About data provision
July 10, 2024
ID 171771
In the course of its operation, the application uses data that requires the consent of the KSMG administrator to be transmitted and processed.
You can view the list of data and the terms on which it is used as well as give consent to data processing in the following agreements between your organization and Kaspersky:
- In the End User License Agreement.
In accordance with the terms and conditions of the End User License Agreement that you have accepted, you consent to automatic real-time provision of information required for improving the security level of the mail server to Kaspersky. This information is enumerated in the End User License Agreement under "Conditions regarding Data Processing":
- Type, version, and localization of the application
- Versions of installed updates
- Activation code and unique activation ID of the current license activation code
- Computer ID and application installation ID
- Type, version, and number of bits of the operating system
- Name of the virtual environment
- IDs of application components that were active at the time of data submission
You can read the End User License Agreement when installing KSMG or in the /opt/kaspersky/ksmg-appliance-addon/share/htdocs/<language code>/assets/eula directory in Technical Support Mode.
- In the Privacy Policy.
- In the Kaspersky Security Network Statement and the Supplementary Kaspersky Security Network Statement.
In the course of participation in the Kaspersky Security Network and submission of KSN statistics to Kaspersky, information can be transmitted that was obtained as a result of the application operation. The list of data that is transmitted is provided in the Kaspersky Security Network Statement and the Supplementary Kaspersky Security Network Statement. You can read these Statements in the web interface in the Settings → External services → KSN/KPSN → KSN/KPSN settings section.
Memory contents and access of user accounts to personal data of users
Kaspersky protects any information received in this way as prescribed by law and applicable rules of Kaspersky. Data is transmitted over encrypted data links.
KSMG RAM may contain any application user data that is being processed. The KSMG administrator must take steps to ensure the security of such data.
By default, the following user accounts have access to personal data of users:
- Operating system user accounts:
- A user with root privileges.
- kluser.
- Users that start application processes:
- Postfix (hereinafter referred to as the Postfix user)
- Nginx (hereinafter referred to as the Nginx user)
- OpenDKIM (hereinafter referred to as the OpenDKIM user)
- User accounts in one of the following groups:
- klusers
- kl_web_users
- kl_var_users
- User accounts of privileged KSMG users.
Restricting user account permissions
The application does not provide any functionality to restrict the rights of user accounts of the operating system on which the application is installed. Access to the storage location of the data is restricted by the file system. The administrator is advised to control the access to personal data of other users using any system functionality except for editing application settings over SSH.
The 'Administrator' user can grant SSH access to the administrator account of the operating system (root). Access to personal data over SSH is restricted by SSH settings; it is disabled by default.
Transferring data between cluster nodes, connecting to AD, delivering mail, managing the application
Data is sent between cluster nodes through an encrypted connection (over HTTPS with authorization using a security certificate). Data is sent to the web interface through an encrypted connection over HTTPS. Privileged users with a local user account are authorized with a password; other users of the web interface are authorized over Kerberos or NTLM protocol.
Connection to Active Directory is established through an encrypted channel (SASL) with Kerberos authorization.
Email delivery supports SMTPS encryption.
Managing the application using the management console of the server on which the application is installed using the superuser account lets you manage dump settings. A dump is generated whenever the application crashes and can be useful for analyzing the causes of the crash. The dump may include any data, including fragments of analyzed files. By default, dump generation in KSMG is disabled.
Access to such data can be gained from the command line of the server on which the application is installed, using a user account with superuser privileges.
When sending diagnostic information to Kaspersky Technical Support, the KSMG administrator must take steps to ensure the security of dumps and trace files. The KSMG administrator is responsible for managing access to this information.
Scanning files with the kavscanner and klms_eml_scanner utilities
KSMG 2.1 includes the following utilities:
- The 'kavscanner' utility allows the Anti-Virus module to scan file system objects to which the 'kluser' user has access.
The utility can only be managed on the command line of the server. The utility must be run as root or kluser. After completion, the utility outputs the scan result for each file to stdout. Modifying or deleting files based on the results of the scan by the utility may damage the application and the operating system or make them inoperable.
The utility is located in the /opt/kaspersky/ksmg/bin directory.
- The 'klms_eml_scanner' utility allows scanning messages in EML format by the Anti-Phishing, Anti-Virus, Anti-Spam, and Link Scanning modules (if a current license for the corresponding scan technology is available). You can scan only those messages that are available to the 'kluser' user.
The utility can only be managed on the command line of the server. The utility must be run as root or kluser. After completion, the utility outputs the message scan result to stdout. Modifying the message based on the scan results may damage the message.
The utility is located in the /opt/kaspersky/ksmg/libexec directory.
Scope of data that can be stored by the application
The following table contains the complete list of user data that can be stored in KSMG.
