Page 1 of 1
Integrate Eset File Security 8.0.375.0
Posted: 12 May 2021 10:04
by Jakes
Hi Everyone
I noticed clamav let thou a few viruses, I saw on the PC's Eset log the detections, so at least the virus was detected and deleted.
1st price would be that it is detected on EFA level.
I installed Eset File Security on EFA server, versions below: ( Eset changed again, so current integration does not work )
ESET Management Agent 8.0.2216.0 / ESET File Security 8.0.375.0
Product works very well except there is no integration, moment a virus in sent in via email the Realtime Scanner picks it up and delete the virus.
My idea was to exclude the path from Realtime scanner where EFA woks and setup the generic-wrapper (/usr/lib/MailScanner/wrapper/generic-wrapper)
Scan command is (
https://help.eset.com/efs/8/en-US/scans.html)
/opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /path to scan/
Will the generic-wrapper use the Exit codes provided by odscan and send that true to the logs ?
Exit Code Meaning
0 No threat found
1 Threat found and cleaned
10 Some files could not be scanned (may be threats)
50 Threat found
100 Error
Has anyone tried and got this working
Thanks
Jakes
Re: Integrate Eset File Security 8.0.375.0
Posted: 18 Jun 2021 13:20
by markov
Hi Jakes
I try but with no luck because I'm not programer ...
I also replay to reported issue by flagmonkey, but got no response ...
url:
https://github.com/MailScanner/v5/issues/540
He looks like manage to work with new ESET antivirus for Linux server ...
Re: Integrate Eset File Security 8.0.375.0
Posted: 23 Jun 2021 13:57
by Trikke
I second this request.
Sophos Linux Free is end of life, will only last untill end 2021. ClamAV is simply not good enough.
I got EFS working. It works from the command line, but I can't get MailScanner to recognise it is installed...
MailScanner.conf says "Virus Scanners = esets sophos clamd"
Found these virus scanners installed: sophos, clamd
Code: Select all
/usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/efs/bin -s --profile='@In-depth scan' --ignore-exclusions /home/admin/eicar.txt
EFA 4.0.4
EFS 8.0.375.0
Re: Integrate Eset File Security 8.0.375.0
Posted: 23 Jun 2021 14:13
by Trikke
Answering my own post... Getting closer
MailScanner.conf says "Virus Scanners = esets sophos clamd" 0.00013
Found these virus scanners installed: sophos, esets, clamd 0.08471
=========================================================================== 2.0E-5
Filename Checks: Windows/DOS Executable (1 eicar.com) 0.02043
Other Checks: Found 1 problems 0.00906
Virus and Content Scanning: Starting 2.0E-5
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 844. 0.00059
Invalid value of environment variable MODMAPDIR. Modules cannot be loaded. 0.01547
>>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/12886/1/eicar.com 6.34806
Virus Scanning: Sophos found 1 infections 0.00023
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com 0.10546
Virus Scanning: Clamd found 2 infections 0.08923
Infected message 1 came from 10.1.1.1 6.0E-5
Virus Scanning: Found 3 viruses
Re: Integrate Eset File Security 8.0.375.0
Posted: 18 Oct 2021 14:52
by Jakes
I see Shawn Iverson has posted a patch that will get the new Eset to work.
https://github.com/MailScanner/v5/pull/558
I'm not sure how to Install this patch, any suggestions please
Thanks !
Re: Integrate Eset File Security 8.0.375.0
Posted: 25 Oct 2021 13:37
by Trikke
I did it by hand...
Basically (assuming you have esets efs installed):
Add this line to /etc/MailScanner/virus.scanners.conf
Code: Select all
esetsefs /usr/lib/MailScanner/wrapper/esetsefs-wrapper /opt/eset/efs/bin
Create this file:
/usr/lib/MailScanner/wrapper/esetsefs-wrapper
And put
this into it.
Make it exec:
sudo chmod +x /usr/lib/MailScanner/wrapper/esetsefs-wrapper
Edit the file /etc/MailScanner/virus.scanners.conf
As described here
Add these to /etc/sudoers.d/eFa-users (need to be root)
Code: Select all
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/odscan
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/lslog
Add esetsefs to /etc/MailScanner/MailScanner.conf
Code: Select all
Virus Scanners = sophos clamd esetsefs
Run
MailScanner --lint
MailScanner.conf says "Virus Scanners = sophos clamd esetsefs"
Found these virus scanners installed: esetsefs, sophos, clamd
===========================================================================
Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting
>>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/17967/1/eicar.com
Virus Scanning: Sophos found 1 infections
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com
Virus Scanning: Clamd found 2 infections
Esets::INFECTED::Eicar
Virus Scanning: esetsefs found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 4 viruses
===========================================================================
Virus Scanner test reports:
Sophos said ">>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/17967/1/eicar.com"
Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL"
Esets said "found Eicar in eicar.com"
If no errors, restart mailscanner
sudo service mailscanner restart
Re: Integrate Eset File Security 8.0.375.0
Posted: 08 Nov 2021 05:37
by musabr187
Hi,
Could you please check the below issue –
MailScanner --lint
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 866.
I have follow the above configuration which you mentioned but unable to run the EFS 8.1.685.0 on EFA-4.
