Kaspersky Anti-Spam 3.0 MP1 CF3 (3.0.284.1) RELEASE NOTES ============================================================================== Version released on: 17.07.2008 Table of Contents: * What's new? * Fixed Problems * Product Overview * System Requirements * Product Installation & Upgrade * Known Issues & Workarounds What's new? ------------------------------------------------------------------------------ The following improvements have been introduced since Kaspersky Anti-Spam 3.0 MP1 CF2 (3.0.278.4): * Added opportunity to launch the updates of content filtration databases with the interval of 3 minutes and 10 minutes. On update servers only top priority databases of small size are renewed with high frequency (once in 5 minutes). Traffic volume with updates using the interval of 3 minutes increases approximately by 80% compared to the traffic when 20 minutes intervals are used. The settings can be configured in the Control Center. * Fully qualified domain name of the host is transferred in requests to SURBL services that support such mode. Fixed Problems ------------------------------------------------------------------------------ The following problems have been fixed as compared to Kaspersky Anti-Spam 3.0 MP1 CF2 (3.0.278.4): * List of DNSBL services is subdivided into custom list (maintained by users) and the default list (renewed with updates). There is an opportunity to disable the default list. The settings can be configured in the Control Center. * Accumulation of open system descriptors in kas-milter client module has been fixed. * Fixed incorrect behavior including termination with an error of the ap-spfd module (the module checking sender's IP address using SPF). * Possible termination with an error while processing certain documents in Microsoft Office Word format has been fixed. * Incorrect analysis of the maximum message size in the kas-milter client module has been fixed. * Redundant requests to SURBL services have been fixed. * Detection of URL links in message text has been improved. * Fixed 100 % CPU load by the kas-pipe client module in cases when the client application performs emergency termination of the transmitting connection. * Fixed termination of the filtration process with an error when there are a lot of members in the filtration policy group. * Fixed the kas-qmail module behavior during processing of messages with a lot of recipients. * Fixed problems in processing of the signal to restart filters. * Fixed possible accidental removal of the last message header by the kas-pipe client module. * Updated the documentation section on "Third party software". Product Overview ------------------------------------------------------------------------------ Kaspersky Anti-Spam 3.0 is a software suite filtering e-mail in order to protect mail system users from unwanted mass mail (spam). Kaspersky Anti-Spam uses administrator-defined rules to process received messages accordingly. Namely, it delivers a message without modifications, blocks it, generates a notification informing that a message could not be received, adds or modifies message header and performs other actions specified by the administrator. The application checks every e-mail message for the presence of signs indicating unsolicited mail (spam). First, it checks various message parameters: the sender's and recipient's addresses (envelope), message size and its various headers (including From and To). In addition, the application runs the following checks as a part of its analysis procedure: * a check of message sender's address (e-mail and/or IP address) using black and white lists; * the presence of the sender's IP address in a specified DNS-based real time black hole list (DNSBL); * availability of a DNS record for the sending server (reverse DNS lookup); * a check of the sender's IP address for compliance with the list of addresses allowed for a domain based on the Sender Policy Framework (SPF)); * a check of addresses and links to sites in message text using the Spam URI Realtime Blocklists (SURBL) service. Second, the application employs content filtration, i.e. it analyzes the actual message contents (including the Subject header) and attached files. The application uses to that effect linguistic algorithms based on comparison with sample messages and search for typical terms (words and word combinations). In addition, the application uses internal Urgent Detection System technology providing access to the data of spam analysis laboratory in real time. Kaspersky Anti-Spam also scans attached images comparing them to the signatures of known spam