User data that can be stored in KSMG
Data type | Where data is used | Storage location | Storage duration | Access |
---|---|---|---|---|
Basic functionality of the application | ||||
| Application configuration | /var/opt/kaspersky/ksmg | Indefinite. |
|
Private certificates for establishing TLS connections | Application configuration | /var/opt/kaspersky/ksmg/certs/ | Indefinite. |
|
| Application configuration | /var/opt/kaspersky/ksmg | Indefinite. |
|
| Message processing rules and custom lists. | /var/opt/kaspersky/ksmg | Indefinite. |
|
Information from email messages:
| Application statistics | /var/opt/kaspersky/ksmg | Indefinite. |
|
Information from email messages:
| Message processing event log | /var/opt/kaspersky/ksmg | In accordance with settings specified by the user of the application. By default, the storage duration is 3 days and the maximum size of the log is 1 GB. When this limit is reached, older records are deleted. |
|
/var/log/ | Indefinite. When the size reaches 23 GB, older records are deleted. |
| ||
/var/log/ | Indefinite. When the size reaches 500 MB, older records are deleted. |
| ||
| Application event log | /var/opt/ | In accordance with settings specified by the user of the application. By default, the storage duration is 1100 days, or the maximum size of the log is 1 GB. When this limit is reached, older records are deleted. |
|
/var/log/ | Indefinite. When the size reaches 23 GB, older records are deleted. |
| ||
/var/log/ | Indefinite. When the size reaches 500 MB, older records are deleted. |
| ||
Information from email messages:
Data on application updates:
Information about user accounts:
| Trace files | /var/log/ | Indefinite. When the size reaches 150 MB per trace stream, older records are deleted. |
|
/var/log/ksmg-traces | Indefinite. When the size reaches 23 GB per trace stream, older records are deleted. |
| ||
/var/log/kaspersky/extra | Indefinite. When the size reaches 400 MB per trace file, older records are deleted. |
| ||
Information from email messages:
| Backup | /var/opt/kaspersky/ksmg | Until the message storage duration in Backup expires. The storage duration is configured through the web interface. When the size reaches 7 GB, older records are deleted. The administrator can change this value. |
|
Information from email messages:
| Anti-Spam Quarantine | /var/opt/ | Until the message is released from quarantine. When a message is released from quarantine, some data is used for routing the message. When the size reaches 1 GB, older records are deleted. The administrator can change this value. |
|
Information from email messages:
| KATA Quarantine | /var/opt/ | Until the message is released from quarantine. When a message is released from quarantine, some data is used for routing the message. When the 1 GB or 5000 message limit is reached (the values can be configured by the administrator), new messages are not placed in KATA Quarantine. |
|
Connecting over the web interface:
| Authorization event log | /var/log/secure | Not longer than 5 weeks. A weekly file rotation is maintained. |
|
Information from email messages:
| Temporary files |
| Until application restart |
|
Integration with Active Directory | ||||
User Object attributes:
Contacts Object attributes:
Group Object attributes:
|
|
| Indefinite. The data is regularly updated. When integration with Active Directory is disabled, the data is deleted. |
|
Integration with Kaspersky Anti Targeted Attack Platform (KATA) | ||||
Information from email messages:
| Forwarding of objects to be scanned on the KATA server | Data is not saved. | Data is not saved. | No access. |
Built-in mail server functionality | ||||
| Built-in mail server settings | /etc/postfix/ /var/opt/kaspersky/ | Indefinite. Data is deleted when the corresponding settings are removed in the application web interface. Certificate files can be overwritten when a certificate is replaced. |
|
Information from email messages:
| Message queues of the built-in mail server | /var/spool/postfix | Indefinite. Messages are deleted when they are delivered to recipients. |
|
SSH functionality | ||||
Connecting over SSH:
| Authorization event log | /var/log/secure | Not longer than 5 weeks. A weekly file rotation is maintained. |
|
Public SSH keys of application administrators. | Built-in SSH server settings | /etc/ssh/ | Indefinite. Data is deleted when the corresponding settings are removed in the application web interface. |
|
Scope of data transmitted to the Kaspersky Security Network service
Data is sent to KSN servers in an encrypted form. By default, data can be accessed by Kaspersky staff, the root user account, and the 'kluser' user account used by application components.
For a full enumeration of user data transmitted to the KSN service, see the following table.
The enumerated data is transmitted only if consent has been given to participate in Kaspersky Security Network.
Data transmitted to the Kaspersky Security Network service
Data type | Where data is used | Storage location | Storage duration |
---|---|---|---|
| Sending KSN requests | /var/opt/kaspersky/ksmg/ | Indefinite. The maximum number of stored entries is 360,000. When this limit is reached, those entries are deleted that have not been accessed for the longest time. |
| Sending KSN statistics | KSN servers | Before sending statistics to KSN. After disabling the sending of KSN statistics in application settings, the data is deleted when the next attempt to send them occurs. |
Updating application databases from Kaspersky servers
When the application databases are updated from Kaspersky servers, the following information is transmitted:
- Application version and type
- Unique ID of the current license key
- Unique application installation ID
- Update session ID