ESET Mail Security for Debian - 32 bit 3.0.15 under Ubuntu Server 9.04

Discussion in 'Other ESET Home Products' started by grolon, Jun 2, 2009.

Thread Status:
Not open for further replies.
  1. grolon

    grolon Registered Member

    Joined:
    Jun 2, 2009
    Posts:
    4
    Hi all,
    I'm working with a couple of customers integrating ESET Mail Security for Debian - 32 bit 3.0.15 under Ubuntu Server 9.04, using postfix.

    Installation is normal as manual says.

    My /etc/esets/esets.cfg looks like this.
    root@mib:~# cat /etc/esets/esets.cfg | grep ^[^#]

    [global]
    syslog_facility = "syslog"
    syslog_class = "error:warning:summ:summall:part:partall:info:debug"
    action_av = "scan"
    av_clean_mode = "standard"
    action_av_infected = "discard"
    action_av_notscanned = "discard"
    action_av_deleted = "discard"
    av_quarantine_enabled = yes
    action_as = "accept"
    action_as_spam = "discard"
    action_as_notscanned = "discard"
    av_update_period = 60
    av_update_username = "EAV-00000000"
    av_update_password = "mmmmmmmmm"
    as_update_period = 60

    [wwwi]
    agent_enabled = yes
    listen_addr = "0.0.0.0"
    listen_port = 8443
    username = "admin"
    password = "admin"

    [mda]
    mda_path = "/usr/bin/procmail"

    [smtp]
    [smfi]
    [http]
    [ftp]
    [icap]
    [pop3]
    [imap]
    [pac]
    action_av_deleted = "accept"

    [dac]
    action_av_deleted = "accept"

    [scan]
    av_clean_mode = "none"

    root@mib:~#

    Problem : Customers claim antispam is not working. Using www interface -> control -> statistics; i can see a lot of mails coming to mail server but none is marked as SPAM. What is wrong with configuration?.

    I have read the manual http://www.eset-la.com/manuals/eset_mail_security_ES.pdf (spanish). So dont RTFM me please. In page 22 manual says something about "av_enabled (Anti-Virus Enabled)" and "as_enabled (Spam Detect Enabled)" parameters, but i cant find them in /etc/esets/esets.cfg. Are they necesary?

    Aditional info, removed Amavi-new and spamassassin and using ESET Solution only.

    Log file says :

    Jun 2 10:12:05 mib esets_daemon[20589]: debug[506c0000]: Using configuration for section `wwwi'
    Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0000]: License registration key(s) control
    Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0000]: License: product name: ESET Mail Security, expiration date: 2009-07-31 20:00:00, license filename: `/etc/esets/license/esets_e54c64.lic'
    Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0000]: Start anti-virus modules update and reload
    Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0201]: Connection request from agent 'wwwi' accepted
    Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0201]: Searching for section `wwwi' user `' in configuration
    Jun 2 10:12:05 mib esets_daemon[20590]: debug[506e0201]: Using configuration for section `wwwi'
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: ESETS WWW Interface module, version 3.0.15, (C) 2009 ESET, spol. s r.o.
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Dump global esets_wwwi setting information
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Syslog facility - syslog_facility = "syslog"
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Enable classes of syslog - syslog_class = "error:warning:summ:summall:part:partall:info:debug"
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Listen address - listen_addr = "0.0.0.0"
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Listen port - listen_port = 8443
    Jun 2 10:12:05 mib esets_wwwi[20592]: debug[50700000]: Server is listening on 0.0.0.0:8443
    root@mib:~#

    There is no mention about an AntiSpam Module.

    Any help?

    Thanks in advance

    Guido R. Rolon A.
    HS S. A. (Integrating Linux Solutions)
    grolon@hs.com.py
     
  2. grolon

    grolon Registered Member

    Joined:
    Jun 2, 2009
    Posts:
    4
    This is a shame. There is no support from ESET to solve this problem.

    Comming from unix/linux suppor for 15 years i can say this problem is solved using old school skills. Theres is NO documentation about this, no PDF downloaded from ESET sites will you you the answer. No forum could help.

    Here it is.

    In order to get antispam working under any linux distro you have to do this procedure in addition to official ESET manual of ESET Mail Security.

    In /etc/esets/esets.cfg modify these parameters

    # action_as = "accept" this is default. Does nothing. AntiSpam module is not working. Accept anything.
    # action_as = "reject" Reject everything, nothing will be delivered to user.
    # action_as = "discard" Discard everything, nothing will be delivered to user.

    action_as = "scan"
    # This is the only option to activate AntiSpam module.

    action_as_spam = "accept", "defer", "discard", "reject" what do you want to do when spam is comming ?.

    action_as_notscanned = "accept", "defer", "discard", "reject" what do you want to when objects could not be scanned by Anti-Spam scanner.

    After changing theres parameters, fisrt update all modules; then restart.
    NOTICE : you mail server could be out of service until update proccess is finished.

    I run:
    root@mib:~# date; /etc/init.d/esets_daemon restart; date
    jue jun 18 15:25:04 PYT 2009
    Restarting ESET Security for Linux: esets_daemon
    Updating anti-virus modules...
    Anti-virus modules update done(this is easy)

    Start first time anti-spam modules update,
    it may take several minutes, please wait...
    error[582c0000]: Anti-spam modules update failure: Network error, disabling anti-spam.
    .
    jue jun 18 15:44:17 PYT 2009
    root@mib:~#

    I have included date command in order to know how long takes update proccess, official support said could not be more than 10 minutes, BTW this info is not docummented, but it took more than 35 minutes.

