Eset MAIL SECURITY Installation Manual and User Guide

ESET Mail Security

Installation Manual and User Guide

Linux, BSD and Solaris

Contents

1. Introduction

2. Terminology and abbreviations

3. Installation

4. Architecture Overview

................................................3

........................................................................3Main functionality1.1

........................................................................3Key features of the system1.2

................................................5

................................................7

................................................8

5. Integration with Email Messaging

................................................10

System

........................................................................11Bi-directional email message scanning in MTA5.1

........................................................................11Scanning of inbound email messages5.2

........................................................................11Scanning of outbound email messages5.3

Scanning of email messages downloaded from

5.4

........................................................................11

POP3/IMAP server

........................................................................12Alternative methods of content filtering5.5

5.5.1

Scanning email messages in CommuniGate

..............................................................................12

Pro using esets_cgp

..............................................................................13Scanning email messages using AMaViS5.5.2

6. Important ESET Mail Security

................................................14

mechanisms

........................................................................14Handle Object Policy6.1

........................................................................15User Specific Configuration6.2

........................................................................15Blacklist and Whitelist6.3

........................................................................16Anti-Spam Control6.4

........................................................................16Samples Submission System6.5

........................................................................16Web Interface6.6

..............................................................................17License management6.6.1

..............................................................................18SMTP+Postfix configuration example6.6.2

..............................................................................19Statistics6.6.3

........................................................................19Remote Administration6.7

..............................................................................20Remote Administration usage example6.7.1

ESET Mail Security

Copyright ©2010 by ESET, spol. s r. o.

ESET Mail Security was developed by ESET, spol. s r. o.
For more information visit www.eset.com.
All rights reserved. No part of this documentation may be
reproduced, stored in a retrieval system or transmitted in any
form or by any means, electronic, mechanical, photocopying,
recording, scanning, or otherwise without permission in writing
from the author.
ESET, spol. s r. o. reserves the right to change any of the
described application software without prior notice.

Customer Care Worldwide: www.eset.eu/support
Customer Care North America: www.eset.com/support

................................................22

7. ESET Security system update

........................................................................22ESETS update utility7.1

........................................................................22ESETS update process description7.2

........................................................................22ESETS mirror http daemon7.3

................................................23

8. Let us know

9. Appendix A. ESETS setup and

................................................24

configuration

........................................................................24Setting ESETS for MTA Postfix9.1

........................................................................25Setting ESETS for MTA Sendmail9.2

........................................................................25Setting ESETS for MTA Qmail9.3

........................................................................26Setting ESETS for MTA Exim version 39.4

........................................................................27Setting ESETS for MTA Exim version 49.5

........................................................................27Setting ESETS for MTA ZMailer9.6

Setting ESETS for outbound email message

9.7

........................................................................28

scanning

........................................................................28Setting ESETS for scanning of POP3 communication9.8

........................................................................28Setting ESETS for scanning of IMAP communication9.9

................................................30

10. Appendix B. PHP License

REV. 2010-11-30

1. Introduction

Dear user, you have acquired ESET Mail Security - the premier security system running under the Linux, BSD and
Solaris OS. As you will soon find out, ESET's state-of-the-art scanning engine has unsurpassed scanning speed and
detection rates combined with a very small footprint that makes it the ideal choice for any Linux, BSD and Solaris OS
server.

1.1 Main functionality

Post Office Protocol filter (POP3)

The POP3 filter scans communication between POP3 clients and servers for viruses.

Simple Mail Transfer Protocol filter (SMTP)

The SMTP filter scans communication between SMTP clients and servers for viruses. In addition it can also serve as a
content filter for the Postfix MTA.

Internet Message Access Protocol filter (IMAP)

The IMAP filter scans communication between IMAP clients and servers for viruses.

Sendmail content filter

Sendmail content filter accesses mail messages processed by MTA Sendmail and scans them for viruses. It examines
and modifies content and meta-information of messages. If an infection cannot be removed from an email message,
the message will be rejected.

External filter plugin for Communigate Pro

The CGP module is an external filter plugin for CommuniGate Pro. It reads email filenames from stdin, then requests
a scan by ESETS daemon and finally returns a status. It examines (but does not modify) email content and blocks
messages with infiltrations in the email body.

PIPE module

The PIPE is a simple email scanner, that reads email from the standard (stdin) input, then requests an ESETS
daemon scan. In case content is accepted, it is submitted to the standard (stdout) output.

1.2 Key features of the system

Advanced engine algorithms

The ESET antivirus scanning engine algorithms provide the highest detection rate and the fastest scanning times.

Multi-processing

ESET Mail Security is developed to run on single- as well as multi-processor units.

