ESET GATEWAY SECURITY - FOR LINUX BSD AND SOLARIS, Gateway Security Installation Manual

ESET Gateway Security

Installation Manual and User Guide

Linux, BSD and Solaris

ESET Gateway Security

Copyright ©2010 by ESET, spol. s r. o.

ESET Gateway Security was developed by ESET, spol. s r. o.
For more information visit www.eset.com.
All rights reserved. No part of this documentation may be
reproduced, stored in a retrieval system or transmitted in any
form or by any means, electronic, mechanical, photocopying,
recording, scanning, or otherwise without permission in writing
from the author.
ESET, spol. s r. o. reserves the right to change any of the
described application software without prior notice.

Customer Care Worldwide: www.eset.eu/support
Customer Care North America: www.eset.com/support

REV. 2010-11-30

Contents

................................................3

1. Introduction

........................................................................3Main functionality1.1

........................................................................3Key features of the system1.2

................................................5

2. Terminology and abbreviations

................................................7

3. Installation

................................................8

4. Architecture Overview

................................................9

5. Integration with Internet Gateway

services

........................................................................9Transparent HTTP/FTP proxy configuration5.1

........................................................................10Manual HTTP/FTP proxy configuration5.2

..............................................................................10Manual proxy configuration of Mozilla Firefox5.2.1

..............................................................................11

Manual proxy configuration of Squid Web
Proxy Cache

5.2.2

........................................................................12Internet Content Adaptation configuration5.3

........................................................................12Large HTTP Objects Handling5.4

........................................................................13ESETS plug-in filter for SafeSquid Proxy Cache5.5

..............................................................................13Operation principle5.5.1

..............................................................................13Installation and configuration5.5.2

................................................15

6. Important ESET Gateway Security

mechanisms

........................................................................15Handle Object Policy6.1

........................................................................15User Specific Configuration6.2

........................................................................16Blacklist and Whitelist6.3

..............................................................................16Whitelist URL6.3.1

........................................................................16Samples Submission System6.4

........................................................................17Web Interface6.5

..............................................................................18License management6.5.1

..............................................................................18Agent HTTP configuration example6.5.2

..............................................................................19HTTP Agent testing with the Mozilla Firefox6.5.2.1

..............................................................................20Statistics6.5.3

........................................................................21Remote Administration6.6

..............................................................................21Remote Administration usage example6.6.1

................................................23

7. ESET Security system update

........................................................................23ESETS update utility7.1

........................................................................23ESETS update process description7.2

........................................................................23ESETS mirror http daemon7.3

................................................24

8. Let us know

................................................25

9. Appendix A. ESETS setup and

configuration

........................................................................25

Setting ESETS for scanning of HTTP communication

- transparent mode

9.1

........................................................................25

Setting ESETS for scanning of FTP communication ­transparent mode

9.2

........................................................................25

Setting ESETS for scanning of ICAP encapsulated
HTTP messages

9.3

................................................26

10. Appendix B. PHP License

3

1. Introduction

Dear user, you have acquired ESET Gateway Security - the premier security system running under the Linux, BSD
and Solaris OS. As you will soon find out, ESET's state-of-the-art scanning engine has unsurpassed scanning speed
and detection rates combined with a very small footprint that makes it the ideal choice for any Linux, BSD and Solaris
OS server.

1.1 Main functionality

Hypertext Transfer Protocol filter (HTTP)

The HTTP filter module is an HTTP 1.1 compliant special proxy server used to scan communication between HTTP
clients and HTTP servers for viruses. The module receives HTTP messages from an HTTP client (a web browser
application or other proxy cache) and forwards them to the HTTP server (a web server application) and vice versa. The
body of the message (if available) will be scanned for viruses by the esets_http module.

The esets_http is able to act as both a transparent and a non-transparent proxy server depending on the integration
of the module into the environment.

File Transfer Protocol filter (FTP)

The FTP filter module is a special transparent proxy server that scans communication between an ftp client and an
ftp server for viruses. The FTP gateway module is used to scan both incoming and outgoing data transfers. Depending
on the scanning results a transferred object will be cleaned, deleted or blocked.

SafeSquid filter

The SSFI module is a plugin accessing all objects processed by the SafeSquid Proxy cache. Once an object is accessed
by the plugin, it will be scanned for infiltrations by the ESETS daemon. In case of positive detection SSFI blocks the
appropriate source and sends a predefined template page instead. The esets_ssfi.so module is supported by SafeSquid
Advanced version 4.0.4.2 and higher.

Internet Content Adaptation Protocol filter (ICAP)

The ICAP filter module is an ICAP 1.0 compliant special server that scans ICAP encapsulated HTTP messages from
ICAP clients for viruses.