    For some reasons you will not be adviced that an update proccess is taking place. If you can see a message like

    error[582c0000]: Anti-spam modules update failure: Network error, disabling anti-spam.

    Just repeat the procces and wait.

    Or, you can update it manually:

    root@mib:~# esets_update
    Virus signature database has been updated successfully.
    Installed virus signature database version 4180 (20090623).
    root@mib:~#

    Finally, you cand see your log if activated

    Jun 19 17:31:25 mail esets_daemon[31846]: debug[7c660000]: Anti-virus modules update and reload done
    Jun 19 17:31:25 mail esets_daemon[31846]: debug[7c660000]: Start anti-spam modules update and reload
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: New version of anti-spam module(s) found and loaded
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '1', version 2009.06.18.20.24.30
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '2', version 2005.02.11.04.44.13
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '3', version nil
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '4', version nil
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '5', version 2009.04.13.23.00.00
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '6', version 2007.02.13.01.23.26
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '7', version nil
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '8', version nil
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '9', version 2009.05.12.18.49.27
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '10', version 2009.06.19.21.01.01
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '11', version 2009.06.19.01.40.01
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '12', version 2009.06.19.21.26.11
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '13', version nil
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '14', version nil
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam module '15', version 2009.05.22.21.00.02
    Jun 19 17:31:50 mail esets_daemon[31846]: debug[7c660000]: Anti-spam modules update and reload done
    [root@mail postfix]#

    Astispam module is updated.

    Official support said this is documented under manpage. You tell me if you find it and why make it so difficult

    root@mib:~# man esets.cfg

    action_as = action

    type: string

    default: action = "accept"

    Defines action to be performed on all e-mail messages approaching Anti-Spam control. Possible values are "scan", "accept", "defer", "discard",
    "reject". Note that the values above are handled individually by every ESETS agent module. Thus to get description of the values please, refer to
    section HANDLE OBJECT POLICY of manual page of an appropriate agent.

    action_as_spam = action

    type: string

    default: action = "accept"

    Specifies the action performed on e-mail messages found as spam. Possible values are "accept", "defer", "discard", "reject". Note that the values
    above are handled individually by every ESETS agent module. Thus to get description of the values please, refer to section HANDLE OBJECT POLICY of
    manual page of an appropriate agent.

    action_as_notscanned = action

    type: string

    default: action = "accept"

    Specifies the action performed on objects that could not be scanned by Anti-Spam scanner. Possible values are "accept", "defer", "discard",
    "reject". Note that the values above are handled individually by every ESETS agent module. Thus to get description of the values please, refer to
    section HANDLE OBJECT POLICY of manual page of an appropriate agent.

    root@mib:~# man esets_mda

    action_av_deleted, action_as, action_as_spam and action_as_notscanned. To get description of these configuration options, see esets.cfg(5) manual page.

    action_av
    |accept||scan||defer,discard,reject| -> object not accepted
    | |
    | action_av_infected
    | action_av_notscanned
    | action_av_deleted
    | |accept||defer,discard,reject| -> object not accepted
    | |
    | action_as
    | |accept||scan||defer,discard,reject| -> object not accepted
    | | |
    | | action_as_notscanned
    | | |accept||defer,discard,reject| -> object not accepted
    | | |
    +-------+-------+
    object accepted

    Every e-mail message processed by this module is first handled with respect to the setting of the configuration option action_av. Once the option is set
    to âacceptâ (resp. âdeferâ, âdiscardâ, ârejectâ) the object is accepted (resp. deferred, discarded, rejected). If the option is set to âscanâ the object
    is scanned (resp. also cleaned if requested by configuration option av_clean_mode) for virus infiltrations and set of action configuration options
    action_av_infected, action_av_notscanned and action_av_deleted is taken into account to evaluate further handling of the object. If action âacceptâ has
    been taken as a result of the three above action options the object processed shall be scanned for spam.

    Note that the e-mail message is scanned for spam only in case the configuration option action_as is set to âscanâ. In this case the action configuration
    options action_as_spam and action_as_notscanned is taken into account. If action âacceptâ (resp. âdeferâ, âdiscardâ, ârejectâ) has been taken as a result
    of the two above action options the object is accepted for further delivery (resp. the object is deferred, discarded or rejected).

    You have probably noticed that each of the action configuration options discussed above accepts a variety of the values whose list can be found in
    esets.cfg(5) manual page. As also stated there the values listed are handled individually by every ESETS agent module. Thus to be consistent in the folâ
    lowing we review the meaning of the values for this ESETS agent module.

    accept Accept object on this level of Handle Object Policy, i.e. access to the object is allowed by the particular action configuration option.

    scan Scan object for virus infiltrations (resp. for spam) and clean infected objects if requested by configuration option av_clean_mode.

    defer Return temporary failure to sender.

    discard
    Accept object from sender, but drop it afterward.

    reject Return permanent error to sender.


    Sorry my poor english, i hope this can help anybody using or trying this product under linux.

    NOTE : this procedure is GPLed. Just keep my name on it.

    Feel free to cantact me.

    Guido R. Rolon. A.
    grolon@hs.com.py
    grolon@gmail.com
     
    Last edited: Jun 23, 2009
Thread Status:
Not open for further replies.