Antivirus

From GWAVA Technologies Training
Jump to: navigation, search

The current build of GWAVA uses the Commtouch antivirus engine. Older versions used Kaspersky.

Contents

Commtouch

Level 1

Commtouch uses a definition based system to detect the presence of viruses.

Level 2

The Commtouch Anti virus engine will scan for viruses in 2 places, it will scan the body of a message for a virus and it will also scan each attachment for viruses. At the beginning of the scan of a message, you will see log statements that say if the message contains a virus or not. Example: 

  Virus signature engine classified message as a virus

If this line is present, you can continue through the thread and find the name of the virus detected, as well as the attachment that contained the virus. Example: 

  Scanning file for viruses
  Virus name: W32/Trojan3.FRQ
  Archive name: 
  Object name: /opt/beginfinite/gwava/services/gwava_agent_service_GWAVA Session/mimework/18vjt09.b
  Detection type: trojan
  Detection accuracy: Exact
  Antivirus engine located virus: W32/Trojan3.FRQ
  Virus detected

Kaspersky (deprecated)

Level 1

Older versions of GWAVA used the Kaspersky Anti-virus program to detect messages that have viruses. There are no configuration options.

Level 2

The Kaspersky bases are located in: 

  gwava/services/kav/kavlx/bin/bases or GWAVA/services/kav/kavwin/bin/bases

Kaspersky performs updates to its bases every hour. If there are new bases, they are downloaded and the Kaspersky program will reload its definitions to ensure that it has the latest definitions. This update is run by an hourly cron job on Linux or a scheduled task on Windows.

When GWAVA uses Kaspersky to scan a message, each attachment in the message will be scanned for viruses. If a virus is found, the name of the virus will be in the GWAVA logs. You should see something similar to the following: 

  KAV Scanning file for viruses
  KAV Antivirus engine scan result code: 1  (infected)
  KAV antivirus engine located virus: Trojan.Win32.Jorik.Xtrat.pld
  KAV Virus detected

Hands On

Using an external mail sender application, try to send a message to the GWAVA system that contains a virus. If using an SMTP scanner, you should receive a SMTP response that blocked the message because it contained a Virus.

Retrieved from "https://traininggwava.microfocus.net/index.php?title=Antivirus&oldid=1165"
Personal tools
Namespaces

Variants
Actions
Home
Exchange
GroupWise
JAVA
Linux
MTK
Retain
GW Monitoring and Reporting (Redline)
GW Disaster Recovery (Reload)
GW Forensics (Reveal)
GWAVA
Secure Messaging Gateway
GW Mailbox Management (Vertigo)
Windows
Other
User Experience
Toolbox
Languages
Toolbox