IKARUS gateway.security User Manual
Contents
1. Attribute Name Description Type authldapbinddn DN for user Specifies the DN name to be used for authentication String authldapbindpassword Password The password for LDAP authentication Password Page 27 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software authldapurl LDAP URL The LDAP URL as defined by RFC 2255 Sil ig 3 3 1 19Automated e mails API path config global messenger Configuration file location M ESS ENG ER If gateway security has to send e mails e g for alerting this section contains settings for mail delivery Attribute NEIG Description Type smtpserver Mail server Mail server to be used String systemadmin Sender address Sender address used for automatic e mails EmailAddress 3 3 1 20Paths API path config global paths Configuration file location Global settings for gateway security Attribute NEG Description Type quarantinepath Quarantine path Folder to store malicious mail attachments or SPAM mail Path storepath DB files path Folder for storing database files Path tmppath Tempor2. 3 3 1 43 Routes API path config services smtp routes lt route name gt Configuration file location SMTP ROUTES route name Routes are used to apply certain actions on traffic coming in from or going out to a defined network They are checked in order against the current connection The first matching route is used and its settings are applied for the connection Attribute NEG Description Type client_ip Client IP mask Client IP address or mask Subnet direction Direction Makes a Route inbound outbound or standard bidirectional forwarding Action Determines how e mail is routed greylist Greylisting Activate deactivate greylisting Flag host forward Host E mail is forwarded to this host if forwarding String is static ldap LDAP Identify mailbox to be routed by an LDAP String string mailbox file Mailbox File File containing a list of domains or e mail Path addresses The path can be either absolute or relative to the application folder scan rule Scan setting Scan rules allow for handling mail content in an elaborate way to identify mark and handle malicious mail content or SPAM spfl SPF1 Enable disable Sender Policy Framework Flag Page 37 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT1420
3. Page 55 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type Netware Printing Image Img Software Set Bitmap Image Img Software Set Image Image Amiga Icon Image JFIFF Image Image JPEG LS Image Image JPEG Network Graphic Bitmap Image JPEG Image Image LBM Image Image Lotus PIC Image Image MacPaint Bitmap Graphic Image Magick Image File Format Image Microsoft Paint Image Image PAT GIMP Image Image Unix Portable Bitmap Graphic Image PCX Image Image GIMP Image Image Unix Portable GrayMap Graphic Image PC Paint Bitmap Graphic File Image Autodesk Animator Pro Graphic Image Autodesk Animator Graphic Image Japan PI Image Image Autodesk Animator Polygon File Image PM Image Image Portable Public Network Graphic Image GIMP Image Image Unix Portable PixelMap Graphic Image Adobe Photoshop File Image Quick
4. For example msg ObjectIsReferenced WiSxeueewns g PermissionRule For domain specific errors the return code qualifier and the parameters are given in this documentation As mentioned above in this case the HTTP status is always considered 432 5 4 Session handling and authentication This section describes how login and logout of a user are handled 5 4 1 Login The API access requires authentication through user credentials username and password For authentication the client must support cookies The user identifies herself through the following POST request POST api login Content Type application x www form urlencoded username amp password The credentials of the user are returned as response Page 73 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software ZI0ONOR Content Type application json username so c current user rights write locked read write or write locked Meee lockecWg 2 only existing if rights write locked Moser 9 Vaio locking user imei a Wiley 001W Gi Ie acddeosa maich lhochkime user logged aum Erem 5 4 2 Logout The API access dele
5. gt C fi amp baps login IKARUS gateway security User name Password Sign in IKARUS Security Software GmbH ome Terms amp conditions About Contact Because of IGS using a self signed certificate by default browsers normally point out that access to the site is considered unsafe To avoid this warning place an authorized certificate file webapi crt and the corresponding private key file webapi key in the folder con cert After logon the user is shown an overview about the server s status Page 8 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Di IKARUS gateway security X gt C fi Gr bam serverinformation Sola security software Logged in as root Server information Web services Version 3 36 7 0 Permissions Host Network rules Operating system Linux 2 6 32 431 x64 Last start Thu 1 Jan 2015 01 22 57 0100 E Mail services SMTP server Updates TSMTP proxy POP3 proxy Last check for updates Fri 9 Jan 2015 13 26 30 0100 IMAP proxy Last update Fri 9 Jan 2015 10 45 49 0100 NNTP proxy Scan settings 7 Modules T3 version 1 8 6 0 V
6. Sets the database size on the disk Use the postfix K M or DataSizeWithUnit G without blank as unit Whenever this amount is exceeded the oldest 5 percent of data gets deleted Oldest here refers to the insertion date rather than the recording date Therefore imported data might be the last one to be deleted and gaps may occur in the timeline 3 3 1 31Auto report API path config reports autoreporting lt autoreporting name Configuration file location AUTOREPORTING autoreporting name Automatic report generation Attribute Name Description Type days_month Days of Report is sent on the given list of days of month Array DaysOfMonth month Days of month start with 1 days_week Days of Report is sent on the given list of weekdays Days Enum DaysOfWeek week of week start with 1 email E Mail List of e mail addresses that receive the Array EmailAddress automated report http_reports HTTP List of HTTP reports to be automatically generated Array HttpReport Reports period Period Report is sent on selected days every month or week month week smtp reports SMTP List of SMTP reports to be automatically Array SmtpReport reports generated time Time Time to send the report on the selected days Time format 24h based HH MM 3 3 1 32HTTP report API path config reports http reports lt http report name gt Configuration file location REPOR
7. and a port number Password Password Path A valid file system path expression Either backslash or slash may be used as separator PermissionSetMask Permission set mask Port Port SmtpReport SMTP report SpamLevel A decimal number between 0 0 and 10 0 String A string Subnet Subnet Time Time Timespan Timespan URL URL 3 3 3 Enumerations 3 3 3 1 AlertEventFlags Alert event Literal Description error Error Page 40 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software license License is about to expire lowdiskspace Disk space is low update VDB UDB SDB database is updated vdbupdate Update VDB virusfound Malware detected 3 3 3 2 AlertType Defines the way how to inform about an alert Literal Description email Inform about alert by email logfile Write alert event to log file only 3 3 3 3 AttachmentFilterListPriority Literal Description black Check for black listed files first white Check for white listed files first 3 3 3 4 AutoReportingPeriod Interval Literal Descri
8. 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software 3 3 3 23ReportShapePie Pie Literal Description empty Empty fill Filled slice Sliced 3 3 3 24ReportSmtpFilterDetail Detail Literal Description grey Greylisted ham HAM pspam Possible SPAM Spam SPAM spf SPF 3 3 3 25ReportSmtpFilterDirection Direction Literal Description all In and outbound in Inbound out Outbound 3 3 3 26ReportSmtpFilterFlagGroup Filter Literal Description all All blocked Blocked details Details infected Infected 3 3 3 27ReportSmtpFilterGroup Report type Page 47 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Literal Description all Display non grouped data all mailbox param Display data grouped by mailboxes top mailbox Display data grouped by mailboxes and ordered descending by
9. Chart type or table height Height Height of diagram Integer shape_bar Bar Style of bar chart Enum ReportShapeBar shape_pie Pie Style of pie chart Enum ReportShapePie smtpreportfilter Filter Set of criteria to determine which data and how they should be reported text_bottom Text at Explanatory text to be displayed below the String bottom report text_top Textattop Explanatory text to be displayed above the String report title Report title Report title String width Width Width of diagram Integer 3 3 1 34E Mail services API path config services Configuration file location Page 33 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software IKARUS gateway security offers services for different kinds of TCP protocols They can be grouped into Web services handling HTTP S and FTP requests and Mail services which handle SMTP IMAP POP3 and NNTP protocols 3 3 1 35FTP proxy API path config services ftpproxy Configuration file location FTP_PROXY The FTP service Attribute NEG Description Type anonymous password Anonymous Password used for anonymous FTP Password
10. remote manager user name Settings for Remote Manager users Attribute AELG Description Type allowip Allowed IPs Host Networks from which the Remote Manager can be Array Subnet connected rights User Specifies whether the user has the permission to modify the permissions configuration or only is granted read only access 3 3 1 29Web API server API path config remotemanager webapiserver Configuration file location WEBAPI SERVER Settings for the REST Interface and the Web GUI Attribute Name Description listen Listener Listener for the REST API and the Web Interface By default Array IpWithPort Port 443 is used 3 3 1 30Reporting API path config reports Configuration file location REPORTS Settings for reporting features If reporting is not enabled no information is logged As a consequence no data is available from the time on when the reporting was disabled Attribute Name Description enable Enable Enables disables reporting Flag reporting Page 31 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software size maxsize Maximum
11. BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 4 10Commands In this documentation request data sent by the client are preceded by gt Response data coming from the server start with lt 4 10 1 Commands for all modes QUIT Close the connection No response SNMP lt host gt Return data concerning the HTTP session similar to the SNMP protocol If host is provided the command is redirected to the IGS running on this host 332 Transmitting values NAME VALUE PAIR LIST 230 Transfer complete 430 Transfer aborted 530 Error connecting to Remote Manager A A A A A A 4 10 2 Commands for anonymous connection ANON GUIVERSION lt major minor patch gt Switch to configuration center mode providing the version number of the CC used lt 231 lt major minor patch gt is compatible 4 531 lt major minor patch gt required LOGIN username password Switch to authorized mode Preconditions The command GUIVERSION or TMGVERSION must have been sent before lt 230 Logged in lt 530 Not logged in authentication failed lt 503 Bad sequence of commands requires GUIVERSION TMGVERSION READ GUISETUP Get the CC setup file provided by the GS Preconditions The command GUIVERSION must have been sent before lt 330 filesize suggested filename Transmitting binary data BINARY
12. case LT read l auth passwd Remark Mandatory configuration fields must be provided through the request content Possible error codes ReferenceNotResolved ValidationFailed MandatoryFieldMissing 5 5 3 Update data Change existing data Request POST api config global Content Type application json quarantine path new quarantine Melologll leg s 4 Wines Gilzoliz WS Hues qghisseubzewg WW timespan day Possible error codes ReferenceNotResolved ValidationFailed MandatoryFieldMissing 5 5 4 Delete data Example Delete an existing user Request DELETE api config remotemanager users user to be deleted Possible error codes ObjectIsReferenced 5 6 Non configuration data and commands 5 6 1 Import license file Request Page 75 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software POST api info ikkey Content Type multipart form data lt license file content gt Possible error codes LicenseNotInstalled 5 6 2 Delete license Request DELETE api info ikkey lt serial number gt Possible error codes LicenseNotFound 5 6 3 Get license list Retrie
13. 2 Restart the service MTM 80 5 7 3 Initiate reloading of licenses AEN 80 5 7 4 Clean outdatedlicenses ii 81 5 7 5 Check LDAP Authentication m IE EA aaacasa 81 Page 4 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Preface The IKARUS gateway security IGS is a software running on a server to protect your network against several threats from external networks It serves as a gatekeeper for different kinds of malware and spam mail and supports fine tuned access control to your network IGS can work as a transparent proxy for the TCP protocols that are mostly used Furthermore for mail protection it may also act as a Mail Transfer Agent MTA Key Features include e Malware detection for web and e mail protocols e Access control to the internal network e Detailed access control to web resources from external networks e Different ways of authentication including LDAP and NTLM Kerberos e Fully automated incremental update for all components e Comprehensive logging of activities and security incidents e Automated and manual reporting functionality e RESTful API In
