Official ESET Server Security for Linux integration with PMG

poetry · Oct 20, 2022

EDIT:
Mail security for Linux is a "proxy server" not meant to be integrated into other solutions so it can't be used with proxmox.
We are not breaking any licensing agreement if we are using ESET Server Security for Linux, licensing is per server will try to get some pricing.
Hope we can get official support for ESET Server Security for Linux with promox.

Please please can we have an official ESET Mail Security for Linux integration with PMG?
I see many threads about eset integration but I am not installing if it's not officially supported by promox.
I also think that if people are using https://www.eset.com/us/business/download/file-security-linux/ they are breaking the licensing agreement. The ESET Mail Security for Linux should be used for mail servers.

Can we please get it integrated with promox? Is the problem licensing? Looks like it should be officially supported
ESET Mail Security for Linux
https://www.eset.com/my/business/mail-security-linux/

From: https://www.eset.com/fileadmin/ESET...view-ESET-Mail-Security-for-Linux-FreeBSD.pdf
"Smooth Operation Features content filters for Postfix, Sendmail, Qmail, Exim, Zmailer, and others"
Supported operating systems:
Linux: Kernel version 2.6.x; glibc 2.3.2
or higher
FreeBSD: Version 6.x, 7.x, 8.x
Sun Solaris: Version 10
NetBSD: Version 4
Processor Architecture:
Intel®/AMD® x86/x64

Ideally integration should be as easy as enabling Repository via (Administration -> Repositories) and adding/uploading licence key via GUI or is that unrealistic?

Stoiko Ivanov · Oct 20, 2022

Why is Avast not an option for you? (asking mostly out of curiosity):
https://pmg.proxmox.com/wiki/index....ith_Proxmox_Mail_Gateway#Second_virus_scanner

I'm not opposed to integrating another AV solution on principle - the requirements for us to consider it also haven't changed:
* Pricing should be working for different use-cases of PMG - i.e. not based on the number of mail-addresses/boxes you want to scan, not for private use only
* There should be a daemon, which keeps the (usually quite huge) signature database in memory - instead of reading them from disk for each scan (compare clamscan vs. clamdscan)
* It should be using sane amounts of ressources (clamAV is for example quite the memory hog)
* of course the use-case of integrating it in a different mail-proxy should be allowed by the vendor

Regarding ESET:

* could you point to their pricing page/share some experiences of your own how much a license for the use-case of scanning unlimited mailboxes would cost? - Could not find their pricing page after a quick check on their homepage
* Featurewise the ESET mail-security looks like it's a mail-proxy of it's own - not meant to be integrated somewhere else?

poetry said:
Ideally integration should be as easy as enabling Repository via (Administration -> Repositories) and adding/uploading licence key via GUI or is that unrealistic?

GUI integration of a third-party (non open-source) product is nothing we plan on doing - especially not if it's not quite save to assume that the product will remain available at the same conditions for a long time-frame. - However as can be seen from the avast-page - it's not too much of a hassle.

I hope this helps!

Stoiko Ivanov · Oct 20, 2022

A colleague just pointed out that the link you posted links to the Malaysian site of their mail-security product - and we could not find a different way to that site from their main site.

So I'm not sure if the mail security product is (still) available in general?

poetry · Oct 24, 2022

@Stoiko Ivanov got some information back from our regional eset people and Mail security for Linux is a "proxy server" not meant to be integrated into other solutions so it can't be used with proxmox. It's also very hard to get a price looks like they don't even want to sell it. Licensing is per mailbox...

For ESET Server Security for Linux it's not meant to be used as mail security but if you are using it like other people have in the links below you are not breaking any licensing agreement so I guess we can use it.
https://forum.proxmox.com/threads/pmg-6-1-how-to-add-antivirus.67006/#post-320192
https://forum.proxmox.com/threads/eset-increases-processing-time.105997/

The reason why I want to use it instead of avast is because we already have license for ESET Server Security for Linux that we can use I am guessing other people that have ESET license for their company also have it so they are using it for this also.
I am also guessing ESET has a much better detection rate as Avast. The latest versions of ESET also use "ESET Dynamic Threat Defense" https://www.eset.com/us/business/resources/datasheets/eset-dynamic-threat-defense-solution-overview/ that would be very interesting if it could be used if integrated with proxmox. Should just be an option to enable on ESET Server Security for Linux probably...

I will try to get some pricing but probably need to contact someone else as our regional team does not like answering our questions. Licensing looks like per server so that is good.

If you want I can send you a license for testing looks quite interesting but personally I have not used it before.

I have seen some people in the promox forum also using ICAP feature
https://help.eset.com/essl/9/en-US/remote_scanning.html

Some links that might be useful:
https://help.eset.com/essl/9/en-US/system_requirements.html?installation.html
https://help.eset.com/essl/9/en-US/system_requirements.html?system_requirements.html
https://help.eset.com/essl/9/en-US/system_requirements.html?activate_productname.html
https://help.eset.com/essl/9/en-US/system_requirements.html?configuration.html
https://www.eset.com/us/business/download/file-security-linux/
https://support.eset.com/en/kb746-h...b-interface-of-eset-security-for-linuxfreebsd

Let me know if it's possible to officially add support to promox for ESET Server Security for Linux.

Thank you as always.

poetry · Oct 31, 2022

Hello everyone I am looking for current information about how are you all running ESET on your proxmox installations.
There is a lot of outdated information and unclear instructions how to configure it, how it works and what are it's functions when it's implemented.

