22
ESET File Security
6.1. Handle Object Policy
The Handle Object Policy (see figure 6-1) mechanism provides filtering of scanned objects
based on their status. This functionality is based on the following configuration options: ‘action_
av‘, ‘action_av_infected‘, ‘action_av_notscanned‘, ‘action_av_deleted‘. For detailed information on
these options, please refer to the esets.cfg(5) man page.
Figure 6-1. Scheme of Handle Object Policy mechanism.
Every object processed is first handled according to the configuration of the ‘action_av‘
option. If this option is set to ‘accept‘ (or ‘defer‘, ‘discard‘, ‘reject‘) the object is accepted (or deferred,
discarded, rejected). If the option is set to ‘scan‘ the object is scanned for virus infiltrations, and if
the ‘av_clean_mode‘ option is set to 'yes', the object is also cleaned. In addition, the configuration
options ‘action_av_infected‘, ‘action_av_notscanned‘ and ‘action_av_deleted‘ are taken into
account to further evaluate handling of the object. If an ‘accept‘ action has been taken as a result
of these three action options, the object is accepted. Otherwise, the object is blocked.
6.2. User Specific Configuration
The purpose of the User Specific Configuration mechanism is to provide a higher degree
of customization and functionality. It allows the sytem administrator to define
ESETS
antivirus
scanner parameters based on the user who is accessing file system objects.
A detailed description of this functionality can be found in the esets.cfg(5) man page; in this
section we will provide only a short example of a user-specific configuration.
In this example, the goal is to use the
esets_dac
module to control the ON_OPEN and ON_
EXEC access events for an external disc mounted under the
”/home”
directory. The module can
be configured in the [dac] section of the ESETS configuration file. See below:
[dac]
agent_enabled = yes
event_mask = ”open”
ctl_incl = ”/home”
action_av = ”scan”
To specify scan settings for an individual user, the ‘user_config’ parameter must specify the
accept
defer, discard, reject
action_av
object not accepted
accept
defer, discard, reject
action_av_infected
action_av_notscanned
action_av_deleted
object not accepted
object accepted
scan
Summary of Contents for FILE SECURITY
Page 1: ...ESET File Security Installation Manual and User Guide we protect digital worlds...
Page 3: ...Chapter 1 Introduction...
Page 5: ...Chapter 2 Terminology and abbreviations...
Page 8: ......
Page 9: ...Chapter 3 Installation...
Page 11: ...Chapter 4 Architecture Overview...
Page 14: ......
Page 15: ...Chapter 5 Integration with File System services...
Page 20: ......
Page 21: ...Chapter 6 Important ESET File Security mechanisms...
Page 25: ...Chapter 7 ESET Security system update...
Page 28: ......
Page 29: ...Chapter 8 Let us know...
Page 31: ...Appendix A PHP License...