Re: Integrate Eset File Security 8.0.375.0
Posted: 09 Nov 2021 12:52
by Trikke
What is in there?
Code: Select all
ls -l /var/spool/MailScanner/incoming/Locks/
-rw------- 1 postfix postfix 52 Nov 9 13:49 esetsefsBusy.lock
Did you edit sudoers?
Add these to /etc/sudoers.d/eFa-users (need to be root)
Code: Select all
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/odscan
postfix ALL=(ALL) NOPASSWD: /opt/eset/efs/bin/lslog
Re: Integrate Eset File Security 8.0.375.0
Posted: 10 Nov 2021 04:38
by musabr187
There is no esetsefsBusy.lock file in following path –
Code: Select all
ls -l /var/spool/MailScanner/incoming/Locks/
I have added the mentioned lines in sudoers. Would you please share the installation steps of EFS ?
Re: Integrate Eset File Security 8.0.375.0
Posted: 10 Nov 2021 08:35
by Trikke
https://github.com/MailScanner/v5/issues/383
You can try (as root)
Code: Select all
touch /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock
chown postfix:postfix /var/spool/MailScanner/incoming/Locks/esetsefsBusy.lock
Re: Integrate Eset File Security 8.0.375.0
Posted: 11 Nov 2021 10:44
by musabr187
MailScanner --lint
Code: Select all
MailScanner.conf says "Virus Scanners = clamd sophos esetsefs"
Found these virus scanners installed: esetsefs, sophos, clamd
===========================================================================
Virus and Content Scanning: Starting
Clamd::INFECTED::{HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
===========================================================================
If any of your virus scanners (esetsefs,sophos,clamd)
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
EFS lock file issue is resolved. Sophos was working with Maliscanner but after installing EFS its not showing on virus scanning.
Re: Integrate Eset File Security 8.0.375.0
Posted: 10 Dec 2021 11:56
by Trikke
I just repeated all my steps on a fresh EFA.
It works
Virus Scanner test reports:
Esets said "found Eicar in eicar.com"
Sophos said ">>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/84075/1/eicar.com"
Clamd said "eicar.com was infected: {HEX}EICAR.TEST.3.UNOFFICIAL"
I noticed 1 error in my steps
"Edit the file /etc/MailScanner/virus.scanners.conf" As described here
should be
"Edit the file /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm"
Re: Integrate Eset File Security 8.0.375.0
Posted: 25 Jan 2022 11:31
by Trikke
Sophos Linux is now retired.
A few additional things about EFS on EFA...
- In order for EFS to function (postfix in sudoers), selinux needs to be set to "permissive", or disabled altogether
- EFS needs to be activated with a valid license, or it wil not show up in MailScanner --lint. It does show itself in it's own logs though
- The latest version of EFA (4.0.4) has support for EFS built in, except the wrapper is missing (/usr/lib/MailScanner/wrapper/esetsefs-wrapper)
Tested and working on Rocky Linux 8.5
Re: Integrate Eset File Security 8.0.375.0
Posted: 31 Jan 2022 20:25
by shawniverson
I'll be fixing the missing wrapper in the next update
Re: Integrate Eset File Security 8.0.375.0
Posted: 09 Feb 2022 11:32
by hostgrup
Hi;
fixing the missing wrapper in the next update waiting good antivirus esetefs
Re: Integrate Eset File Security 8.0.375.0
Posted: 14 Mar 2022 16:13
by Trikke
Another one to fix
Detetection by EFS don't show up in Top Viruses / Virus report.
Patrick
Re: Integrate Eset File Security 8.0.375.0
Posted: 15 Mar 2022 02:12
by shawniverson
Thanks I need to push another MailWatch update, to get ESETS EFS to be recognized in the reports. I'll add this to my todo.
Re: Integrate Eset File Security 8.0.375.0
Posted: 23 Mar 2022 07:12
by mendark
Hello,
I've install ESET v 9.0.174.0, i have a valid trial license, i create esetsefsBusy.lock file, but when i run this command: MailScanner --lint i have this output:
MailScanner.conf says "Virus Scanners = clamd esetsefs"
Found these virus scanners installed: esetsefs, clamd
===========================================================================
Virus and Content Scanning: Starting
Clamd::INFECTED::{HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/
Virus Scanning: Clamd found 1 infections
Infected message 1 came from 10.1.1.1
Virus Scanning: Found 1 viruses
===========================================================================
I didn't see where in eset found virus or something else.
Can you help with this issue?
Thanq
Re: Integrate Eset File Security 8.0.375.0
Posted: 31 Mar 2022 19:51
by markov
I have the exact same problem ...
I see in ESET WebGUI that virus was actually found and deleted
I also found that if start MailScanner Lint (Test) from webgui that found is only clamd, but if it is started from console found both clamd and esetsefs
Re: Integrate Eset File Security 8.0.375.0
Posted: 20 Apr 2022 18:52
by Trikke
Just a thought...
Did you disable "real time scanning" in EFS?
Or maybe a trial license is not enough for on demand scanning.
Re: Integrate Eset File Security 8.0.375.0
Posted: 21 Apr 2022 08:08
by mendark
No, all module is enable.
Now it's working, and mailscanner report when detect an virus.
You can "find" license on internet