How to integrate Eset Antivirus with PMG

Just a small addition to https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/#post-238553
I guess with newer versions you have to use "cls" Command LIne Scanner:
Code: 
open(my $cmd, '-|', '/opt/eset/efs/sbin/cls/cls' , '--base-dir=/var/opt/eset/efs/lib' , '--clean-mode=standard' ,'--log-file=/var/log/cls-logs.log', $dname) ||
    die "$queue->{logid}: can't exec esets scan: $! : ERROR";

After installation, there is now also a WebGUI on https://<servername>:9443, initial password is written on console after installation...

Hmm and also the following has to be adjusted:
Code: 
while (defined(my $line = <$cmd>)) {
                if ($line =~ m/^name=\"(.*)\".*result=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/) {
 
Last edited:
  • Like
Reactions: proxminent
fabiana said:
Just a small addition to https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/#post-238553
I guess with newer versions you have to use "cls" Command LIne Scanner:
Code: 
open(my $cmd, '-|', '/opt/eset/efs/sbin/cls/cls' , '--base-dir=/var/opt/eset/efs/lib' , '--clean-mode=standard' ,'--log-file=/var/log/cls-logs.log', $dname) ||
    die "$queue->{logid}: can't exec esets scan: $! : ERROR";

After installation, there is now also a WebGUI on https://<servername>:9443, initial password is written on console after installation...

Hmm and also the following has to be adjusted:
Code: 
while (defined(my $line = <$cmd>)) {
                if ($line =~ m/^name=\"(.*)\".*result=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/) {
Click to expand...

Hi Fabiana !
Thanks ... asap a the next version :)
 
Für alle die es benötigen habe ich das Script für Eset mit PMG angepasst.

Getestet mit Eset-Version: odscan (efs) 10.2.41.0

/usr/local/bin/pmg-custom-check

Code: 
#!/bin/sh

echo "called with $*" 1>&2

if [ "$#" -ne 2 ]; then
  echo "usage: $0 APIVERSION QUEUEFILENAME" 1>&2
  exit 1
fi

apiver="$1"
shift

if [ "$apiver" != "v1" ]; then
  echo "wrong APIVERSION: $apiver" 1>&2
  exit 2
fi

queue_file="$1"

echo "v1"

# Domain oder localhost wo der Eset i-cap Service läuft!
SERVER="i-cap.meinDomain.tld"

result="$(c-icap-client -i "$SERVER" -v -f "$queue_file" 2>&1 | grep -F 'X-Infection-Found')"
infected=$?

if [ "$infected" = "1" ]; then
    echo OK
else
    echo "VIRUS: $(echo $result | awk -F= '{ print $4 }' )"
fi
 
Last edited:
Ich habe dieses Script ausprobiert, funktioniert bei einem händischen aufruf "/usr/local/bin/pmg-custom-check v1 datei.test"
Die Antwort ist v1 und OK. (Im log vom ESET habe ich auch einen eintrag.)

Nur PMG will dieses Script nicht ausführen. Habe auch mit pmgdump nachgesehen, ob es eingeschaltet ist.
pmg.admin.custom_check = 1
pmg.admin.custom_check_path = /usr/local/bin/pmg-custom-check

Ales sieht gut aus, nur halt keine Prüfung und keine eintragungen in den Logs.

PS: kleine Info, ich habe zur zeit noch keine Subscription da es noch in einer Testumgebung ist.
 
Bei mir funktioniert es nun. Ich habe das Script um ein wennig logging erweitert.
Zu finden in /var/log/mail.log grep nach pmg-icap.

Bash: 
#!/bin/sh

LOGFILE="/var/log/mail.log"
HOSTNAME=$(hostname)

log() {
    local message="$1"
    local timestamp
    timestamp=$(date --rfc-3339=ns | sed -E 's/ /T/; s/([.][0-9]{6})[0-9]*/\1/')
    echo "$timestamp $HOSTNAME $message" >> "$LOGFILE"
}


echo "called with $*" 1>&2

if [ "$#" -ne 2 ]; then
  echo "usage: $0 APIVERSION QUEUEFILENAME" 1>&2
  exit 1
fi

apiver="$1"
shift

if [ "$apiver" != "v1" ]; then
  echo "wrong APIVERSION: $apiver" 1>&2
  exit 2
fi

queue_file="$1"

echo "v1"

log "pmg-icap[$$]: script gestartet. "$apiver" : "$queue_file

# Domain oder localhost wo der Eset i-cap Service läuft!
SERVER="c-icap-server.domain.tld"

result="$(c-icap-client -i "$SERVER" -v -f "$queue_file" 2>&1 | grep -F 'X-Infection-Found')"
infected=$?

if [ "$infected" = "1" ]; then
    echo OK
    log "pmg-icap[$$]: $(basename $queue_file): mail = OK"
else
    echo "VIRUS: $(echo $result | awk -F= '{ print $4 }' )"
    log "pmg-icap[$$]: $(basename $queue_file): VIRUS: $(echo $result | awk -F= '{ print $4 }' )"
fi
 
You must log in or register to reply here.
Top Bottom