User Specific Configuration

The purpose of the User Specific Configuration mechanism is to provide a higher degree of customization and functionality. It allows the system administrator to define ESETS antivirus scanner parameters based on the user who is accessing file system objects.

A detailed description of this functionality can be found in the esets.cfg(5) man page. In this section we will provide only a short example of a user-specific configuration.

In this example, the esets_http module is used to control HTTP traffic on port 8080 of the gateway server, with a local network IP address of 192.168.1.10. The functionality of esets_http is based on the [http] section of the ESETS configuration file. See the following lines:

[http]
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 8080
action_av = "scan"

To provide individual parameter settings, define the ‘user_config’ parameter with the path to the special configuration file where the individual setting will be stored. In the next example, we create a reference to the special configuration file ‘esets_http_spec.cfg’, which is located in the ESETS configuration directory. See below:

[http]
agent_enabled = yes
listen_addr = "192.168.1.10"
listen_port = 8080
action_av = "scan"
user_config = "esets_http_spec.cfg"

Once the special configuration file is referenced from within the [http] section, create the ‘esets_http_spec.cfg’ file in the ESETS configuration directory and add the appropriate individual settings. The next example shows the individual setting for parameter ‘action_av’, for the client computer with IP address 192.168.1.40. See below:

[|192.168.1.40]
action_av = "reject"

Note that the section header identifies the HTTP client for which the individual settings have been created, and the section body contains individual parameters for that HTTP client. With this special configuration, HTTP traffic for all local network clients will be processed normally, i.e. scanned for infiltrations. However, access for the HTTP client with the IP address 192.168.1.40 will be rejected (blocked).