PMG 6.1 how to add antivirus?

tanyo

New Member
Jun 1, 2018
4
1
1
48
Hello,

first I'd like to thanks Proxmox team for the great products they provide to the public.

I needed a mail gateway to stop incoming spam/viruses so after some research I installed PMG6.1, and it's runing fine.

Now I am looking for a second AV to run and Avast is not an option.

One of solutions available is Av company Dr.Web. I managed to contact them and they provided a trial copy of their "Dr.Web for UNIX Mail Servers ".

The product is designed to work with MTA (Postfix, Exim ...) . A nice feature is Clamvd emulation.

So I am looking for how to integrate it with PMG . However I myself not being too advanced with Postfix cannot figure this out.

According to the documentation DrWeb we can:

1. "Integrate Dr.Web for UNIX Mail Servers with the mail server you use by connecting it as an external filter operating via the following extensions: Milter, Spamd or Rspam...(these interfaces are usually used by the filter SpamAssasin "

2. "If you want to use Dr.Web for UNIX Mail Servers in the SMTP proxy mode, at first, install and configure a mail server (if it is not installed) that performs transit MTA functions....... "

3. ".... use a mail server able to communicate with Dr.Web for UNIX Mail Servers v using the ClamAV protocol..."

As PMG uses modified Spamassasin configuration/setup is it possible to add Dr.Web as second antivirus/antispam ?

Which one of the 3 method is most suitable for integration?


Best regards
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,221
1,137
164
PMG ships with clamav in its default configuration and has an integration with the Avast Antivirus for Linux.

Officially we do not support other antivirus solutions.

however since PMG uses clamav by default (by calling `clamdscan --stdout $mailfile` ) - you can try to use Dr. Web clamav emulation (haven't tried it or looked at it too close)

apart from that you can always put another dedicated mail proxy in front or behind PMG to do the dr. web scanning

I hope this helps!
 

tanyo

New Member
Jun 1, 2018
4
1
1
48
Thank you , managed to run DrWeb AV check by tweaking pmg avast script. Works fine so far.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
7,221
1,137
164
glad you found a solution!

keep in mind that if you modified PMG's source code you will have to carry the changes over across upgrades!
 

tanyo

New Member
Jun 1, 2018
4
1
1
48
Yes, I have to. An alternative would be if customizable "Virus detector " settings are accessible via GUI / simillar to hmail server/ .
 

heutger

Well-Known Member
Apr 25, 2018
845
239
48
Fulda, Hessen, Germany
www.heutger.net
Yes, I have to. An alternative would be if customizable "Virus detector " settings are accessible via GUI / simillar to hmail server/ .

Check the documentation you can integrate any antivirus solution via modifications via shell. However, where are just a few ones, which really makes sense. ClamAV is free, but worse detection. Avast is fine on detection and affordable. Dr.Web may be the only solution, which is demonized, still supported and more affordable, however, I'm unsure on detection quality.

Maybe you could provide your adjustments to developers mailing list for integration, as Dr.Web is the only possible alternative I found by checking all antivirus solutions for being demonized, still supported and affordable (pricing based on system, not per user*).

*=sure, if you may have an integrated antivirus solution, this may not be a problem, but then you can also check for viruses on clients or servers and don't need to do on the gateway as well. Also checking on the gateway really makes sense, if the solution is different, to get a higher chance to detect malware (as you shouldn't use different solutions on the same system but you can on different entry points).
 

tanyo

New Member
Jun 1, 2018
4
1
1
48
Check the documentation you can integrate any antivirus solution via modifications via shell. However, where are just a few ones, which really makes sense. ClamAV is free, but worse detection. Avast is fine on detection and affordable. Dr.Web may be the only solution, which is demonized, still supported and more affordable, however, I'm unsure on detection quality.

Maybe you could provide your adjustments to developers mailing list for integration, as Dr.Web is the only possible alternative I found by checking all antivirus solutions for being demonized, still supported and affordable (pricing based on system, not per user*).

