updates to be configured for all products installed on computers administered by the SMC For more details please refer to the SMC documentation If you have changed the options for User Group the communication with Avira SMC will not work 4 4 4 Access Control Configuration in avwebgate acl Avira GmbH WebGate implements an access control scheme th
81. r detecting file uploads or HTTP tunneling requests rep mime type Syntax acl name rep mime type regexp Enables searching for lt regexp gt in the reply mime type header You can use this element for detecting file downloads When using http_access rules this element is invalid set Syntax acl lt name gt set lt option gt lt value gt Enables setting of an option to be used for request or reply Inside http_access or http_reply_access list this element always evaluates to true If the request Avira AntiVir WebGate 77 Configuration d matches the appropriate access list the element sets the desired option You can set the following options TrickleDataSize ReserveDataSize KeepAliveMode RefreshInterval RedirectInterval and KeepAliveInterval If you specify both ReserveDataSizeand TrickleDataSize inthe rule definition http_access or http_reply_access ReserveDataSize must be used before TrickleDataSize When a timeout prevention is set using the ACL elements it overwrites all other specified in the configuration file 4 11 2 Access lists Access lists Avira GmbH Access lists WebGate supports two of the Squid s access lists http_access and http_reply_access The rule for an access list consists of the rule type the desired action and a list of ACL elements http access Syntax http_access lt allow scan deny tunnel gt lt acl_name gt Enables filtering
82. red Avira AntiVir WebGate 49 Configuration risk that the data trickled to the client contains a virus or part of a virus Indeed WebGate scans the already received part of the file before starting trickling but the scan result may be misleading because the files were still incomplete at the time of scanning e The download speed shown by the client is the speed at which trickle data are received by the client and does not reflect the actual traffic flow at which WebGate is receiving the file Also the estimated time calculated by the client will be vastly overestimated If the first part of the file has been trickled and a virus is found there is no chance to send the client a notification e g alert HTML page WebGate merely terminates the connection to the client This may result in leaving small incomplete mostly unusable files on the client machine that should be deleted by the user It is not recommended to enable data trickling unless you are experiencing problems using the other timeout prevention methods Be aware of the risks and limitations before you enable this feature 4 7 Advanced Options The following options can be used to fine tune WebGate Normally you do not need to change any of these settings but they may sometimes be useful for special configurations and environments 4 7 1 Proxy Settings DNSHelpers ClientTimeout Avira GmbH DNSHelpers Range minimum 0 maximum 64 Example DNS
83. requests based on ACL matches If several ACL names are given the logical AND is used The default is to allow the connection but scan the data if no rule matches allow rule To deny all requests except the above specified ones you have to add a http_access deny all rule http reply access Syntax http reply access lt allow scan deny tunnel gt lt acl_ name gt Enables filtering of server responses based on ACL matches You can set the following actions allow The request is allowed and passed to the subsequent modules URL filtering and scanning scan The request is allowed and passed directly to the scanning module URL filters have no effect deny The request is blocked by WebGate tunnel The data will be forwarded WebGate will not interfere with this transaction Avira AntiVir WebGate 78 Configuration Because the data will not be scanned the tunnel action should be used with caution 4 12 Proxy Configuration If WebGate is installed behind a proxy server Monitoring HTTP Traffic Page 18Network Configuration 2 or between two proxies then you need to configure the proxy to forward all requests to WebGate ie to use WebGate as parent proxy 4 12 1 Squid as Proxy Avira GmbH The following example shows the configuration of the squid proxy server To instruct squid to forward ALL requests to Avira AntiVir WebGate the following entries are necessary in the config file squid c
