Page 4
Dear user, you have acquired ESET Gateway Security - probably the best security system running under the Linux/BSD/Solaris OS. As you will soon find out, the system using the state- of-the-art ESET scanning engine, has unsurpassed scanning speed and detection rate, combined with a very small footprint that makes it the ideal choice for any Linux/BSD/Solaris OS server.
Page 6
ESETS ESET Security is a common acronym for all security products developed by ESET, spol. s r.o. for Linux OS, BSD OS and Solaris. It is also the name (or its part) of the software package containing the products.
Page 7
NetBSD: /usr/pkg/bin Solaris: /opt/esets/bin ESETS system binary files directory The directory where the relevant ESET File Security system binary files are stored. Further in this documentation we use abbreviation @SBINDIR@ for the directory. The directory location is as follows: Linux: /usr/sbin...
Page 10
00:00:00 esets_daemon where at least two ESETS daemon processes running in the background have to be present. One of the processes is so-called process and threads manager of the system. The other serves as ESETS scanning process. ESET Gateway Security...
Page 12
The structure of ESET Gateway Security is shown in the figure 4-1. The system is composed of the following components. CORE Core of ESET Gateway Security consists of ESETS daemon esets_daemon. The daemon uses ESETS API library libesets.so and ESETS loading modules em00X_xx.dat to provide base system tasks: scanning, maintenance of the agent daemon processes, maintenance of the samples submission system, logging, notification, etc.. Please refer to esets_daemon(8) manual page for...
Page 13
@ETCDIR@/esets.cfg This is the most important configuration file as it maintains the major part of the product functionality. After exploring the file you can see that it is built from various parameters distributed within sections. Note the section names always enclosed in square brackets. In the ESETS configuration file there is always one global and several so-called agent sections.
HTTP (resp. FTP) communication with the outbound servers is routed via network gateway server where ESET Gateway Security must be installed in order to scan the communication for infiltrations. For this purpose, a generic ESETS HTTP (resp. FTP) filter - esets_ http (resp.
The manual HTTP/FTP proxy configuration of esets_http with the Mozilla Firefox is described in general by the left side of the figure 4-2. Note that this configuration allows to install ESET Gateway Security anywhere within the local network including gateway server and also user agent’s computer.
The significant difference from the previously described configuration is that the ESET Gateway Security is installed in HTTP/FTP Gateway between proxy cache (Squid Web Proxy in this example) and the Internet. Thus all the HTTP/FTP responses incoming to the network are first scanned for infiltrations and afterward stored in the network dedicated cache, i.e.
If the object has been found as infected the last part of the object (current version of ESET Gateway Security defines last part as last 4KB of object’s data) is not sent to the awaiting end-point and the connection with the end- point is dropped.
‘Select a Section to Configure‘ until ‘ESET Gateway Security‘ section found. Next, create the ‘antivirus‘ profile for the ‘ESET Gateway Security‘ section by pressing ‘Add‘ at the bottom of the ‘ESET Gateway Security‘ section and define the following parameters in the list that appears...
Page 21
Mime type: text/html Response code: 200 Type: File Parsable: Yes resp. for not-scanned ESETS blocking page the list is as follows: Comment: ESET Gateway Security not scanned template Name: esets_not_scanned File: ssfi_not_scanned.html Mime type: text/html Response code: 200 Type: File Parsable: Yes For reread of newly created configuration, reload SafeSquid and also ESETS daemon.
Thus in this section we will only provide short example of user specific configuration definition. Let’s say we use esets_http to control HTTP traffic on port 8080 of the gateway server with local network IP address 192.168.1.10. The module is subjected to configuration section [http] in ESET Gateway Security...
‘esets_http_spec.cfg’ introduced in the previous section. [black-list] action_av = ”reject” The next step is to add some HTTP server into the ‘black-list’ group. For this purpose we have to create special section [aaa.bbb.ccc.ddd] parent_id = ”black-list” chapter 6 Important ESET Gateway Security mechanisms...
In order to turn on Samples Submission System, the samples submission system cache has to be initialized. This can be achieved by enabling configuration option ‘samples_enabled’ in [global] section of ESETS configuration file. In order to enable process of samples delivery to ESET virus laboratory servers it is yet necessary to enable parameter ‘samples_send_enabled’ in the same section.
6.6 Remote Administration ESETS supports ESET Remote Administration for management in large computer networks. For more information, please read the Remote Administration Manual. ESETS Remote Administration Client is part of main ESETS daemon. For basic set up, specify the address of your ERA Server in ‘racl_server_addr‘ parameter (and ‘racl_password‘ if...
7.1. ESETS update utility In order to keep the ESET Gateway Security effective, it is necessary to keep its virus signatures database up to date. The esets_update utility has been developed for this purpose (see esets_update(8) manual page for details). In order to launch update one has to define configuration options ‘av_update_username‘ and ‘av_update_password‘ in [global] section of ESETS configuration file.
Page 32
Dear user, this guide should have given you a good knowledge about the ESET File Security installation, configuration and maintenance. However, writing a documentation is a process that is never finished. There will always be some parts that can be explained better or are not even explained at all.
The next step is to redirect all FTP requests to esets_ftp. In case of IP-filtering provided by ipchains administration tool an appropriate rule is: ipchains -A INPUT -p tcp -i if0 --dport 21 \ -j REDIRECT 2121 If IP-filtering mechanism is provided by iptables administration tool, the rule is: ESET Gateway Security...
Page 35
iptables -t nat -A PREROUTING -p tcp -i if0 \ --dport 21 -j REDIRECT --to-ports 2121 On FreeBSD, the rule is as follows: ipfw add fwd 192.168.1.10,2121 tcp \ from any to any 21 via if0 in On NetBSD and Solaris: echo 'rdr if0 0.0.0.0/0 port 21 ->...
Page 38
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ESET Gateway Security...