User manual NOD32 ESET FILE SECURITY FOR LINUX/BSD/SOLARIS

[. . . ] ESET File Security Installation Manual and User Guide Linux, BSD and Solaris Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. 1 Main functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. 2 Key features of the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology and abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 4. [. . . ] In any of these cases, the On-access scanning technique based on the preload LIBC library should be used. Please note that this section is relevant only for Linux OS users and contains information regarding the operation, installation and configuration of the On-access scanner using the preload library ‘libesets_pa c. so’. 11 5. 3. 1 Operation principle The On-access scanner libesets_pa c. so (ESETS Preload library based file Access Controller) is a shared objects library which is activated at system start-up. This library is used for LIBC calls by file system servers such as FTP server, Samba server etc. Every file system object is scanned based on customizable file access event types. The following event types are supported by the current version: Open events This file access type is activated if the word ‘open’ is present in the ‘event_ma sk’ parameter in the esest. cfg file ( [pa c] section). Close events This file access type is activated if the word ‘close’ is present in the ‘event_ma sk’ parameter in the esets. cfg file ( [pa c] section). In this case, all file descriptor and FILE stream close functions of the LIBC are intercepted. Exec events This file access type is activated if the word ‘exec’ is present in the ‘event_ma sk’ parameter in the esets. cfg ( [pa c] section). All opened, closed and executed files are scanned by the ESETS daemon for viruses. Based on the result of such scans, access to given files is denied or allowed. 5. 3. 2 Installation and configuration The libesets_pa c. so library module is installed using a standard installation mechanism of the preloaded libraries. One has just to define the environment variable ‘LD_PRELO A D’ with the absolute path to the libesets_pa c. so library. NOTE: It is important that the ‘LD_PRELO A D‘ environment variable is defined only for the network server daemon processes (ftp, Samba, etc. ) that will be under control of the On-access scanner. Generally, preloading LIBC calls for all operating system processes is not recommended, as this can dramatically slow the performance of the system or even cause the system to hang. In this sense, the ‘/etc/ld. so. preload’ file should not be used, nor should the ‘LD_PRELOAD‘ environment variable be exported globally. Both would override all relevant LIBC calls, which could lead to system hang-up during initialization. To ensure that only relevant file access calls within a given file system are intercepted, executable statements can be overridden using the following line: LD_PRELOAD=/usr/lib/libesets_pac. so COMMAND COMMAND-ARGUMENTS where ‘COMMAND COMMAND-ARGUMENTS’ is the original executable statement. Review and edit the [g loba l] and [pa c] sections of the ESETS configuration file (esets. cfg). In order for the On-access scanner to function correctly, you must define the file system objects (i. e. directories and files) that are required to be under control of the preload library. This can be achieved by defining the parameters of the ‘ctl_incl’ and ‘ctl_excl’ options in the [pa c] section of the ESETS configuration file. After making changes to the esets. cfg file, you can force the newly created configuration to be re-read by reloading the ESETS daemon. 5. 3. 3 Tips In order to activate the On-access scanner immediately after file system start-up, the ‘LD_PRELO A D’ environment variable must be defined within the appropriate network file server initialization script. Exa mple: Let’s assume we want to have the On-access scanner to monitor all file system access events immediately after starting the Samba server. Within the Samba daemon initialization script (/etc/init. d/smb), we would replace the statement daemon /usr/sbin/smbd $SMBDOPTIONS with the following line: LD_PRELOAD=/usr/lib/libesets_pac. so daemon /usr/sbin/smbd $SMBDOPTIONS In this way, selected file system objects controlled by Samba will be scanned at system start-up. 12 6. [. . . ] The second stage of the update process is the compilation of modules loadable by the ESET File Security scanner from those stored in the local mirror. Typically, the following ESETS loading modules are created: loader module (em000. dat), scanner module (em001. dat), virus signature database module (em002. dat), archives support module (em003. dat), advanced heuristics module (em004. dat), etc. The modules are created in the following directory: @BASEDIR@ This is the directory where the ESETS daemon loads modules from and thus can be redefined using the ‘ba se_dir’ option in the [g loba l] section of the ESETS configuration file. 7. 3 ESETS mirror http daemon ESETS mirror http daemon is installed automatically with ESET File Security. The http mirror daemon starts if the option ‘a v_mirror_httpd_ena bled’ in the [g loba l] section of the ESETS configuration file is set to ‘yes’ and the Mirror is enabled. [. . . ]