84. ries There should be no blanks in front of the option names otherwise you receive an error message If you don t specify DBodbcIni in etc avira avwebgate conf the library decides where to search for the odbc ini Avira AntiVir WebGate 55 Configuration The library might also use a different odbc ini file if the specified file exists but is not readable writable by the user WebGate is running as 5 Sample odbc ini This is an example of a minimal odbc ini file Please consult the documentation of your database driver for details on the available iJ options WebGate Driver usr lib odbc libmyodbc so Server hostname of my sql server User username Password password Database webgate WebGate The DSN used by WebGate Driver This is the path to the driver s library Server Database server User Username for accessing the database Password Username s password Database Name of the database to use 6 Enable database support in avwebgate conf Set DBSupport to YES in etc avira avwebgate conf 7 Test your ODBC setup You can use the tool avwg_ stats to check database connectivity The utility avwg_ Stats is started by WebGate when DBSupport and GuiSupport is enabled First of all avwg_stats parses the configuration file etc avira avwebgate conf for validation It is used by WebGate to log to the database and it is used by the SMC to get information from WebGate The client uses avw
85. rveDataSize 1 Default ReserveDataSize 1024 Size of the total data WebGate has to receive before trickling it to the client By default the size is specified in bytes An optional quantifier can be used to change this K M and G can be used for Kilobytes Megabytes and Gigabytes For example 1K will be equivalent to 1024 with no quantifier given Please keep in mind that TrickleDataSize must be lower than ReserveDataSize 4 7 7 Scan and Filter Settings BlockOnError Block Unsupported Archive WSlInitServer Avira GmbH BlockOnError Syntax BlockOnError Default BlockOnError YES YES NO Block files that cause processing errors when scanning them BlockUnsupportedArchive Syntax BlockUnsupportedArchive YES NO Default UJ lockUnsupportedArchive YES Block archives that can not be handled by the scanner WSInitServer Avira AntiVir WebGate 67 Configuration LocalFilter OnlineFilter Example WSInitServer debian home com 80 Default WSInitServer cobion avira com 80 This is the server used for the initialization of the Avira Web Access and Content Control library For this option to take effect a valid WebGate Suite license must be installed Normally there is no need to change this LocalFilter Syntax LocalFilter YES NO Default LocalFilter YES Controls the usage of local URL filter i
86. s about ICAP server integration in the ICAP Client documentation 4 4 Configuration Files This part describes the contents of Avira AntiVir WebGate configuration files e etc avira avwebgate conf Product configuration e etc avira avwebgate scanner conf Scanner configuration e etc avira avupdate webgate conf Updater configuration The program is provided with default values which are important for many procedures Some options can be deactivated with a at the beginning of the line commented or can be set with default values These can be activated by removing the character or by changing the values 4 4 1 Product Configuration in avwebgate conf This section provides a short description of the entries in etc avira avwebgate conf The settings affect only Avira AntiVir WebGate s behavior and no other Avira AntiVir programs They partly depend on the basic configuration on which WebGate has to run see Monitoring HTTP Traffic Page 18 Proxy Settings Contains settings that control the ports WebGate listens to and what type of connections are accepted With no configured options WebGate will only listen to HTTP connections Avira GmbH Avira AntiVir WebGate 25 Configuration HTTPPort FTPPort ICAPPort Max Connections Avira GmbH Port for scanning HTTP connections This sets the port on which WebGate responds to HTTP requests from Client or proxy computers There are various setups neede
87. sers and proxies send an error message if no data is received after a certain interval timeout WebGate may come to such timeout messages because of delays during large downloads and scanning In order to avoid timeouts WebGate offers the following possibilities The entries are given in seconds Ifthe Client is a browser WebGate sends an HTML progress page which is updated at regular intervals Refresh Interval Range minimum 0 maximum 3600 Example RefreshInterval 1800 Default RefreshInterval 0 e Ifthe option RefreshInterval is deactivated or the Client is not a browser temporary HTTP redirects are sent to the Client Thus the Client is cyclically redirected to a dynamic generated URL intercepted by WebGate in order to avoid the timeout Avira AntiVir WebGate 31 Configuration Redirect Redirect Interval Interval Range minimum 0 maximum 3600 Example Default RedirectInterval 1800 RedirectInterval 0 The above method does not work for all Clients When encountering prob lems use the KeepaliveInterval option to make WebGate send mes sages to the Client at certain intervals The value must be smaller than the one set in the Client or proxy server Keepalive Keepalive Interval Interval Range minimum 0 maximum 3600 Example Default KeepalivelInterval GU KeepaliveiInterval 30 WebGate sends extended header d
