Integrate Eset File Security 8.0.375.0

Questions and answers about how to do stuff
Post Reply
Jakes
Posts: 4
Joined: 18 Feb 2020 11:58

Integrate Eset File Security 8.0.375.0

Post by Jakes » 12 May 2021 10:04

Hi Everyone

I noticed clamav let thou a few viruses, I saw on the PC's Eset log the detections, so at least the virus was detected and deleted.
1st price would be that it is detected on EFA level.

I installed Eset File Security on EFA server, versions below: ( Eset changed again, so current integration does not work )
ESET Management Agent 8.0.2216.0 / ESET File Security 8.0.375.0

Product works very well except there is no integration, moment a virus in sent in via email the Realtime Scanner picks it up and delete the virus.

My idea was to exclude the path from Realtime scanner where EFA woks and setup the generic-wrapper (/usr/lib/MailScanner/wrapper/generic-wrapper)

Scan command is (https://help.eset.com/efs/8/en-US/scans.html)
/opt/eset/efs/bin/odscan --scan --profile="@In-depth scan" /path to scan/

Will the generic-wrapper use the Exit codes provided by odscan and send that true to the logs ?

Exit Code Meaning
0 No threat found
1 Threat found and cleaned
10 Some files could not be scanned (may be threats)
50 Threat found
100 Error

Has anyone tried and got this working

Thanks
Jakes

markov
Posts: 4
Joined: 12 Apr 2018 08:35

Re: Integrate Eset File Security 8.0.375.0

Post by markov » 18 Jun 2021 13:20

Hi Jakes

I try but with no luck because I'm not programer ...

I also replay to reported issue by flagmonkey, but got no response ...
url: https://github.com/MailScanner/v5/issues/540

He looks like manage to work with new ESET antivirus for Linux server ...

Trikke
Posts: 7
Joined: 13 Jul 2018 12:33

Re: Integrate Eset File Security 8.0.375.0

Post by Trikke » 23 Jun 2021 13:57

I second this request.
Sophos Linux Free is end of life, will only last untill end 2021. ClamAV is simply not good enough.

I got EFS working. It works from the command line, but I can't get MailScanner to recognise it is installed...
MailScanner.conf says "Virus Scanners = esets sophos clamd"
Found these virus scanners installed: sophos, clamd

Code: Select all

/usr/lib/MailScanner/wrapper/esets-wrapper /opt/eset/efs/bin -s --profile='@In-depth scan' --ignore-exclusions /home/admin/eicar.txt
EFA 4.0.4
EFS 8.0.375.0

Trikke
Posts: 7
Joined: 13 Jul 2018 12:33

Re: Integrate Eset File Security 8.0.375.0

Post by Trikke » 23 Jun 2021 14:13

Answering my own post... Getting closer

MailScanner.conf says "Virus Scanners = esets sophos clamd" 0.00013
Found these virus scanners installed: sophos, esets, clamd 0.08471
=========================================================================== 2.0E-5
Filename Checks: Windows/DOS Executable (1 eicar.com) 0.02043
Other Checks: Found 1 problems 0.00906
Virus and Content Scanning: Starting 2.0E-5
Cannot lock /var/spool/MailScanner/incoming/Locks/esetsBusy.lock, No such file or directory at /usr/share/MailScanner/perl/MailScanner/SweepViruses.pm line 844. 0.00059
Invalid value of environment variable MODMAPDIR. Modules cannot be loaded. 0.01547

>>> Virus 'EICAR-AV-Test' found in file /var/spool/MailScanner/incoming/12886/1/eicar.com 6.34806
Virus Scanning: Sophos found 1 infections 0.00023
Clamd::INFECTED:: {HEX}EICAR.TEST.3.UNOFFICIAL :: ./1/eicar.com 0.10546
Virus Scanning: Clamd found 2 infections 0.08923
Infected message 1 came from 10.1.1.1 6.0E-5
Virus Scanning: Found 3 viruses

Post Reply