messages. Comparison results are also taken into account when the application decides whether a message should be identified as spam. Messages with certain signs of unsolicited mail will be processed in accordance with the defined filtration policy. The administrator can configure the applicable filtration policy using the web-based Control Center interface. System Requirements ------------------------------------------------------------------------------ Hardware requirements: 1. Minimum requirements: * Intel Pentium III 500 MHz processor or higher. * At least 512 MB of available RAM. 2. Recommended requirements: * Intel Pentium IV processor running at 2,4 GHz. * 1024 MB of available RAM. Software requirements: 1. Supported operating systems: * Red Hat Linux 9.0 * Fedora Core 3 * Red Hat Enterprise Linux Advanced Server 3 * SuSe Linux Enterprise Server 9.0 * SuSe Linux Professional 9.2 * Mandrake Linux 10.1 * Debian GNU/Linux 3.1r0 * FreeBSD 5.4 * FreeBSD 6.2 2. Supported e-mail systems: * sendmail 8.13.5 with Milter API support * postfix 2.2.2 * qmail 1.03 * exim 4.50 * Communigate Pro 4.3.7 3. Required software: * Installed bzip2, which and ed utilities. * Perl interpreter. Product Installation & Upgrade ------------------------------------------------------------------------------ Installation from scratch (if there is no previous product version installed on host): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Kaspersky Anti-Spam 3.0 is distributed in several installation packages: * .rpm package for most versions of the Linux operating system (Red Hat, SuSe, Mandrake, Fedora, etc.). To install the product, enter the following in the command line: # rpm -i kas-3-3.0.283-0.i386.rpm * .deb package for Debian Linux. To install the product, enter the following in the command line: # dpkg -i kas-3-3.0.283-0.i386.deb * .tbz packages for the FreeBSD 5.4 and FreeBSD 6.2 operating systems. To install the product, enter the following in the command line: # pkg_add kas-3-3.0.283-0.tbz Having installed the filtration server, install the license key and integrate the mail system being used with Kaspersky Anti-Spam. Your license key matching the purchased license is bundled together with the distribution package of Kaspersky Anti-Spam. If for some reason you have no license key, contact the Technical Support service of Kaspersky Lab (http://www.kaspersky.com/helpdesk.html). In order to install a license key, enter the following in the command line: # /usr/local/ap-mailfilter3/bin/install-key If a license key has not been installed or the installed key is invalid, Kaspersky Anti-Spam will not filter mail. Mail system performance will not be affected; its e-mail traffic will just be transferred without analysis. Kaspersky Anti-Spam integration with host mail system is accomplished by installation of a client plug-in module into that mail system and by addition of necessary modifications into configuration files. These actions are carried out automatically by the universal configuration script. If integration using the universal script is impossible (e.g., when the mail system has a non-standard configuration) you can use to that effect either configuration scripts of that specific e-mail system or configure it manually. Please refer to the appendix of Kaspersky Anti-Spam Administrator's Guide for details about applicable methods for integration of client plug-in modules into each of the supported mail systems and about the changes introduced into their configuration files. In order to integrate Kaspersky Anti-Spam with the mail system installed on your server, run the universal configuration script: # /usr/local/ap-mailfilter3/bin/MTA-config.pl The script will identify the type of the mail transfer agent (MTA) and add necessary changes to its configuration files. Correct integration with Qmail is possible only if Qmail uses the qmailq account and the qmail group (used by default). Kaspersky Anti-Spam integration with Exim (using the kas-exim client plug-in module) and with Communigate Pro has to be performed by the administrator manually. Detailed descriptions of peculiarities for each of the client modules and available integration methods can be found in the Kaspersky Anti-Spam Administrator's Guide included into the package. Upgrading an earlier version (Kaspersky Anti-Spam 2.0): - - - - - - - - - - - - - - - - - - - - - - - - - - - - * The recommended method is to remove Kaspersky Anti-Spam 2.0 integration with the host mail system and uninstall Kaspersky Anti-Spam 2.0 in accordance with its Administrator's Guide with a subsequent installation of Kaspersky