Installation manual
17
[http]
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 8080
action_av = "scan"
user_config = "esets_http_spec.cfg"
Once the special configuration file is referenced from within the [http] section, create the ‘esets_http_spec.cfg’ file in the ESETS
configuration directory and add the appropriate individual settings. The next example shows the individual setting for
parameter ‘action_av’, for the client computer with IP address 192.168.1.40. See below:
[|192.168.1.40]
action_av = "reject"
Note that the section header identifies the HTTP client for which the individual settings have been created, and the section body
contains individual parameters for that HTTP client. With this special configuration, HTTP traffic for all local network clients
will be processed normally, i.e. scanned for infiltrations. However, access for the HTTP client with the IP address 192.168.1.40
will be rejected (blocked).
7.3 Blacklist and Whitelist
In the following example, we demonstrate creating a blacklist and whitelist for the esets_http configured as an HTTP proxy
scanner. Note that the configuration described in the previous section is used for this purpose.
To create a blacklist used by esets_http, create the following group section within the special configuration file
‘esets_http_spec.cfg’, introduced in the previous section. See below:
[black-list]
action_av = "reject"
Next, add the HTTP server to the ‘black-list’ group. To do this, the following special section must be created:
[aaa.bbb.ccc.ddd]
parent_id = "black-list"
In the example above, ‘aaa.bbb.ccc.ddd’ is the IP address of the server added to the ‘black-list’. All HTTP traffic related to the
specified server will now be rejected, i.e. the server will be blocked.
To create the ‘white-list’ used by esets_http, it is necessary to create the following group section within the special configuration
file ‘esets_http_spec.cfg’ which was introduced in the previous section. See below:
[white-list]
action_av = "accept"
Adding HTTP servers to the list is self-explanatory.
7.3.1 URL Whitelist
Whitelisting URL's can help you especially when you are experiencing problems with data streaming (e.g. video conferencing
delays). To start creating a URL whitelist that will be used by esets_http, add the desired URL address(es) to the whitelist_url
configuration file located in the @ETCDIR@/http directory as follows:
echo "streaming.address.com:80/*" >> @ETCDIR@/http/whitelist_url
Note: The syntax of the URL Whitelist comprises a list of URL addresses (one per line) as can be seen in the esets_http logging
output.
ESETS reads the list from the whitelist_url file. After adding or removing URL addresses, please restart the ESETS daemon. For more
information please read the esets_http(1) man page.
7.4 Samples Submission System
The Samples submission system is an intelligent ThreatSense.Net technology that collects infected objects that have been
detected by advanced heuristics and delivers them to the samples submission system server. All virus samples collected by the
sample submission system will be processed by the ESET virus laboratory and if necessary, added to the ESET virus signature
database.
Note: According to our license agreement, by enabling the sample submission system you are agreeing to allow the computer
and/or platform on which the esets_daemon is installed to collect data (which may include personal information about you
and/or other users of the computer) and samples of newly detected viruses or other threats and send them to ESET virus
laboratory. This feature is disabled by default. All information collected will be used only to analyze new threats and will not be
used for any other purpose.