14. DATA connection reset on error 230 Transfer complete Error codes lt 530 Setup not available STARTTLS Activate TLS encryption for the current connection This works the same way asfor SMTP For more details please refer to RFC 3207 lt q 220 Ready to start TLS Page 65 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software gt initialize client side SSL 4 10 3 Commands for connection from localhost LOCAL LICENSE command Manage license If no command is provided RM responds lt 501 Syntax error in parameters or arguments LICENSE ADD Add a new license and reload the license store Return the current license status lt q 331 Receiving text end with lt CR gt lt LF gt lt CR gt lt LF gt gt DOT ENCODED TEXTLINES lt 230 A valid license is installed Error codes lt q 532 ReturnValue GetBestLicense is current License Status LICENSE CLEAN Remove all licenses that have already expired 230 Cleaned outdated licenses LICENSE DELETE serial Remove the license with the serial key provided lt 230 Specified license was removed Error codes lt 4 501 Syntax error i
15. FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software use sid Use SID instead Use the SID of users or groups Flag of name instead of names 3 3 1 10Permissions API path config access permissions Configuration file location ACCESS PERMISSIONS Permission settings 3 3 1 11Permission set API path config access permissions permission sets lt permission set_name gt Configuration file location ACCESS PERMISSIONS permission set name A permission set consists of rules to match a requested web resource If the rules match the permission set yields the result whether the resource may be accessed or blocked Attribute NEIG Description Type encryptedfilebad Treat encrypted Tells whether an encrypted file should Enum FlagInherited files as malware be treated as malware by default extends Based on Other permission set where this permission set permission can inherit settings from mz filebad Treat executable Tells whether an executable file should Enum FlagInherited files as malware be treated as malware by default transferlimit Transfer limit Limit amount of data MB allowed to DataSizeWithUnit get transferred by client Only works in combination with a lock page 3 3 1 12Permission rules API path config access permissions permission sets permission set name urls p
16. Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software members Cluster Specify members of the cluster per IP address The Array IpOrHostname members current instance must be included The members must be able to reach each other on the specified addresses on TCP port 15639 3 3 1 15Globals API path config global Configuration file location Global settings 3 3 1 16Alerts API path config global alerts Configuration file location To inform the administrator about certain events messages can be created This may be log entries or an automatically generated e mail 3 3 1 17Alert API path config global alerts alerts lt alert name gt Configuration file location ALERTS lt alert name gt To inform the administrator about certain events messages can be created This may be log entries or an automatically generated e mail Attribute Name Description Type email E Mail address Recipient of the e mail alert EmailAddress event Events A comma separated list of events that trigger the Enum AlertEventFlags alert path Log file Relative path of the alert log file Path type Notification Defines the type of alert log entry or e mail type 3 3 1 18LDAP API path config global ldap Configuration file location ACCESS NETWORKS LDAP Settings for user authentication through LDAP
17. VIS features web mail 5 6 5 Export configuration file Request GET api info config Response s 200 OK Content Type text plain lt configuration file content gt 5 6 6 Import configuration file Request POST api info config Content Type multipart form data lt configuration file content gt Possible error codes ReferenceNotResolved ValidationFailed MandatoryFieldMissing 5 6 7 Import default configuration file Sets the session configuration to the default configuration Request POST api info config default 5 6 8 Commit changes to configuration file Commits the session configuration to the backend flushes the configuration to the hard disk and reloads the configuration Request POST api info config commit Possible error codes ConfigurationNotApplied 5 6 9 Get users list Returns a list of all users that have a password assigned Page 77 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Request GET api info password Response s ZOO MOK Content Type application json I oo Memesie 5 6 10 Set user password Request POST api info password Content Type applic
18. Vienna VAT ID ATU15191405 4KARUS security software 3 3 1 Configuration items 3 3 1 1 Configuration data API path config Configuration file location Configuration data for IKARUS gateway security 3 3 1 2 Web services API path config access Configuration file location ACCESS Settings for web services which handle HTTP and FTP connections Attribute NE TRIS Description Type browser lists Browser list Named list s of web browsers Array String contenttype lists Content List of content types Array ContentType type list file lists File list List of named lists of file name masks File Array File lists can be used as permission rule criterion url lists URL list Named lists of URLs Array URL 3 3 1 3 Landing page API path config access lockpage sl Configuration file location ACCESS LOCKPAGI Settings for landing pages Attribute Description session timeout Session Timeout Duration of landing page session Integer 3 3 1 4 Data collector API path config access lockpage datacollector Configuration file location ACCESS LOCKPAGE DATACOLLECTOR Settings for landing pages that support data collector forms Attribute NE TRIS Description Type confirm timeout Confirm Time for user to click confirmation link sec Integer Timeout confirm tries Confirm Tries Maximum tries for the user to fill out the form within the Inte
19. blocked 3 3 3 18ReportFilterInfected Infected Literal Description infected Infected notinfected Not infected 3 3 3 19ReportHttpFilterDetail Detail contenttype Blocked Contenttypes continent Blocked Continents country Blocked Countries infected Blocked Infections notinfected Not blocked permissionset Blocked Permission sets transferlimit Blocked transfer limit url Blocked URLs urlcat Blocked URL categories 3 3 3 20ReportHttpFilterFlagGroup Filter Literal Description all All blocked Blocked details Details 3 3 3 21ReportHttpFilterGroup Parameter to select predefined queries for reporting HTTP traffic Literal Description all Report the overall amount of traffic Page 45 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software all customers nwgroup param Customers in network group all customers subnet param Report traffic grouped by customers of the subnet passed as parameter all domain param Report traffic for domain passed as parameter all nwgroup param Report the traffic for
20. password connections enable Enable Enable disable the FTP proxy service Flag listen Listener The port and optional local IP where Array IpWithPort the FTP proxy service listens for client requests use_outgoing passive Use outgoing If your firewall blocks active FTP Flag passive connections which requires the server to open a connection to the proxy then turn on this option to use passive mode 3 3 1 36HTTP proxy API path config services httpproxy Configuration file location HTTP PROXY The HTTP service Attribute Name Description Type enable Enable Enable disable the HTTP proxy service Flag listen Listener The port and optional local IP where the HTTP proxy service Array IpWithPort listens for client requests 3 3 1 37IMAP proxy API path config services imapproxy Configuration file location IMAP PROXY The IMAP service Attribute Description enable Enable Enable disable the IMAP proxy service Flag Page 34 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software imap server port target server port imap server Default Default IMAP ser
21. supported for all product variants The update is processed by spupdate lt 230 supudate initiated lt 231 spupdate already running SERVICE RESTART Restart the service 4 230 Service restart initiated STATS Return the connections states Deliver information for each protocol about the number of active connections For HTTP the number of idle connections is shown too Protocols supported http ftp smtp recv smtp send smtp t pop3 nntp imap SUPPORTZIP See above WRITE CONFIG WRITE TEMPLATE lt name gt 4 10 6 READ commands For the procedure for READ commands is nearly always the same it is summarized here 1 The RM responds with a 33x status indicating the type of text to be returned 4332 Transmitting values 4333 Transmitting tree 4334 Transmitting message templates For some reasons the data may not be determined In this case the status 530 is returned plus a comment describing the error 4530 Error reading ih 2 This is followed by the content finished by the dot line 3 Atthe end normally the 230 status line is printed 4230 Transfer complete Some commands support a language parameter In this case the text may be returned in the given language If omitted or the text is missing in the given language English is assumed as a default READ CONFIG DEFAULTS Return the current configuration and information whether it is active or not Active means that the latest changes of the con
22. using the Administrative Tools 1 2 3 2 Linux On a Linux system the service is registered in the appropriate run levels It is managed by means of a script etc init d securityproxy stop etc init d securityproxy start etc init d securityproxy restart 1 3 File system structure This image provides an overview of the IGS program folder after the installation antispam anti spam plugin and database bin program files Coma configuration data licenses ikarust3 scanner and virus database image static content default HTML templates log log files mail temporary folder for mail to be scanned quarantine quarantine for infected files store database folder tmp temporary folder update temporary update folder The main configuration file is named securityproxy conf and can be found in the conf folder For a detailed description on the IGS configuration see section 3 1 4 User interface IGS comes with a browser based interface By default this interface can be accessed through HTTPS once the service is started Page 7 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Di IKARUS gateway security X
23. 11182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software target domain Target Domain or mail address of recipient Array DomainOrMail domain E mail address type Type Select how to define this route 3 3 1 44Scan settings API path config services smtp scansettings Configuration file location SMTP SCANSETTINGS Scan settings 3 3 1 45Scan rules API path config services smtp scansettings scansettings lt scan setting name gt Configuration file location SMTP SCANSETTINGS scan setting name Scan settings Attribute NEG Description Type attachmentfilter Attachment Settings for filtering e mail attachments based on the scanning attachments filenames spamfilter SPAM filter Settings for SPAM filter The IKARUS SPAM filter assigns a score to e mails depending on the subject content etc By defining the levels for SPAM and Possible SPAM different actions can be performed depending on the score virusfilter Malware Settings for classification and detection of malware For e detection mails both content and attachments are scanned 3 3 1 46Settings for outgoing emails API path config services smtp send Configuration file location SMTP SEND Settings for sending e mail Attribute Description max connections Max outgoing Maximum number of simultaneous Ma
24. 5 Method Not Allowed The given method is not supported for the URL provided Example An attempt was made to delete a configuration section Page 72 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 501 Syntax error in parameters Request could not be parsed correctly or the input data provided are or arguments malformed 5 3 1 Custom codes If a requests yields a domain specific error the status code 432 is returned This covers errors like validation violations unresolved references within the configuration or missing mandatory field In this case additional information must be present in the message body to give a human readable feedback to the end user Content Type application json ues Herros lirtsralt Jee mer Ae eet AE msg Literal for error message The corresponding message text may contain placeholders 0 1 etc which is be replaced by the parameters in the params array params Contains the parameter substitutions in the language identifier It is up to the API client to provide a localizable message text for each error literal msg api lt error literal gt