I am only looking for installations that are running on latest proxmox (at the time of writing Mail Gateway 7.1-7 and ESET Server Security for Linux Version: 9.0.461.0)
How are the upgrades does everything breaks when you upgrade proxmox or ESET? Are you just not upgrading anything so it won't break?
I want to be able to have everything always on latest versions if possible.
Is it possible to utilize ESET Dynamic Threat Defense for Server Security we have the license so I want to use it if possible.
Can some of you also share detection statistics from your systems running ESET? Some screenshots would be great.
Can you see the ESET detected messages in the proxmox quarantine?
What are the options to run ESET on proxmox I see some run ICAP others on some other way? Any other options?

zolthar · Nov 7, 2022

I run ESET & ClamAV with Securite plugin - gives a better result in "my instance", however doesnt seem to scan attachments - probably my mis-configuration which I havnt been bothered to resolve.

However looking at my notes installation was straight forward:

Code:

apt install c-icap
apt install pve-headers-`uname -r`
wget -o https://download.eset.com/com/eset/apps/business/efs/linux/latest/efs.x86_64.bin
    or
curl -O https://download.eset.com/com/eset/apps/business/efs/linux/latest/efs.x86_64.bin
bash ./efs.x86_64.bin -y

systemctl status efs

Then Test it:

Code:

cd /tmp
sudo apt install curl
curl -O https://secure.eicar.org/eicar.com
/opt/eset/efs/sbin/cls/cls --clean-mode=none /tmp/eicar.com

IMPORTANT: Make sure you DO NOT ENABLE Real-Time File Scanning otherwise emails will go into repeat delivery to the sender.

As per my email, make sure you enable ICAP.

Here is my script /usr/local/bin/pmg-custom-check:

Code:

nano /usr/local/bin/pmg-custom-check

#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use File::Copy "cp";

my $av_name    = "Eset";
my $av_version = "0.0";

## V4.X
my $esets_bin = "/opt/eset/esets/sbin/esets_scan";
my $esets_arg = "--clean-mode=none";

## V7.X
my $efs_bin  = "/opt/eset/efs/sbin/cls/cls";
my $efs_arg  = "--clean-mode=none";
my $efs_bdir = "--base-dir=/var/opt/eset/efs/lib";

## logger to /var/log/syslog
my $logger_bin = "/usr/bin/logger";
my $logger_arg = "-i";

## debug files under ...
my $debug     = 0;            ## Disable once done
my $debug_dir = "/tmp/debug/";

## block passwd-protected / damaged archive ?
my $strict = 0;
mkdir $debug_dir;
my $cmd;

open( my $logger, "| $logger_bin $logger_arg " );

$av_version = "4.X" if ( -e $esets_bin );
$av_version = "7.X" if ( -e $efs_bin );

my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong AV Version."   if ( $av_version eq "0.0" );
die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );
if ( $av_version eq "4.X" ) { open( $cmd, '-|', $esets_bin, $esets_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }
if ( $av_version eq "7.X" ) { open( $cmd, '-|', $efs_bin, $efs_bdir, $efs_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }

my $vinfo = "OK";

while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    print $logger "DEBUG:" . $line, "\n" if ( $debug > 0 );
    $line =~ s/result=/threat=/g if ( $av_version eq "7.X" );
    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/ || $4 =~ m/archive damaged/ || $4 =~ m/archive volume not found/ || $4 =~ m/error reading archive/ ) );
        $vinfo = "VIRUS: " . $2 . " " . $4 . "($av_name)";
        next if $2;

        print $logger "DEBUG: " . $vinfo, "\n" if ( $debug > 0 );
    }
}
cp( $filename, $debug_dir )
  if ( $vinfo ne "OK" && not -e $debug_dir . $filename && $debug > 1 );
print join( "\n", "v1", $vinfo );
print $logger join( " ", "pmg-custom-check", $vinfo, $filename ) . "\n" if ( $debug > 0 );
close($logger);
exit 0;

Now Enable it:

Code:

chmod +x /usr/local/bin/pmg-custom-check


nano /etc/pmg/pmg.conf

section: admin
#    clamav 0
    custom_check 1

If you get any errors:

Code:

1) update pmg
2) reboot
3) apt-get install pve-headers-`uname -r`
4) apt-get install libc6-i386
4) install / reinstall esets
5) systemctl restart efs

NOTE: It was almost 2 years ago, but it is still running on 7.1-7 PMG with low impact on processing time as long as its configured correctly. Updates and upgrades without issues so far and doesnt conflict with ClamAV. This worked in my setup - how it goes on yours may vary wildly

poetry · Nov 8, 2022

@zolthar thanks for the write up.
It's very important that the virus checks are executing on attachments as that is one of the most common attack vectors on email.

I am currently testing code from here https://forum.proxmox.com/threads/pmg-6-1-how-to-add-antivirus.67006/page-3#post-448915 but it does not seem to be working for me.
I want to have ESET installed on separate machine I don't want to pollute pmg server with eset. Even the name of ICAP is remote scanning so that should work but I am doing something wrong.
@TRIXServer.com any advice what I might be doing wrong?

EDIT: Had to install c-icap-client now it seems to be working but I am not seeing anything in the logs... just see on ESET console that ICAP is scanning files...
EDIT2: Looks like it will show in the log only if virus is detected (virus detected: VBA/TrojanDownloader.Agent.WFM; (custom))
Testing on a smaller domain first for 24h then I will enable on all domains. Looking promising so far.

Search

Search

Official ESET Server Security for Linux integration with PMG

poetry

Active Member

Stoiko Ivanov

Proxmox Staff Member

Stoiko Ivanov

Proxmox Staff Member

poetry

Active Member

poetry

Active Member

zolthar

Member

poetry

Active Member