88. setting one of the following files is loaded in sequence from the default library path libodbc so 1 libodbc so libiodbc so Syntax DBodbcLib string Example DBodbchib path to odbc library DBodbcDataSource If you have enabled the DBSupport option the specified database is connected as the source Syntax DBodbcDataSource string Default DBodbcDataSource WebGate DBUpdateDelay If you have enabled the DBSupport option the statistics are recorded in the database at regular intervals You can enter the interval in seconds s minutes m or hours h If you set the value to 0 the default interval of 1 hour is Avira AntiVir WebGate 53 Configuration DBLogClean Requests used Syntax DBUpdateDelay timespan Default DBUpdateDelay 1h DBLogCleanRequests If you have enabled the DBSupport option requests considered as clean by WebGate are not added to the database by default This option allows you to change the default setting Syntax DBLogCleanRequests YES NO Example DBLogCleanRequests YES Default DBLogCleanRequests NO Database Setup Requirements Setup Avira GmbH This is a list of version numbers of MySQL servers MySQL ODBC drivers and ODBC driver managers which should be compatible MySQL 5 0 70 MySQL ODBC driver 3 51 11 iODBC 3 52 4 Before you enable database sup
89. t of scanned files clean Count of clean files alerts Count of malware found acl Count of blocked files by ACLs total_size Total size of traffic errors Count of requests which caused an error while pro cessing incomplete Count of requests which could not be scanned com pletely unsupported Count of requests which contained an unsupported compression method encrypted Count of requests with encrypted attachments extension Count of files whose names contained a forbidden extension limits Count of files which reached an archive limit while processing url_filter Count of blocked files by URL filters RTPS Web Cat WebProtector product The product s name WebGate hostname The value of MyHostName etc avira avwebga te conf If MyHostName is not set the value returned from gethostname If gethostname fails localhost Tunneled connections are not listed in the counter table Syntax AllowHTTPConnect YES NO Default AllowHTTPConnect NO Allows WebGate to establish a tunnel connection to any port allowed for HTTP if a CONNECT method request is received Avira AntiVir WebGate 61 Configuration ProgressAuto Send Progress Filesize Threshold ProgressHold Time ProgressHold TimeAfter GetFile Avira GmbH Use this option with caution WebGate does not check the data transferred over the tunnel connection Use Al lowHTTPSTunnel instead if y
90. t the number of simultaneous connections Avira AntiVir WebGate 26 Configuration Connection Settings HTTPProxy FTPProxy Settings for HTTP proxy server These settings work only for Network Configuration 1 For the installation before a proxy server WebGate needs the following information e HTTPProxyServer Name or IP address of the proxy server e HTTPProxyPort The port for the proxy server range is between 0 and 65535 TTPProxyUsername HTTPProxyPassword Login and password for proxy server if needed Example TTPProxyServer hostname ip TTPProxyPort 3128 TTPProxyUsername usernam TTPProxyPassword password Default NONE Settings for FTP proxy server If WebGate serves as FTP proxy see FTPPort option range is between 0 and 65535 you can set a parent proxy for FTP connections Range minimum 0 maximum 65535 Example FTPProxyPort 2121 Default FTPProxyPort 21 Environment settings User Group ScannerListen Address Avira GmbH Switching to users and groups After starting WebGate can switch to other user and group for running its process WebGate should not run as root Enter the user and group IDs which WebGate should assume after start and thus turning in the root permissions Default User nobody Group antivir WebGate must first start as root If you want to change this parameter you must specify the values for User and Gr
