background image

20

ESET  Gateway Security

5.4. 

ESETS

 plug-in filter for SafeSquid Proxy Cache

In the previous sections we have described integration of ESET Gateway Security with the 

Internet Gateway HTTP and FTP services using 

esets_http

 and 

esets_ftp.

 Although the methods 

described  are  applicable  for  most  common  user  agents  including  very  well  known  content 

filtering internet proxy - SafeSquid (http://www.safesquid.com) the ESET Gateway Security offers 

for this special case also an alternative way to protect the Gateway services using 

esets_ssfi.so

 

module developed for this purpose.

5.4.1. Operation principle

The 

esets_ssfi.so

 module is a plug-in with the purpose to access all objects processed by 

SafeSquid proxy cache using special interface developed by SafeSquid people for this purpose. 

Once the plug-in accesses the object it is scanned for infiltrations using

 ESETS daemon

. If the 

object is infected the SafeSquid blocks an appropriate resource and sends predefined template 

page instead. Note that 

esets_ssfi.so

 is supported by SafeSquid Advanced version 4.0.4.2 and 

higher.

5.4.2. Installation and configuration

To integrate the module you have to provide links from the SafeSquid modules directory to 

the appropriate installation locations of ESET Gateway  Security package. In the following we 

assume that the SafeSquid is installed on Linux OS in ‘/opt/safesquid‘ directory.

If  version of SafeSquid installed is 4.2 or higher, enter the following commands:

ln -s @LIBDIR@/ssfi/esets_ssfi.so /opt/safesquid/modules/esets_ssfi.so

ln -s @LIBDIR@/ssfi/esets_ssfi.xml /opt/safesquid/modules/esets_ssfi.xml

        

If version of Safesquid installed is lower than 4.2, enter the following commands:

ln -s @LIBDIR@/ssfi/esets_ssfi.so /opt/safesquid/modules/esets_ssfi.gcc295.so

ln -s @LIBDIR@/ssfi/esets_ssfi.xml /opt/safesquid/modules/esets_ssfi.xml

To  complete  SafeSquid  plug-in  installation,  log  in  to  the  SafeSquid  Web  Administration 

Interface, select the ‘Config‘ menu from the main interface page and browse down the sections 

in ‘Select a Section to Configure‘ until ‘ESET Gateway Security‘ section found. Next, create the 

‘antivirus‘ profile for the ‘ESET Gateway Security‘ section by pressing ‘Add‘ at the bottom of the 

‘ESET Gateway Security‘ section and define the following parameters in the list that appears

Comment: ESET Gateway Security

Profiles: antivirus

        

Once  SafeSquid  plug-in  installed  it  is  ready  to  work,  however,  some  more  fine  tunings  in 

the SafeSquid configuration are needed. In the next  we  at least configure SafeSquid to use 

ESETS predefined blocking templates in case the transferred source object is infected (resp. not 

scanned).

Log  in  to  the  SafeSquid  Web  Administration  Interface,  select  the ‘Config‘  menu  from  the 

main interface page and browse down the sections in ‘Select a Section to Configure‘ until ‘ESET 

Gateway Security‘ section found. Next, edit the newly created ‘antivirus‘ profile  by pressing ‘Edit‘ 

at the bottom of the ‘ESET Gateway Security‘ section and define the following parameters in the 

list that appears

Summary of Contents for GATEWAY SECURITY

Page 1: ...ESET Gateway Security Installation Manual and User s documentation we protect digital worlds ...

Page 2: ... World WideWeb Interface 26 6 6 Remote Administration 27 7 ESET Security system update 29 7 1 ESETS update utility 30 7 2 ESETS update process description 30 8 Let us know 31 A ESETS setup process description 33 A 1 Setting ESETS for scanning of HTTP communication transparent mode 34 A 2 Setting ESETS for scanning of FTP communication transparent mode 34 Appendix A PHP License 37 ESET Gateway Secu...

Page 3: ...Chapter 1 Introduction ...

