we protect digital worlds ESET Mail Security Installation Manual and User’s documentation
Table of contents 1. Introduction .......................................................................................... 3 2. Terminology and abbreviations..........................................................5 3. Installation.............................................................................................. 9 4. Product’s Roadmap.............................................................................11 5. Integration with E-mail Messaging System...................................
Chapter 1: Introduction
Dear user, you have acquired ESET Mail Security - probably the best security system running under the Linux/BSD/Solaris OS. As you will soon find out, the system using the state-of-the-art ESET scanning engine, has unsurpassed scanning speed and detection rate, combined with a very small footprint that makes it the ideal choice for any Linux/BSD/Solaris OS server. In the rest of this chapter we review a key features of the system.
Chapter 2: Terminology and abbreviations
In the following text we review terms and abbreviations used in this documentation. Note that in this documentation (PDF format only) a boldface font is reserved for product components names and in this chapter also for newly defined terms and abbreviations. Note also that terms and abbreviations defined in this chapter are emphasized later in this documentation (PDF format only). ESETS ESET Security is a common acronym for all security products developed by ESET, spol. s r.o.
documentation we use abbreviation @BINDIR@ for the directory. The directory location is as follows: Linux: /usr/bin Linux RSR: /opt/eset/esets/bin FreeBSD: /usr/local/bin NetBSD: /usr/pkg/bin Solaris: /opt/esets/bin ESETS system binary files directory The directory where the relevant ESET File Security system binary files are stored. Further in this documentation we use abbreviation @SBINDIR@ for the directory.
Chapter 3: Installation
This product is distributed as a binary file: esets.i386.ext.bin where ‘ext’ is a Linux/BSD/Solaris OS distribution dependent suffix, i.e. ‘deb’ for Debian, ‘rpm’ for RedHat and SuSE, ‘tgz’ for other Linux OS distributions, ‘fbs5.tgz’ for FreeBSD 5.xx, ‘fbs6.tgz‘ for FreeBSD 6.xx, ‘nbs4.tgz‘ for NetBSD 4.xx and ‘sol10.pkg.gz‘ for Solaris 10. Note that the Linux RSR binary file format is: esets-rsr.i386.rpm.bin In order to install or update the product, use statement: sh ./esets.i386.ext.bin resp.
Chapter 4: Product’s Roadmap
Once the product package has been successfully installed, it is time to become familiar with its content. Figure 4-1. Structure of ESET Mail Security. WWW INTERFACE AGENTS CONFIGURATION esets_cli esets.cfg esets_imap license esets_mda UTILITIES scripts esets_pipe esets_pop3 esets_smfi esets_smtp esets_lic CORE system service esets_quar scanning engine esets_setup esets_update The structure of ESET Mail Security is shown in the figure 4-1. The system is composed of the following components.
@ETCDIR@/esets.cfg This is the most important configuration file as it maintains the major part of the product functionality. After exploring the file you can see that it is built from various parameters distributed within sections. Note the section names always enclosed in square brackets. In the ESETS configuration file there is always one global and several so-called agent sections.
Chapter 5: Integration with E-mail Messaging System
This chapter describes integration of the ESET Mail Security with the variety of known e-mail messaging systems. Knowledge of e-mail messaging system basic principles (figure 5-1) is of paramount importance for understanding of ESETS operation. Figure 5-1. Scheme of UNIX OS e-mail messaging system.
Protocol or IMAP - Internet Message Access Protocol to communicate with the MTA. To send data to the Internet the SMTP protocol communication is used. The ESETS operating principle is based on data communication interception and scanning at the various phases of its transfer. The interception locations are marked in the figure 4-1 by symbols S1, S2, S3 and S4. S1 Bi-directional e-mail messages scanning, i.e. content filtering in MTA. S2 Scanning of inbound e-mail messages, i.e.
scanning can be enabled by proper configuration setting of MTA and esets_mda module. Note that the ESET Mail Security supports most common MTA, i.e. MTA Sendmail, Postfix, Exim, QMail and ZMailer. ESETS supports any MDA. In particular the following MDAs were tested: procmail, maildrop, deliver and local.mail. In order to configure ESET Mail Security for inbound e-mail messages scanning you have to be sure that your MTA is properly configured using original MDA and running.
5.5. Alternative methods of content filtering 5.5.1. Scanning e-mail messages using AMaViS AMaViS - A Mail Virus Scanner is a tool that interfaces your MTA and several anti-virus scanners. It supports various MTAs and comes in three branches: amavis, amavisd and amavisd-new. Amavis cooperates with ESET Mail Security by using esets_cli. Yet before we go into detailed explanation of the Amavis configurations, we would like to discuss the impact of the method on the ESET Mail Security functionality.
zoo. You also have to make a symlink in /usr/bin from uncompress to gzip and create the user amavis in group amavis with home dir /var/amavis. Now continue with the usual installation process (./configure, make, make install) and follow the rules README.mta according your mail server. 5.5.1.2. amavisd Configuration of Amavisd is performed during the process of Amavisd installation. Unpack the source amavisd-0.x.tgz and follow the rules for amavis described in previous section of this guide.
Chapter 6: Important ESET Mail Security mechanisms
6.1. Handle Object Policy The Handle Object Policy (see figure 5-1) is a mechanism that provides handling of the scanned objects depending on their scanning status. The mechanism is based on so-called action configuration options: ‘action_av‘, ‘action_av_infected‘, ‘action_av_notscanned‘, ‘action_ av_deleted‘, ‘action_as_spam‘, ‘action_as_notscanned‘. For detailed information on the options, please refer to the esets.cfg(5) manual page. Figure 6-1. Scheme of Handle Object Policy mechanism.