1.2 Key features of the system

Advanced engine algorithms

The ESET antivirus scanning engine algorithms provide the highest detection rate and the fastest scanning times.

Multi-processing

ESET Gateway Security is developed to run on single- as well as multi-processor units.

Advanced Heuristics

ESET Gateway Security includes unique advanced heuristics for Win32 worms, backdoor infections and other forms
of malware.

Built-In features

Built-in archivers unpack archived objects without the need for any external programs.

Speed and efficiency

To increase the speed and efficiency of the system, its architecture is based on the running daemon (resident
program) where all scanning requests are sent.

Enhanced security

All executive daemons (except esets_dac) run under non-privileged user account to enhance security.

Selective configuration

The system supports selective configuration based on the user or client/server.

4

Multiple logging levels

Multiple logging levels can be configured to get information about system activity and infiltrations.

Web interface

Configuration, administration and license management are offered through an intuitive and user-friendly Web
interface.

Remote administration

The system supports ESET Remote Administration for management in large computer networks.

No external libraries

The ESET Gateway Security installation does not require external libraries or programs except for LIBC.

User-specified notification

The system can be configured to notify specific users in the event of a detected infiltration or other important
events.

Low system requirements

To run efficiently, ESET Gateway Security requires just 16MB of hard-disk space and 32MB of RAM. It runs smoothly
under the 2.2.x, 2.4.x and 2.6.x Linux OS kernel versions as well as under 5.x, 6.x FreeBSD OS kernel versions.

Performance and scalability

From lower-powered, small office servers to enterprise-class ISP servers with thousands of users, ESET Gateway
Security delivers the performance and scalability you expect from a UNIX based solution, in addition to the unequaled
security of ESET products.

5

2. Terminology and abbreviations

In this section we will review the terms and abbreviations used in this document. Note that a boldface font is
reserved for product component names and also for newly defined terms and abbreviations. Terms and abbreviations
defined in this chapter are expanded upon later in this document.

ESETS

ESET Security is a standard acronym for all security products developed by ESET, spol. s r. o. for Linux, BSD and
Solaris operating systems. It is also the name (or its part) of the software package containing the products.

RSR

Abbreviation for ‘RedHat/Novell(SuSE) Ready’. Note that we also support RedHat Ready and Novell(SuSE) Ready
variations of the product. The RSR package differs from the “standard” Linux version in that it meets the FHS (File­system Hierarchy Standard defined as a part of Linux Standard Base) criteria required by the RedHat Ready and Novell
(SuSE) Ready certificate. This means that the RSR package is installed as an add-on application - the primary
installation directory is ’/opt/eset/esets’.

ESETS daemon

The main ESETS system control and scanning daemon: esets_daemon.

ESETS base directory

The directory where ESETS loadable modules containing the virus signature database are stored. The abbreviation
@BASEDIR@ will be used for future references to this directory. The @BASEDIR@ value for the following Operating
Systems is listed below:

Linux: /var/lib/esets
Linux RSR: /var/opt/eset/esets/lib
FreeBSD: /var/lib/esets
NetBSD: /var/lib/esets
Solaris: /var/opt/esets/lib

ESETS configuration directory

The directory where all files related to the ESET Gateway Security configuration are stored. The abbreviation
@ETCDIR@ will be used for future references to this directory. The @ETCDIR@ value for the following Operating
Systems is listed below:

Linux: /etc/esets
Linux RSR: /etc/opt/eset/esets
FreeBSD: /usr/local/etc/esets
NetBSD: /usr/pkg/etc/esets
Solaris: /etc/opt/esets

ESETS configuration file

Main ESET Gateway Security configuration file. The absolute path of the file is as follows:

@ETCDIR@/esets.cfg

ESETS binary files directory

The directory where the relevant ESET Gateway Security binary files are stored. The abbreviation @BINDIR@ will be
used for future references to this directory. The @BINDIR@ value for the following Operating Systems is listed below:

Linux: /usr/bin
Linux RSR: /opt/eset/esets/bin
FreeBSD: /usr/local/bin
NetBSD: /usr/pkg/bin
Solaris: /opt/esets/bin

ESETS system binary files directory

The directory where the relevant ESET Gateway Security system binary files are stored. The abbreviation @SBINDIR@
will be used for future references to this directory. The @SBINDIR@ value for the following Operating Systems is listed
below:

6

Linux: /usr/sbin
Linux RSR: /opt/eset/esets/sbin
FreeBSD: /usr/local/sbin
NetBSD: /usr/pkg/sbin
Solaris: /opt/esets/sbin

ESETS object files directory

The directory where the relevant ESET Gateway Security object files and libraries are stored. The abbreviation
@LIBDIR@ will be used for future references to this directory. The @LIBDIR@ value for the following Operating Systems
is listed below:

