Nod32 ESET MAIL SECURITY User Manual FOR LINUX/BSD/SOLARIS

ESET Mail Security

Installation Manual and User Guide

Linux, BSD and Sol ari s

Contents

1. Introduction

2. Terminology and abbreviations

3. Installation

4. Architecture Overview

5. Integration with Email Messaging System

5.4

6. Important ESET Mail Security mechanisms

..................................................................3

.........................................................................................3

Mai n functionality1.1

.........................................................................................3

Key features of the sys tem1.2

..................................................................5

..................................................................7

..................................................................8

..................................................................10

.........................................................................................11

Bi-directional email message scanning in MTA5.1

.........................................................................................11

Scanni ng of inbound email messages5.2

.........................................................................................11

Scanni ng of outbound emai l mess a ges5.3
Scanni ng of email messages downloaded from

.........................................................................................11

POP3/IMAP server

.........................................................................................12

Alternative methods of content filteri ng5.5

5.5.1

Scanning email mess ages in CommuniGa te Pro

................................................................................12

using esets_cgp

................................................................................13Scanning email mess ages using AMaViS5.5.2

..................................................................14

.........................................................................................14

Handle Object Policy6.1

.........................................................................................14

User Speci fic Configuration6.2

.........................................................................................15

Blacklist and Whi teli s t6.3

.........................................................................................15

Anti-Spam Control6.4

.........................................................................................16

Sampl es Submission System6.5

.........................................................................................17

Web Interface6.6

Remote Administration6.7

Logging6.8

................................................................................17License mana gement6.6.1

................................................................................18SMTP+Postfix configura tion exampl e6.6.2

................................................................................19Statis tics6.6.3

.........................................................................................19

................................................................................20Remote Administra tion usage example6.7.1

.........................................................................................22

ESET Mail Security

Copyright ©2011 by ESET, spol. s r. o.

ESET Mail Security was developed by ESET, spol. s r. o.
For more information visit www.eset.com.
All rights reserved. No part of this documentation may be reproduced,
stored in a retrieval sys tem or transmitted in any form or by any
mea ns , electroni c, mecha nical, photocopying, recording, scanning, or
otherwise without permis sion in writing from the author.
ESET, spol. s r. o. res erves the right to change any of the described
application softwa re without prior notice.

Custome r Care Worldwide: www.es et.eu/support
Custome r Care North Ameri ca : www.eset.com/support

7. ESET Security system update

8. Let us know

..................................................................23

.........................................................................................23

ESETS update util i ty7.1

.........................................................................................23

ESETS update process description7.2

.........................................................................................23

ESETS mirror http daemon7.3

..................................................................24

9. Appendix A. ESETS setup and

..................................................................25

configuration

.........................................................................................25

Setting ESETS for MTA Postfix9.1

.........................................................................................26

Setting ESETS for MTA Sendmail9.2

.........................................................................................26

Setting ESETS for MTA Qmai l9.3

.........................................................................................27

Setting ESETS for MTA Exim versi on 39.4

.........................................................................................28

Setting ESETS for MTA Exim versi on 49.5

.........................................................................................28

Setting ESETS for MTA ZMai l er9.6

.........................................................................................29

Setting ESETS for outbound emai l mess age scanning9.7

.........................................................................................29

Setting ESETS for s canning of POP3 communica tion9.8

.........................................................................................29

Setting ESETS for s canning of IMAP communica tion9.9

10. Appendix B. PHP License

..................................................................31

REV. 2011-02-08

1. Introduction

Dear user, you have acquired ESET Mail Security - the premier security sys tem runni ng under the Linux, BSD and Solaris OS. As
you will soon fi nd out, ESET's state-of-the-art scanni ng engine has unsurpas s ed scanni ng speed and detection rates combi ned
with a very s mall footpri nt that makes i t the ideal choice for any Linux, BSD and Sol ari s OS server.

1.1 Main functionality

Post Office Protocol filter (POP3)

The POP3 fi l ter scans communication between POP3 cl i ents and servers for virus es.

Simple Mail Transfer Protocol filter (SMTP)

The SMTP filter scans communication between SMTP cl i ents and servers for virus es. In addi tion i t can al s o serve as a content
filter for the Postfix MTA.

Internet Message Access Protocol filter (IMAP)

The IMAP filter s cans communication between IMAP cl i ents and servers for virus es.

Sendmail content filter

Sendmail content filter accesses mail messages process ed by MTA Sendmail and scans them for vi ruses. It examines a nd
modifies content and meta-information of mess ages. If an infection cannot be removed from an emai l mess age, the message wil l
be rejected.

