September 21, 2021

ESET File Security howto

This is a howto for scanning for malicious files on a Debian/Ubuntu server using ESET File Security for Linux.

In the examples I use example paths, usernames, and values in places, change them to what you actually have or it won’t work. For example, I’m using the 192.168.0.0/24 network. You have roughly 100% change of that not being what your’e using, so you have to change those numbers in all places in the howto.I show this as root, however you get there. If you use Debian Wheezy or one of the Ubuntu variants, you might have to change little stuff, but it should work without doing much modification. First you download and install the .deb package (I just used winscp to transfer it after I clicked the email link to download it to a windows box) like:

su
apt-get install ed libc6-i386
cd /home/whateveruseryouare/Downloads/
sh ./esets.amd64.deb.bin
(accept agreement)

Now you have to edit the main config file and add the av update username and password you got with your order. NOTE: DON’T delete the leading #’s at the beginning of these lines, they’re not really used like commented lines like normal, well some are, but the ones you want to change still need the pound sign for some reason.

vi /etc/opt/esets/esets.cfg
  #av_update_username = "EAV-xxxxxxx" <- put the real one in the quotes
  #av_update_password = "xxxxxxxxx" <- put the real one in the quotes

Now import your license like:

/opt/eset/esets/sbin/esets_lic --import /home/whateveruseryouare/Downloads/nod32.lic

Now start esets_daemon like:

/etc/init.d/esets start

If you get an error like:

>: /etc/init.d/esets restart
[....] Restarting ESET Security: esets_daemonerror[21d00000]: Cannot initialize scanner: License not found
 failed!

your import didn’t work.

Now check to see if it’s running now like:

ps -A | grep esets
  8755 ?        00:00:00 esets_daemon
  8757 ?        00:00:00 esets_daemon

If you don’t see anything, it’s not running.

ESET File Linux File Security version 7

V7 is MUCH different than previous versions like 4.x.

  1. It basically wants to be managed by a web gui on port 8443, which is configured during setup
  2. It has more features like LiveGrid, scheduled times to do updates
  3. Almost all of the scripts do different things from previous versions, many scripts don’t exist anymore

You still have SCP the efs.x86_64.bin package that you downloaded from your laptop onto your server, so do that first. Then you have to agree with the license like:

./efs.x86_64.bin
This is an ESET File Security distribution script. Press Enter to show the Licence...
(press q after you have read the License to continue extraction)
...
hit q
...
GUI is enabled.
URL: https://some.hostname.com:8443
Username: Administrator
Password: *******
To upgrade ESET File Security to newer version, use:
        apt-get install  ./efs-7.0.1152.0.x86_64.deb
To uninstall ESET File Security, use:
        apt-get remove efs

Remember that password it gave you, you’ll need it to login to the management GUI later. Now install it like:

apt install linux-headers-amd64 gcc cpp 
apt-get install ./efs-7.0.1152.0.x86_64.deb

It will install some dependencies (depending on whether you already have them), then install. Now you have to install a license based on a license key you should have on your order:

cd /opt/eset/efs/sbin
./lic -k XXXX-XXXX-XXXX-XXXX-XXXX

Now you can manually run an update like:

cd ../bin
./upd -u

It will set up the web GUI by default, but if you want to change the address or port, do something like:

./setgui -i 192.168.1.50:9999

You can change the password by doing:

./setgui -p

You should be able to see if efs is running and/or start the daemon now by doing:

systemctl | grep running | grep efs

If you get no response, it’s not running, so start it like:

systemctl start efs
systemctl | grep running | grep efs
efs.service   loaded active running   ESET File Security

Now you should be able to login to the URL you set up in your browser, in this example https://192.168.1.50:9999 and use username: Administrator and the password the setup gave you.