You are on page 1of 7

ESET Mail Security for Debian - 32 bit 3.0.15 under Ubuntu Server 9.

04
http://www.wilderssecurity.com/showthread.php?t=244001
ESET Mail Security for Debian - 32 bit 3.0.15 under Ubuntu Server 9.04
Hi all,
I'm working with a couple of customers integrating ESET Mail Security for Debian
- 32 bit 3.0.15 under Ubuntu Server 9.04, using postfix.
Installation is normal as manual says.
My /etc/esets/esets.cfg looks like this.
root@mib:~# cat /etc/esets/esets.cfg | grep ^[^#]
[global]
syslog_facility = "syslog"
syslog_class = "error:warning:summ:summall:part:partall:info:debug"
action_av = "scan"
av_clean_mode = "standard"
action_av_infected = "discard"
action_av_notscanned = "discard"
action_av_deleted = "discard"
av_quarantine_enabled = yes
action_as = "accept"
action_as_spam = "discard"
action_as_notscanned = "discard"
av_update_period = 60
av_update_username = "EAV-00000000"
av_update_password = "mmmmmmmmm"
as_update_period = 60
[wwwi]
agent_enabled = yes
listen_addr = "0.0.0.0"
listen_port = 8443
username = "admin"
password = "admin"
[mda]
mda_path = "/usr/bin/procmail"
[smtp]
[smfi]
[http]
[ftp]
[icap]
[pop3]
[imap]
[pac]
action_av_deleted = "accept"
[dac]
action_av_deleted = "accept"
[scan]
av_clean_mode = "none"
root@mib:~#
Problem : Customers claim antispam is not working. Using www interface -> contro

l -> statistics; i can see a lot of mails coming to mail server but none is mark
ed as SPAM. What is wrong with configuration?.
I have read the manual http://www.eset-la.com/manuals/eset_mail_security_ES.pdf
(spanish). So dont RTFM me please. In page 22 manual says something about "av_en
abled (Anti-Virus Enabled)" and "as_enabled (Spam Detect Enabled)" parameters, b
ut i cant find them in /etc/esets/esets.cfg. Are they necesary?
Aditional info, removed Amavi-new and spamassassin and using ESET Solution only.
Log file says :
Jun 2 10:12:05 mib esets_daemon[20589]: debug[506c0000]: Using configuration for
section `wwwi'
Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0000]: License registration ke
y(s) control
Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0000]: License: product name:
ESET Mail Security, expiration date: 2009-07-31 20:00:00, license filename: `/et
c/esets/license/esets_e54c64.lic'
Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0000]: Start anti-virus module
s update and reload
Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0201]: Connection request from
agent 'wwwi' accepted
Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0201]: Searching for section `
wwwi' user `' in configuration
Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0201]: Using configuration for
section `wwwi'
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: ESETS WWW Interface modul
e, version 3.0.15, (C) 2009 ESET, spol. s r.o.
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Dump global esets_wwwi se
tting information
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Syslog facility - syslog_
facility = "syslog"
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Enable classes of syslog
- syslog_class = "error:warning:summ:summall:part:partall:info:debug"
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Listen address - listen_a
ddr = "0.0.0.0"
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Listen port - listen_port
= 8443
Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Server is listening on 0.
0.0.0:8443
root@mib:~#
There is no mention about an AntiSpam Module.
Any help?
Thanks in advance
Guido R. Rolon A.
HS S. A. (Integrating Linux Solutions)
grolon@hs.com.py
UPDATE
June 23rd, 2009, 10:42 AM
Re: ESET Mail Security for Debian - 32 bit 3.0.15 under Ubuntu Server 9.04

This is a shame. There is no support from ESET to solve this problem.