Advanced Heuristics

ESET Mail Security includes unique advanced heuristics for Win32 worms, backdoor infections and other forms of
malware.

Built-In features

Built-in archivers unpack archived objects without the need for any external programs.

Speed and efficiency

To increase the speed and efficiency of the system, its architecture is based on the running daemon (resident
program) where all scanning requests are sent.

Enhanced security

All executive daemons (except esets_dac) run under non-privileged user account to enhance security.

Selective configuration

The system supports selective configuration based on the user or client/server.

3

Multiple logging levels

Multiple logging levels can be configured to get information about system activity and infiltrations.

Web interface

Configuration, administration and license management are offered through an intuitive and user-friendly Web
interface.

Remote administration

The system supports ESET Remote Administration for management in large computer networks.

No external libraries

The ESET Mail Security installation does not require external libraries or programs except for LIBC.

User-specified notification

The system can be configured to notify specific users in the event of a detected infiltration or other important
events.

Low system requirements

To run efficiently, ESET Mail Security requires just 16MB of hard-disk space and 32MB of RAM. It runs smoothly under
the 2.2.x, 2.4.x and 2.6.x Linux OS kernel versions as well as under 5.x, 6.x FreeBSD OS kernel versions.

Performance and scalability

From lower-powered, small office servers to enterprise-class ISP servers with thousands of users, ESET Mail Security
delivers the performance and scalability you expect from a UNIX based solution, in addition to the unequaled security
of ESET products.

4

2. Terminology and abbreviations

In this section we will review the terms and abbreviations used in this document. Note that a boldface font is
reserved for product component names and also for newly defined terms and abbreviations. Terms and abbreviations
defined in this chapter are expanded upon later in this document.

ESETS

ESET Security is a standard acronym for all security products developed by ESET, spol. s r. o. for Linux, BSD and
Solaris operating systems. It is also the name (or its part) of the software package containing the products.

RSR

Abbreviation for ‘RedHat/Novell(SuSE) Ready’. Note that we also support RedHat Ready and Novell(SuSE) Ready
variations of the product. The RSR package differs from the “standard” Linux version in that it meets the FHS (File­system Hierarchy Standard defined as a part of Linux Standard Base) criteria required by the RedHat Ready and Novell
(SuSE) Ready certificate. This means that the RSR package is installed as an add-on application - the primary
installation directory is ’/opt/eset/esets’.

ESETS daemon

The main ESETS system control and scanning daemon: esets_daemon.

ESETS base directory

The directory where ESETS loadable modules containing the virus signature database are stored. The abbreviation
@BASEDIR@ will be used for future references to this directory. The @BASEDIR@ value for the following Operating
Systems is listed below:

Linux: /var/lib/esets
Linux RSR: /var/opt/eset/esets/lib
FreeBSD: /var/lib/esets
NetBSD: /var/lib/esets
Solaris: /var/opt/esets/lib

ESETS configuration directory

The directory where all files related to the ESET Mail Security configuration are stored. The abbreviation @ETCDIR@
will be used for future references to this directory. The @ETCDIR@ value for the following Operating Systems is listed
below:

Linux: /etc/esets
Linux RSR: /etc/opt/eset/esets
FreeBSD: /usr/local/etc/esets
NetBSD: /usr/pkg/etc/esets
Solaris: /etc/opt/esets

ESETS configuration file

Main ESET Mail Security configuration file. The absolute path of the file is as follows:

@ETCDIR@/esets.cfg

ESETS binary files directory

The directory where the relevant ESET Mail Security binary files are stored. The abbreviation @BINDIR@ will be used
for future references to this directory. The @BINDIR@ value for the following Operating Systems is listed below:

Linux: /usr/bin
Linux RSR: /opt/eset/esets/bin
FreeBSD: /usr/local/bin
NetBSD: /usr/pkg/bin
Solaris: /opt/esets/bin

ESETS system binary files directory

The directory where the relevant ESET Mail Security system binary files are stored. The abbreviation @SBINDIR@ will
be used for future references to this directory. The @SBINDIR@ value for the following Operating Systems is listed
below:

5

Linux: /usr/sbin
Linux RSR: /opt/eset/esets/sbin
FreeBSD: /usr/local/sbin
NetBSD: /usr/pkg/sbin
Solaris: /opt/esets/sbin

ESETS object files directory

The directory where the relevant ESET Mail Security object files and libraries are stored. The abbreviation @LIBDIR@
will be used for future references to this directory. The @LIBDIR@ value for the following Operating Systems is listed
below:

Linux: /usr/lib/esets
Linux RSR: /opt/eset/esets/lib
FreeBSD: /usr/local/lib/esets
NetBSD: /usr/pkg/lib/esets
Solaris: /opt/esets/lib

