Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Ernesto Lorenz on June 01, 2003, 04:09:48 AM

Title: CA eTrust Antivirus
Post by: Ernesto Lorenz on June 01, 2003, 04:09:48 AM

Hi,
Has anyone had experience rebuilding the kernet on SME 5.6 to install Computer Associates eTrsuts Real Time antivirus functionallity?
They call it CAENF.
The process work fine with Red Hat 7.3 out of the box.
I'm getting an error 27 while rebuilding the kernel with script.

Title: Re: CA eTrust Antivirus
Post by: Jon Roberts on July 28, 2003, 04:43:37 AM

Ernesto,

Did you ever find a solution to this?  I'm using eTrust and would like to install the SME server.  Will the eTrust Linux solution work on e-smith & do you have any tips?

Title: Re: CA eTrust Antivirus
Post by: Ernesto Lorenz on July 28, 2003, 06:13:24 AM

Jon Roberts wrote:
>
> Ernesto,
>
> Did you ever find a solution to this?  I'm using eTrust and
> would like to install the SME server.  Will the eTrust Linux
> solution work on e-smith & do you have any tips?
Hi Jon,

I've got to the point where I have the eTrust CAantivirus V6.0 & V7.0 running on SME 5.5 & 5.6 but without the Realtime server. I Haven't had time to look into the scripts that rebuild the Kernel to include the Realtime sever. I tried to run the rebuild as it comes from CA but got an error message and aborted. It works fine on RH 7.3 so the problem might be the mods that SME has compared to RH 7.3
I've had to make minor customizations to SME to include CAantivirus into the configuration database as a service and to include this service into the service-control template for the server-manager. A custom template is also necesary to set up the web browser admin interface. Let me know if you would like the mods, you might have time to prepare an rpm??
Regards
========================================
Ing. Ernesto Lorenz
Consultores Lorcom, C.A.
http://www.lorcom.cc

Title: Re: CA eTrust Antivirus
Post by: Jon Roberts on July 28, 2003, 01:52:09 PM

Lorenzo,

Thanks for the response.  If the real-time monitor isn't running, what protection is in place?  Is the gateway protection in place (SMTP, HTTP, FTP)?  Does this mean that you need to schedule regular scans, rather than have the real time alerts?  Are the Ibays being checked / protected?

I would be interested in the mods as I am still fairly new to SME.  Unfortunately this means that I am not (yet) able to put an RPM together - although maybe in time ...

In particular I'd like to know what you changed so get the webbrowser admin interface running, as I installed eTrust but then couldn't get admin access to it.

I am also testing out V6 beta, which runs the RedHat 7.3 kernel.  I'll try the install with Kernel rebuild on that version.  I'll post if I have any luck.

Title: Re: CA eTrust Antivirus
Post by: Ernesto Lorenz on July 31, 2003, 06:48:26 AM

Jon Roberts wrote:

>  Is the gateway protection in place (SMTP, HTTP, FTP)?
No, the server doesn't have enough RAM for this.
>Does this mean that you need to schedule regular scans, rather than >have the real  time alerts?  Are the Ibays being checked / protected?
Yes, on both counts! I'm triyng to figure out how to use qmail-scanner to take care of the incoming mail.

> I would be interested in the mods as I am still fairly new to
> SME.  Unfortunately this means that I am not (yet) able to
> put an RPM together - although maybe in time ...
I'll send them this weekend.
> In particular I'd like to know what you changed so get the
> webbrowser admin interface running, as I installed eTrust but
> then couldn't get admin access to it.
Check the htpd.conf mod you'll receive.

I wish you luck with V6b2!!
Stay in touch.

Title: Re: CA eTrust Antivirus
Post by: Jon Roberts on November 05, 2003, 04:45:53 PM

As a follow up (some weeks on ...)

I never did succeed in recompiling the kernel on V6b2 to get the real time protection working and so have settled on this compromise.

1. Customised Template to allow web access to eTrust running on E-Smith (I have details if anyone wants them).
2. Used this access to schedule regular definition downloads and to run a sheduled (NOT real-time) virus scan every 4 hours or so.
3. Installed amavis with clam to perform real-time e-mail protection
4. Set client PCs' eTrust to realtime scan own network drives (as well as local drives) and set the eTrust admin console PC to realtime scan the ibays.

Not perfect, but reasonable, especially as all client PC also run eTrust.  I would like to configure amavis to use the eTrust definitions, but currently it only seems to support the older InnoculateIT version - Unless anyone knows different?

Any comment / suggestion to improve this would be welcomed.

Title: Re: CA eTrust Antivirus
Post by: Ernesto Lorenz on November 06, 2003, 01:36:05 AM

Jon, your compromise seems ok to me and I personally am going that way.
I guess it's possible to configure QMAIL to use the command line executable on every mail that arrives.
I have experimented setting a scheduled scan on the mail spool every 5 min. and that works ok but isn't as good a the previous proposal.
As soon as I have the time to get into the workings of QMAIL I'll try it out and will get back to the thread with my results.
Regards and good luck to you Jon.