ESET Mail Security Installation Manual and User Guide Linux, BSD and Solaris
Contents ..................................................................3 1. Introduction .........................................................................................3 1.1 Main functionality .........................................................................................3 1.2 Key features of the system ..................................................................5 2. Terminology and abbreviations ..................................................................7 3.
1. Introduction Dear user, you have acquired ESET Mail Security - the premier security system running under the Linux, BSD and Solaris OS. As you will soon find out, ESET's state-of-the-art scanning engine has unsurpassed scanning speed and detection rates combined with a very small footprint that makes it the ideal choice for any Linux, BSD and Solaris OS server. 1.1 Main functionality Post Office Protocol filter (POP3) The POP3 filter scans communication between POP3 clients and servers for viruses.
Web interface Configuration, administration and license management are offered through an intuitive and user-friendly Web interface. Remote administration The system supports ESET Remote Administration for management in large computer networks. No external libraries The ESET Mail Security installation does not require external libraries or programs except for LIBC.
2. Terminology and abbreviations In this section we will review the terms and abbreviations used in this document. Note that a boldface font is reserved for product component names and also for newly defined terms and abbreviations. Terms and abbreviations defined in this chapter are expanded upon later in this document. ESETS ESET Security is a standard acronym for all security products developed by ESET, spol. s r. o. for Linux, BSD and Solaris operating systems.
ESETS object files directory The directory where the relevant ESET Mail Security object files and libraries are stored. The abbreviation @ LIBDIR@ will be used for future references to this directory.
3. Installation After purchasing ESET Mail Security, you will receive your authorization data (username, password and license key). This data is necessary for both identifying you as our customer and allowing you to download updates for ESET Mail Security. The username/password data is also required for downloading the initial installation package from our web site. ESET Mail Security is distributed as a binary file: esets.i386.ext.
4. Architecture Overview Once ESET Mail Security is successfully installed, you should become familiar with its architecture. Figure 4-1. Structure of ESET Mail Security. The structure of ESET Mail Security is shown in Figure 4-1. The system is comprised of the following parts: CORE The Core of ESET Mail Security is the ESETS daemon (esets_daemon). The daemon uses ESETS API library libesets.so and ESETS loading modules em00X_xx.
please refer to the esets.cfg (5 ) and esets_da emon(8 ) man pages, as well as relevant agents‘ man pages. @ETCDIR@/certs This directory is used to store the certificates used by the ESETS web interface for authentication. Please see the esets_wwwi(8 ) man page for details. @ETCDIR@/license This directory is used to store the product(s) license key(s) you have acquired from your vendor.
5. Integration with Email Messaging System This chapter describes the integration of ESET Mail Security with a variety of known email messaging systems. It is extremely important to understand the basic principles of an email messaging system (see figure 5-1) and how ESET Mail Security integrates with it. Figure 5-1. Scheme of UNIX OS email messaging system. MTA - Mail Transport Agent A program (e.g., sendmail, postfix, qmail, exim, etc.
5.1 Bi-directional email message scanning in MTA Bi-directional email message scanning mode allows the user to scan inbound email messages as well as outbound, using the same implementation algorithm. The bi-directional content filter method is MTA dependent. ESET Mail Security comes with five content filters that are built for the most common MTA programs, such as MTA Sendmail, Postfix, Exim, QMail and ZMailer. Check that your MTA is properly configured and running.
approval. It can also be used for uninstalling. Detailed steps for all possible scenarios are described in appendix A of this documentation. 5.5 Alternative methods of content filtering 5.5.1 Scanning email messages in CommuniGate Pro using esets_cgp CommuniGate Pro is the powerful and reliable Unified Communications server and esets_cg p is used for content filtering (antivirus and anti-spam filtering). Esets_cg p only allows scanning of incoming email messages.
Figure 5-3. Rule Settings. 5.5.2 Scanning email messages using AMaViS AMaViS (A Mail Virus Scanner) is a tool that interfaces your MTA with several antivirus scanners. It supports various MTAs and comes in three branches: a ma vis, a ma visd and a ma visd-new. Only the amavisd-new branch is supported. AMaViS cooperates with ESET Mail Security by using esets_cli. Before explaining the AMaViS configurations, the impact of the ESET Mail Security functionality method is described.
6. Important ESET Mail Security mechanisms 6.1 Handle Object Policy The Handle Object Policy (see figure 6-1) mechanism provides filtering of scanned objects based on their status. This functionality is based on the following configuration options: action_av action_av_infected action_av_notscanned action_av_deleted For detailed information on these options, please refer to the esets.cfg (5 ) man page. Figure 6-1. Scheme of Handle Object Policy mechanism.
Here, the esets_smtp module is used as a content filter for MTA Postfix. The functionality of this module is based on the [smtp] section in the ESETS configuration file (esets.cfg). See below: [smtp] agent_enabled = yes listen_addr = "localhost" listen_port = 2526 server_addr = "localhost" server_port = 2525 action_av = "scan" To provide individual parameter settings, define a ‘user_config ’ parameter with the path to the special configuration file where the individual setting will be stored.
Once anti-spam is enabled in any of the configuration sections, the anti-spam scanning engine initializes during the main scanning daemon start-up. During this process, appropriate anti-spam support modules are loaded from the anti-spam cache directory. To define the period (in minutes), after which ESETS will check for available anti-spam module updates, edit the entry shown below in the ESETS configuration file.
section. In addition, users can choose to provide the ESET virus laboratory team with supplementary information using the ‘sa mples_provider_ma il’ and/or ‘sa mples_provider_country’ configuration options. The information collected using these options will assist in providing the ESET team with an overview about a given infiltration which may be spreading over the Internet. For more information on the Samples Submission System, refer to the esets_da emon(8 ) man page. 6.