*=sure, if you may have an integrated antivirus solution, this may not be a problem, but then you can also check for viruses on clients or servers and don't need to do on the gateway as well. Also checking on the gateway really makes sense, if the solution is different, to get a higher chance to detect malware (as you shouldn't use different solutions on the same system but you can on different entry points).

Thank you for posting. To be honest your posts regarding hardening PMG where in great help.

Yes, we have a integrated servers/client av solution, but it's always good idea to have a second / and diferent/ mail check .
As you said , most solutions /gateways/ are paid per user and the the cost is high.

I also consider "Eset file security for linux" and "F-Secure Linux Security" to be able to do the job.

At the moment I am using DrWeb in trial mode. I'll leave it running as this for a couple of weeks to be sure . In the meantime I'll ask Dr .Web for quote .
 
  • Like
Reactions: killmasta93

heutger

Well-Known Member
Apr 25, 2018
845
239
48
Fulda, Hessen, Germany
www.heutger.net
Thank you for posting. To be honest your posts regarding hardening PMG where in great help.

Yes, we have a integrated servers/client av solution, but it's always good idea to have a second / and diferent/ mail check .
As you said , most solutions /gateways/ are paid per user and the the cost is high.

I also consider "Eset file security for linux" and "F-Secure Linux Security" to be able to do the job.

At the moment I am using DrWeb in trial mode. I'll leave it running as this for a couple of weeks to be sure . In the meantime I'll ask Dr .Web for quote .

I remember, I had both on my list too, but F-Secure I mean to remember was also expensive and Eset was one of the solutions, which looked fine, but not official supported any more, you just can find "old" deep links.

Dr.Web only looked to be affordable, demonized and still supported, however, I only know about Dr.Web of the early times of Plesk and at this time I didn't use it. I also never read about them on any Antivirus rating website or article, so I'm really unsure on how I should think about them.
 
Jan 15, 2019
59
13
13
45
Stuttgart, Germany
look at https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/post-238553
has been running for 2 years with Eset file security for linux

Now, the code example for /usr/local/bin/pmg-custom-check

Code:
#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use File::Copy "cp";

my $av_name    = "Eset";
my $av_version = "0.0";

## V4.X
my $esets_bin = "/opt/eset/esets/sbin/esets_scan";
my $esets_arg = "--clean-mode=none";

## V7.X
my $efs_bin  = "/opt/eset/efs/sbin/cls/cls";
my $efs_arg  = "--clean-mode=none";
my $efs_bdir = "--base-dir=/var/opt/eset/efs/lib";

## logger to /var/log/syslog
my $logger_bin = "/usr/bin/logger";
my $logger_arg = "-i";

## debug files under ...
my $debug     = 0;
my $debug_dir = "/tmp/debug/";

## block passwd-protected / damaged archive ?
my $strict = 0;
mkdir $debug_dir;
my $cmd;

open( my $logger, "| $logger_bin $logger_arg " );

$av_version = "4.X" if ( -e $esets_bin );
$av_version = "7.X" if ( -e $efs_bin );

my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong AV Version."   if ( $av_version eq "0.0" );
die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );
if ( $av_version eq "4.X" ) { open( $cmd, '-|', $esets_bin, $esets_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }
if ( $av_version eq "7.X" ) { open( $cmd, '-|', $efs_bin, $efs_bdir, $efs_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }

my $vinfo = "OK";

while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    print $logger "DEBUG:" . $line, "\n" if ( $debug > 0 );
    $line =~ s/result=/threat=/g if ( $av_version eq "7.X" );
    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/g || $4 =~ m/archive damaged/g ) );
        $vinfo = "VIRUS: " . $2 . " " . $4 . "($av_name)";
        next if $2;

        print $logger "DEBUG: " . $vinfo, "\n" if ( $debug > 0 );
    }
}
cp( $filename, $debug_dir )
  if ( $vinfo ne "OK" && not -e $debug_dir . $filename && $debug > 1 );
print join( "\n", "v1", $vinfo );
print $logger join( " ", "pmg-custom-check", $vinfo, $filename ) . "\n" if ( $debug > 0 );
close($logger);
exit 0;

don't forget
chmod +x /usr/local/bin/pmg-custom-check

under /etc/pmg/pmg.conf

section: admin
custom_check 1

Cheers
 
Last edited:

heutger

Well-Known Member
Apr 25, 2018
845
239
48
Fulda, Hessen, Germany
www.heutger.net
look at https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/post-238553
has been running for 2 years with Eset file security for linux

