AntiVir Server for UNIX 2.1.5

Release Notes
=============

This document lists changes which haven't made it yet into the PDF manual.


New support for AntiVir Server on 64bit versions of Linux and FreeBSD
---------------------------------------------------------------------

AntiVir Server (antivir version 2.1.3-41 and above) works on 64bit versions of
Linux and FreeBSD, too.  Please note that such a setup requires Dazuko version
2.1 or above.


New support for incremental VDF updates
---------------------------------------

The so called "incremental VDF updates" feature reduces network traffic (and
indirectly download times) when updating the VDF database.  After a period of
beta testing (where this feature had to be enabled by the user with an
especially named ".incvdf" file) it has become an official feature of the 6.33
release and is active by default.


Non virus but unwanted software categories:
-------------------------------------------

Other unwanted kinds of software than viruses are known to the program, too.
Each kind has a commandline option of the form "--with-<type>" to enable its
detection.  There is another "--without-<type>" option to explicitely turn off
detection.  The "--alltypes" option turns on detection on all known categories.

The config file has a "Detect<Type>" keyword to enable detection of this kind
of software.  The appropriate "DontDetect<Type>", "DetectAllTypes" and
"DontDetectAllTypes" keywords exist, too.  Upper or lower case in the keyword
does not matter.  In the absense of the keyword (when the line is missing or
when it is commented out) the default setting applies.

The current list of types and their default state is: "ADSPY" (on), "BDC" (on),
"DIAL" (on), "GAME" (off), "JOKE" (off), "PCK" (off) and "SPR" (off).  For
compatibility with existing setups the "Dialer" and "PMS" types are supported,
too.  PE CLASSIC licenses do not allow the detection of the "ADSPY" category.


How alerts are logged, displayed and communicated
-------------------------------------------------

There are several situations where alerts are communicated in different ways.
This is of concern to the command line scanner, log files of scanning daemons
and the SAVAPI protocol.


The command line scanner outputs a line with the "ALERT:" tag, the alert's
name is enclosed in brackets.  With the 6.31 release (beginning with antivir
version 2.1.3-41) the alerts' names are a little more verbose.  The layout
actually did not change but the text inside the brackets looks a little
different.

This is an example of the output from the 6.30 release:

/path/to/file/filename
 Date: 13.10.2003  Time: 10:35:46  Size: 87040
 ALERT: [DIAL/000302 dialer] /path/to/file/filename <<< Contains signature of a cost-incurring dialer DIAL/000302 (Dialer)

This is an example of the output from the 6.31 release:

/path/to/file/filename
 Date: 13.10.2003  Time: 10:35:46  Size: 87040
 ALERT: [Dialer/000302 dialer] /path/to/file/filename <<< Contains signature of the dial-up program Dialer/000302


The logfiles have changed in a similar way (not with regards to the layout,
but in terms of the text which is printed on alerts.


With the 6.32 release the alert types will be rearranged so that the text
values in the alert type fields may change.  This should not cause any
problems since the information accompanying an alert were never meant to be
processed and interpreted by programs but were designed to be logged or
displayed to a user.  Again, the layout does not change, it's just that
different text values are communicated.


New configuration items
-----------------------

With the 6.32 release new configuration files were introduced.  The file
/etc/avupdater.conf is consulted for the updater's setup, too.

The file /etc/antivir.conf will be supported for backward compatibility, but
it is recommended to place service specific configuration items into the
service specific files.  This means that actually the /etc/antivir.conf file
may be empty or even missing.

A new configuration item "UpdateAction <component> <action>" has been
introduced for the updater.  The <component> part may be any of "mailgate",
"milter" or "webgate".  The <action> may be any of "none" (the default),
"check" or "fetch".  These settings cause the updater to handle the scanner
backend as usual so your AV scan service will always be up to date, and in
addition the updater will check for available updates or will even fetch an
archive with the new software to your local disk for your convenience.  The
newly introduced "UpdateStoreDir" config item allows you to specify where the
software archives should be stored, by default the directory
"/usr/lib/AntiVir/updcomp/" is used.  Available updates for the "mailgate",
"milter" or "webgate" components will not be applied automatically to your
local installation.

A new configuration item "SuppressNotificationBelow <source> <level>" was
introduced to control which email notifications should be sent out and which
are to be ignored because of too low a severity.  Valid keywords for the source
are "Scanner" and "Updater", valid keywords for the level are "Notice",
"Information", "Warning", "Error" and "Alert" (in ascending order).


With the 6.33 release a new configuration file /etc/avsamba.conf was introduced
to hold the configuration specific to the AntiVir Samba Scanner.  This file as
well as the /etc/antivir.conf file are used by the AntiVir Samba Scanner.


Starting from the 6.33 release AntiVir Server has more properties available
upon alerts.  The "ExternalProgram" config option now expands the newly
introduced macros "%St" (alert type), "%SA" (action taken) and "%Su" (user
accessing the file).

Stronger checks on the configuration items for AntiVir Server are applied, the
on access scanning daemon won't start without specifications for the access
mask, at least one directory to supervise or the number of scanners to use.
The "NumDaemons" setting only accepts values between (including) 3 and 20 plus
the value 0 to disable the service, values of 1 or 2 have never been useful and
will be refused now.


Personal Edition Classic restrictions
-------------------------------------

The free PE CLASSIC license available for non commercial use has several
restrictions:  the "ADSPY" category of unwanted software will not be detected,
no email notification will be sent out (neither on alerts nor on updates),
files won't get scanned when they reside on a remote file system.

When a license does not suffice to use certain features the user tried to use
an appropriate message will be displayed or logged.

License keys for the PE CLASSIC UNIX software don't require registration any
longer.  The installation package comes with a valid license and the updater
expands the license's lifetime when necessary.

