Blacklist And Whitelist; Whitelist Url; Samples Submission System - ESET GATEWAY SECURITY - FOR LINUX BSD AND SOLARIS Installation Manual

[http]
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 8080
action_av = "scan"
user_config = "esets_http_spec.cfg"
Once the special configuration file is referenced from within the [http] section, create the 'esets_http_spec.cfg' file in
the ESETS configuration directory and add the appropriate individual settings. The next example shows the individual
setting for parameter 'action_av', for the client computer with IP address 192.168.1.40. See below:
[|192.168.1.40]
action_av = "reject"
Note that the section header identifies the HTTP client for which the individual settings have been created, and the
section body contains individual parameters for that HTTP client. With this special configuration, HTTP traffic for all
local network clients will be processed normally, i.e. scanned for infiltrations. However, access for the HTTP client with
the IP address 192.168.1.40 will be rejected (blocked).

6.3 Blacklist and Whitelist

In the following example we demonstrate blacklist and whitelist creation for the esets_http configured as an HTTP
proxy scanner. Note that the configuration described in the previous section is used for this purpose.
To create a blacklist used by esets_http, create the following group section within the special configuration file
'esets_http_spec.cfg', introduced in the previous section. See below:
[black-list]
action_av = "reject"
Next, add the HTTP server to the 'black-list' group. To do this, the following special section must be created:
[aaa.bbb.ccc.ddd]
parent_id = "black-list"
In the example above, 'aaa.bbb.ccc.ddd' is the IP address of the server added to the 'black-list'. All HTTP traffic
related to the specified server will now be rejected, i.e. the server will be blocked.
To create the 'white-list' used by esets_http it is necessary to create the following group section within the special
configuration file 'esets_http_spec.cfg' which was introduced in the previous section. See below:
[white-list]
action_av = "accept"
Adding HTTP servers to the list is self-explanatory.
6.3.1

Whitelist URL

This will be helpful while streaming a lot of data (e.g. multimedia). To create an URL's whitelist used by esets_http,
add the URL address to the following special configuration file whitelist_url in @ETCDIR@/http directory:
echo "streaming.address.com:80/*" >> @ETCDIR@/http/whitelist_url
NOTE: The syntax of URL's whitelist is simply a list of URL addresses (one per line) as shown in the object
specification of esets_http logging output. ESETS reads the list from within the file whitelist_url. After adding or
removing some URL addresses, restart the ESETS daemon. For more information please read the esets_http(1)
manpage.

6.4 Samples Submission System

The Samples submission system is an intelligent ThreatSense.Net technology that collects infected objects which
have been detected by advanced heuristics and delivers them to the samples submission system server. All virus
samples collected by the sample submission system will be processed by the ESET virus laboratory and if necessary,
added to the ESET virus signature database.
NOTE: According to our license agreement, by enabling sample submission system you are agreeing to allow the
computer and/or platform on which the esets_daemon is installed to collect data (which may include personal
information about you and/or the user of the computer) and samples of newly detected viruses or other threats and
send them to our virus lab. This feature is turned off by default. All information collected will be used only to analyze
16