Comming from unix/linux suppor for 15 years i can say this problem is solved usi
ng old school skills. Theres is NO documentation about this, no PDF downloaded f
rom ESET sites will you you the answer. No forum could help.
Here it is.
In order to get antispam working under any linux distro you have to do this proc
edure in addition to official ESET manual of ESET Mail Security.
In /etc/esets/esets.cfg modify these parameters
# action_as = "accept" this is default. Does nothing. AntiSpam module is not wor
king. Accept anything.
# action_as = "reject" Reject everything, nothing will be delivered to user.
# action_as = "discard" Discard everything, nothing will be delivered to user.
action_as = "scan"
# This is the only option to activate AntiSpam module.
action_as_spam = "accept", "defer", "discard", "reject" what do you want to do w
hen spam is comming ?.
action_as_notscanned = "accept", "defer", "discard", "reject" what do you want t
o when objects could not be scanned by Anti-Spam scanner.
After changing theres parameters, fisrt update all modules; then restart.
NOTICE : you mail server could be out of service until update proccess is finish
ed.
I run:
root@mib:~# date; /etc/init.d/esets_daemon restart; date
jue jun 18 15:25:04 PYT 2009
Restarting ESET Security for Linux: esets_daemon
Updating anti-virus modules...
Anti-virus modules update done(this is easy)
Start first time anti-spam modules update,
it may take several minutes, please wait...
error[582c0000]: Anti-spam modules update failure: Network error, disabling anti
-spam.
.
jue jun 18 15:44:17 PYT 2009
root@mib:~#
I have included date command in order to know how long takes update proccess, of
ficial support said could not be more than 10 minutes, BTW this info is not docu
mmented, but it took more than 35 minutes.
For some reasons you will not be adviced that an update proccess is taking place
. If you can see a message like
error[582c0000]: Anti-spam modules update failure: Network error, disabling anti
-spam.
Just repeat the procces and wait.
Or, you can update it manually:

root@mib:~# esets_update
Virus signature database has been updated successfully.
Installed virus signature database version 4180 (20090623).
root@mib:~#
Finally, you cand see your log if activated
Jun 19 17:31:25 mail esets_daemon[31846]:
date and reload done
Jun 19 17:31:25 mail esets_daemon[31846]:
es update and reload
Jun 19 17:31:50 mail esets_daemon[31846]:
pam module(s) found and loaded
Jun 19 17:31:50 mail esets_daemon[31846]:
version 2009.06.18.20.24.30
Jun 19 17:31:50 mail esets_daemon[31846]:
version 2005.02.11.04.44.13
Jun 19 17:31:50 mail esets_daemon[31846]:
version nil
Jun 19 17:31:50 mail esets_daemon[31846]:
version nil
Jun 19 17:31:50 mail esets_daemon[31846]:
version 2009.04.13.23.00.00
Jun 19 17:31:50 mail esets_daemon[31846]:
version 2007.02.13.01.23.26
Jun 19 17:31:50 mail esets_daemon[31846]:
version nil
Jun 19 17:31:50 mail esets_daemon[31846]:
version nil
Jun 19 17:31:50 mail esets_daemon[31846]:
version 2009.05.12.18.49.27
Jun 19 17:31:50 mail esets_daemon[31846]:
, version 2009.06.19.21.01.01
Jun 19 17:31:50 mail esets_daemon[31846]:
, version 2009.06.19.01.40.01
Jun 19 17:31:50 mail esets_daemon[31846]:
, version 2009.06.19.21.26.11
Jun 19 17:31:50 mail esets_daemon[31846]:
, version nil
Jun 19 17:31:50 mail esets_daemon[31846]:
, version nil
Jun 19 17:31:50 mail esets_daemon[31846]:
, version 2009.05.22.21.00.02
Jun 19 17:31:50 mail esets_daemon[31846]:
ate and reload done
[root@mail postfix]#

debug[7c660000]: Anti-virus modules up


debug[7c660000]: Start anti-spam modul
debug[7c660000]: New version of anti-s
debug[7c660000]: Anti-spam module '1',
debug[7c660000]: Anti-spam module '2',
debug[7c660000]: Anti-spam module '3',
debug[7c660000]: Anti-spam module '4',
debug[7c660000]: Anti-spam module '5',
debug[7c660000]: Anti-spam module '6',
debug[7c660000]: Anti-spam module '7',
debug[7c660000]: Anti-spam module '8',
debug[7c660000]: Anti-spam module '9',
debug[7c660000]: Anti-spam module '10'
debug[7c660000]: Anti-spam module '11'
debug[7c660000]: Anti-spam module '12'
debug[7c660000]: Anti-spam module '13'
debug[7c660000]: Anti-spam module '14'
debug[7c660000]: Anti-spam module '15'
debug[7c660000]: Anti-spam modules upd

Astispam module is updated.