Now, the code example for /usr/local/bin/pmg-custom-check

Code:
#!/usr/bin/perl -w
use strict;
use warnings;

open( my $log, "| logger -i " );

use Data::Dumper qw(Dumper);
my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );

open( my $cmd, '-|', '/opt/eset/esets/sbin/esets_scan', '--clean-mode=none', $filename )
  || die "can't exec esets scan: $! : ERROR";

my $vinfo = "OK";
while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        $vinfo = "VIRUS: " . $2;
    }
}
print STDOUT "v1", "\n";
print STDOUT $vinfo, "\n";
print $log join( " ", "custom_check", $vinfo, $filename ) . "\n";
close($log);

don't forget
chmod +x /usr/local/bin/pmg-custom-check

under /etc/pmg/pmg.conf

section: admin
custom_check 1

Cheers

Maybe you could post to the developers mailing list to get integrated with PMG directly.
 

EvilBox

Member
May 10, 2019
12
0
6
27
look at https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/post-238553
has been running for 2 years with Eset file security for linux

Now, the code example for /usr/local/bin/pmg-custom-check

Code:
#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use File::Copy "cp";

my $av_name    = "Eset";
my $av_version = "0.0";

## V4.X
my $esets_bin = "/opt/eset/esets/sbin/esets_scan";
my $esets_arg = "--clean-mode=none";

## V7.X
my $efs_bin  = "/opt/eset/efs/sbin/cls/cls";
my $efs_arg  = "--clean-mode=none";
my $efs_bdir = "--base-dir=/var/opt/eset/efs/lib";

## logger to /var/log/syslog
my $logger_bin = "/usr/bin/logger";
my $logger_arg = "-i";

## debug files under ...
my $debug     = 0;
my $debug_dir = "/tmp/debug/";

## block passwd-protected / damaged archive ?
my $strict = 0;
mkdir $debug_dir;
my $cmd;

open( my $logger, "| $logger_bin $logger_arg " );

$av_version = "4.X" if ( -e $esets_bin );
$av_version = "7.X" if ( -e $efs_bin );

my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong AV Version."   if ( $av_version eq "0.0" );
die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );
if ( $av_version eq "4.X" ) { open( $cmd, '-|', $esets_bin, $esets_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }
if ( $av_version eq "7.X" ) { open( $cmd, '-|', $efs_bin, $efs_bdir, $efs_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }

my $vinfo = "OK";

while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    print $logger "DEBUG:" . $line, "\n" if ( $debug > 0 );
    $line =~ s/result=/threat=/g if ( $av_version eq "7.X" );
    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/g || $4 =~ m/archive damaged/g ) );
        $vinfo = "VIRUS: " . $2 . " " . $4 . "($av_name)";
        next if $2;

        print $logger "DEBUG: " . $vinfo, "\n" if ( $debug > 0 );
    }
}
cp( $filename, $debug_dir )
  if ( $vinfo ne "OK" && not -e $debug_dir . $filename && $debug > 1 );
print join( "\n", "v1", $vinfo );
print $logger join( " ", "pmg-custom-check", $vinfo, $filename ) . "\n" if ( $debug > 0 );
close($logger);
exit 0;

don't forget
chmod +x /usr/local/bin/pmg-custom-check

under /etc/pmg/pmg.conf

section: admin
custom_check 1

Cheers

Dear proxminent!
Please tell me, how disable rules:
1.Virus Info: next archive volume not found(Eset)
2. Virus Info: error - password-protected file(Eset)
3. Virus Info: error reading archive(Eset)
Do we need to make some kind of exception?
Thank You!
 