Anti-Spam 3.0 as described above. * Users who only wish to test Kaspersky Anti-Spam 3.0 evaluating it for a short while (with an opportunity to return to the previous Kaspersky Anti- Spam/SpamTest 2.0) can install Kaspersky Anti-Spam 3.0 together with Kaspersky Anti-Spam/Spam Test 2.0. Default settings of version 3.0 (installation paths, names of its scripts, used sockets) do not conflict with the defaults of version 2.0. Thus, you can install Kaspersky Anti- Spam 3.0, configure it and then replace the old tcp:127.0.0.1:2255 address in the configuration files of version 2.0 client modules with the new tcp:127.0.0.1:2277 address. To revert to the original system state and resume using Kaspersky Anti-Spam 2.0, it will be sufficient to return the old address. This upgrade method can only be used as a temporary solution. If you are satisfied with the operation of Kaspersky Anti-Spam 3.0, it is strongly recommended to perform complete integration with Kaspersky Anti- Spam 3.0. Updating earlier builds of Kaspersky Anti-Spam 3.0: - - - - - - - - - - - - - - - - - - - - - - - - - - There is no provision for automatic upgrading of earlier Kaspersky Anti-Spam 3.0 builds, therefore we recommend the following: * Reverse integration of the earlier version with the host mail system. If no changes have been added since the original integration, you can de- integrate Kaspersky Anti-Spam by running the following script: /usr/local/ap-mailfilter3/bin/MTA-unconfig.pl If the configuration files of the host mail system have been modified, you should reverse integration manually in accordance with the Administrator's Guide of the installed Kaspersky Anti-Spam build. * Delete the kas-3 package using the method described in the Administrator's Guide of the installed Kaspersky Anti-Spam build. * If necessary, delete the /usr/local/ap-mailfilter3 directory: rm -rf /usr/local/ap-mailfilter3 * Then install the kas-3 package using the method described in the Administrator's Guide from the application package. Update using a package of modified executable files: - - - - - - - - - - - - - - - - - - - - - - - - - - Additionally, an updating package of modified executable files kas-3.0.284.1-upgrade.tgz is provided. If you use this package, the product installed on your computer have identical features with Kaspersky Anti-Spam 3.0 MP1 CF3 except that the records in the system log of installed software will contain information about the build of Kaspersky Anti-Spam 3.0 installed earlier. In order to use the update package, unpack archive kas-3.0.284.1-upgrade.tgz using command tar xfz kas-3.0.284.1-upgrade.tgz and run update script upgrade.sh in folder kas-3.0.284.1-upgrade that will be created. If the scrip is executed successfully, all modified executable files will be saved and a backup copy of all modified files will be saved to the current folder as archive kas3-backup.tgz. If you are using a Communigate Pro e-mail system, it has to be restarted after completion of the upgrade script. General Issues & Workarounds ------------------------------------------------------------------------------ * Correctness of certain parameters in filter.conf is not validated or is validated too strictly. * When Kaspersky Anti-Spam 3.0 is installed and running on the same server with Kaspersky Anti-Spam 2.0 or Kaspersky Mail Gateway 5.5, any restart of the filtering processes (ap-mailfilter) by the kas-restart script or the Control Center will cause an attempt to restart the filtering processes of Kaspersky Anti-Spam 2.0 and Kaspersky Mail Gateway 5.5 as well. However, the actual restart of the processes belonging to other products is impossible. Consequently, the corresponding warnings will be displayed; they should be ignored. * For kas-qmail with parameter ClientOnError set to reject action temporary fail will be displayed in the smtp session during processing of the filtering errors. * Mandrake package does not include text line editor ed, therefore script /usr/local/ap-mailfilter3/bin/enable-updates.sh does not include UDS on this operating system. You should either install ed before installation of Kaspersky Anti-Spam 3.0 or turn on UDS separately using the Control Center or manually by editing configuration file /usr/local/ap-mailfilter3/etc/filter.conf. * Changes to the configuration of the filtration master process made in Kaspersky Anti-Spam Control Center are not applied automatically. The filtration master process has to be restarted. * Kaspersky Anti-Spam Control Center does not display syslog-ng messages correctly. * The option of downloaded updates retranslation is not available.