Esets Plug-In Filter For Safesquid Proxy Cache; Operation Principle; Installation And Configuration - ESET GATEWAY SECURITY Installation Manual

To enable this technique, the parameter lo_partscan_enabled is entered in the [http]
section of the ESETS configuration file. This will cause large objects to be scanned for infiltrations
during transfer in predefined intervals, while the data which has already been scanned is sent
to an awaiting end-point such as a client or server. This method ensures that no infiltrations are
passed to the computer whose user agent has requested the large infected object, because each
portion of the sent data is already verified to be safe.
It has been proven that in common circumstances where the speed of the gateway's local
network connection is higher than the speed of the gateway connection to the Internet, the total
processing time of a large object transfer using the 'partial scan' technique is approximately the
same as when the standard 'deferred scan' method is used.

5.5. ESETS plug-in filter for SafeSquid Proxy Cache

In previous sections we described the integration of ESET Gateway Security with HTTP
and FTP services using esets_http and esets_ftp. The methods described are applicable
for the most common user agents, including the well known content filtering internet proxy
SafeSquid (http://www.safesquid.com). However, ESET Gateway Security also offers an alternative
method of protecting Gateway services, using the esets_ssfi.so module.

5.5.1. Operation principle

The esets_ssfi.so module is a plug-in developed by SafeSquid's team to access all objects
processed by the SafeSquid proxy cache. Once the plug-in accesses the object, it is scanned for
infiltrations using the ESETS daemon. If the object is infected, SafeSquid blocks the appropriate
resource and sends the predefined template page instead. The esets_ssfi.so module is supported
by SafeSquid Advanced version 4.0.4.2 and later.

5.5.2. Installation and configuration

To integrate the module, you must create links from the SafeSquid modules directory to
the appropriate installation locations of the ESET Gateway Security package. In the following
examples, it is assumed that SafeSquid is installed on a Linux OS in the '/opt/safesquid'
directory.
If SafeSquid 4.2 or later is installed, enter the following commands:
mkdir /opt/safesquid/modules
ln -s @LIBDIR@/ssfi/esets_ssfi.so /opt/safesquid/modules/esets_ssfi.so
ln -s @LIBDIR@/ssfi/esets_ssfi.xml /opt/safesquid/modules/esets_ssfi.xml
If an earlier version is installed, enter the following commands:
mkdir /opt/safesquid/modules
ln -s @LIBDIR@/ssfi/esets_ssfi.so /opt/safesquid/modules/esets_ssfi.gcc295.so
ln -s @LIBDIR@/ssfi/esets_ssfi.xml /opt/safesquid/modules/esets_ssfi.xml
/etc/init.d/safesquid restart
To complete the SafeSquid plug-in installation, first logon to the SafeSquid Web Administration
Interface. Select the Config menu from the main interface page and browse Select a Section to
Configure until you find ESET Gateway Security. Click Submit and create the antivirus profile
for the ESET Gateway Security section by clicking the Add button at the bottom. Define the
below parameters within the list that appears and click Submit. Remember to save the Safesquid
chapter 5
Integration with Internet Gateway services 21