Page 4: ...ests are sent to All executive daemons except esets_dac run under non privileged user account to enhance security The system supports selective configuration specific for user or client server identification Six logging levels can be configured to get information about system activity and infiltrations Configuration administration and license management can be provided using intuitive and user fri...

Page 5: ...Chapter 2 Terminology and abbreviations ...

Page 6: ...t the RSR package is installed as an add on application i e the primary installation directory is opt eset esets ESETS daemon Main ESETS system control and scanning daemon esets_daemon ESETS base directory ThedirectorywhereESETSloadablemodulescontainingforinstancevirussignaturesdatabase are stored Further in this documentation we use abbreviation BASEDIR for the directory The directory location is...

Page 7: ...ocation is as follows Linux usr sbin Linux RSR opt eset esets sbin FreeBSD usr local sbin NetBSD usr pkg sbin Solaris opt esets sbin ESETS object files directory The directory where the relevant ESET File Security object files and libraries are stored Further in this documentation we use abbreviation LIBDIR for the directory The directory location is as follows Linux usr lib esets Linux RSR opt es...

Page 8: ......

Page 9: ...Chapter 3 Installation ...

Page 10: ...firmed the Acceptance Agreement the installation package is placed into the current working directory and relevant information regarding the package s installation un installation or update is printed into terminal Once the package is installed and the main ESETS service is running in Linux OS you can check its operation by using command ps C esets_daemon In case of BSD OS you can use a command ps...

Page 11: ...Chapter 4 Product s Roadmap ...

Page 12: ...tility modules are particular fraction of the system They are developed to provide simple and effective management of the system They are responsible for relevant system tasks e g license management quarantine management system setup and update Please note a special chapter in this document devoted to the topic CONFIGURATION Proper configuration is the most important condition for the system opera...

Page 13: ... with this knowledge please refer to esets cfg 5 esets_daemon 8 manual page and also to manual pages related to relevant agents ETCDIR certs This directory is used to store the certificates used byESETSWWW Interface for authentication see esets_wwwi 8 for details ETCDIR license This directory is used to store the product s license key s you have acquired from your vendor Note that the ESETS daemon...

Page 14: ......

Page 15: ...Chapter 5 Integration with Internet Gateway services ...

Page 16: ...ations For this purpose a generic ESETS HTTP resp FTP filter esets_ http resp esets_ftp has been developed In order to configure ESET Gateway Security for scanning of HTTP resp FTP messages routed through the network gateway server enter the command esets_setup Follow instructions provided by the script Once Available installations un installations offer appears choose HTTP resp FTP option that wi...

Page 17: ...a Firefox The manual HTTP FTP proxy configuration of esets_http with the Mozilla Firefox is described in general by the left side of the figure 4 2 Note that this configuration allows to install ESET Gateway Security anywhere within the local network including gateway server and also user agent s computer In this example we configure esets_http to listen to port 8080 of the computer with local net...

Page 18: ... when requested again In this example we configure esets_http to listen to port 8080 of the gateway server with local network IP address 192 168 1 10 by specifying the following parameters within http section of ESETS configuration file agent_enabled yes listen_addr 192 168 1 10 listen_port 8080 Note that the parameter listen_addr can be specified either as the host name visible from the local net...

Page 19: ...point out that the deferred scan technique described above presents potential risk for the computer whose user agent requested the infected large file for the first time The risk resists in that even data transfer of an infected object has been deferred some parts of already transferred data can contain executable danger code That is why the ESET developed modification of the deferred scan techniq...

Page 20: ...id installed is 4 2 or higher enter the following commands ln s LIBDIR ssfi esets_ssfi so opt safesquid modules esets_ssfi so ln s LIBDIR ssfi esets_ssfi xml opt safesquid modules esets_ssfi xml If version of Safesquid installed is lower than 4 2 enter the following commands ln s LIBDIR ssfi esets_ssfi so opt safesquid modules esets_ssfi gcc295 so ln s LIBDIR ssfi esets_ssfi xml opt safesquid modu...