Official support said this is documented under manpage. You tell me if you find
it and why make it so difficult
root@mib:~# man esets.cfg
action_as = action
type: string
default: action = "accept"

Defines action to be performed on all e-mail messages approaching Anti-Spam cont


rol. Possible values are "scan", "accept", "defer", "discard",
"reject". Note that the values above are handled individually by every ESETS age
nt module. Thus to get description of the values please, refer to
section HANDLE OBJECT POLICY of manual page of an appropriate agent.
action_as_spam = action
type: string
default: action = "accept"
Specifies the action performed on e-mail messages found as spam. Possible values
are "accept", "defer", "discard", "reject". Note that the values
above are handled individually by every ESETS agent module. Thus to get descript
ion of the values please, refer to section HANDLE OBJECT POLICY of
manual page of an appropriate agent.
action_as_notscanned = action
type: string
default: action = "accept"
Specifies the action performed on objects that could not be scanned by Anti-Spam
scanner. Possible values are "accept", "defer", "discard",
"reject". Note that the values above are handled individually by every ESETS age
nt module. Thus to get description of the values please, refer to
section HANDLE OBJECT POLICY of manual page of an appropriate agent.
root@mib:~# man esets_mda
action_av_deleted, action_as, action_as_spam and action_as_notscanned. To get de
scription of these configuration options, see esets.cfg(5) manual page.
action_av
|accept||scan||defer,discard,reject| -> object not accepted
| |
| action_av_infected
| action_av_notscanned
| action_av_deleted
| |accept||defer,discard,reject| -> object not accepted
| |
| action_as
| |accept||scan||defer,discard,reject| -> object not accepted
| | |
| | action_as_notscanned
| | |accept||defer,discard,reject| -> object not accepted
| | |
+-------+-------+
object accepted

Every e-mail message processed by this module is first handled with respect to t
he setting of the configuration option action_av. Once the option is set
to accept (resp. defer, discard, reject) the object is accepted (resp. deferred, disc
ed, rejected). If the option is set to scan the object
is scanned (resp. also cleaned if requested by configuration option av_clean_mod
e) for virus infiltrations and set of action configuration options
action_av_infected, action_av_notscanned and action_av_deleted is taken into acc
ount to evaluate further handling of the object. If action accept has

been taken as a result of the three above action options the object processed sh
all be scanned for spam.
Note that the e-mail message is scanned for spam only in case the configuration
option action_as is set to scan. In this case the action configuration
options action_as_spam and action_as_notscanned is taken into account. If action
accept (resp. defer, discard, reject) has been taken as a result
of the two above action options the object is accepted for further delivery (res
p. the object is deferred, discarded or rejected).
You have probably noticed that each of the action configuration options discusse
d above accepts a variety of the values whose list can be found in
esets.cfg(5) manual page. As also stated there the values listed are handled ind
ividually by every ESETS agent module. Thus to be consistent in the fol
lowing we review the meaning of the values for this ESETS agent module.
accept Accept object on this level of Handle Object Policy, i.e. access to the o
bject is allowed by the particular action configuration option.
scan Scan object for virus infiltrations (resp. for spam) and clean infected obj
ects if requested by configuration option av_clean_mode.
defer Return temporary failure to sender.
discard
Accept object from sender, but drop it afterward.
reject Return permanent error to sender.
Sorry my poor english, i hope this can help anybody using or trying this product
under linux.
NOTE : this procedure is GPLed. Just keep my name on it.
Feel free to contact me.
Guido R. Rolon. A.
grolon@hs.com.py
grolon@gmail.com
UPDATE
03/19/2012
Using Ubuntu Server 10.04 x86
i've found few differences
Created a directory for the new version, move downloaded file to this directory
cd 4.0.5.0/
chmod 777 esets.i386.deb.bin
./esets.i386.deb.bin
Accept Licence Terms

dpkg -i esets-4.0.5.i386.deb
Says Remove previous version
aptitude search esets
apt-get remove esets
dpkg -i esets-4.0.5.i386.deb
ps auxw | grep esets
esets does not appears
/etc/init.d/esets start
won't start, esets claims about license
This is the first difference
3.* store config in /etc/esets/
4.* store config under /etc/opt/eset/esets/
Import License from old place to new place
/opt/eset/esets/sbin/esets_lic --import /etc/esets/license/esets_1fc604.lic
/opt/eset/esets/sbin/esets_lic --list
to see your license
update your new config file according to your old /etc/esets/esets.cfg file
cd /etc/opt/eset/esets/
vim esets.cfg
/etc/init.d/esets restart
now you can see esets daemon
ps auxw | grep esets
and you can update
/opt/eset/esets/sbin/esets_update --verbose
i hope this can help