External filter plugin for Communigate Pro

The CGP module is an external filter pl ugin for CommuniGate Pro. It reads email filenames from stdin, then requests a s can by
ESETS daemon and fi nal l y returns a status. It examines (but does not modify) email content and bl ocks messages with
infiltrations in the emai l body.

PIPE module

The PIPE is a simple email scanner, that reads emai l from the standard (s tdi n) i nput, then requests a n ESETS daemon sca n. In
case content is accepted, it is submitted to the standa rd (stdout) output.

1.2 Key features of the system

Advanced engine algorithms

The ESET antivirus s canning engine al gorithms provide the highest detection ra te and the fastest scanning times.

Multi-processing

ESET Mai l Securi ty is developed to run on s i ngle- as well as multi-processor units.

Advanced Heuristics

ESET Mai l Securi ty includes unique advanced heuri s tics for Wi n32 worms, backdoor infections and other forms of malware.

Built-In features

Built-in archivers unpack archi ved objects without the need for any external programs.

Speed and efficiency

To increase the speed and efficiency of the system, its architecture is based on the running daemon (resident program) where
al l s canning requests a re sent.

Enhanced security

All executive daemons (except esets_dac) run under non-privi l eged user account to enhance security.

Selective configuration

The system supports selective confi gurati on bas ed on the user or cl i ent/server.

Multiple logging levels

Multiple logging l evels can be confi gured to get information about system activity and infiltrations.

3

Web interface

Configuration, administration and license management are offered through an intuitive and us er-friendly Web interface.

Remote administration

The system supports ESET Remote Administration for management in large computer networks.

No external libraries

The ESET Mail Security installation does not require external l i brari es or programs except for LIBC.

User-specified notification

The system can be configured to notify s peci fi c users in the event of a detected infiltration or other important events.

Low system requirements

To run effici ently, ESET Mail Securi ty requires j ust 16MB of hard-disk space and 32MB of RAM. It runs smoothly under the 2.2.
x, 2.4.x and 2.6.x Linux OS kernel versions as well a s under 5.x, 6.x FreeBSD OS kernel versi ons.

Performance and scalability

From lower-powered, small office servers to enterprise-class I SP servers with thous ands of users, ESET Mail Security deli vers
the performance and scalability you expect from a UNIX ba s ed solution, in addi tion to the unequal ed s ecurity of ESET products.

4

2. Terminology and abbreviations

In this s ection we wil l review the terms and abbreviations used in this document. Note that a boldface font is reserved for
product component names and also for newly defined terms a nd abbreviati ons . Terms a nd abbreviations defined i n thi s chapter
are expanded upon later in this document.

ESETS

ES E T S ecurity

operating sys tems. It is also the name (or i ts part) of the software package contai ni ng the products.

RSR

Abbreviation for ‘RedHat/Novell (SuSE) Ready’. Note that we also support RedHat Ready and Novell(SuSE) Ready va riations of
the product. The RSR package differs from the ‘standard’ Linux vers i on in that it meets the FHS (File-sys tem Hierarchy Standard
defined as a part of Linux Standard Bas e) criteria required by the RedHat Ready and Novell(SuSE) Ready certificate. This means
that the RSR package is ins talled as an add-on a pplication - the primary instal l a tion di rectory i s ‘/opt/eset/esets’.

ESETS daemon

The mai n ESETS system control and scanni ng daemon:

ESETS base directory

The directory where ESETS loadable modules contai ni ng the virus signature databas e are stored. The abbrevi ation

@ BA SED IR@

listed below:

Linux: /var/lib/esets
Linux RSR: /var/opt/eset/esets/lib
FreeBSD: /var/lib/esets
NetBSD: /var/lib/esets
Solaris: /var/opt/esets/lib

is a s tandard acronym for all securi ty products developed by ESET, spol . s r. o. for Linux, BSD and Sol a ris

esets_d aem on

wil l be used for future references to this di rectory. The

.

@ BA SED IR@

value for the following Operating Systems is

ESETS configuration directory

The directory where al l files related to the ESET Mai l Security configuration are stored. The abbrevi ation
used for future references to this directory. The

Linux: /etc/esets
Linux RSR: /etc/opt/eset/esets
FreeBSD: /usr/local/etc/esets
NetBSD: /usr/pkg/etc/esets
Solaris: /etc/opt/esets

@ ETCD IR@

value for the following Operating Systems is l i s ted below:

ESETS configuration file

Mai n ESET Mai l Security configuration file. The absolute path of the file is as fol l ows:

@ETCDIR@/esets.cfg

ESETS binary files directory

The directory where the relevant ESET Mai l Security binary files are stored. The abbrevi ation
references to this di rectory. The

