Integrate Eset File Security 8.0.375.0
Integrate Eset File Security 8.0.375.0
Hi Everyone
I noticed clamav let thou a few viruses, I saw on the PC's Eset log the detections, so at least the virus was detected and deleted.
1st price would be that it is detected on EFA level.
I installed Eset File Security on EFA server, versions below: ( Eset changed again, so current integration does not work )
ESET Management Agent 8.0.2216.0 / ESET File Security 8.0.375.0
Product works very well except there is no integration, moment a virus in sent in via email the Realtime Scanner picks it up and delete the virus.
My idea was to exclude the path from Realtime scanner where EFA woks and setup the generic-wrapper (/usr/lib/MailScanner/wrapper/generic-wrapper)
Scan command is (https://help.eset.com/efs/8/en-US/scans.html)
/opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /path to scan/
Will the generic-wrapper use the Exit codes provided by odscan and send that true to the logs ?
Exit Code Meaning
0 No threat found
1 Threat found and cleaned
10 Some files could not be scanned (may be threats)
50 Threat found
100 Error
Has anyone tried and got this working
Thanks
Jakes
I noticed clamav let thou a few viruses, I saw on the PC's Eset log the detections, so at least the virus was detected and deleted.
1st price would be that it is detected on EFA level.
I installed Eset File Security on EFA server, versions below: ( Eset changed again, so current integration does not work )
ESET Management Agent 8.0.2216.0 / ESET File Security 8.0.375.0
Product works very well except there is no integration, moment a virus in sent in via email the Realtime Scanner picks it up and delete the virus.
My idea was to exclude the path from Realtime scanner where EFA woks and setup the generic-wrapper (/usr/lib/MailScanner/wrapper/generic-wrapper)
Scan command is (https://help.eset.com/efs/8/en-US/scans.html)
/opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /path to scan/
Will the generic-wrapper use the Exit codes provided by odscan and send that true to the logs ?
Exit Code Meaning
0 No threat found
1 Threat found and cleaned
10 Some files could not be scanned (may be threats)
50 Threat found
100 Error
Has anyone tried and got this working
Thanks
Jakes
Re: Integrate Eset File Security 8.0.375.0
Hi Jakes
I try but with no luck because I'm not programer ...
I also replay to reported issue by flagmonkey, but got no response ...
url: https://github.com/MailScanner/v5/issues/540
He looks like manage to work with new ESET antivirus for Linux server ...
I try but with no luck because I'm not programer ...
I also replay to reported issue by flagmonkey, but got no response ...
url: https://github.com/MailScanner/v5/issues/540
He looks like manage to work with new ESET antivirus for Linux server ...
Re: Integrate Eset File Security 8.0.375.0
I second this request.
Sophos Linux Free is end of life, will only last untill end 2021. ClamAV is simply not good enough.
I got EFS working. It works from the command line, but I can't get MailScanner to recognise it is installed...
EFA 4.0.4
EFS 8.0.375.0
Sophos Linux Free is end of life, will only last untill end 2021. ClamAV is simply not good enough.
I got EFS working. It works from the command line, but I can't get MailScanner to recognise it is installed...
MailScanner.conf says "Virus Scanners = esets sophos clamd"
Found these virus scanners installed: sophos, clamd
Code: Select all
/usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/efs/bin -s --profile='@In-depth scan' --ignore-exclusions /home/admin/eicar.txt
EFS 8.0.375.0
Re: Integrate Eset File Security 8.0.375.0
Answering my own post... Getting closer
MailScanner.conf says "Virus Scanners = esets sophos clamd" 0.00013
Found these virus scanners installed: sophos, esets, clamd 0.08471
=========================================================================== 2.0E-5
Filename Checks: Windows/DOS Executable (1 eicar.com) 0.02043
Other Checks: Found 1 problems 0.00906
Virus and Content Scanning: Starting 2.0E-5
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 844. 0.00059
Invalid value of environment variable MODMAPDIR. Modules cannot be loaded. 0.01547
>>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/12886/1/eicar.com 6.34806
Virus Scanning: Sophos found 1 infections 0.00023
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com 0.10546
Virus Scanning: Clamd found 2 infections 0.08923
Infected message 1 came from 10.1.1.1 6.0E-5
Virus Scanning: Found 3 viruses
MailScanner.conf says "Virus Scanners = esets sophos clamd" 0.00013
Found these virus scanners installed: sophos, esets, clamd 0.08471
=========================================================================== 2.0E-5
Filename Checks: Windows/DOS Executable (1 eicar.com) 0.02043
Other Checks: Found 1 problems 0.00906
Virus and Content Scanning: Starting 2.0E-5
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 844. 0.00059
Invalid value of environment variable MODMAPDIR. Modules cannot be loaded. 0.01547
>>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/12886/1/eicar.com 6.34806
Virus Scanning: Sophos found 1 infections 0.00023
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com 0.10546
Virus Scanning: Clamd found 2 infections 0.08923
Infected message 1 came from 10.1.1.1 6.0E-5
Virus Scanning: Found 3 viruses
Re: Integrate Eset File Security 8.0.375.0
I see Shawn Iverson has posted a patch that will get the new Eset to work.
