ESET FILE SECURITY Installation Manual and User Guide (intended for product version 4.
Contents 1. Introduction ..................................................................3 1.1 1.2 Main functionality .........................................................................................3 Key features of the system .........................................................................................3 2. Terminology ..................................................................5 and abbreviations 3. System .................................................................
1. Introduction Thank you for using ESET File Security - the premier security system for Linux, BSD and Solaris. ESET's state-of-the-art scanning engine has unsurpassed scanning speed and detection rates combined with a very small footprint that makes it the ideal choice for any server on Linux, BSD and Solaris. 1.
Low system requirements To run efficiently, ESET File Security requires just 250MB of hard-disk space and 256MB of RAM. It runs smoothly under the 2.6.x Linux OS kernel versions as well as under 5.x, 6.x FreeBSD OS kernel versions.
2. Terminology and abbreviations In this section, we will review the terms and abbreviations used in this document. Note that boldface font is reserved for product component names and also for newly defined terms and abbreviations. Terms and abbreviations defined in this chapter are expanded on later in this document. ESETS ESET Security is a standard acronym for all security products developed by ESET, spol. s r. o. for Linux, BSD and Solaris operating systems.
3. System requirements The following hardware requirements must be met before the installation process in order to run ESET File Security properly: 250MB of hard-disk space 256MB of RAM glibc 2.3.6 or higher 2.6.x Linux OS kernel versions ESET File Security should work on most recent and frequently used open-source Linux distributions if the above criteria are met.
4. Installation After purchasing ESET File Security, you will receive your authorization data (Username, Password and license key). These credentials identify you as an ESET customer, and are required to download updates for ESET File Security. The Username/ Password data is also required for downloading the initial installation package from our web site. ESET File Security is distributed as a binary file: esets.arch.ext.
Enter your Username and Password information into the global section of the ESET configuration file using a text editor: vi @ETCDIR@/esets.cfg Edit the ESETS Update options section of the ESETS configuration file. av_update_username = "EAV-12345678" av_update_password = "yourpassword" Start main daemon service: Linux OS: BSD OS: /etc/init.d/esets start /usr/local/etc/rc.d/esets.
5. Architecture Overview Once ESET File Security is successfully installed, you should become familiar with its architecture. Figure 4-1. Structure of ESET File Security. The structure of ESET File Security is shown in Figure 4-1. The system is comprised of the following parts: CORE The core of ESET File Security is the ESETS daemon (esets_daemon). The daemon uses ESETS API library libesets.so and ESETS loading modules em00X_xx.
@ETCDIR@/license This directory is used to store the product(s) license key(s) you have acquired from your vendor. Note that the ESETS daemon will check only this directory for a valid license key. @ETCDIR@/scripts/license_warning_script If enabled by the Scheduler task named Threat notification, this script will be executed 30 days (once per day) before product license expiration, sending an email notification about the expiration status to the system administrator.
6. Integration with File System services This chapter describes the On-demand and On-access scanner configuration which will provide the most effective protection from virus and worm file system infections. ESET File Security’s scanning power is derived from the On-demand scanner command ‘esets_scan’ and the On-access scanner command ‘esets_dac’. The Linux version of ESET File Security offers an additional On-access scanner technique which uses the preloaded library module libesets_pac.so.
6.2.2 Installation and configuration The libesets_pac.so library module is installed using a standard installation mechanism of the preloaded libraries. You need to define the environment variable ‘LD_PRELOAD’ with the absolute path to the libesets_pac.so library. For more information, please refer to the ld.so(8) man page. Note: It is important that the ‘LD_PRELOAD‘ environment variable is defined only for the network server daemon processes (ftp, Samba, etc.
Note: Some OS kernel versions do not support the interception of ON_CLOSE events. In these cases, close events will not be monitored by esets_dac. Exec events To activate this file access type, set the value of the ‘event_mask’ parameter to exec in the [dac] section of the esets.cfg file. This will enable the ON_EXEC bit of the Dazuko access mask. The On-access scanner ensures that all opened, closed and executed files are first scanned by the esets_daemon for viruses.