6

3. Installation

After purchasing ESET Mail Security, you will receive your authorization data (username/password and license key).
This data is necessary for both identifying you as our customer and allowing you to download updates for ESET Mail
Security. The username/password data is also required for downloading the initial installation package from our web
site. ESET Mail Security is distributed as a binary file:

esets.i386.ext.bin

In the binary file shown above, ‘ext’ is a Linux, BSD and Solaris OS distribution dependent suffix, i.e., ‘deb’ for
Debian, ‘rpm’ for RedHat and SuSE, ‘tgz’ for other Linux OS distributions, ‘fbs5.tgz’ for FreeBSD 5.x, ‘fbs6.tgz‘ for
FreeBSD 6.x, ‘nbs4.tgz‘ for NetBSD 4.xx and ‘sol10.pkg.gz‘ for Solaris 10.

Note that the Linux RSR binary file format is:

esets-rsr.i386.rpm.bin

To install or upgrade the product, use the following command:

sh ./esets.i386.ext.bin

For the Linux RSR variation of the product, use the command:

sh ./esets-rsr.i386.rpm.bin

to display the product’s User License Acceptance Agreement. Once you have confirmed the Acceptance Agreement,
the installation package is placed into the current working directory and relevant information regarding the package’s
installation, un-installation or upgrade is displayed onscreen.

Once the package is installed, you can verify that the main ESETS service is running by using the following
command:

Linux OS:

ps -C esets_daemon

BSD OS:

ps -ax | grep esets_daemon

Solaris:

ps -A | grep esets_daemon

After pressing ENTER, you should see the following (or similar) message:

PID TTY TIME CMD
2226 ? 00:00:00 esets_daemon
2229 ? 00:00:00 esets_daemon

At least two ESETS daemon processes are running in the background. The first PID represents the process and
threads manager of the system. The other represents the ESETS scanning process.

7

4. Architecture Overview

Once ESET Mail Security is successfully installed, you should become familiar with its architecture.

Figure 4-1. Structure of ESET Mail Security.

The structure of ESET Mail Security is shown in Figure 4-1. The system is comprised of the following parts:

CORE

The Core of ESET Mail Security is the ESETS daemon (esets_daemon). The daemon uses ESETS API library libesets.so
and ESETS loading modules em00X_xx.dat to provide base system tasks such as scanning, maintenance of the agent
daemon processes, maintenance of the samples submission system, logging, notification, etc. Please refer to the
esets_daemon(8) man page for details.

AGENTS

The purpose of ESETS agent modules is to integrate ESETS with the Linux, BSD and Solaris Server environment.

UTILITIES

The utility modules provide simple and effective management of the system. They are responsible for relevant
system tasks such as license management, quarantine management, system setup and update.

CONFIGURATION

Proper configuration is the most important aspect of a smooth-running security system - the remainder of this
chapter is dedicated to explaining all related components. A thorough understanding of the esets.cfg file is also highly
recommended, as this file contains information essential to the configuration of ESET Mail Security.

After the product is successfully installed, all its configuration components are stored in the ESETS configuration
directory. The directory consists of the following files:

@ETCDIR@/esets.cfg

This is the most important configuration file, as it controls all major aspects of the product‘s functionality.
The esets.cfg file is made up of several sections, each of which contains various parameters. The file contains one
global and several "agent“ sections, with all section names enclosed in square brackets. Parameters in the global
section are used to define configuration options for the ESETS daemon as well as default values for the ESETS scanning
engine configuration. Parameters in agent sections are used to define configuration options of modules used to

8

intercept various data flow types in the computer and/or its neighborhood, and prepare it for scanning. Note that in
addition to the various parameters used for system configuration, there are also rules governing the organization of
the file. For detailed information on the most effective way to organize this file, please refer to the esets.cfg(5) and
esets_daemon(8) man pages, as well as relevant agents‘ man pages.

@ETCDIR@/certs

This directory is used to store the certificates used by the ESETS web interface for authentication. Please see the
esets_wwwi(8) man page for details.

@ETCDIR@/license

This directory is used to store the product(s) license key(s) you have acquired from your vendor. Note that the
ESETS daemon will check only this directory for a valid license key, unless the ‘license_dir‘ parameter in the ESETS
configuration file is redefined.

@ETCDIR@/scripts/license_warning_script

If enabled by the ESETS configuration file parameter ‘license_warn_enabled’, this script will be executed 30 days (once
per day) before product license expiration, sending an email notification about the expiration status to the system
administrator.

@ETCDIR@/scripts/daemon_notification_script

If enabled by the ESETS configuration file parameter ‘exec_script‘, this script is executed in the event of a detected
infiltration by the antivirus system. It is used to send email notification about the event to the system administrator.

9