25. 91405 gt IKARUS security software no No yes Yes 3 3 3 10GreylistlgnoreType Permanent whitelist Type Literal Description domain Domain ipmask IP mask mail E mail 3 3 3 11LoglInterval Log interval Literal Description day Daily week Weekly 3 3 3 12NetworkAuthenticationType Authentication type Literal Description datacollector Works similar to landing page authentication The user is redirected to a web form After submission she receives an email containing a confirmation link for unlocking web access ldap The user is prompted for her credentials which are verified through an LDAP request lockpage At the first attempt to access the network the user is redirected to a page containing a link to grant access for the source IP address of the current connection negotiate The user authenticates through her domain account The authentication data are provided through the HTTP request proxy IKARUS gateway security allows for defining its own user credentials consisting of user name and password Once the user tries to access the network she is prompted for her credentials set No authentication is checked 3 3 3 13 NetworkRuleType Rule type Literal Description network group Network group Page 43 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 F
26. DB version 09 01 2015 10 06 56 90228 AntiSPAM version 1 0 67 SDB version 09 01 2015 04 58 00 5245 UDB version 09 01 2015 04 32 28 3784 License information License valid until 2016 01 20 Current Max users Unlimited license Log files Click the links to open the log files in a new tab Global Web E Mail Update IKARUS Security Software GmbH d Terms amp Conditions About Contact In the upper right corner there is the main menu 22020 0 0 0 The buttons from left to right provide access to the following features 1 Managing the IGS configuration see section 3 Page 9 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 2 Managing licenses log files restarting the server retrieving support info and importing or exporting the configuration file Generating reports see section 2 2 5 Displaying the activity monitor Undo changes Save changes Logout e EE lg On the left hand side a quick link menu gives access to the configuration of the features that are most commonly used Web services HTTP proxy FTP proxy E Mail services SMTP server TSMTP proxy POP3 proxy I
27. E Di Kaspersky Antivirus Key SS Reflection X Keymap MS SOL Server Transaction Log File Ss MSPaper E Language Shortcut Microsoft Access Module Windows SS Link File Winamp3 Compiled Script Maple Libraray n Microsoft Access Report Link File MS SQL Master Database Rational SS Rose Object Design Model E Microsoft Developer Studio Project iex Page 58 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Type Super type AIL Midi Driver iscellaneous MMF File iscellaneous Cygwin Messages iscellaneous Oracle 7 Data iscellaneous Oracle 7 Datafile iscellaneous Microsoft Installer Patch iscellaneous Microsoft Installer iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneou
28. Executables PE Itanium executable Executables PE System File Executables PE 64 bit opcode Executables PE corrupt file Executables PE Itanium executable Executables PE executable Executables PE System File Executables Visual Basic program native code Executables Visual Basic program p code Executables VxD driver Executables MZ Executable corrupt Executables Mach O executable file Executables Novell NetWare Executable Executables Win2k Loader Executable Executables x86 opcode Executables GERMAN ASCII Plain Text GERMAN ASC Image Graphic AnimatedImage Image 3D Studio Max Scene OLE Document Image 3D Studio Max Image Image 3DX Image File Image Computer Graphics Metafile Image Blender 3D Image Image Bitmap Image Image Corel Draw Image Image ComputerEyes Raw Image image Continous Edge Graphic Image Image Autodesk Animator Graphic Image ColoRIX Image Image Autodesk Animator Color Map Image Corel Texture Imag Image Microsoft Windows Cursor Image Microsoft Paintprush Image Image Device Independent Bitmap Graphic Image DPX Image Image AutoCAD Drawing Database Image AutoCAD Drawing Interchange Image Image Enhanced Windows Meta File Image Image Adobe Encapsulated PostScript Image Fractal Image Image FIG Image File Image Flexible Image Transport System image FlashPix Bitmap Image GIMP Image Image Prassi CD Image Image GIMP Image Image Handmade Software JPEG Image Image Imagic Film Image Image Windows Icon Image
29. Link II Fax Image Image CALS Image Image WaveFront RLA Image Image Utah Raster Toolkit Bitmap Image Image Standard Archive Format Image Image AutoCAD Shape Entities Image SPIFF Image Image Sun Icon Image Sun Raster Image Image TrueVision Image 256 Colors Image Tagged Image Format Image Autodesk Animator Tween Data Image VICAR2 Image Image XCF GIMP Image Image X PixMap Image Image X Window Dump Image Image Animated Cursor AnimatedImage Digital Video File Format AnimatedImage Shockwave File AnimatedImage GIF Image AnimatedImage Multiple Network Graphics Video AnimatedImage Silicon Graphics Movie AnimatedImage Apple QuickTime Movie AnimatedImage Page 56 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type MPEG 2 0 Video data AnimatedImage Microsoft Access 2000 2002 Document MS Access Microsoft Access 2 0 Document MS Access Microsoft Access 97 Document MS Access MS Excel 2 0 Document MS Excel MS Excel 3 0 Document MS Excel MS Excel 4 0 Document MS Excel MS Ex
30. MAP proxy NNTP proxy Quick links Scan settings Permissions Network rules When clicking on the first two menu entries sub menus show up for further selection Page 10 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Server information Globals Log files Remote Manager Internal authentications Clustering Web services E Mail services Reporting Server administration Licenses Configuration file Malware incidents Next to most buttons and input fields an icon can be found RI for displaying and hiding the documentation for the respective item Many section headings are preceded by an icon for collapsing and expanding the fields contained therein Page 11 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Clustering Enable clustering 3 Cluster members 7 Specify members of the clu
31. OIKARUS gateway security Version 3 40 Manual IKARUS Security Software GmbH Blechturmgasse 11 1050 Vienna Austria IKARUS Security Software GmbH www ikarussecurity com IKARUS security software Contents KEE eege eege eege degen 5 1 Quick Start guide UE 6 UM 0 RR 6 io Pl 6 1 2 1 Installation on Microsoft Windows Gvstems ssssssssrnreesssrerrrrnrtessrtntrnnntnssrrrnrnrnnnesent 6 1 2 2 Installation on Linux Systems La eege ctii ead haa de p RR a da dS RR ga A pn aua da RUE AR deene 6 1 2 3 Setting up the E 7 1 3 Fil S Sl Mm StItuClUIe 7 1A SSM Re 7 AEREA A 13 2 1 HOW IGS works canini iena ini alia ia eee iaia rio piantina 13 2 1 1 cls le o_o eil 13 2 1 2 EE 15 2 2 Seni ARR AA 16 2 2 1 Logging EN 16 2 2 2 Update m 17 223 dsermaunsdeieblli filiali 17 c Eo mec PL 17 22 9 PREPOMING pe 17 220 Necrologi iero 17 Bor pei 17 2 2 8 Management interfaces i 18 COM AUN E 19 3 1 Block response pages nennen nnn h nnn nnn nssnnnnn irn h nnne ness s nnns inn nnis 19 3 1 1 Configuring block response pages nennen nenne nennen neris 20 Lm MEN plo RR RR A RR 20 3 22 Config ration ASUS laica 21 3 3 Configuration Ritira adire 21 3 3 1 Configuration items asia adi 22 30 2 RER e lalla 39 393 EMME NE 40 3 4 Content pelli a
32. TS lt http report name gt List containing all HTTP reports Attribute Name Description Type chart Chart Chart type or table type height Height Height of diagram Integer httpreportfilter Filter Set of criteria to determine which data and how they should be reported Filter groups Page 32 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software allow for narrowing selected data for analysis The total of all flags within a filter group is always 100 shape_bar Bar Style of bar chart Enum ReportShapeBar shape pie Pie Style of pie chart Enum ReportShapePie text_bottom Lower Explanatory text to be displayed below the String label report text_top Upper Explanatory text to be displayed above the String label report title Report Report title String title width Width Width of diagram Integer 3 3 1 33SMTP report API path config reports smtp reports lt smtp report name gt Configuration file location REPORTS lt smtp report name gt List containing all SMTP reports Attribute Name _ Description chart Chart type
33. U15191405 IKARUS security software If a rule yields denied access is forbidden and no further checks are necessary 2 1 1 2 Permission sets The permission set selected by the network rules consists of a list of permission rules each of which consists of several criteria and a result saying deny or allow Like the network rules the permission rules are processed by priority and the first matching rule applies 2 1 1 3 Selecting permission sets Depending on the authentication type see 3 3 3 12 of a network rule placeholders might be used for selecting permission sets by means of so called permission set masks These placeholders are replaced by current connection parameters to determine the permission set to apply This allows for defining permissions sets based on user names or user groups For example there may be a permission set permission user and a network rule having the value permission u forthe permission rule The former one applies only if the current user name is user1 This works the same way for groups if supported by the current authentication type Internal authentication supports u user name LDAP authentication and NTLM Kerberos additionally support g which is replaced by the group name when evaluating the network rule The latter ones LDAP or NTLM respectively also support the usage of SIDs see 3 3 1 9 If configured accordingly the SID of the user or group will be taken instead of the respe
34. X IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405
35. X Compressed File Archive MAR Archive Archive NRV Archive Archive NuFX Archive Archive Old GZip Freeze Archive Archive Pack Archive Archive PKZIP Archive Archive PAKLEO Archive Archive PMarc archive data pm0 Archive PMarc archive data pml Archive PMarc archive data pm2 Archive PopCom compressed executable CP M Archive PMarc archive data CP M DOS Archive PPMd Archive Archive Posix Tar Archive Archive PowerPacker Archive Archive QFC Archive Archive Quantum Archive Archive Q archive Archive WinRAR Archive Archive ReSOF Archive Archive SAR Archive Archive SBC Archive Archive Page 52 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type SCO LZH Compress Archive Archive Semone Archive Archive Symbian Software Installation Script Archive Stufflt Compressed Archive Archive Stufflt Compressed Archive Archive SOSH Archive Archive SQueezed Archive Archive SOWEZ Archive Archive Squeeze Compressed fi
36. a 51 A Remote opp 61 Zo CONI 61 Page 2 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 42 Internal USES aaa co PPOCCO PR RARA a a a PECES del DefiMtion provola 409 REQUESISyviloA c 4 6 Definition Of command MES iii a iaia iaia AT RESPONSE SYMIA qo ore 4 7 1 Stat s response ssi ela esan 4 7 2 Definition of Status ME Tm di Pecci 4 7 4 Status subclasses nennen nnnememrnn nnn n nnn nhnnenenn sss e nene n nnne nene senis BE GOMEN alal 4 8 1 TEX CONG ege 48 2 Eege EE EE 48 3 e E LOC iiie enm led Rian ed ease nai 410 SR RE OO NO OTO 4 10 1 Commandstforal modes aerea a 4 10 2 Commands for anonymous connection ANON 4 10 3 Commands for connection from localhost LOCAL 4 10 4 Anonymous access for cluster members 4 10 5 Authorized access for configuration Center 410 0 EE eecht eebe 5 RESTAPI aaa enee EEGENEN 8 O RR 92 ole eM 5 3 Status codes and error handling iii 5 3 1 KEE ENEE eege Eege Eege 5 4 Sess
37. a Microsoft Windows system is straightforward Double click the setup file for installation on the system and follow the instructions of the installer During installation you are asked to import your license file for IGS Alternatively you can skip this step and activate the license later on 1 2 2 Installation on Linux Systems For the installation of IGS on a Linux system RPM and DEB packages are available Each package comes as a 32 bit and 64 bit version rpm ivh IKARUSSecurityProxy version number rh5 x86 64 rpm dpkg i IKARUSSecurityProxy version number amd64 deb The license can be imported after the installation from the command line If these ports are nevertheless needed for other services GS can be configured to use different ports instead Page 6 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software cd opt securityproxy bin securityproxy 164 importlicens lt licensefile gt 1 2 3 Setting up the service 1 2 3 1 Microsoft Windows After the installation has completed the list of services installed on the system includes the service called securityproxy It can be managed like any other service
38. a zip archive of the given log files and return it as binary content 4 330 lt filesize gt Transmitting binary data BINARY DATA connection reset on error Transfer complete Error codes 530 Support ZIP not available lt 501 Syntax error in parameters or arguments TMGVERSION lt major minor patch gt Switch to TMG mode for the administration plugin for ISA servers lt 231 major minor patch is compatible 4 531 major minor patch required SERVICE RUNSTATE timeout Request a shutdown of the server If used within a cluster the shutdown request is only minimum number of host required stays up and running 330 RUNSTATE shutdown in progress lt RUNSTATE shutdown lt RUNSTATE denied Page 67 of 81 accepted if the IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 4 10 4 Anonymous access for cluster members SERVICE RUNSTATE Return the state of the cluster member WRITE CONFIG Send the currently active configuration 333 Receiving tree end with lt CR gt lt LF gt lt CR gt lt LF gt gt DOT ENCODED TEXTLINES 231 Configuration fully active 232 Configuration not fully