7. Important ESET File Security mechanisms 7.1 Handle Object Policy The Handle Object Policy (see figure 6-1) mechanism provides filtering for scanned objects based on their status. This functionality is based on the following configuration options: action_av action_av_infected action_av_notscanned action_av_deleted For detailed information on these options, please refer to the esets.cfg(5) man page. Figure 6-1. Scheme of Handle Object Policy mechanism.
[dac] agent_enabled = yes event_mask = "open" ctl_incl = "/home" action_av = "scan" user_config = "esets_dac_spec.cfg" Once the ‘user_config’ file parameter is specified within the [dac] section, the ‘esets_dac_spec.cfg’ file must be created in the ESETS configuration directory. Finally, add the desired scanning rules. [username] action_av = "reject" At the top of the special section, enter the username to which the individual rules will be applied.
7.5 Web Interface The web interface allows user-friendly configuration, administration and license management of ESET Security systems. This module is a separate agent and must be explicitly enabled.
Figure 6-2. ESET Licenses. You can enable the license notification option in the Scheduler section options. If enabled, this functionality will notify you 30 days prior to your license expiration. 7.5.2 On-Access scanner (DAC) configuration example There are two ways you can to configure ESETS. In our example, we will demonstrate how to use either of them to setup the DAC module, described in the On-access scanner powered by Dazuko chapter. You can choose the option that best suits you.
your new changes, click the Apply changes button in the Configuration sections panel. 7.5.3 On-Demand scanner This section comprises an example on how to run the On-Demand scanner to scan for viruses: Navigate to Control > On-Demand Scan Enter the path to the directory you want to scan Execute the command-line scanner by clicking the Scan button Figure 6-4. ESETS - Control > On-Demand scanner. ESET Command-line scanner will automatically run in the background.
Click the checkbox to enable/disable a scheduled task. By default, the following scheduled tasks are displayed: Log maintenance – The program automatically deletes older logs in order to save hard disk space. The Scheduler will start defragmenting logs. All empty log entries will be removed during this process. This will improve the speed when working with logs. The improvement will be more noticeable if the logs contain a large number of entries.
Figure 6-7. ERA Console tabs. For more information, please read the ESET Remote Administrator manual. This manual is located on our web site at the following link: http://www.eset.com/documentation 7.6.1 Remote Administration usage example Before commencing any remote administration process, ensure your system fulfills the three following prerequisites: Running ERA Server Running ERA Console Enable RA Client in the ESETS daemon.
Figure 6-8. ERA Configuration Editor. The New Task context menu contains On-demand scanning options (enabled/disabled cleaning). You can select the desired product that you wish to set the task for in the On-Demand Scan pop-up window in the Configuration Section drop-down menu. Make sure that you select the On-demand Scan task for Unix ESET Security Product option (i.e. the product that is installed on your target workstation). Figure 6-9. ERA On-demand scan.
7.7 Logging ESETS provides system daemon logging via syslog. Syslog is a standard for logging program messages and can be used to log system events such as network and security events. Messages refer to a facility: auth, authpriv, daemon, cron, ftp, lpr, kern, mail, ..., local0, ..., local7 Messages are assigned a priority/level by the sender of the message: Error, Warning, Summall, Summ, Partall, Part, Info, Debug This section describes how to configure and read the logging output of syslog.
8. ESET Security system update 8.1 ESETS update utility To maintain the effectiveness of ESET File Security, the virus signature database must be kept up to date. The esets_update utility has been developed specifically for this purpose. See the esets_update(8) man page for details. To launch an update, the configuration options ‘av_update_username’ and ‘av_update_password’ must be defined in the [global] section of the ESETS configuration file.
9. Let us know We hope this guide has provided you with a thorough understanding of the requirements for ESET File Security installation, configuration and maintenance. It is our goal to continually improve the quality and effectiveness of our documentation. For additional assistance with your ESET product, please visit our online Knowledgebase at the following URL: http://kb.eset.
10. Appendix A. PHP License The PHP License, version 3.01 Copyright (c) 1999 - 2006 The PHP Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