https://github.com/MailScanner/v5/pull/558
I'm not sure how to Install this patch, any suggestions please
Thanks !
https://github.com/MailScanner/v5/pull/558
I'm not sure how to Install this patch, any suggestions please
Thanks !
Re: Integrate Eset File Security 8.0.375.0
I did it by hand...
Basically (assuming you have esets efs installed):
Add this line to /etc/MailScanner/virus.scanners.conf
Create this file:
/usr/lib/MailScanner/wrapper/esetsefs-wrapper
And put this into it.
Make it exec:
sudo chmod +x /usr/lib/MailScanner/wrapper/esetsefs-wrapper
Edit the file /etc/MailScanner/virus.scanners.conf As described here
Add these to /etc/sudoers.d/eFa-users (need to be root)
Add esetsefs to /etc/MailScanner/MailScanner.conf
Run
MailScanner --lint
sudo service mailscanner restart
Basically (assuming you have esets efs installed):
Add this line to /etc/MailScanner/virus.scanners.conf
Code: Select all
esetsefs /usr/lib/MailScanner/wrapper/esetsefs-wrapper /opt/eset/efs/bin
/usr/lib/MailScanner/wrapper/esetsefs-wrapper
And put this into it.
Make it exec:
sudo chmod +x /usr/lib/MailScanner/wrapper/esetsefs-wrapper
Edit the file /etc/MailScanner/virus.scanners.conf As described here
Add these to /etc/sudoers.d/eFa-users (need to be root)
Code: Select all
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/odscan
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/lslog
Code: Select all
Virus Scanners = sophos clamd esetsefs
MailScanner --lint
If no errors, restart mailscannerMailScanner.conf says "Virus Scanners = sophos clamd esetsefs"
Found these virus scanners installed: esetsefs, sophos, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
>>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/17967/1/eicar.com
Virus Scanning: Sophos found 1 infections
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Esets::INFECTED::Eicar
Virus Scanning: esetsefs found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 4 viruses
===========================================================================
Virus Scanner test reports:
Sophos said ">>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/17967/1/eicar.com"
Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL"
Esets said "found Eicar in eicar.com"
sudo service mailscanner restart
Re: Integrate Eset File Security 8.0.375.0
Hi,
Could you please check the below issue –
MailScanner --lint
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 866.
I have follow the above configuration which you mentioned but unable to run the EFS 8.1.685.0 on EFA-4.
Could you please check the below issue –
MailScanner --lint
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 866.
I have follow the above configuration which you mentioned but unable to run the EFS 8.1.685.0 on EFA-4.
Re: Integrate Eset File Security 8.0.375.0
What is in there?
Add these to /etc/sudoers.d/eFa-users (need to be root)
Code: Select all
ls -l /var/spool/MailScanner/incoming/Locks/
Did you edit sudoers?-rw------- 1 postfix postfix 52 Nov 9 13:49 esetsefsBusy.lock
Add these to /etc/sudoers.d/eFa-users (need to be root)
Code: Select all
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/odscan
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/lslog
Re: Integrate Eset File Security 8.0.375.0
There is no esetsefsBusy.lock file in following path –
I have added the mentioned lines in sudoers. Would you please share the installation steps of EFS ?
