Testing ESET Security on Linux

This is my first foray into Linux antiviruses. I have installed ESET Security and have confirmed that esets_daemon is running. I'm not sure how to tell if the antivirus is actually working, though. If this were Windows, I would just test with EICAR, but with Linux I'm a bit out of my element. Any advice on making sure this product is actually doing something would be greatly appreciated.

 

Hello, are you running Mail, File or Gateway Security?

 

File Security. Thanks for any help you can provide.

 

Copy eicar.txt to your favourite directory and navigate to it. Run esets_scan (an on demand scanner included in ESET File Security):

Code:

# eset_scan ./eicar.com.txt

You should get something like:

Scanning finished on Tue 28 Feb 2008 04:56:38 AM CET
Total time: 1 sec (0:00:01)
Total files: 1
Infected files: 1
Cleaned files: 0
Deleted files: 1
Errorneours files: 0

 

Right you are, that worked. I don't plan to scan every file manually, though. I'm concerned that it lets me download the file at all. Is there something else I have to do to get realtime protection running, or is it running but simply not as aggressive as NOD32 in Windows? In Windows, NOD32 would have immediately quarantined (or deleted) the file as I tried to download it. In order to feel that this is working, I would like to see it stop something on its own without my pointing at it and asking for a scan.

 

There are 2 ways how to run on-access scanner in ESET File Security:

Using Dazuko kernel module you can scan file access on following events:

ON_OPEN
ON_CLOSE
ON_EXEC

Using preload LIBC library you can scan file access on following events:

ON_OPEN
ON_CLOSE

For more detailed info please refer to product manual: http://download.eset.com/manuals/eset_file_security.pdf
Dazuko integration instructions start at page 16.
LIBC integration instructions start at page 18.

Further reading:

$ man esets_dac
$ man libesets_pac.so