39. active restart required lt 530 Configuration not applied lt 430 Error creating temporary file 4 10 5 Authorized access for configuration center LDAP lt command gt Issue a LDAP command Command definition command ldap url Idap url Idap ldap host parameter ldap query string Idap host parameter ldap binddn ldap bindpassword 9 ldap host Idap host Idap host hostname or ip hostname or ip port LDAP CHECKMAILBOX dap url mailbox Ask the LDAP server whether a mailbox exists or not lt 230 Operation completed successfully 4530 status Error returned by CheckMailBox Status codes 1 LDAP OPERATIONS ERROR General error 4285967295 LDAP MAILBOX NOTFOUND1 Mailbox not found 4285967294 LDAP MAILBOX NOTFOUND2 Mailbox not found LICENSE command See above NOOP No operation This one is used by the client to keep the connection from timing out 4 231 infostore change count OK Page 68 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software PASSWD lt command gt See above SERVICE MANUALUPDATE Update the manual This is not
40. age 29 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software 3 3 1 25E Mail API path config logging log mail Configuration file location LOG LOG MAIL Log file settings for mail services Attribute Name Description Type maxdirsize Maximum Maximum size of all mail log files in the directory Use DataSizeWithUnit size all the postfix K M or G without blank as unit maxsize Maximum Maximum size of mail log file Use the postfix K M DataSizeWithUnit size or G without blank as unit path Log files Location for mail log files The path is taken relative Path folder to the program folder timespan Split interval Interval for creating a new log file Enum LogInterval 3 3 1 26Web API path config logging log proxy Configuration file location LOG LOG PROXY Log file settings for web services Attribute NEG Description Type maxdirsize Maximum Maximum size of all proxy log files in the DataSizeWithUnit size all directory Use the postfix K M or G without blank as unit maxsize Maximum Maximum size of proxy log file Use the
41. amount of data 3 3 3 28ReportSummarizeBy Sum up by Literal Description data size Data size number Number 3 3 3 29ReportTimeUnit Time unit day Days hour Hours month Months quarter Quarter week Weeks year Years 3 3 3 30RuleResult Result allow Allow deny Deny 3 3 3 31SmtpRouteDirection Direction default Default inbound Inbound outbound Outbound Page 48 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software 3 3 3 32SmtpRouteForwarding Forwarding Literal Description mx MX static Host 3 3 3 33SmtpRouteType Type client_ip Client IP ldap LDAP mailbox file Mailbox file target domain Target domain 3 3 3 34SpamFilterAction Action Literal Description block Block E Mail markonly Only mark E Mail redirect Redirect E Mail 3 3 3 35SpamRuleField Fields that are available as SPAM rule criteria Some require a value for checking whether an SMTP header contains a certain value emptyfrom Header From is empty empt
42. arator gt lt parameter gt lt parameter list gt lt separator gt lt sp gt lt sp gt lt separator gt lt parameter gt 1 lt unquoted string gt lt quote gt lt quoted string gt lt quote gt lt unquoted string gt 1 lt unquoted char gt lt unquoted char gt lt unquoted string gt lt quoted string gt lt quoted char gt lt quoted char gt lt quoted string gt Sasa gt any of the 26 alphabetic characters either upper or lowercase and underline lt unquoted_char gt 1 any character that is not SPACE 32 QUOTE 34 lt quoted char gt 1 any character that is not QUOTE 34 quote 1 quote character ASCII 34 Page 62 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software 4 7 Response syntax Except for the authentication status of the client the communication with the Remote Manager is stateless As a consequence the RM always responds sending a single data stream This data stream consists of at least a single status line Other content may follow 4 7 1 Status response The status line consists at least of a 3 digit status code This may be followed by a return value list depen
43. ary folder Temporary files folder Path 3 3 1 21Next proxy API path config internet Configuration file location INT ERNET PROXY Settings for using a proxy server for gateway security Attribute Name Description Type auth_pass Password Password for proxy server Password auth_user User name User name for proxy server String excludedomains Excluded domains List of domains for which no proxy is used Array String ftp host FTP Server Proxy server to be used for FTP traffic String ftp port FTP Port Proxy server port for FTP traffic Port http host HTTP Server Proxy server to be used for HTTP traffic String http port HTTP Port Proxy server port for HTTP traffic Port https host HTTPS Server Proxy server to be used for HTTPS traffic String Page 28 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software https port HTTPS Port Proxy server port for HTTPS traffic Port 3 3 1 22Log files API path config logging Configuration file location LOG Settings for log files 3 3 1 23 Debug API path config logging log de
44. ation json user theUserName password veryVerySecret Possible error codes ErrorUpdatingPasswordStore 5 6 11 Read countries continents categories Request GET api info countries GET api info continents GET api info categories Response s 200 OK Content Type application json lt JSON arrays of the data requested gt 5 6 12 Get support zip file Request GET api info supportzip Response s ZIOONOR Content Type application zip lt binary content gt Possible error codes SupportZIPNotAvailable 5 6 13 Get Information about server status Request GET api info server Page 78 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Response s 200 OK Content Type application json global Yomi Leost s wea Woy o intern T xoa gervica Peele il ziile TECI S Treves epo E E hostname securityproxy ik local Wilasiesicaiwiceace s Wom Sil Mer 2014 389551919 490200 modulepath C securityproxy w64 bin securityproxy w64 exe modules Mere levano 9 WS S T 7 9 Mejoyorolenee Wal ik Si update Vilarsicelaeci s Saro dd Mae 2014 093003Z6 OO Mibas
45. ax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software subnet Subnet 3 3 3 14PermissionCriterionType Criterion type Literal Description all All contenttypelist Content type list continent Continents country Countries file File Extension filelist File list url URL urlfiltercat URL filter categories urllist URL list 3 3 3 15RemoteManagerAuthMode Authentication type Literal Description internal user The user authenticates through internal authentication consisting of a name and a password ldap group The user is authenticated through an LDAP request 3 3 3 16ReportChart Chart type Literal Description bar Bar line Line pie Pie table Table 3 3 3 17ReportFilterBlocked Blocked Literal Description IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Page 44 of 81 Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software blocked Blocked notblocked Not
46. bug Configuration file location LOG LOG DEBUG Settings for debug logging Attribute Name Description Type enable Enable Enables disables debug logging Only enable this option Flag debug temporarily if you want to trace execution in highest logging detail to solve problems Program execution can be slowed down considerably maxdirsize Maximum Maximum size of all debug log files in the directory Use DataSizeWithUnit size all the postfix K M or G without blank as unit maxsize Maximum Maximum size of debug log file Use the postfix K M DataSizeWithUnit size or G without blank as unit path Log files Location for debug log files The path is taken relative to Path folder the program folder 3 3 1 24Global API path config logging log global Configuration file location LOG LOG GLOBAL Settings for gateway security log file Attribute Name Description Type maxdirsize Maximum Maximum size of all global log files in the DataSizeWithUnit size all directory Use the postfix K M or G without blank as unit maxsize Maximum Maximum size of global log file Use the postfix K DataSizeWithUnit size M or G without blank as unit path Log files Location for global log files The path is taken relative Path folder to the program folder timespan Split interval Interval for creating a new log file Enum LogInterval P
47. cel 5 0 or 7 0 Excel 95 Document MS Excel MS Excel XP Document MS Excel Microsoft Excel Document MS Excel Archive MS Office MS Access MS Office MS Excel MS Office MS PowerPoint MS Office MS Visio MS Office MS Word MS Office Microsoft Office Design File MS Office OEL compound file MS Office MS Write Document MS Office Microsoft PowerPoint 4 0 Document MS PowerPoint Microsoft Visio 4 x Document MS Visio Microsoft Visio 6 x Document MS Visio MS Office Document MS Word Microsoft PowerPoint 97 2002 Document MS Word Microsoft Word 2000 2002 Document MS Word Microsoft Word 2 0 Document MS Word Microsoft Word 6 0 or 7 0 Document 95 MS Word Microsoft Word 97 98 Document MS Word NetWare Unicode Rule Table Miscellaneous E 3D Studio Max Matlib File OLE Document 3D Studio Max Plugin 3D Studio Max Project Microsoft Agent Character iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iex E E Kaspersky Antivirus File E E Winamp Advanced Visualization Studio Microsoft Answer Wizard E Microsoft Visual Basic Module E Babylon Dictionary P Microsoft Publisher Border Di Device Dr
48. ctive name for expanding the permission set name 2 1 1 4 Blocking access If access to a resource is granted its content is scanned for malicious software using the IKARUS scan engine If access is denied the user is shown a page containing information about the reason for blocking As mentioned above this may happen due to e Unauthorized access e Access to content that is denied according to the permission rules e The requested content proved to be malicious These pages are called block response pages are highly configurable For details see section 3 1 2 1 1 5 HTTPS and encrypted content It is obvious that scanning encrypted content is not possible by default This may be especially important when considering HTTPS connections There are third party products available to overcome this kind of issues If this is of interest for you please contact IKARUS for further information Page 14 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 2 1 2 Mail services IGS can be used either as a proxy for the protocols SMTP POP3 IMAP and NNTP or as an MTA 2 1 2 1 Scan rules For checking e mail for malicious content or SPAM several sca
49. ctorFormFieldKey label Label Text to appear next to the input field String mandatory Mandatory Indicates whether data for this input field are Flag mandatory 3 3 1 7 Network rules API path config access networks Configuration file location ACCESS NETWORKS Network rules used for access control settings Attribute Name Description groups Networks Network groups Used to group several networks together for Array IpAddress applying access control setting for all at once 3 3 1 8 Priority list API path config access networks group priority lt group priority name Configuration file location ACCESS NETWORKS GROUP PRIORITY group priority name gt Group priority list to be applied for the network rule Page 23 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software Attribute Description name SID LDAP group Unique name of the Priority list SEX 3 3 1 9 Network rules API path config access networks rules lt network rule name Configuration file location ACCESS NETWORKS network rule name This is a list of rules that re
50. define several sets of web pages that apply to different networks The HTML templates for the different brandings are placed in subfolders of conf named after the respective brandings Page 20 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software CON messages subsidiaryl lockpage html subsidiary2 lockpage html When assigning a branding to a network rule the corresponding files are searched for in the branding s subfolders As with the unbranded templates the image folder is searched for a template if it is not supplied for the chosen branding In the same way subfolders of con htdocs can be used for other resources needed for the different brandings It is recommended to use the base HTML element to easily access the resources without having to adapt too many template file base href http proxy ikarus at htdocs subsidiaryl gt 3 2 Configuration basics All configuration settings that can be changed by the user except for the HTML templates are stored in the Apache style configuration file conf securityproxy conf This file consists of key value pairs configuration items which are grouped together in section