Jan 15, 2019
59
13
13
45
Stuttgart, Germany
Dear proxminent!
Please tell me, how disable rules:
1.Virus Info: next archive volume not found(Eset)
2. Virus Info: error - password-protected file(Eset)
3. Virus Info: error reading archive(Eset)
Do we need to make some kind of exception?
Thank You!

Hi !
at moment exceptions are only rudimentary implemented(

next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/g || $4 =~ m/archive damaged/g ) );

). I can post maybe next week a new version with all exceptions implemented.
cheers
 
  • Like
Reactions: EvilBox

EvilBox

Member
May 10, 2019
12
0
6
27
Hi !
at moment exceptions are only rudimentary implemented(

next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/g || $4 =~ m/archive damaged/g ) );

). I can post maybe next week a new version with all exceptions implemented.
cheers

Thank you for reply!
Do I understand correctly that to disable the two checks present (password-protected and archive damaged), I need to set $strict to 1?

example:
## block passwd-protected / damaged archive ?
my $strict = 1;
mkdir $debug_dir;
my $cmd;

///
I got it!
$strict = 1 - protected files and damaged archives are blocked
$strict = 0 - protected files and damaged archives are allowed
 
Last edited:

EvilBox

Member
May 10, 2019
12
0
6
27
Ok, I found a reason why the expressions didn't work.
here's my decision with additions:
Perl:
#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use File::Copy "cp";

my $av_name    = "Eset";
my $av_version = "0.0";

## V4.X
my $esets_bin = "/opt/eset/esets/sbin/esets_scan";
my $esets_arg = "--clean-mode=none";

## V7.X
my $efs_bin  = "/opt/eset/efs/sbin/cls/cls";
my $efs_arg  = "--clean-mode=none";
my $efs_bdir = "--base-dir=/var/opt/eset/efs/lib";

## logger to /var/log/syslog
my $logger_bin = "/usr/bin/logger";
my $logger_arg = "-i";

## debug files under ...
my $debug     = 0;
my $debug_dir = "/tmp/debug/";

## block passwd-protected / damaged archive ?
my $strict = 0;
mkdir $debug_dir;
my $cmd;

open( my $logger, "| $logger_bin $logger_arg " );

$av_version = "4.X" if ( -e $esets_bin );
$av_version = "7.X" if ( -e $efs_bin );

my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong AV Version."   if ( $av_version eq "0.0" );
die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );
if ( $av_version eq "4.X" ) { open( $cmd, '-|', $esets_bin, $esets_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }
if ( $av_version eq "7.X" ) { open( $cmd, '-|', $efs_bin, $efs_bdir, $efs_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }

my $vinfo = "OK";

while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    print $logger "DEBUG:" . $line, "\n" if ( $debug > 0 );
    $line =~ s/result=/threat=/g if ( $av_version eq "7.X" );
    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/ || $4 =~ m/archive damaged/ || $4 =~ m/archive volume not found/ || $4 =~ m/error reading archive/ ) );
        $vinfo = "VIRUS: " . $2 . " " . $4 . "($av_name)";
        next if $2;

        print $logger "DEBUG: " . $vinfo, "\n" if ( $debug > 0 );
    }
}
cp( $filename, $debug_dir )
  if ( $vinfo ne "OK" && not -e $debug_dir . $filename && $debug > 1 );
print join( "\n", "v1", $vinfo );
print $logger join( " ", "pmg-custom-check", $vinfo, $filename ) . "\n" if ( $debug > 0 );
close($logger);
exit 0;
 
Last edited:

heutger

Well-Known Member
Apr 25, 2018
845
239
48
Fulda, Hessen, Germany
www.heutger.net
Thank you , managed to run DrWeb AV check by tweaking pmg avast script. Works fine so far.

May you be able to provide your adjustments for a) if you provide also your license/usage to Proxmox to be integrated with future releases and/or b) own implementations. I believe, Dr.Web is the only sense full alternative to Avast as others lack on affordable pricing, demonized mode or future support (product is somehow unofficial supported/end of life), e.g. that's why I skipped Eset but also F-Secure or Gdata.
 