6.2. User Specific Configuration User Specific Configuration mechanism is implemented in the product in order to provide administrator with enhanced configuration functionality. It allows to define ESETS anti-virus scanner parameters selectively for client/server identification. Please note that the detailed description of this functionality can be found in esets.cfg(5) manual page and manual pages referenced there.
6.3. Black-list and white-list In the next example we demonstrate the black-list and also white-list creation for the esets_ smtp configured as content filter for MTA Postfix. Note that we use configuration described in the previous section for this purpose. Thus in order to create black-list used by esets_smtp we have to create the following group section within the special configuration file ‘esets_smtp_spec.cfg’ introduced in the previous section.
It is also possible to configure anti-spam functionality using configuration file: @ETCDIR@/anti-spam/spamcatcher.conf Note the number of files within this directory, each corresponding to different recommended settings of anti-spam engine. Note that the default configuration file corresponds to the configuration file ‘spamcatcher.conf.faster’. In order to use any of the files just replace the default anti-spam configuration file ‘spamcatcher.conf’ with the chosen one and reload ESETS daemon. 6.5.
(enter all four values as your own ones) and direct your browser to ’https://address:port’ (note the https) and login with ’name/pass’. There are basic usage instructions on the help page. For more technical details about esets_wwwi see the esets_wwwi(1) manual page. 6.7. Remote Administration ESETS supports ESET Remote Administration for management in large computer networks. For more information, please read the Remote Administration Manual.
Chapter 7: ESET Mail Security system update
7.1. ESETS update utility In order to keep the ESET Mail Security effective, it is necessary to keep its virus signatures database up to date. The esets_update utility has been developed for this purpose (see esets_ update(8) manual page for details). In order to launch update one has to define configuration options ‘av_update_username‘ and ‘av_update_password‘ in [global] section of ESETS configuration file.
Chapter 8: Let us know
Dear user, this guide should have given you a good knowledge about the ESET Mail Security installation, configuration and maintenance. However, writing a documentation is a process that is never finished. There will always be some parts that can be explained better or are not even explained at all. Therefore, in case of bugs or inconsistencies found within this documentation, please report a problem to our support center http://www.eset.
Appendix A.
A.1. Setting ESETS for MTA Postfix A.1.1. Inbound e-mail messages scanning Warning: This installation is not compatible with SELinux. Either disable SELinux or follow the next section. The goal of this installation is to insert esets_mda before Postfix original MDA. Used MDA (with arguments) is set in the Postfix parameter ‘mailbox_command’. Note: If the value is empty, Postfix is delivering mail by himself. You have to install and configure a real MDA (e.g.
The last thing is to make Postfix accept mail on port 2525 and continue processing it. Add this entry to Postfix master.cf file: localhost:2525 inet n - n - - smtpd -o content_filter= -o myhostname=esets.yourdomain.com -o local_recipient_maps= -o relay_recipient_maps= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.
A.2.2. Bi-directional e-mail messages scanning The goal of this installation is to scan all mails in Sendmail with esets_smfi filter. In the [smfi] section of ESETS configuration file set these parameters: agent_enabled = yes smfi_sock_path = ”/var/run/esets_smfi.sock” and restart ESETS daemon. Then add to file sendmail.mc (or `hostname`.mc on FreeBSD) before all MAILER definitions this line: INPUT_MAIL_FILTER(`esets_smfi’, `S=local:/var/run/esets_smfi.
exec qmail-start.orig ”|@BINDIR@/esets_mda ‘$A’”’ \ -- --sender=”$SENDER” --recipient=”$RECIPIENT”’ “$@” which will start Qmail using esets_mda for local deliveries. However, the original delivery specification is passed to qmail-local through esets_mda. Note that in this configuration esets_ mda will use Qmail’s recognized exit codes (see qmail-command(8)). Lastly, replace qmail-start using commands: mv /var/qmail/bin/qmail-start /var/qmail/bin/qmail-start.orig ln -s qmail-start.
esets_director: driver = smartuser condition = ”${if eq {$received_protocol}{esets-scanned} {0}{1}}” transport = esets_transport verify = false which will send all not-yet-scanned mails for local users to esets_mda, which will inject them back to Exim for further processing. For reread of newly created configuration, restart Exim. A.4.2. Bi-directional e-mail messages scanning The goal of this installation is to create an Exim transport from esets_mda for all mails.
A.5.2. Bi-directional e-mail messages scanning The goal of this installation is to create an Exim transport from esets_mda for all mails. Perform all steps from the previous section, but omit this line in esets_router: domains = +local_domains A.6. Setting ESETS for MTA ZMailer A.6.1. Inbound e-mail messages scanning The goal of this installation is to use esets_mda as ZMailer‘s local delivery agent. However, you need to have a real MDA installed, e.g. procmail.
agent_enabled = yes listen_addr = ”192.168.1.0” listen_port = 2525 where ‘listen_addr’ is the address of local network interface named if0. Then restart ESETS daemon. The next step is to redirect all SMTP requests to esets_smtp.
ipfw add fwd 192.168.1.10,8110 tcp from any to any 110 via if0 in On NetBSD and Solaris: echo ’rdr if0 0.0.0.0/0 port 110 -> 192.168.1.10 \ port 8110 tcp’ | ipnat -f - A.9. Setting ESETS for scanning of IMAP communication The IMAP communication scanning is performed using esets_imap daemon. In the [imap] section of ESETS configuration file set these parameters: agent_enabled = yes listen_addr = ”192.168.1.
Appendix B.
The PHP License, version 3.01 Copyright (c) 1999 - 2006 The PHP Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