Figure 6-2. ESET Licenses. You can enable the license notification option in the Globa l section options. If enabled, this functionality will notify you 30 days prior to your license expiration. NOTE: If you have a fully functional ESET File/Gateway Security for Linux, BSD and Solaris installation and you wish to expand it by adding ESET Mail Security, you will need to set your new username and password for ESET Mail Security either in the ESETS configuration file, or in the Web interface.
Figure 6-4. SMTP Scanner options. 6.6.3 Statistics You can view statistics for all of active ESETS agents here. Sta tistics summary refreshes every 10 seconds. Figure 6-5. ESETS - Control > Statistics. 6.7 Remote Administration ESETS supports ESET Remote Administration for mail security management in large computer networks.
These functionalities are not supported: Firewall Log Remote Install Figure 6-6. ERA Console tabs. For more information, please read the ESET Remote Administrator manual. This manual is located on our web site at the following link: http://www.eset.com/documentation 6.7.1 Remote Administration usage example Before commencing any remote administration process ensure your system fulfills the three following prerequisites: Running ERA Server Running ERA Console Enable RA Client in the ESETS daemon.
Figure 6-8. ERA Configuration Editor. The N ew Ta sk context menu contains On-demand scanning options (enabled/disabled cleaning). You can select the desired product, that you wish to set the task for, in the O n-Dema nd Sca n pop-up window in the Config ura tion Section drop-down menu. Make sure that you select the O n-dema nd Sca n ta sk for Unix ESET Security Product option (i.e. the product that is installed on your target workstation). Figure 6-9. ERA On-demand scan.
6.8 Logging ESETS provides system daemon logging via syslog. Syslog is a standard for logging program messages and can be used to log system events such as network and security events. Messages refer to a facility: auth, authpriv, daemon, cron, ftp, lpr, kern, mail, ..., local0, ..., local7 Messages are assigned a priority/level by the sender of the message: Error, Warning, Summall, Summ, Partall, Part, Info, Debug This section describes how to configure and read the logging output of syslog.
7. ESET Security system update 7.1 ESETS update utility To maintain the effectiveness of ESET Mail Security, the virus signature database must be kept up to date. The esets_update utility has been developed for this purpose. See the esets_upda te(8 ) man page for details. To launch an update, the configuration options ‘a v_upda te_userna me’ and ‘a v_upda te_pa ssword’ must be defined in the [g loba l] section of the ESETS configuration file.
8. Let us know Dear user, we hope this Guide has provided you with a thorough understanding of the requirements for ESET Mail Security installation, configuration and maintenance. However, our goal is to continually improve the quality and effectiveness of our documentation. If you feel that any sections in this Guide are unclear or incomplete, please let us know by contacting Customer Care: http://www.eset.com/support or use directly the support form: http://www.eset.
9. Appendix A. ESETS setup and configuration 9.1 Setting ESETS for MTA Postfix Inbound email message scanning W a rning : This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section. The objective of this installation is to insert esets_mda before the original Postfix MDA. The MDA to be used (with arguments) is set in the Postfix parameter ‘ma ilbox_comma nd’. NOTE: If the ‘mailbox_command‘ value is empty, Postfix alone is delivering mail .
9.2 Setting ESETS for MTA Sendmail Inbound email message scanning W a rning : This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section. The objective of this installation is to insert esets_mda before Sendmail’s original MDA. NOTE: On FreeBSD, Sendmail may be communicating with MDA using LMTP. However, esets_mda does not understand LMTP. If you have FEATURE(local_lmtp) in ‘hostname’.mc, comment it out now and recreate sendmail.cf.
This will start Qmail using esets_mda for local deliveries. However, the original delivery specification is passed to qmail-local through esets_mda. Note that in this configuration esets_mda will use Qmail’s recognized exit codes (see the qma il-comma nd(8 ) man page). Lastly, replace qmail-start using commands: mv /var/qmail/bin/qmail-start /var/qmail/bin/qmail-start.orig ln -s qmail-start.esets /var/qmail/bin/qmail-start Restart Qmail.
9.5 Setting ESETS for MTA Exim version 4 Inbound email message scanning The goal of this installation is to create an Exim transport from esets_mda for local users. In the [mda ] section of the ESETS configuration file, set this parameter: mda_path = "/usr/sbin/exim" or, if you are using FreeBSD, this parameter: mda_path = "/usr/local/sbin/exim" where /usr/sbin/exim (or /usr/local/sbin/exim) is the full path to the Exim binary. Then restart the ESETS daemon.
9.7 Setting ESETS for outbound email message scanning Outbound email message scanning is performed using the esets_smtp daemon. In the [smtp] section of the ESETS configuration file, set these parameters: agent_enabled = yes listen_addr = "192.168.1.0" listen_port = 2525 where ‘listen_a ddr’ is the address of the local network interface named if0. Then, restart the ESETS daemon. The next step is to redirect all SMTP requests to esets_smtp.
iptables -t nat -A PREROUTING -p tcp -i if0 --dport 143 -j REDIRECT --to-ports 8143 On FreeBSD, the rule is as follows: ipfw add fwd 192.168.1.10,8143 tcp from any to any 143 via if0 in On NetBSD and Solaris: echo 'rdr if0 0.0.0.0/0 port 143 -> 192.168.1.
10. Appendix B. PHP License The PHP License, version 3.01 Copyright (c) 1999 - 2006 The PHP Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.