Page 21: ...i templates ssfi_not_scanned html opt safesquid ssfi_not_scanned html You have also to add the new templates definitions in the SafeSquid configuration by pressing Add in the Templates section In the list that appears the following parameters have to be defined for infected ESETS blocking page Comment ESET Gateway Security infected template Name esets_infected File ssfi_infected html Mime type tex...

Page 22: ......

Page 23: ...Chapter 6 Important ESET Gateway Security mechanisms ...

Page 24: ...ted otherwise the object is blocked NOTE Please note that some of the modules has been written to integrate ESETS into the environment which does not allow to modify scanned objects and thus this functionality is disabled in the module Particularly this means that configuration option av_clean_mode is ignored by the module To get detailed information on this topic refer to appropriate modules manu...

Page 25: ...ader name of the special section contains identification of the HTTP client for which we have created individual setting The section body then contains individual parameters specified for this identification Thus with this special configuration an HTTP traffic of all local network clients will be processed i e scanned for infiltrations with exception of the client determined by IP address 192 168 ...

Page 26: ...L INFORMATION ABOUTYOU AND ORTHE USER OFTHE COMPUTER AND SAMPLES OF NEWLY DETECTEDVIRUSES OR OTHERTHREATS AND SENDTHEMTO OURVIRUS LAB THIS FEATURE ISTURNED OFF BY DEFAULT WEWILL ONLY USETHIS INFORMATION AND DATATO STUDYTHETHREAT ANDWILLTAKE REASONABLE STEPSTO PRESERVETHE CONFIDENTIALITY OF SUCH INFORMATION In order to turn on Samples Submission System the samples submission system cache has to be ...

Page 27: ...t up specify the address of your ERA Server in racl_server_addr parameter and racl_password if appropriate in the global section of ESETS configuration file All RA Client variables are listed in the esets_daemon 8 manual page Unix ESETS RA Client has this functionality logins to ERA Server and provides System Information Configuration Protection Status and Features configuration can be viewed and ...

Page 28: ......

Page 29: ...Chapter 7 ESET Security system update ...

Page 30: ...re downloaded from the origin ESET server If configuration option av_mirror_enabled is enabled in section global of ESETS configuration file the mirror of these modules is created in directory BASEDIR mirror Note that the mirror directory path can be redefined using configuration option av_mirror_ dir in section update of ESETS configuration file The newly created mirror thus serves as fully funct...

Page 31: ...Chapter 8 Let us know ...

Page 32: ...g a documentation is a process that is never finished There will always be some parts that can be explained better or are not even explained at all Therefore in case of bugs or inconsistencies found within this documentation please report a problem to our support center http www eset com support We are looking forward to help you solve any problem concerning the product ...

Page 33: ...Appendix A ESETS setup process description ...

Page 34: ... A PREROUTING p tcp i if0 dport 80 j REDIRECT to ports 8080 On FreeBSD the rule is as follows ipfw add fwd 192 168 1 10 8080 tcp from any to any 80 via if0 in On NetBSD and Solaris echo rdr if0 0 0 0 0 0 port 80 192 168 1 10 port 8080 tcp ipnat f A 2 Setting ESETS for scanning of FTP communication transparent mode The FTP communication scanning is performed using esets_ftp daemon In the ftp sectio...

Page 35: ...p tcp i if0 dport 21 j REDIRECT to ports 2121 On FreeBSD the rule is as follows ipfw add fwd 192 168 1 10 2121 tcp from any to any 21 via if0 in On NetBSD and Solaris echo rdr if0 0 0 0 0 0 port 21 192 168 1 10 port 2121 tcp ipnat f ...

Page 36: ......

Page 37: ...Appendix A PHP License ...

Page 38: ...will be given a distinguishing version number Once covered code has been published under a particular version of the license you may always continue to use it under the terms of that version You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group No one other than the PHP Group has the right to modify the terms applicable to ...

Reviews: