Testing ESET Security on Linux

Discussion in 'Other ESET Home Products' started by Greyfell, Feb 26, 2008.

Thread Status:
Not open for further replies.
  1. Greyfell

    Greyfell Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    3
    This is my first foray into Linux antiviruses. I have installed ESET Security and have confirmed that esets_daemon is running. I'm not sure how to tell if the antivirus is actually working, though. If this were Windows, I would just test with EICAR, but with Linux I'm a bit out of my element. Any advice on making sure this product is actually doing something would be greatly appreciated.
     
  2. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Hello, are you running Mail, File or Gateway Security?
     
  3. Greyfell

    Greyfell Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    3
    File Security. Thanks for any help you can provide.
     
  4. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Copy eicar.txt to your favourite directory and navigate to it. Run esets_scan (an on demand scanner included in ESET File Security):

    Code:
    # eset_scan ./eicar.com.txt
    You should get something like:

    Scanning finished on Tue 28 Feb 2008 04:56:38 AM CET
    Total time: 1 sec (0:00:01)
    Total files: 1
    Infected files: 1
    Cleaned files: 0
    Deleted files: 1
    Errorneours files: 0
     
    Last edited: Feb 28, 2008
  5. Greyfell

    Greyfell Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    3
    Right you are, that worked. I don't plan to scan every file manually, though. I'm concerned that it lets me download the file at all. Is there something else I have to do to get realtime protection running, or is it running but simply not as aggressive as NOD32 in Windows? In Windows, NOD32 would have immediately quarantined (or deleted) the file as I tried to download it. In order to feel that this is working, I would like to see it stop something on its own without my pointing at it and asking for a scan.
     
  6. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    There are 2 ways how to run on-access scanner in ESET File Security:

    Using Dazuko kernel module you can scan file access on following events:

    ON_OPEN
    ON_CLOSE
    ON_EXEC

    Using preload LIBC library you can scan file access on following events:

    ON_OPEN
    ON_CLOSE

    For more detailed info please refer to product manual: http://download.eset.com/manuals/eset_file_security.pdf
    Dazuko integration instructions start at page 16.
    LIBC integration instructions start at page 18.

    Further reading:

    $ man esets_dac
    $ man libesets_pac.so
     
Thread Status:
Not open for further replies.