H.c.K

Member
Oct 16, 2019
67
3
13
31
look at https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/post-238553
has been running for 2 years with Eset file security for linux

Now, the code example for /usr/local/bin/pmg-custom-check

Code:
#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use File::Copy "cp";

my $av_name    = "Eset";
my $av_version = "0.0";

## V4.X
my $esets_bin = "/opt/eset/esets/sbin/esets_scan";
my $esets_arg = "--clean-mode=none";

## V7.X
my $efs_bin  = "/opt/eset/efs/sbin/cls/cls";
my $efs_arg  = "--clean-mode=none";
my $efs_bdir = "--base-dir=/var/opt/eset/efs/lib";

## logger to /var/log/syslog
my $logger_bin = "/usr/bin/logger";
my $logger_arg = "-i";

## debug files under ...
my $debug     = 0;
my $debug_dir = "/tmp/debug/";

## block passwd-protected / damaged archive ?
my $strict = 0;
mkdir $debug_dir;
my $cmd;

open( my $logger, "| $logger_bin $logger_arg " );

$av_version = "4.X" if ( -e $esets_bin );
$av_version = "7.X" if ( -e $efs_bin );

my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong AV Version."   if ( $av_version eq "0.0" );
die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );
if ( $av_version eq "4.X" ) { open( $cmd, '-|', $esets_bin, $esets_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }
if ( $av_version eq "7.X" ) { open( $cmd, '-|', $efs_bin, $efs_bdir, $efs_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }

my $vinfo = "OK";

while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    print $logger "DEBUG:" . $line, "\n" if ( $debug > 0 );
    $line =~ s/result=/threat=/g if ( $av_version eq "7.X" );
    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/g || $4 =~ m/archive damaged/g ) );
        $vinfo = "VIRUS: " . $2 . " " . $4 . "($av_name)";
        next if $2;

        print $logger "DEBUG: " . $vinfo, "\n" if ( $debug > 0 );
    }
}
cp( $filename, $debug_dir )
  if ( $vinfo ne "OK" && not -e $debug_dir . $filename && $debug > 1 );
print join( "\n", "v1", $vinfo );
print $logger join( " ", "pmg-custom-check", $vinfo, $filename ) . "\n" if ( $debug > 0 );
close($logger);
exit 0;

don't forget
chmod +x /usr/local/bin/pmg-custom-check

under /etc/pmg/pmg.conf

section: admin
custom_check 1

Cheers

Hi @proxminent , @heutger

I use pmg 6.1. I installed efs 7 last Version 7.2.463.0 but cannot start.

Is efs status:
root@pmg4:/# systemctl status efs
● efs.service - ESET File Security
Loaded: loaded (/lib/systemd/system/efs.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-08-30 14:54:06 +03; 6min ago
Process: 17745 ExecStartPre=/opt/eset/efs/lib/install_scripts/check_start.sh (code=exited, status=0/SUCCESS)
Process: 17773 ExecStartPost=/bin/sleep 2 (code=exited, status=0/SUCCESS)
Main PID: 17772 (startd)
Tasks: 30 (limit: 9482)
Memory: 224.9M
CGroup: /system.slice/efs.service
├─17772 /opt/eset/efs/sbin/startd
├─17774 /opt/eset/efs/lib/logd
├─17775 /opt/eset/efs/lib/scand
├─17776 /opt/eset/efs/lib/sysinfod
├─17777 /opt/eset/efs/lib/updated
├─17778 /opt/eset/efs/lib/licensed
├─17779 /opt/eset/efs/lib/utild
├─17780 /opt/eset/efs/lib/confd
└─17787 /opt/eset/efs/lib/oaeventd

Aug 30 14:54:04 pmg4 systemd[1]: Starting ESET File Security...
Aug 30 14:54:05 pmg4 oaeventd[17787]: ESET File Security Error: Cannot open file /lib/modules/5.3.10-1-pve/eset/efs/eset_rtp.ko: No such file or directory
Aug 30 14:54:05 pmg4 oaeventd[17787]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check sy
Aug 30 14:54:06 pmg4 systemd[1]: Started ESET File Security.
https://help.eset.com/efs/7/en-US/r...rt.html?realtime-protection-cannot-start.html
Restart and update server but is cannot start. Have you experienced such a situation?
 
