User Specific Configuration

The purpose of the User Specific Configuration mechanism is to provide a higher degree of customization and functionality. It allows the system administrator to define ESETS antivirus scanner parameters based on the user who is accessing file system objects.

A detailed description of this functionality can be found in the esets.cfg(5) man page. In this section we will provide only a short example of a user-specific configuration.

Here, the esets_smtp module is used as a content filter for MTA Postfix. The functionality of this module is based on the [smtp] section in the ESETS configuration file (esets.cfg). See below:

[smtp]
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
action_av = "scan"

To provide individual parameter settings, define a ‘user_config’ parameter with the path to the special configuration file where the individual setting will be stored. In the example below, we create a reference to the special configuration file esets_smtp_spec.cfg, which is located in the ESETS configuration directory. See below:

[smtp]
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
action_av = "scan"
user_config = "esets_smtp_spec.cfg"

Once the special configuration file is referenced from within the [smtp] section, create the ‘esets_smtp_spec.cfg’ file in the ESETS configuration directory and add the appropriate individual settings. The ‘esets_smtp_spec.cfg’ file should look like this:

[rcptuser@rcptdomain.com]
action_av = "reject"

Note that the section header identifies the recipient for which the individual settings have been created, and the section body contains individual parameters for this recipient. This configuration will allow all other users attempting to access the file-system to be processed normally. All file system objects accessed by other users will be scanned for infiltrations, except for the user rcptuser@rcptdomain.com, whose access will be rejected (blocked).