User manual NOD32 ESET GATEWAY SECURITY FOR LINUX/BSD/SOLARIS

[. . . ] ESET Gateway Security Installation Manual and User Guide Linux, BSD and Solaris Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. 1 Main functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. 2 Key features of the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology and abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 4. [. . . ] Additionally, the URL of the source object is stored in the esets_http cache in order to block the source transfer if requested again. Be aware that the deferred sca n technique described above presents a potential risk to the computer requesting the infected file for the first time. This is because some parts of the already transferred data can contain executable, dangerous code. For this reason, ESET developed a modified version of the deferred sca n technique, known as the ‘partial scan’ technique. Partial scan technique The pa rtia l sca n technique has been developed as an additional safeguard to the deferred sca n method. The principle of the pa rtia l sca n technique is based on the idea that the scanning time of a large object is negligible compared to the overall processing time of the object. This concept is especially evident with large object HTTP transfers, as significantly more time is needed to transfer the object than to scan it for infiltrations. This assumption allows us to perform more than one scan during a large object transfer. To enable this technique, the parameter ‘lo_pa rtsca n_ena bled’ is entered in the [http] section of the ESETS configuration file. This will cause large objects to be scanned for infiltrations during transfer in predefined intervals, while the data which has already been scanned is sent to an awaiting end-point such as a client or server. This method ensures that no infiltrations are passed to the computer whose user agent has requested the large infected object, because each portion of the sent data is already verified to be safe. It has been proven that in common circumstances where the speed of the gateway’s local network connection is higher than the speed of the gateway connection to the Internet, the total processing time of a large object transfer using the pa rtia l sca n technique is approximately the same as when the standard deferred sca n method is used. 12 5. 5 ESETS plug-in filter for SafeSquid Proxy Cache In previous sections we described the integration of ESET Gateway Security with HTTP and FTP services using esets_http and esets_ftp. The methods described are applicable for the most common user agents, including the well known content filtering internet proxy SafeSquid. http://www. safesquid. com However, ESET Gateway Security also offers an alternative method of protecting Gateway services, using the esets_ssfi. so module. 5. 5. 1 Operation principle The esets_ssfi. so module is a plug-in to access all objects processed by the SafeSquid proxy cache. Once the plug-in accesses the object, it is scanned for infiltrations using the ESETS daemon. If the object is infected, SafeSquid blocks the appropriate resource and sends the predefined template page instead. The esets_ssfi. so module is supported by SafeSquid Advanced version 4. 0. 4. 2 and later. Please refer to the esets_ssfi. so(1 ) man pages for more information. 5. 5. 2 Installation and configuration To integrate the module, you must create links from the SafeSquid modules directory to the appropriate installation locations of the ESET Gateway Security package. In the following examples, it is assumed that SafeSquid is installed on a Linux OS in the ‘/ opt/safesquid’ directory. If SafeSquid 4. 2 or later is installed, enter the following commands: mkdir /opt/safesquid/modules ln -s @LIBDIR@/ssfi/esets_ssfi. so /opt/safesquid/modules/esets_ssfi. so ln -s @LIBDIR@/ssfi/esets_ssfi. xml /opt/safesquid/modules/esets_ssfi. xml If an earlier version is installed, enter the following commands: mkdir /opt/safesquid/modules ln -s @LIBDIR@/ssfi/esets_ssfi. so /opt/safesquid/modules/esets_ssfi. gcc295. so ln -s @LIBDIR@/ssfi/esets_ssfi. xml /opt/safesquid/modules/esets_ssfi. xml /etc/init. d/safesquid restart To complete the SafeSquid plug-in installation, first logon to the SafeSquid Web Administration Interface. Select the Config menu from the main interface page and browse Select a Section to Config ure until you find ESET Gateway Security. Click Submit and create the a ntivirus profile for the ESET Ga tew a y Security section by clicking the Add button at the bottom. [. . . ] The options ‘a v_mirror_httpd_userna me’ and ‘a v_mirror_httpd_pa ssword’ allow an administrator to define the login and password used to access the Mirror. 24 8. Let us know Dear user, we hope this Guide has provided you with a thorough understanding of the requirements for ESET Gateway Security installation, configuration and maintenance. However, our goal is to continually improve the quality and effectiveness of our documentation. If you feel that any sections in this Guide are unclear or incomplete, please let us know by contacting Customer Care: http://www. eset. com/support or use directly the support form: http://www. eset. eu/support/form We are dedicated to provide the highest level of support and look forward to helping you should you experience any problems concerning this product. 25 9. [. . . ]