Last edited:

H.c.K

Member
Oct 16, 2019
67
3
13
31
apt-get install kernel-uek-devel-`uname -r`

systemctl restart efs

Hi, i updated but couldn't find any package..

root@pmg4:~# apt-get install kernel-uek-devel-`uname -r`
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package kernel-uek-devel-5.3.10-1-pve
E: Couldn't find any package by glob 'kernel-uek-devel-5.3.10-1-pve'
E: Couldn't find any package by regex 'kernel-uek-devel-5.3.10-1-pve'
root@pmg4:~#
 

koby

Active Member
Jun 21, 2012
127
4
38
Natanya , Israel
look at https://forum.proxmox.com/threads/how-to-integrate-eset-antivirus-with-pmg.49788/post-238553
has been running for 2 years with Eset file security for linux

Now, the code example for /usr/local/bin/pmg-custom-check

Code:
#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper qw(Dumper);
use File::Copy "cp";

my $av_name    = "Eset";
my $av_version = "0.0";

## V4.X
my $esets_bin = "/opt/eset/esets/sbin/esets_scan";
my $esets_arg = "--clean-mode=none";

## V7.X
my $efs_bin  = "/opt/eset/efs/sbin/cls/cls";
my $efs_arg  = "--clean-mode=none";
my $efs_bdir = "--base-dir=/var/opt/eset/efs/lib";

## logger to /var/log/syslog
my $logger_bin = "/usr/bin/logger";
my $logger_arg = "-i";

## debug files under ...
my $debug     = 0;
my $debug_dir = "/tmp/debug/";

## block passwd-protected / damaged archive ?
my $strict = 0;
mkdir $debug_dir;
my $cmd;

open( my $logger, "| $logger_bin $logger_arg " );

$av_version = "4.X" if ( -e $esets_bin );
$av_version = "7.X" if ( -e $efs_bin );

my $apiversion = shift || die 'APIVERSION required.';
my $filename   = shift || die 'QUEUEFILENAME required.';

die "Wrong AV Version."   if ( $av_version eq "0.0" );
die "Wrong API Version."  if ( $apiversion ne "v1" );
die "FILENAME not found." if ( !-e $filename );
if ( $av_version eq "4.X" ) { open( $cmd, '-|', $esets_bin, $esets_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }
if ( $av_version eq "7.X" ) { open( $cmd, '-|', $efs_bin, $efs_bdir, $efs_arg, $filename ) || die "can't exec esets scan: $! : ERROR"; }

my $vinfo = "OK";

while ( defined( my $line = <$cmd> ) ) {
    chomp $line;

    print $logger "DEBUG:" . $line, "\n" if ( $debug > 0 );
    $line =~ s/result=/threat=/g if ( $av_version eq "7.X" );
    if ( $line =~ m/^name=\"(.*)\".*threat=\"(.*)\".*action=\"(.*)\".*info=\"(.*)\"$/ ) {
        next if ( ( $strict < 1 ) && ( $4 =~ m/password-protected/g || $4 =~ m/archive damaged/g ) );
        $vinfo = "VIRUS: " . $2 . " " . $4 . "($av_name)";
        next if $2;

        print $logger "DEBUG: " . $vinfo, "\n" if ( $debug > 0 );
    }
}
cp( $filename, $debug_dir )
  if ( $vinfo ne "OK" && not -e $debug_dir . $filename && $debug > 1 );
print join( "\n", "v1", $vinfo );
print $logger join( " ", "pmg-custom-check", $vinfo, $filename ) . "\n" if ( $debug > 0 );
close($logger);
exit 0;

don't forget
chmod +x /usr/local/bin/pmg-custom-check

under /etc/pmg/pmg.conf

section: admin
custom_check 1

Cheers
I Did Use your script ,
But how can I know that is truly working ,
I can not find any log ,
I also would like to have a sign in the mail body , that can be done some how ?

Cheers ,
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!