51. ding on the command submitted A comment may be appended too The latter one must be ignored by the client it is just provided for readability and may be subject to changes Depending on the command issued there may or may not follow text or binary content after the first status line The last line of the response then contains another status line describing the overall status of the transaction 4 7 2 Definition of Status line lt status line gt lt status code gt lt status code gt lt separator gt lt comment gt lt status line with values gt lt status code gt lt parameter list gt lt status code gt lt parameter list gt lt Separator gt lt commenit gt lt status code gt lt d gt lt d gt lt d gt lt d gt any one of the ten digits 0 through 9 lt comment gt lt line character gt lt line character gt lt comment gt The first digit of the status code designates the so called status class the second digit refers to a subclass providing more detailed information about the status or error respectively 4 7 3 Status classes Code Description 2xx Command was successfully executed 3xx Command sequence is initiated continue sending content 4xx Command temporarily cannot be executed This may be due to limited memory exceeding the number of allowed connections or any other error that may be resolved later Dax Command cannot be executed because of wrong parameters insuffic
52. ellaneous TeX Device Independent Document Miscellaneous Rational Rose 98 Compiled Script Miscellaneous eMacs Lisp Byte compiled Source Code Miscellaneous UUENCODE Encoded Miscellaneous FORTRAN Interface iscellaneous SI iscellaneous iscellaneous iscellaneous FLC Animation Format FLI Animation Format Ss Saved Search E Windows Font Miscellaneous Microsoft Visual FoxPro File Miscellaneous Microsoft Visual FoxPro Table Miscellaneous Visual Basic Binary Form Miscellaneous Windows Help Full Text Search Index Miscellaneous Microsoft Visual FoxPro Compiled Program Miscellaneous Windows Program Manager Group Miscellaneous Compressed PC Library Hierarchy Miscellaneous Windows Helpfile Miscellaneous HTML Help File Miscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous HyperTterminal Data ICC Profile MIDI Instruments Definition File hi SS Java Tracking File Watcom Help File Intel IPhone Compatible File Microsoft Linker Database E E GIS ISO Image InstallShield Unistall Script Internet Document Set
53. enabled connection data is stored in a database Based on these data diagrams and tables can be defined to gain overview about for example which kind of traffic has been blocked within a certain time range or which are the top target domains addressed 2 2 6 WCCP IGS supports the WCCP protocol 2 2 7 IGS clustering IGS supports the synchronization of configuration files among different servers This feature is referred to as clustering 5 http tools ietf org html draft mclaggan wccp v2rev 1 00 Page 17 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 2 2 8 Management interfaces 2 2 8 1 Remote Manager The Remote Manager is an interface of the IGS using TCP connections by default running on port 15639 It is used for communication with the following clients e Administration plug in for ISA TMG server e Other instances of IGS running on different servers e g for synchronization of proxies within a cluster e Configuration Center Window Desktop Client which is now substituted by the browser interface 2 2 8 2 REST API Besides the Remote Manager IGS also provides access through a REST API see section 5 which i
54. eo active Wil Meo Zeiten Wim D Ep Om Samgo seevVg WOW l amico semola Wu ie sieve QUID Maes Oy o W imap 2 Wo 7 e ONE gui 5 7 Commands 5 7 1 No operation POST api command server noop 5 7 2 Restart the service POST api command server restart 5 7 3 Initiate reloading of licenses POST api command ikkey reload Page 80 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 5 7 4 Clean outdated licenses POST api command ikkey cleanup 5 7 5 Check LDAP Authentication Request POST api command ldap checkauth Content Type application json Mieli M capa e user theUser password theMostAndYetUnveiledSecretPassword Possible error codes LdapBadUrl The LDAP URL is malformed WrongInputType One of the credentials parameters user or password may either be malformed e g a number instead of a string or missing LdapAuthenticationFailed Authentication failed Page 81 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXX
55. ermissio n rule name Configuration file location ACCESS PERMISSIONS permission set name gt URLS lt permission rule name Ordered list of rules consisting of multiple selection criteria The entries of the list are processed in the given order i e the selection criteria are checked against the current connection The first rule that matches applies and access to the requested network resource is either allowed or denied based on the selected rule Attribute NETAS Description Type alternating_id Criterion type Various selection criteria according to which properties the individual rules should be filtered browser_list Browser list Use a browser list as selection criterion Page 25 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software contenttypelist Content type Use a content type list as selection criterion list continent Continent code Select by continent country Country code Select by country days Weekdays Define days on which this selection applies Enum DaysOfWeek file File Extension Select by file name FileExtensio
56. f an MTA can be regarded as trustworthy it can optionally be added to a temporary whitelist Besides that there also exists a permanent whitelist Traffic from MTAs listed therein is forwarded without any greylisting check Early Talker Rejection According to the RFC for SMTP a sender should wait for the greeting message before sending any commands Well behaving mail clients and servers usually wait whereas spam bots not always do By using this feature IGS waits a user defined period before sending the greeting banner Any attempt of sending SMTP commands or data before the banner results in a rejected mail 2 2 Common features 2 2 1 Logging IGS writes log files of different types For each of them the user may define size and location e Global log Stores information about the server including status critical errors and many more e Weblog Keeps information about HTTP and FTP connections e Mail log Contains information for SMTP IMAP POP3 and NNTP protocols e Alert log Holds information about IGS events such as malware incidents or updated modules e Debug log Diagnostic information Debug logging is disabled by default and must be activated if needed A log file of the update history is always created Its properties cannot be configured http www openspf org 3 http tools ietf org html rfc6647 4 http tools ietf org html rfc5321 section 4 3 1 Page 16 of 81 IKARUS Security Software GmbH Blecht
57. figuration have already been reloaded by the server If DEFAULTS is provided the default configuration is returned instead Page 69 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software lt 230 Configuration is default lt 231 Configuration fully active 4 232 Configuration not fully active restart required 4 530 Error opening configuration file READ CATEGORIES language Return the list of categories defined by the URL filter language denotes the language for the category descriptions Response format Values NAME VALUE PAIR LIST READ CONTINENTS lt language gt Return a list of continents that can be detected by the URL filter Response format Values NAME VALUE PAIR LIST READ COUNTRIES lt language gt Return a list of countries that can be detected by the URL filter Response format Values NAME_VALUE_PAIR_LIST READ ENV Return a list of some environment variables Response format Values NAME VALUE PAIR LIST READ INFOSTORE path Return the info store containing information about viruses found updates etc The optional path selects the section in the info store configuration tree that sho
58. gateway security as LpAddress proxy for WCCP seen by the WCCP routers redirection_type Redirection Redirection or forwarding Enum WccpRedirectionType type method to apply routers Router IP List of WCCP routers to be Array IpAddress address connected 3 3 2 Data types Type Description Branding Branding ContentType Content type DataSizeWithUnit A quantity of data size Consists of a positive integer followed by a postfix denoting the unit Valid postfixes are K M or G for kilobytes megabytes or gigbytes respectively There must be no blank between the integer and the postfix Page 39 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software Date Date Domain Every valid expression for a domain or sub domain DomainOrMail Either a domain name or an e mail address EmailAddress A valid e mail address File File name FileName File name Flag A boolean value HttpReport A reference to an HTTP report IgnoreRule Integer An arbitrary integer IpAddress An IPv4 address IpWithPort An IP address followed by a colon
59. ger session if the user did not confirm Page 22 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software 3 3 1 5 Form API path config access lockpage datacollector forms lt data collector form name gt Configuration file location ACCESS LOCKPAGE DATACOLLECTOR FORMS lt data collector form name gt Input form for the data collector Each form has a unique name Attribute NE TRIS Description Type label email Label Mail The text to appear as label for the email String mail subject Mail Subject Subject for the email containing the confirmation link String 3 3 1 6 Additional form field API path config access lockpage datacollector forms lt data_collector_form_name gt fields lt d ata collector form field name gt Configuration file location ACCESS LOCKPAGE DATACOLLECTOR FORMS data collector form name FIELDS data collector form field name Additional input fields for data collector form The field email is always generated automatically and cannot be added Attribute Name Description Type key Key Unique name for the input field Datacolle
60. gister FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type Sound Advanced Audio Coding ACC Audio MPEG Layer 1 Sound File Audio MutliTracker Music Module Audio RealAudio Sound File Audio RealAudio Sound File Audio RMI MIDI File Audio ScreamTracker v3 Sound File Audio ScreamTracker v2 Sound File Audio Sun NeXT Audio Data Audio UltraTracker Music Module Audio Creative Voice File Audio WAV Sound Audio Microsoft Visual FoxPro File compiler linker Microsoft Visual C File compiler linker Microsoft ClassWizard compiler linker Visual Basic Active Designer Cache compiler linker Delphi Compiled Unit compiler linker MS Developer Intermediate MDPX File compiler linker Borland Project compiler linker Program Library Common Object File Format COFF compiler linker Microsoft Visual FoxPro Menu compiler linker Microsoft PreCompiled Header Fil compiler linker MS Visual C Debugging Info compiler linker MS Visual C Debugging Info compiler linker Python Compiler Script compiler linker Microsoft Visual Studio Resource compiler linker Watcom C Project compiler linker MS Office Documents Textfile Documents WordPerfect Documents Lead
61. ient privileges or because the command is unknown Remark Status class 4xx is hardly ever used 4 7 4 Status subclasses Code Description xOx Syntax Unknown command invalid parameters x1x Just displaying information no effects on service x2X Connection status has changed Page 63 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software x3x Transaction Read Write 4 8 Content 4 8 1 Text content Some commands like reading or writing the configuration require the transfer of text content As mentioned above the text content is always preceded by a class 3xx status command Text is transferred as 8 bit characters without quoting Therefore the preservation of line breaks cannot be granted The text must not contain null bytes The end of the text is indicated by a line containing nothing but a dot which is similar to the SMTP protocol In the following text content in the response definitions is represented by the token DOT ENCODED TEXTLINES 4 8 2 Variable lists As a special case of text a list of variables may be transferred Each line consists of the variable na
62. ing doctype document Documents Adobe Acrobat Forms Document Documents HTML document Documents OLE Document Documents Adobe Acrobat Document Documents Richtext Document Documents MS Works Spreatsheet Documents Email Plain Text EMail UPX Converted Executable ExePacker Archive Executables ExePacker Executables Amiga Executable Executables Executables Executables Android Dalvik executable file Symbian executable file OS version gt 9 ELF binary Executables Windows 16 bit DLL Executables PE DLL Executables E executable Executables OS executable Executables Executables Executables D NE executable PE executable Page 54 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type PE 64 bit opcode Executables PE DLL
63. ion handling and authentication ee 5 4 1 ooo c A Lr e EM rose rn gt Pili 5 5 1 omnc cm 5 5 2 re ate dille dg seat exa gf aad cua datu ut 5 5 3 Update data etr te phe E RR ER ER EXER ER EE aaa aa POI e F e EEEE ATTENT Page 3 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 5 6 Non configuration data and commande e 75 5 6 1 import icense un 75 50 2 Delete leone et EET 76 5 6 3 Getlicense SL aiar 76 5 6 4 Get active best E 76 5 6 5 Export EREECHEN 77 5 6 6 Import configuration f to REA RI narra Eating ibiza 77 5 6 7 Import default configuration file iccrcsatsionicisreoniadiadsmcmimnnielaneine bip ROIG a cas ite dd qa ea du n dul 77 558 Commit changes to configuration ile cirie 77 5 6 9 Get users Ter TT 5 6 10 Set user DASSWONG E 78 5 6 11 Read countries continents Categories 78 5 6 12 Get support Te RIA RAI NARRATA A 78 5 6 13 Get Information about server status ANEN 78 5 6 14 Malware information EE 79 Por GUDO TSS ritrae aaa 79 5 60 16 Geol 80 5 6 17 Connection status lee ea 80 si Commands esme creseron eta E 80 5 7 1 Ned cu ee 80 5 7