91. ter WebGate will be installed If you have also installed Avira AntiVir UNIX Server or Avira AntiVir Professional Q UNIX and you use the Graphical User Interface to configure and operate these products please note that the GUI is not compatible with the current versions starting with version 3 of Avira AntiVir UNIX MailGate and Avira AntiVir UNIX WebGate 3 2 Getting the Installation Files Downloading the Installation Files from the Internet gt Download the current version file from our Website http www avira com en support download avira antivir webgate on your local computer The file name is antivir webgate prof tgz gt Save the file in a tmp folder on the computer on which you want to run WebGate Avira GmbH Avira AntiVir WebGate 11 Installation Unpacking Program Files gt Go to the temporary directory cd tmp gt Unpack the AntiVir archive tar xzvf antivir webgate prof lt version gt tar gz D in the temporary directory will then appear antivir webgate prof lt version gt 3 3 Licensing You must have a license for AntiVir WebGate in order to use the program see Licensing Concept Page 8 The license comes in a file named hbedv key This license file contains information regarding the range and period of the license Purchasing the License gt You can request a 30 day Test License for Avira AntiVir WebGate from our website www avira com D You will receive the license file by
92. the access control rules are evaluated so an URL tunneled using these rules will not be blocked regardless of the category it falls into Both the Avira URL Filtering library and the Avira Web Access and Content Control library will only block a page based on the URL If a request is made to an IP address eg http 209 85 135 103 it will not be blocked by the library The categories WebGate will block are specified as a list of numbers using the BlockCategories in the configuration file The list containing all the available categories and their corresponding numeric value is Numeric Value Category 0 Pornography 1 Erotic Sex 2 Swimwear Lingerie 3 Shopping 4 Auctions Classified Ads 5 Governmental Organizations 6 Non Governmental Organizations 7 Cities Regions Countries 8 Education 9 Political Parties 10 Religion 11 Sects 12 Illegal Activities 13 Computer Crime 14 Political Extreme Hate Discrimination 15 Warez Hacking Illegal Software 16 Violence Extreme 17 Gambling Lottery 18 Computer Games 19 Toys 20 Cinema Television 21 Recreational Facilities Amusement Theme Parks 22 Art Museums Memorials Monuments 23 Music 24 Literature Books Avira AntiVir WebGate 70 Configuration Num
93. to the scanner If set to 0 then the persistent connections pool is disabled and a new connection to the scanner is created with each request The persistent connections pool maintains a number of open connections to the scanner to speed up the scanning process by eliminating Avira AntiVir WebGate 51 Configuration the need to create and close a connection for each request This is strongly related to the PoolScanners option in avwebgate scanner conf which determines how many connections the scanners accepts WebGate will attempt to create the configured number of connections If PoolScanners is smaller or not all the scanner connections are available another process is using some of them then as many connections as possible are created 4 7 2 Database Support Alerts logged WebGate support logging statistics to a database For details on how to set up the database and other requirements see Database Setup Requirements The database consists of two tables called alerts and counter Alerts contains information about WebGate s alerts Depending on the settings of the DBLogCleanRequests parameter the alerts table may also contain information about all requests Counter contains WebGate specific statistics for a quick look up e status scan flags ACL blocked the filter that blocked the request or clean and tunneled if this is the case e url e alert_url e alert name e action blocked allowed tunneled qu
94. tp dll pro antivir de http dl12 pro antivir de http dl3 pro antivir de master file Specifies the master idx file master file idx master idx Installation directory Avira AntiVir WebGate 41 Configuration temp dir Specifies the installation directory for updated product files install dir usr lib AntiVir Temporary Direetcory Temporary directory for downloading update files temp dir tmp avira_update webgate Setting update email reports mailer smtp notify when email to Avira GmbH All reports on AntiVir updates are sent to the email address given in avupdate webgate conf Emails Emails can be sent via smtp engine or using sendmail Syntax mailer string Example mailer sendmail Default mailer smtp SMTP connection Authentication for smtp connection Activate the auth method option and then provide the smtp server port user and password auth method password smtp user lt your_ username gt smtp password lt your password gt smtp server lt servername gt smtp port 25 Notifications There are three situations to set for email notifications e O no email notifications are sent e 1 email notifications are sent in case of successful update unsuccessful update or up to date e 2 email notification only in case of unsuccessful update e 3 email notification only in case of successful update default Example notify when 1
