24
ESET Gateway Security
6.1. Handle Object Policy
The Handle Object Policy (see figure 6-1) is a mechanism that provides handling of the
scanned objects depending on their scanning status. The mechanism is based on so-called
action configuration options: ‘action_av‘, ‘action_av_infected‘, ‘action_av_notscanned‘, ‘action_
av_deleted‘. For detailed information on the options, please refer to the esets.cfg(5) manual
page.
Figure 6-1. Scheme of Handle Object Policy mechanism.
Every object processed is at first handled with respect to the setting of the configuration
option ‘action_av‘. Once the option is set to ‘accept‘ (resp. ‘defer‘, ‘discard‘, ‘reject‘) the object is
accepted (resp. deferred, discarded, rejected). If the option is set to ‘scan‘ the object is scanned
(resp. also cleaned if requested by configuration option ‘av_clean_mode‘) for virus infiltrations
and set of action configuration options ‘action_av_infected‘, ‘action_av_notscanned‘ and
‘action_av_deleted‘ is taken into account to evaluate further handling of the object. If action
‘accept‘ has been taken as a result of the three above action options the object processed is
accepted, otherwise the object is blocked.
NOTE: Please, note that some of the modules has been written to integrate ESETS into the environment which does not allow to
modify scanned objects and thus this functionality is disabled in the module. Particularly, this means that configuration
option av_clean_mode is ignored by the module. To get detailed information on this topic, refer to appropriate modules
manual pages.
6.2. User Specific Configuration
User Specific Configuration mechanism is implemented in the product in order to provide
administrator with enhanced configuration functionality. It allows to define
ESETS
anti-virus
scanner parameters selectively for client/server identification.
Please note that the detailed description of this functionality can be found in esets.cfg(5)
manual page and manual pages referenced there. Thus in this section we will only provide short
example of user specific configuration definition.
Let’s say we use
esets_http
to control HTTP traffic on port 8080 of the gateway server with
local network IP address 192.168.1.10. The module is subjected to configuration section [http] in
accept
defer, discard, reject
action_av
object not accepted
accept
defer, discard, reject
action_av_infected
action_av_notscanned
action_av_deleted
object not accepted
object accepted
scan
Summary of Contents for GATEWAY SECURITY
Page 1: ...ESET Gateway Security Installation Manual and User s documentation we protect digital worlds ...
Page 3: ...Chapter 1 Introduction ...
Page 5: ...Chapter 2 Terminology and abbreviations ...
Page 8: ......
Page 9: ...Chapter 3 Installation ...
Page 11: ...Chapter 4 Product s Roadmap ...
Page 14: ......
Page 15: ...Chapter 5 Integration with Internet Gateway services ...
Page 22: ......
Page 23: ...Chapter 6 Important ESET Gateway Security mechanisms ...
Page 28: ......
Page 29: ...Chapter 7 ESET Security system update ...
Page 31: ...Chapter 8 Let us know ...
Page 33: ...Appendix A ESETS setup process description ...
Page 36: ......
Page 37: ...Appendix A PHP License ...