64. isdiction Vienna VAT ID ATU15191405 C4KARUS security software REST API IKARUS gateway security offers a RESTful API for managing the server The base path is https lt server gt lt port gt api The HTTPS port 443 is used by default This can be changed in the configuration file The REST API is used internally by the IGS web interface 5 1 API Overview The API supports the following HTTP methods e GET for requesting data Example Read some configuration data Get list of licenses e PUT forcreating data Examples Create new user Import configuration file e POST for updating data Example Set configuration data For triggering commands Example Restart the server e DELETE for deleting data Example Remove a license from the server 5 2 Content The content is normally sent as JSON In turn the requests mostly return data if any as JSON For requests using different data types the Content Type is specified explicitly in this document 5 3 Status codes and error handling The API returns the following standard codes as defined by Hypertext Transfer Protocol HTTP Status Code Registry Code Description 200 Ok The request was successfully processed Further information may be found in the content 401 Not authorized Login required or user credentials are not sufficient for action 404 Not found The resource cannot be found Example A non existing configuration item is referenced 40
65. ive Archive CPIO Archive Linux Archive CPIO Archive Archive CRUSH Archive Archive DC Archive Archive DMS Archive Archive DWC archive Archive ELI Archive Archive Page 51 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type ETCP Archive Archive Microsoft Compress 6 2 Archive Archive Microsoft Compress 5 Archive Archive EXP Archive Archive Freeze Archive Archive GNU TAR Archive Archive GZip Archive Archive HAP Archive Archive HPACK Archive Archive WinZip Archive Archive Huffman Archive Archive Hyper Archive Archive Freeze Compressed Archive Archive IMP Archive Archive InstallShield Archive Archive InstallShield Cab Archive Archive JAM Archive Archive JARC Compressed Archive Archive JAR Archive Archive Java Archive Archive JRC Archive Archive LBR Archive Archive LHA Archive compressed Archive LIMIT Archive Archive LZA Archive Archive LZH Archive compressed Archive LZOP Archive Archive LZSH Archive Archive LZ
66. iver For Pascal E Device driver for C C E Babylon Glossary Ss Microsoft Backup File E Windows Calender E E Microsoft Security Catalog Internet Security Certificate Compiled HTML Header File Java Class n Microsoft Visual Basic Class Module E E Help File Contents Microsoft FaxCover iex Page 57 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Type Super type Windows Helpfile iscellaneous Cygwin Info iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous Ss Ss Microsoft Internet Explorer Cache File Ss Cygwin File SS Microsoft Visual FoxPro Database Container dBase III PLUS Database Outlook Microsoft Express E Mail Folder a Microsoft Visual FoxPro Database Container Miscellaneous Data Interchange File Miscellaneous AIL Sound Driver Miscellaneous Microsoft Visual Basic Active Designer Binary Misc
67. lacklisted filename or content type ftp html not actually a block page it s the template for displaying a webpage for an FTP directory when using FTP over HTTP generic html a generic block page for example when no network rule was defined for this user infected html a malicious file was blocked license html request was blocked due to the proxy license being invalid or expired lockpage html a landing page that is shown as long as the user has not accepted the terms of use networkerror html destination server could not be reached nouser html no valid permission set for this user i e failed authentication transferlimit html user has already exceeded the transfer limit urlblocked html request was blocked due to a blacklisted URL Page 19 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software urlcategory html request was blocked due to the URL being in a blacklisted category 3 1 1 Configuring block response pages Since the files in the image folder of the proxy installation are default files they should not be edited Instead templates and files to override the default appeara
68. le FoxPro Class Library E Ikarus Software Virus Database VMware Virtual Disk Windows Meta File Fast Tracker 2 Extended Module SS n XPCOM Type Library Miscellaneous Java Time Zone Miscellaneous Audio Multimedia Graphic Multimedia Page 59 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Type Super type Audio Multimedia GERMAN ASCII Textfile US ASCII Textfile Active Server Page Document Textfile Applixware Words Document Textfile DOS Batch Textfile Microsoft Channel Definition Textfile SSL Encrypted Certificate Revocation List Textfile HTML Document Textfile Java Script Textfile Java Network Launching Protocol File Textfile MHTML Document Textfile Perl Script Textfile Pretty Good Privacy Encrypted File Textfile UNICODE This File is Unicode Textfile UUEncoded Textfile Visual Basic Script Textfile XML Doc
69. le archive for UNIX and MS DOS Archive SWAG Archive Archive SZIP Archive Archive Tape Archive Archive TNEF Archive winmail dat Archive TSComp Archive Archive UC2 Compressed Archive Archive UltraCrypt2 Archive Archive UFA Archive Archive UHArc Archive Archive Make Upgrade Archive Archive Wraptor Archive Archive XPK Archive Archive YAC Archive Archive YC Archive Archive YBS Archive Archive ZET Archive Archive TurboZip Archive Archive ZOO Archive Archive ZZip Archive Archive Z Compressed Archive Archive InstallShield Data Archive Archive 7 Zip SEX Archive Windows Selfextracting ace Archive Windows Selfextracting arj Archive LZH SFX Archive NSIS Installer Archive Windows Selfextracting pklite Archive Windows Selfextracting rar Archive Windows Selfextracting zip Archive Selfextracting WinAce File Archive Office 2010 Archive Adlib Sound Audio CD Audio Track Audio Extended MOD Sound Data Audio Farandoyle Tracker Music Module Audio Interchangeable File Format Audio Impulse Tracker Music Module Audio MIDI Sound Audio MPEG Layer 2 Sound File Audio L A M E encoded MP3 Audiofile Audio MPEG Layer 3 Sound Audio MPEG Layer 4 Sound Audio Page 53 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Re
70. me followed by whitespaces and the content This is represented by NAME VALUE PAIR LIST 4 8 3 Binary data When retrieving binary data the expected size of the data is provided by the 3xx status line There are no dot and newline at the end of the data The closing status line follows immediately Binary data are represented by BINARY DATA 4 9 Authentication There are different modes for connecting to the RM There are three anonymous connection modes where the client needs not to identify itself by providing credentials Depending on the client s IP address one of the following modes is selected e Connecting from localhost mode LOCAL e Connecting from a cluster member Cluster members are defined in the GS configuration mode CLUSTER e Connecting from any other address Only a very small set of commands is available ANON After having connected in one of the ways described above the RM responds with status 220 and a comment indicating which one of the three modes is active 220 IKARUS security proxy Remote Manager for localhost 220 IKARUS security proxy Remote Manager for cluster member 220 IKARUS security proxy Remote Manager The client may now identify itself as e Configuration center CC e TMG ISA server TMG Page 64 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich
71. n filelist File list Use a file list for selecting result Allow The result used if this selection matches Enum RuleResult time Period of time Defines the time range at which the selection Timespan applies format hh mm hh mm time control Time control Defines whether the given time value is a weekday or a time intervall url URL Select for a given URL URL urlfiltercat URL filter Select for an URL filter category category urllist URL list Use an URL list for selecting 3 3 1 13Auto update API path config autoupdate Configuration file location AUTOUPDATI Gl Settings for automatic updates If activated gateway security checks for available program or database updates every 10 minutes Attribute Description enableautoupdate Activate automatic update Enable disable automatic updates Flag 3 3 1 14Clustering API path config cluster Configuration file location CLUSTER Several server can be combined to a cluster for synchonization of their configuration files You need at least two instances of gateway security to form a cluster Description Attribute Name enable Enable clustering Enable disable cluster support Flag Page 26 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial
72. n parameters or arguments lt 4 530 Specified license was not found or not removed LICENSE LIST ACTIVE Provide a list of all installed licenses or the active license only lt 331 Transmitting text LICENSE DATA 4 230 Transfer complete PASSWD command Manage passwords If no command is provided RM responds with status 501 PASSWD LIST List all names that have a password assigned 331 Transmitting text lt USERNAMES Page 66 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software lt 230 Transfer complete PASSWD SET username new password Set the password for the given user If password is omitted the user password is deleted 4 230 Password changed lt q 231 Password cleared Error codes lt 530 Error updating password store lt 501 Syntax error in parameters or arguments SERVICE RELOAD module name gt Inform the service about the update of a module lt 230 module name Reload initiated 530 module name is unknown SERVICE RELOAD LICENSESTORE Reload license list 230 LICENSESTORE Reload initiated SUPPORTZIP PROXYLOG MAILLOG UPDATELOG Create
73. n rules can be defined These rules define e what to do with malicious content detected by the IKARUS scan engine e which kinds of attachments are suspicious e howto identify SPAM in addition to the built in SPAM rating Scan rules can be assigned to each protocol service separately and define how to handle the e mail or attachment in question 2 1 2 2 Configuration of the proxy services The configuration of the proxy services is the same for all four protocols POP3 IMAP NNTP and transparent SMTP Client configuration of POP3 and IMAP services In case of a running a non transparent proxy the mail clients have to be configured using the IGS server as POP3 or IMAP mail server instead of the mail provider s actual mail server For passing the target mail server to the proxy and thus being able to use multiple target mail servers the mail user name can have the name of the target server added using as separator lt mail username gt lt mail server name gt lt mail server port gt This tells the IGS server to forward the mail as user lt mail username gt to the mail server mail server name gt The port is optional 2 1 2 3 IGS as Mail Transfer Agent MTA To detect and prevent possible threats caused by incoming e mail IGS must be used as one MTA hop before the internal mail server or as a Mail Exchange MX gateway This requires changing the MX entry of the domain to point at the IGS server For cleansing
74. nce can be created in con messages and conf htdocs folder Each file in the two folders overrides the corresponding file in the image folder and its sub folders If a template is needed it is first looked up in conf messages If it is not found there the default version in image messages is used instead 3 1 1 1 Template parameters The HTML files can contain keywords that are replaced before returning the response These so called template parameters are enclosed in percent signs As a consequence this character must not be used in the HTML templates or must be replaced by the numbered entity amp 37 Template parameter Description catnames Comma separated list of UDB categories matching the request countryname Country of the requested URL continentname Continent of the requested URL proto Protocol used permission Name of the permission set matching the request client ip Client IP address target host Target host name target port Target port target path Resource path vdbsigname VDB signature causing the blocking errmsg HTTP response headers The link to http proxy ikarus at welcomeack is used by lockpage htm1 to tell the server that the user accepted the terms of use Neither remove nor change this link For the templates are full HTTP responses one must not alter the first three lines including the newline 3 1 2 Brandings By means of brandings it is possible to
75. network group passed as parameter all permissionset param Report the traffic for permission set passed as parameter all srcip param Report the traffic for the source IP address passed as parameter all subnet param Report the traffic for subnet passed as parameter all tld param Report traffic for the top level domain passed as parameter top domain Report the traffic grouped by domains Display the top results only top domain permissionset param Top domains for permission set top domain srcip param Top domains per source IP top domain subnet param Top domains for subnet top nwgroup Report the traffic grouped by network groups top permissionset Top permission set top srcip Report the traffic grouped by source IP top subnet Report the traffic grouped by subnet top subnet nwgroup param Top subnets for network group top tld Report the traffic grouped by top level domains top tld nwgroup param Top TLDs for network group top tld permissionset param Top TLDs per permission set top tld srcip param Top TLDs per source IP top tld subnet param Top TLDs for subnet 3 3 3 22ReportShapeBar Bar hor Horizontal horstack Horizontally stacked vert Vertical vertstack Vertically stacked Page 46 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel
76. of outgoing e mail IGS can also act as a relay server Mail routing The mail routes define how to forward incoming or outgoing mail and which scan rules apply This is done based on several criteria like the sender s source IP address or subnet or destination mailboxes SPAM filtering In addition to the SPAM protection defined through the scan rules IGS in MTA mode also supports the following methods Page 15 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software e Sender Policy Framework SPF e Greylisting e Early Talker Rejection Sender Policy Framework SPF uses the TXT record for the domain of the sending e mail address This TXT record is returned by the name server and contains a list of IP addresses or subnets that are allowed to send e mails for this domain If the sender IP address is not in the list of the given domain the e mail is rejected For domains without such a TXT record the default behavior of accepting e mails is used Greylisting The term greylisting denotes a method for detecting mail transfer agents who are delivering SPAM mail Mail traffic is only forwarded if the MTA passes the greylisting check I
77. operating systems support transparent proxy functionality by means of iptables configuration As opposed to that it is not possible to run a transparent proxy on Microsoft Windows Servers by default 2 1 1 Web services The IGS protection for web protocols is primarily defined by a set of network rules These rules define roughly speaking from which network connections are allowed or denied and who is granted or denied to establish a connection access control In addition to that the so called permission sets which are referenced by the network rules define the restrictions imposed on the data transferred through this connection 2 1 1 1 Access control When a client tries to establish a connection to the IGS the network rules are processed by their order Each rule has a network group an IP address or subnet mask defined which is checked against the client s IP address Additionally a rule can also contain a check for user authentication IGS supports different kinds of user authentication The first rule matching the current connection source and user authentication if applicable is the rule which applies Page 13 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID AT
78. postfix K DataSizeWithUnit size M or G without blank as unit path Log files Location for http log files The path is taken relative Path folder to the program folder timespan Split interval Interval for creating a new log file Enum LogInterval 3 3 1 27Remote Manager API path config remotemanager Configuration file location REMOTEMANAGER Settings for the IKARUS gateway security Remote Manager Attribute Description allowip IP Host networks allowed to connect to Array Subnet address network the Remote Manager Page 30 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software auth mode Authentication Specifies if the Remote Manager user Enum RemoteManagerAuthMode mode authenticates by Remote Manager credentials or LDAP ip Listen on address Bind address for the Remote IpAddress Manager If not specified binds to all IP addresses port Remote manager Port used by the Remote Manager Port port 3 3 1 28User API path config remotemanager users lt remote manager user name Configuration file location REMOTEMANAGER
79. ption month Monthly week Per week 3 3 3 5 ContenttypeSource Content Type Literal Description custom Custom predefined Predefined 3 3 3 6 Contenttypes Content type all All archive Archive Page 41 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software audio Audio excel Excel executeable Executable office Office pdf PDF powerpoint Powerpoint video Video visio Visio word Word 3 3 3 7 DataSizePostfix Unit g Gigabytes k Kilobytes m Megabytes 3 3 3 8 DaysOfWeek Weekday 1 Monday 2 Tuesday 3 Wednesday 4 Thursday 5 Friday 6 Saturday 7 Sunday 3 3 3 9 Flaglnherited Inherited flag Literal Description inherit Inherit Page 42 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU151
80. ration Center e Administration plug in for ISA TMG server e Other instances of GS running on different servers e This is used for synchronization of proxies within a cluster 4 1 Configuration The settings needed for the RM are as follows Attribute Default Description value PORT 15639 The remote manager s listening port IP 0 0 0 0 Bind address If not specified binds to all IP addresses AUTH_MODE internal_user Authorization mode for connecting to RM Possible values internal_user Use internal users see below Idap_group Use LDAP ALLOWIP Comma separated list of hosts or networks which are accepted for RM connections Localhost is always supported If access is denied the connection is reset without any response 4 2 Internal users IGS supports the definition of user names and passwords Attribute Default Description value NAME Unique username Page 61 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software ALLOWIP Comma separated list of hosts or networks from which the user is allowed to connect the RM AUTH passwd Authentication type legacy PASSWD Pas
81. re GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software pop3 server Default Default POP3 server Is used when the user IpOrHostname target server name does not include information about the target POP3 server pop3 server port Default Port for default POP3 server Port target server port Scanner rule Scan setting Scan rule to be applied by the POP3 proxy 3 3 1 40SMTP server API path config services smtp Configuration file location SMTP Settings for the SMTP service These settings apply when using the SMTP MTA service Attribute NEG Description Type enable Enable Enable disable the SMTP MTA service Flag path Queuing path Path for storing mails Path 3 3 1 41Settings for incoming emails API path config services smtp receive Configuration file location SMTP RECEIVE Settings for incoming mail Attribute NEIG Description Type banner_delay Early talker The number of seconds that the SMTP service Integer rejection waits before sending the SMTP banner With this delay feature SPAM bots can be blocked that send data in a non compliant way without waiting for the banner that signals the se
82. rver being ready ip Listen on IP address to listen for incoming mail IpAddress address max_connections Max incoming Maximum number of open connections for MaxConnections connections receiving e mails port Port Port to listen for mails Port 3 3 1 42 Greylisting API path config services smtp receive greylist Configuration file location SMTP REC Settings for greylisting EIV E GR EYLIST Page 36 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Attribute Name Description Type ignore Permanent List client subnets or sender addresses domains for IgnoreRule whitelist which greylisting are never applied minlastseen Delay Minimum time interval in sec to be elapsed for Integer passing greylisting test timeout Timeout Amount of time a mail is recognized after having been Integer first encountered After this interval has elapsed the greylisting check for this mail is reset ttlwhitelist Timespan for Amount of time sec the mail sender remains Integer temporary whitelisted after passing the greylisting check If not whitelisting set no temporary whitelisting is applied
83. s iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous iscellaneous Ss iS Ss SS a Winamp3 Table SS Winamp3 Index Oracle 7 Data File Lotus Notes Database Template File VMWare NVRam Windows Object OFM Font File Developer Studio File Workspace Options E E SS z Autodesk Animator Optics Menu Settings Cygwin Adobe Font Microsoft Profiler Binary Input Reflection X Font X 509 Certificate Adope PostScript Type 1 Font SS SG E SS Printer Font Windows Program Information E Microsoft Office Settings SS Microsoft Visual FoxPro Project Windows Precompiled Setup Information z Windows Password List RDOFF Executable Windows NT Registry Windows 95 98 Registry Oracle Resource E GI SG hi RedHat Package Manager File SS Microsoft Foxpro Screen Speedo Scalable Font Ocracle SYM Windows Keyboard Driver SG E GIS T2 Temp Signatur Datenbank TeX Font Metric File SPSS Type Library E Di Borland Pascal Unit SS TrueType Font File True Type Font Fi
84. s similar to XML As a consequence a path expression can be given to address each item in the file which is used to link it to the documentation below There are several ways to modify the configuration 1 Editing the file manually This requires file system access 2 Through the IGS web interface 3 Through the REST API see section 5 This API is used by the web interface to read and write the configuration In addition to this the API provides all features necessary to manage the IGS 3 3 Configuration data This is a full description of all configuration items of IGS Every item can be located within the configuration file by means of the given path expression Mandatory items are marked with an asterisk Additionally for each section there is also the corresponding REST API path given Path elements within angular brackets lt gt correspond to named objects They can be created and given distinct names by the user like for example a permission set Following below a list of the data types and enumerations used can be found 6 http httpd apache org 7 For the application s file system structure see section 1 3 Page 21 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction
85. s used by the browser based interface that comes with IGS The API provides a convenient way to integrate the IGS management into any other environment Page 18 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software Configuration 3 1 Block response pages IGS displays different web pages for user authentication information about blocked access license errors and much more The respective HTML templates can be found in image messages Additional resources like style sheets images or scripts reside on image htdocs As a consequence requests to the URL http proxy ikarus at htdocs are redirected to images htdocs Access to the folder must be ensured by proper web server configuration After installation the following default template files can be found in image messages Filename Description 404 html file not found is shown when accessing a resource in the htdocs directory that is missing destcontinent html request was blocked due to server being in a blacklisted continent destcountry html request was blocked due to server being in a blacklisted country fileblocked html file was blocked because of a b
86. ster per IP address The current instance must be included The members must be able to reach each other on the specified addresses on TCP port 15639 Page 12 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Features This section provides an overview about the features supported by IGS plus some additional background information if necessary Most configuration settings are thoroughly described in section 3 or are self explanatory at least for system administrators As a consequence these feature are only mentioned briefly and the user is referred to the detailed configuration description 2 1 How IGS works IGS mostly works as a security proxy and offers security services for different kinds of TCP protocols These proxy services can be grouped into e Webservices handling HTTP and FTP connections section 2 1 1 and e Mail services for SMTP IMAP POP3 and NNTP protocols section 2 1 2 For mail protection namely for SMTP traffic the IGS can also be used as a Mail Transfer Agent MTA section 2 1 2 2 Depending on the server operating system the proxy services can work in transparent or non transparent mode Linux
87. sword RIGHTS User permissions read Only read configuration data write Change configuration data and restart server Remark After installation the user root with password root is defined For security reasons these user settings have to be changed as soon as possible 4 3 Protocol The RM protocol is line base Each line has to be terminated by lt CR gt lt LF gt With regard to standard string implementations of C null bytes are NOT allowed 4 4 Definition of protocol line lt line character gt lt LF gt lt line character gt CR LF CIIMA CIMALECESTES 8 8 une C hora serata Lg oT RSU SCR lt LI gt lt NUL gt null character ASCII 0 CR carriage return ASCII 13 r lt LF gt line feed ASCII 10 n 4 5 Request syntax Requests to the Remote Manager consist of commands Each line of the request comprises a single command Commands are case insensitive and consist of the letters A Z and underscore _ Depending on the actual command additional parameters may be supported Command and parameter s are separated by one or more spaces Parameter names may contain any character except whitespaces and quotes 4 6 Definition of command lines lt command line gt lt command gt lt command gt lt parameter list gt lt command gt B lt a z gt lt a z_ gt lt command gt lt parameter list gt lt separator gt lt parameter gt lt sep