Code: Select all
ls -l /var/spool/MailScanner/incoming/Locks/
Re: Integrate Eset File Security 8.0.375.0
https://github.com/MailScanner/v5/issues/383
You can try (as root)
You can try (as root)
Code: Select all
touch /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock
chown postfix:postfix /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock
Re: Integrate Eset File Security 8.0.375.0
MailScanner --lint
EFS lock file issue is resolved. Sophos was working with Maliscanner but after installing EFS its not showing on virus scanning.
Code: Select all
MailScanner.conf says "Virus Scanners = clamd sophos esetsefs"
Found these virus scanners installed: esetsefs, sophos, clamd
===========================================================================
Virus and Content Scanning: Starting
Clamd::INFECTED::{HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
===========================================================================
If any of your virus scanners (esetsefs,sophos,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Re: Integrate Eset File Security 8.0.375.0
I just repeated all my steps on a fresh EFA.
It works
"Edit the file /etc/MailScanner/virus.scanners.conf" As described here
should be
"Edit the file /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm"
It works
I noticed 1 error in my stepsVirus Scanner test reports:
Esets said "found Eicar in eicar.com"
Sophos said ">>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/84075/1/eicar.com"
Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL"
"Edit the file /etc/MailScanner/virus.scanners.conf" As described here
should be
"Edit the file /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm"
Re: Integrate Eset File Security 8.0.375.0
Sophos Linux is now retired.
A few additional things about EFS on EFA...
A few additional things about EFS on EFA...
- In order for EFS to function (postfix in sudoers), selinux needs to be set to "permissive", or disabled altogether
- EFS needs to be activated with a valid license, or it wil not show up in MailScanner --lint. It does show itself in it's own logs though
- The latest version of EFA (4.0.4) has support for EFS built in, except the wrapper is missing (/usr/lib/MailScanner/wrapper/esetsefs-wrapper)
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Integrate Eset File Security 8.0.375.0
I'll be fixing the missing wrapper in the next update
Re: Integrate Eset File Security 8.0.375.0
Hi;
fixing the missing wrapper in the next update waiting good antivirus esetefs
fixing the missing wrapper in the next update waiting good antivirus esetefs
Re: Integrate Eset File Security 8.0.375.0
Another one to fix
Detetection by EFS don't show up in Top Viruses / Virus report.
Patrick
Detetection by EFS don't show up in Top Viruses / Virus report.
Patrick
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Integrate Eset File Security 8.0.375.0
Thanks I need to push another MailWatch update, to get ESETS EFS to be recognized in the reports. I'll add this to my todo.
Re: Integrate Eset File Security 8.0.375.0
Hello,
I've install ESET v 9.0.174.0, i have a valid trial license, i create esetsefsBusy.lock file, but when i run this command: MailScanner --lint i have this output:
MailScanner.conf says "Virus Scanners = clamd esetsefs"
Found these virus scanners installed: esetsefs, clamd
===========================================================================
Virus and Content Scanning: Starting
Clamd::INFECTED::{HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
===========================================================================
I didn't see where in eset found virus or something else.
Can you help with this issue?
Thanq
I've install ESET v 9.0.174.0, i have a valid trial license, i create esetsefsBusy.lock file, but when i run this command: MailScanner --lint i have this output:
MailScanner.conf says "Virus Scanners = clamd esetsefs"
Found these virus scanners installed: esetsefs, clamd
===========================================================================
Virus and Content Scanning: Starting
Clamd::INFECTED::{HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
===========================================================================
I didn't see where in eset found virus or something else.
Can you help with this issue?
Thanq
Re: Integrate Eset File Security 8.0.375.0
I have the exact same problem ...
I see in ESET WebGUI that virus was actually found and deleted
I also found that if start MailScanner Lint (Test) from webgui that found is only clamd, but if it is started from console found both clamd and esetsefs
I see in ESET WebGUI that virus was actually found and deleted
I also found that if start MailScanner Lint (Test) from webgui that found is only clamd, but if it is started from console found both clamd and esetsefs
Re: Integrate Eset File Security 8.0.375.0
Just a thought...
Did you disable "real time scanning" in EFS?
Or maybe a trial license is not enough for on demand scanning.
Did you disable "real time scanning" in EFS?
Or maybe a trial license is not enough for on demand scanning.
Re: Integrate Eset File Security 8.0.375.0
No, all module is enable.
Now it's working, and mailscanner report when detect an virus.
You can "find" license on internet
Now it's working, and mailscanner report when detect an virus.
You can "find" license on internet