Linux: /usr/bin
Linux RSR: /opt/eset/esets/bin
FreeBSD: /usr/local/bin
NetBSD: /usr/pkg/bin
Solaris: /opt/esets/bin

@ BINDIR @

value for the following Operating Systems is l i s ted below:

@ BINDIR @

ESETS system binary files directory

The directory where the relevant ESET Mai l Security system binary fi l es are stored. The abbreviation
for future references to this directory. The

@ SB INDIR @

value for the following Operating Systems is l i s ted below:

@ ETCD IR@

wil l be

wil l be used for future

@ SB INDIR @

wil l be used

Linux: /usr/sbin
Linux RSR: /opt/eset/esets/sbin
FreeBSD: /usr/local/sbin
NetBSD: /usr/pkg/sbin
Solaris: /opt/esets/sbin

5

ESETS object files directory

The directory where the relevant ESET Mai l Security object files and l i brari es are stored. The abbreviation
used for future references to this directory. The

Linux: /usr/lib/esets
Linux RSR: /opt/eset/esets/lib
FreeBSD: /usr/local/lib/esets
NetBSD: /usr/pkg/lib/esets
Solaris: /opt/esets/lib

@ LIBD IR@

value for the following Operating Systems is l i s ted below:

@ LIBD IR@

wil l be

6

3. Installation

After purchasing ESET Mail Security, you wil l receive your authorization data (username, pas s word and license key). This data
is necess ary for both identifyi ng you as our customer and a l l owing you to download updates for ESET Mail Securi ty. The
username/password data i s a l so required for downloading the ini tial instal l a tion package from our web si te. ESET Mai l Security
is distributed as a bi na ry file:

esets.i386.ext.bin

In the binary file shown above,

‘ex t’

is a Linux, BSD and Solari s OS distribution dependent suffi x, i.e., ‘deb’ for Debian, ‘rpm’ for
RedHat and SuSE, ‘tgz’ for other Linux OS di s tri butions, ‘fbs 5.tgz’ for FreeBSD 5.x, ‘fbs6.tgz’ for FreeBSD 6.x, ‘nbs4.tgz’ for NetBSD 4.
xx a nd ‘sol 10.pkg.gz‘ for Sol ari s 10.

Note that the Linux RSR binary fi l e format is:

esets-rsr.i386.rpm.bin

To install or upgra de the product, use the following command:

sh ./esets.i386.ext.bin

For the Linux RSR vari a tion of the product, use the command:

sh ./esets-rsr.i386.rpm.bin

to display the product’s User License Acceptance Agreement. Once you have confirmed the Acceptance Agreement, the
instal l ation packa ge is placed into the current working directory and relevant informati on regarding the package’s instal l ation,
un-instal l a tion or upgrade is di s pl ayed ons creen.

Once the package is i nstalled, you ca n verify that the main ESETS servi ce is runni ng by using the following command:

Linux OS:

ps -C esets_daemon

BSD OS:

ps -ax | grep esets_daemon

Solaris:

ps -A | grep esets_daemon

After pressing ENTER, you shoul d s ee the following (or simil ar) message:

PID TTY TIME CMD
2226 ? 00:00:00 esets_daemon
2229 ? 00:00:00 esets_daemon

At least two ESETS daemon processes are running in the background. The first PID represents the process and threads manager
of the sys tem. The other represents the ESETS scanning process.

7

4. Architecture Overview

Once ESET Mail Security is successful l y i nstalled, you shoul d become famil i a r with i ts architecture.

Figure 4-1. Structure of ESET Mail Security.

The structure of ESET Mail Securi ty i s s hown i n Figure 4-1. The system is compri s ed of the following parts:

CORE

The Core of ESET Mai l Securi ty is the ESETS daemon (esets_daemon). The daemon uses ESETS API l i brary l i besets.so and ESETS
loading modules em00X_xx.dat to provide base sys tem tas ks s uch as scanni ng, maintenance of the agent daemon processes,
maintenance of the samples submission s ys tem, logging, notification, etc. Please refer to the
details.

AGENTS

The purpose of ESETS agent modules is to integrate ESETS with the Linux, BSD and Solari s Server envi ronment.

UTILITIES

The utility modules provi de simple and effective management of the system. They are respons i bl e for relevant system tasks
such a s l i cense mana gement, quarantine management, system setup and update.

CONFIGURATION

Proper configuration is the most important aspect of a smooth-running securi ty system - the remainder of thi s chapter is
dedicated to expl aining all related components. A thorough understandi ng of the
this fi l e contai ns i nformation essential to the confi guration of ESET Mail Securi ty.