88. tSt actus E Mlasicuocaice s Vivien L Mar 2014 09301537 40100 5 6 14 Malware information Retrieve information about detected malware incidents Request GET api info malware Response s 200 OK Content Type application json 20140113 160601 0000 ole s Noa ILS vem 2014 16306301 4 01004 virusname EICAR ANTIVIRUS TESTEILE Ui eoeta UAI SU filename eicarcom zip eicar com EE REENERT 5 6 15 Get log files Request GET api info log global GET api info log proxy GET api info log mail GET api info log update GET api info log alerts Response s Page 79 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 200 OK Content Type text plain lt log file content gt Possible error codes ErrorOpeningLogFile 5 6 16 Get report Request GET api info report lt report name gt Response ZONES Content Type text html AIM epore contenta Possible error codes CouldNotCreateReport 5 6 17 Connection status Get information about the currently open connections Request GET api info stats Response 200 OK Content Type application json Vim
89. terface for both configuring and controlling the server e Web based administration interface This document is primarily intended for system administrators running and configuring an IGS server Page 5 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Quick start guide This section describes how to install the IGS software on a server and how it can be managed by the system administrator 1 1 Preconditions Make sure to meet the following requirements before starting the installation of IGS on a server e For the installation you need administrative rights e The system has at least 2 GB free disk space e Other services should not listen to the TCP Ports 443 and 15639 These ports are used by GS and must not be blocked Other ports might also be used depending on the actual configuration e Depending on the enabled services the firewall must not block the TCP protocols HTTP HTTPS POP3 IMAP NNTP and SMTP from inside the system e The GS may be installed on the following systems o Linux RPM and DEB Packages 64 bit o Microsoft Windows 32 and 64 bit 1 2 Setup 1 2 1 Installation on Microsoft Windows Systems Installing IGS on
90. tes the value in the browser cookie and removes the entry from the internal list once the following POST request is sent POST api logout 5 5 Configuration This section describes how to read create update and delete configuration data A comprehensive reference of the configuration items can be found in section 3 3 1 Configuration data are always returned as JSON They are grouped into several sections similar to the configuration file securityproxy conf These section are represented by JSON objects 5 5 1 Get data Examples Read global configuration data Request GET api config global Response 200 OK Content Type application json quarantine path quarantine guieieml tog s 4 ings sizes WIQAQIE Imex Cirsizeo IG timespan week If the item is not existing within the configuration the status 404 is returned 5 5 2 Create data Example Create a new user Request PUT api config remotemanager users new user Content Type application json Page 74 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Well eysatew s 70 0 0 0 0 TOT 50 A l passwd jhgdh Mereimes Ws
91. turn whether access is allowed or denied based on several criteria Attribute auth result Name Permission Set Description Mask for selecting a Type PermissionSetMask applies per mask permission set auth_type Authentication The authentication type to be NetworkAuthenticationType method used for the selected network IP address branding Branding Defines the branding used for Branding the selected network form Form Form to be used for authentication group priority Priority list Priority list to apply to the network rule Only needed for authentication through LDAP or NTLM Kerberos network group Network group Network group for which the rule applies network rule type Type Indicates whether the rule applies for a subnet or a network group permission set Permission set Permission set to be applied redirecturl Redirect to URL to redirect the end user string after having authenticated result Allow Deny Specifies whether access is Enum RuleResult allowed or denied as a result of this rule router Router IP address of GRE router IpAddress subnet Subnet IP subnet for which the rule Subnet Page 24 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register
92. tware GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 gt IKARUS security software layer Forward by rewriting the destination MAC address 3 4 Content types This is a comprehensive list of all content types detected by IGS Type Super type Archive compiler linker Documents EMail Executables Miscellaneous Multimedia 777 Archive Archive 7 Zip Archive Archive WinAce Archive Archive AMGC OOP Archive Archive ARC Archive data crunched Archive ARC Archive data dynamic LZW Archive ARC Archive data packed Archive ARC Archive data squashed Archive ARC Archive data squeezed Archive ARC Archive data uncompressed Archive ARJ Archive Archive QuArk Compressed Archive Archive ARX Archive Archive System V ar Archive Archive ASD Archive Archive ArcFS Archive Archive BAG Archive Archive BAG Archive Archive BlackHole Archive Archive Binary II Archive Archive Archive Archive Blink Archive Archive BOA Archive Archive Bzip 2 UNIX Compressed File Archive BZip2 Archive Archive Microsoft Cabinet Archive Archive ChArc Archive Archive CKit Arch
93. uld be returned by default the whole info store is returned Response format Tree DOT ENCODED TEXTLINES Errors 4 530 Error reading infostore READ LOG lt logtype gt Return the last 8K of the given log file Possible log types are Log type Description global Global Service Log splogfile log proxy Log for HTTP and FTP protocol mail Log for mail protocols POP3 IMAP4 SMTP update Log of the spupdate program alerts Log file for alerts If multiple alerts are defined the first log in the configuration file is assumed Response format Tree DOT_ENCODED_TEXTLINES Errors Page 70 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 530 Error opening logfile READ TEMPLATES Return all message templates Every template is finished by a dot line Response format Message templates DOT_ENCODED_TEXTLINES Page 71 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jur
94. ument Textfile US ASCII Plain Text US ASC Microsoft Advanced Streaming Format Video AVI Video Sound Video Flash video multimedia container format Video MPEG Video Video MPEG Video Stream Data Video MPEG Video Video Macromedia Flash Format Video Shockwave Flash Object Video Video Audio WordPerfect Dictionary VordPerfect WordPerfect Document VordPerfect WordPerfect Display Resource DRS VordPerfect WordPerfect Overlay File FIL VordPerfect WordPerfect Help Document VordPerfect WordPerfect Prefix Information VordPerfect WordPerfect Keyboard Definition VordPerfect WordPerfect Macro VordPerfect WordPerfect Macro Resource MRS VordPerfect WordPerfect Printer Resource ALL VordPerfect WordPerfect Printer Resource PRS VordPerfect WordPerfect Setup VordPerfect WordPerfect Thesaurus Document VordPerfect WordPerfect Graphics Driver WPD VordPerfect WordPerfect Document VordPerfect Page 60 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1589 95 0 Fax 43 1589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 4KARUS security software Remote Manager The Remote Manager RM is an interface of the IGS using TCP connections As of now the RM is used for communication with the following clients e Configu
95. urmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software 2 2 2 Update IGS has an automated update support for e the program executable e the updater executable e plugin libraries e the virus database VDB e the SPAM database SDB e the URL filter database UDB The program checks for updates of these components every 10 minutes In case there are any updates available they are downloaded and installed The service is restarted automatically if needed 2 2 3 User management For authenticating access to IGS pairs of usernames and passwords can be defined They can be thought of as some sort of users although there is no real user management associated with In this sense two kinds of users can be defined e Remote Manager Users which are needed to authenticate for the management interfaces e Internal Users which are only used for defining authentication for the network rules Remote Manager Users can be used the same way like Internal Users but not vice versa 2 2 4 Alerts Alerting is a means for informing the administrator about infrequent or exceptional events like updates of the databases or the detection of malware incidents 2 2 5 Reporting If this feature is
96. ver Is used if when the user IpOrHostname target server name does not include information about the target IMAP server Default Port for default IMAP server Port listen Listener The port and optional local IP where the IMAP proxy service listens for client requests Array IpWithPort Scanner rule Scan setting Scan rule to be applied by the IMAP proxy 3 3 1 38NNTP proxy API path config services nntpproxy Configuration file location NNTP_PROXY The NNTP service Attribute NEG Description Type enable Enable Enable disable the NNTP proxy service Flag listen Listener The port and optional local IP where the Array IpWithPort NNTP proxy service listens for client requests nntp_server Default Default NNTP server Is used when the user IpOrHostname target server name does not include information about the target NNTP server nntp server port Default Port for default NNTP server Port target server port scanner rule Scan setting Scan rule to be applied by the NNTP proxy 3 3 1 39POP3 proxy API path config services pop3proxy Configuration file location POP3 PROXY The POP3 service Attribute NEG Description Type enable Enable Enable disable the POP3 proxy service Flag listen Listener The port and optional local IP where the Array IpWithPort POP3 proxy service listens for client requests Page 35 of 81 IKARUS Security Softwa
97. ves the list of all stored licenses best set to yes marks the currently active license usercount and features are optional values If they are not set it means unlimited users or that all features are enabled Request GET api info ikkey Response s 200 OK Content Type application json o desc License for internal use only owner IKARUS Security Software GmbH enddate 2014 12 31 user iia iz eso 9 isvalid yes hestr yes sese Wail features web mail 5 6 4 Get active best license Retrieves the license that is currently used by gateway security usercount and features are optional values If they are not set it means unlimited users or that all features are enabled usercount_ used is the number of used users and only shows up if usercount is set Request GET api info ikkey active Response s 200 OK Page 76 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 IKARUS security software Content Type application json desc License for internal use only owner IKARUS Security Software GmbH Heinelolaiceg NEEE serial xx996644pp09 visval rdu Sil Heer eoume OR Migeiceouumic
98. xConnections connections outgoing connections 3 3 1 47TSMTP proxy API path config services smtpproxy Configuration file location SMTP_PROXY The TSMTP proxy service Page 38 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software Attribute Name Description Type enable Enable Enable disable the SMTP proxy service Flag listen Listen on The port and optional local IP where the Array IpWithPort SMTP proxy service listens for client requests scanner rule Scan setting Scan rule to be applied by the SMTP proxy smtp server Default Default SMTP server Is used when the user IpOrHostname target server name does not include information about the target SMTP server smtp server port Default Port for default SMTP server Port target server port 3 3 1 48WCCP API path config wccp Configuration file location WCCP Settings for WCCP Attribute Name Description Type designated Designated web Marks this instance of the Flag cache gateway security server as the designated web cache enable Enable WCCP Enable disable support for Flag WCCP ip_address IP address of IP address of
99. ysubject Header Subject is empty emptyto Header To is emtpy envelopfrom SMTP envelope sender is FROM envelopto SMTP envelope recipient is TO from From header item includes FROM mailtext Mail text nofromline From header item does not exist Page 49 of 81 IKARUS Security Software GmbH Blechturmgasse 11 A 1050 Vienna Austria Tel 43 1 589 95 0 Fax 43 1 589 95 100 office ikarus at www ikarussecurity com Erste Bank Oesterreich BIC GIBAATWWXXX IBAN AT142011182122082100 Commercial Register FN 64708i Place of jurisdiction Vienna VAT ID ATU15191405 C4KARUS security software notoline Missing To header novalidaddrfrom Invalid From novalidaddrto Invalid To onlyhtmltext Message HTML only subject Subject contains to To contains toandfromequal To equals From 3 3 3 36SpamRuleResult Result Literal Description always SPAM never REGULAR possible POSSIBLE SPAM 3 3 3 37TimeControl Time control none None time range Time range weekdays Weekdays weekdays and time range Weekdays and time range 3 3 3 38VirusFilterEmailAction Action Literal Description deleteitem Delete attachment dropemail Drop E Mail 3 3 3 39WccpRedirectionType Type Literal Description gre Forward packages to proxies using GRE Page 50 of 81 IKARUS Security Sof
Download Pdf Manuals
Related Search