95. webgate to usr lib AntiVir webgate avupdate webgate done Would you like to setup Scanner update as cron task y gt Type Y if you want to create these cron tasks Then eventually select the interval to check for updates Please specify the interval to check Recommended values are daily or 2 hours available options d 2 gt Type Enter if you want to check for updates every 2 hours or type d if daily Then the script asks if you want to check for product updates once a week creating Scanner update cronjob done Would you like to check for WebGate updates once a week n gt Type Y if you want to create this task Avira GmbH Avira AntiVir WebGate 14 Installation The next step of the installation process is installing the main program creating WebGate update cronjob done setup internet updater complete 3 installing main program copying doc antivir_webgate_en pdf to usr lib AntiVir webgate done copying bin linux_glibc22 avwebgate bin to usr libAntiVir webgate done The program is installed Then you are asked if you want to create a link to avwebgate and if the Updater should be automatically activated at system start Would you like to create a link in usr sbin for avwebgate y linking usr sbin avwebgate to usr lib AntiVir webgate avwebgate done Please specify if boot scripts should be set up Set up boot scripts y gt Co
96. y WebGate 4 1 Monitoring HTTP Traffic WebGate can scan the entire incoming and outgoing HTTP traffic for viruses and unwanted programs It can even scan the web based FTP transfers FTP over HTTP WebGate works with the existing proxy servers and supplements them but it can also be set as stand alone HTTP proxy Depending on the network and configuration there are more possibilities for setting Avira AntiVir WebGate as guard between the Client computer and the Internet In all these cases the user does not have direct connection to the Internet but through WebGate There are three different configurations e WebGate without Proxy Server Network Configuration 0 Page 19 e WebGate between Client and Proxy Server Network Configuration 1 Page 19 e WebGate between Proxy Server and Internet Network Configuration 2 Page 21 a If you set ports under 1024 during configuration you have to run WebGate as root WebGate without Proxy Server Network Configuration 0 If there is no proxy server WebGate stands between Clients and the Internet It can be installed directly on Clients or on another computer Avira GmbH Avira AntiVir WebGate 18 Configuration WebGate directs the Clients enquiries to the Internet and scans the answer from the Internet The access to infected files from a Website is blocked and only not infected files are forwarded to the Client From the Client s point of view WebGate is functioni
97. ystem 4 Configuration Directions for optimum setting of Avira AntiVir WebGate on your system 5 Operation Working with Avira AntiVir WebGate Reactions when detecting viruses and unwanted programs 6 Updates Running manual or automatic updates 7 Service Avira GmbH Support and Service 8 Appendix Glossary of technical terms and abbreviations Golden Rules for Protection against Viruses 1 3 Signs and Symbols Avira GmbH The following characters and symbols are used in this manual Symbol Meaning vi placed before a condition which must be fulfilled prior to performing an action gt placed before a step which has to be completed e placed before an event resulting directly from the previous action placed before an alert warning of critical data loss placed before a particularly important piece of information for example relating to steps being carried out LU or hardware damage denotes a tip facilitating the understanding and operation of the Avira AntiVir WebGate For improved legibility and clear marking the following types of emphasis will also be used in the text Avira AntiVir WebGate 5 About this Manual Emphasis in text Explanation Ctrl Alt Key or key combination uasr lib AntiVir webgate avupdate Path and filename webgate ls usr lib AntiVir webgate User entries Choose component Select all

Download Pdf Manuals

Related Search

Related Contents

MRｰD710 取扱説明書  Nova Apostila Curso CLP S7 200  Viggia 1.2 - Torniquetes  FMV-BIBLO FMV-BIBLO LIFEBOOK FM PenNote 内蔵モデム取扱  Whirlpool GR395LXG User's Manual  OWNER`S MANUAL MANUEL D`UTILISATION  MANUEL D`UTILISATION  Sea Gull Lighting 8834-12 Installation Guide  harvia XENiO COMBi  デジタル放送受信マニュアル（テレビ受診向上委員会）（PDF：1.45MB）  

Copyright © All rights reserved. Failed to retrieve file