Linux: /usr/lib/esets
Linux RSR: /opt/eset/esets/lib
FreeBSD: /usr/local/lib/esets
NetBSD: /usr/pkg/lib/esets
Solaris: /opt/esets/lib

7

3. Installation

After purchasing ESET Gateway Security, you will receive your authorization data (username/password and license
key). This data is necessary for both identifying you as our customer and allowing you to download updates for ESET
Gateway Security. The username/password data is also required for downloading the initial installation package from
our web site. ESET Gateway Security is distributed as a binary file:

esets.i386.ext.bin

In the binary file shown above, ‘ext’ is a Linux, BSD and Solaris OS distribution dependent suffix, i.e., ‘deb’ for
Debian, ‘rpm’ for RedHat and SuSE, ‘tgz’ for other Linux OS distributions, ‘fbs5.tgz’ for FreeBSD 5.x, ‘fbs6.tgz‘ for
FreeBSD 6.x, ‘nbs4.tgz‘ for NetBSD 4.xx and ‘sol10.pkg.gz‘ for Solaris 10.

Note that the Linux RSR binary file format is:

esets-rsr.i386.rpm.bin

To install or upgrade the product, use the following command:

sh ./esets.i386.ext.bin

For the Linux RSR variation of the product, use the command:

sh ./esets-rsr.i386.rpm.bin

to display the product’s User License Acceptance Agreement. Once you have confirmed the Acceptance Agreement,
the installation package is placed into the current working directory and relevant information regarding the package’s
installation, un-installation or upgrade is displayed onscreen.

Once the package is installed, you can verify that the main ESETS service is running by using the following
command:

Linux OS:

ps -C esets_daemon

BSD OS:

ps -ax | grep esets_daemon

Solaris:

ps -A | grep esets_daemon

After pressing ENTER, you should see the following (or similar) message:

PID TTY TIME CMD
2226 ? 00:00:00 esets_daemon
2229 ? 00:00:00 esets_daemon

At least two ESETS daemon processes are running in the background. The first PID represents the process and
threads manager of the system. The other represents the ESETS scanning process.

8

4. Architecture Overview

Once ESET Gateway Security is successfully installed, you should become familiar with its architecture.The system is
comprised of the following parts:

CORE

The Core of ESET Gateway Security is the ESETS daemon (esets_daemon). The daemon uses ESETS API library
libesets.so and ESETS loading modules em00X_xx.dat to provide base system tasks such as scanning, maintenance of
the agent daemon processes, maintenance of the samples submission system, logging, notification, etc. Please refer
to the esets_daemon(8) man page for details.

AGENTS

The purpose of ESETS agent modules is to integrate ESETS with the Linux, BSD and Solaris Server environment.

UTILITIES

The utility modules provide simple and effective management of the system. They are responsible for relevant
system tasks such as license management, quarantine management, system setup and update.

CONFIGURATION

Proper configuration is the most important aspect of a smooth-running security system - the remainder of this
chapter is dedicated to explaining all related components. A thorough understanding of the esets.cfg file is also highly
recommended, as this file contains information essential to the configuration of ESET Gateway Security.

After the product is successfully installed, all its configuration components are stored in the ESETS configuration
directory. The directory consists of the following files:

@ETCDIR@/esets.cfg

This is the most important configuration file, as it controls all major aspects of the product‘s functionality.
The esets.cfg file is made up of several sections, each of which contains various parameters. The file contains one
global and several "agent“ sections, with all section names enclosed in square brackets. Parameters in the global
section are used to define configuration options for the ESETS daemon as well as default values for the ESETS scanning
engine configuration. Parameters in agent sections are used to define configuration options of modules used to
intercept various data flow types in the computer and/or its neighborhood, and prepare it for scanning. Note that in
addition to the various parameters used for system configuration, there are also rules governing the organization of
the file. For detailed information on the most effective way to organize this file, please refer to the esets.cfg(5) and
esets_daemon(8) man pages, as well as relevant agents‘ man pages.

@ETCDIR@/certs

This directory is used to store the certificates used by the ESETS web interface for authentication. Please see the
esets_wwwi(8) man page for details.

@ETCDIR@/license

This directory is used to store the product(s) license key(s) you have acquired from your vendor. Note that the
ESETS daemon will check only this directory for a valid license key, unless the ‘license_dir‘ parameter in the ESETS
configuration file is redefined.

@ETCDIR@/scripts/license_warning_script

If enabled by the ESETS configuration file parameter ‘license_warn_enabled’, this script will be executed 30 days (once
per day) before product license expiration, sending an email notification about the expiration status to the system
administrator.

@ETCDIR@/scripts/daemon_notification_script

If enabled by the ESETS configuration file parameter ‘exec_script‘, this script is executed in the event of a detected
infiltration by the antivirus system. It is used to send email notification about the event to the system administrator.