After the product is successful l y i nstalled, al l i ts configuration components are stored in the ESETS confi guration directory.
The directory consists of the foll owi ng fi l es:

@ETCDIR@/esets.cfg

This i s the most important configuration file, as i t controls all major as pects of the product‘s functional i ty. The esets.cfg fi l e is
made up of s everal sections, each of which contai ns various pa rameters. The fil e contai ns one globa l and s everal “agent“
sections, with all section names enclosed in square brackets. Parameters in the global s ecti on a re used to define confi guration
options for the ESETS daemon as well as default values for the ESETS scanning engine confi guration. Parameters i n agent sections
are used to define configuration options of modul es used to intercept various data fl ow types in the computer and/or its
neighborhood, and prepare it for s canning. Note that in addi tion to the various parameters us ed for system confi gurati on, there
are al s o rules governing the organization of the file. For detai l ed information on the most effective way to orga ni ze this file,

esets.cfg

esets_d aem on (8 )

file is also hi ghl y recommended, as

man pa ge for

8

please refer to the

esets.cfg (5 )

and

esets_d aem on (8 )

man pa ges, as well a s relevant agents‘ man pages.

@ETCDIR@/certs

This directory is used to store the certificates used by the ESETS web interface for authentication. Pleas e see the

esets_w ww i(8 )

man pa ge for detai l s .

@ETCDIR@/license

This directory is used to store the product(s) license key(s) you have acquired from your vendor. Note that the ESETS daemon
wil l check only this directory for a valid l i cense key, unless the

‘licen se_d ir’

parameter in the ESETS confi guration file is redefined.

@ETCDIR@/scripts/license_warning_script

If enabled by the ESETS configuration file parameter

‘licen se_w a rn _en ab led ’

, this s cri pt will be executed 30 days (once per day)

before product license expiration, sending an emai l notification about the expi rati on s tatus to the system admini s tra tor.

@ETCDIR@/scripts/daemon_notification_script

If enabled by the ESETS configuration file parameter

‘ex ec_scrip t’

, this s cri pt is executed in the event of a detected infi l tra tion

by the antivi rus system. It is used to send email noti fi cation a bout the event to the system administrator.

9

5. Integration with Email Messaging System

This chapter descri bes the integration of ESET Mail Security with a vari ety of known emai l mess aging systems. It is extremely
important to understand the basic princi ples of a n emai l mess aging system (see figure 5-1) and how ESET Mail Security
integrates with it.

Figure 5-1. Scheme of UNIX OS email messaging system.

MTA - Mail Transport Agent

A program (e.g., sendmail, postfix, qmail, exim, etc.) that enables the transfer of email messages between local and remote
domai ns .

MDA - Mail Delivery Agent

A program (e.g., maildrop, procmai l , deliver, loca l .mai l , etc.) that enables the deli very of loca l l y address ed email messages
into particul a r mailboxes.

MUA - Mail User Agent

A program (e.g., Micros oft Outlook, Mozilla Thunderbird, Eudora, etc.) that provi des access to and management of email
messages, such as reading, compos i ng, printing, etc.

MAILBOX

A fil e or file structure on a disk servi ng as the storage space for emai l mess a ges.

The email server receives data communication using SMTP (Simple Mail Transfer Protocol ) communication. The received
message is transferred by MTA either to another remote email messagi ng s ys tem or is delivered using local MDA into a
particul ar MAILBOX. In most ca ses, each l ocal network user owns a MAILBOX loca ted on the server. Note that it is the
responsibility of the user’s l ocal MUA to provide the function of downl oadi ng a nd correctly interpreting the message at the
user’s computer. When retrieving data from MAILBOX, the MUA typical l y us es POP3 (Post Office Protocol ) or IMAP (Internet
Message Access Protocol ) to communicate with the MTA. The SMTP protocol i s used to send data to the Internet.

The ESETS operating princi ple is based on data communication interception and scanning at the various phas es of its transfer.
The interception l ocations a re marked in fi gure 5-1 by symbols S1, S2, S3 a nd S4.

S1 - Bi -di rectional email message scanni ng, i .e. content fil tering in MTA.
S2 - Scanning of i nbound emai l mess ages, i.e. mess ages with a target address which i s l ocated inside the local domai n.
S3 - Scanning of outbound email messages, i.e. messages bound to a remote Internet domai n.
S4 - Scanning of emai l mess ages being downl oa ded from POP3/IMAP server.

The remai nder of this chapter reviews methods for i ntegrating ESETS with a va riety of supported messagi ng s ys tems.

10