ESET File Security

russianmiserableΑσφάλεια

13 Ιουν 2012 (πριν από 4 χρόνια και 10 μήνες)

785 εμφανίσεις

ESET
File Security
Installation Manual and User Guide

Li nux, BSD and Sol ari s
ESET

File Security
Copyright ©2011 by ESET, spol. s r. o.
ESET File Security was developed by ESET, spol. s r. o.
For more information visit www.eset.com.
All rights reserved. No part of this documentation may be reproduced,
stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning, or
otherwise without permission in writing from the author.
ESET, spol. s r. o. reserves the right to change any of the described
application software without prior notice.
Customer Care Worldwide: www.eset.eu/support
Customer Care North America: www.eset.com/support
REV. 2011-02-08
Contents
..................................................................3
1.
Introduction
.........................................................................................3
Mai n functi onal i ty1.1
.........................................................................................3
Key features of the system1.2
..................................................................5
2.
Terminology and abbreviations
..................................................................7
3.
Installation
..................................................................8
4.
Architecture Overview
..................................................................10
5.
Integration with File System services
.........................................................................................10
On-demand scanner5.1
.........................................................................................10
On-access scanner powered by Dazuko5.2
................................................................................10
Operation principle
5.2.1
................................................................................11
Installation and configuration
5.2.2
................................................................................11
Tips
5.2.3
.........................................................................................11
On-access scanner usi ng prel oad LIBC l i brary5.3
................................................................................12
Operation principle
5.3.1
................................................................................12
Installation and configuration
5.3.2
................................................................................12
Tips
5.3.3
..................................................................13
6.
Important ESET File Security mechanisms
.........................................................................................13
Handl e Object Pol i cy6.1
.........................................................................................13
User Speci fi c Confi gurati on6.2
.........................................................................................14
Sampl es Submi ssi on System6.3
.........................................................................................14
Web Interface6.4
................................................................................15
License management
6.4.1
................................................................................16
On-Access scanner (DAC) configuration example
6.4.2
................................................................................16
On-Demand scanner
6.4.3
................................................................................17
Statistics
6.4.4
.........................................................................................17
Remote Admi ni strati on6.5
................................................................................18
Remote Administration usage example
6.5.1
.........................................................................................20
Loggi ng6.6
..................................................................21
7.
ESET Security system update
.........................................................................................21
ESETS update uti l i ty7.1
.........................................................................................21
ESETS update process descri pti on7.2
.........................................................................................21
ESETS mi rror http daemon7.3
..................................................................22
8.
Let us know
..................................................................23
9.
Appendix A. PHP License
3
1. Introduction
Dear user, you have acqui red ESET Fi l e Securi ty - the premi er securi ty system runni ng under the Li nux, BSD and Sol ari s OS. As
you wi l l soon fi nd out, ESET's state-of-the-art scanni ng engi ne has unsurpassed scanni ng speed and detecti on rates combi ned
wi th a very smal l footpri nt that makes i t the i deal choi ce for any Li nux, BSD and Sol ari s OS server.
1.1 Main functionality
On-demand scanner
The On-demand scanner can be i nvoked by a pri vi l eged user (usual l y a system admi ni strator) through ei ther the command
l i ne i nterface or the web i nterface; or by the operati ng system's automati c schedul i ng tool (e.g., cron). Thus, the term On-demand
refers to fi l e system objects bei ng scanned on user or system demand.
On-access scanner
The On-access scanner i s i nvoked whenever a user and/or operati ng system attempts to access fi l e system objects. Thi s al so
cl ari fi es the use of the term On-access; because a scan i s tri ggered by any attempt to access fi l e system objects.
1.2 Key features of the system
Advanced engine algorithms
The ESET anti vi rus scanni ng engi ne al gori thms provi de the hi ghest detecti on rate and the fastest scanni ng ti mes.
Multi-processing
ESET Fi l e Securi ty i s devel oped to run on si ngl e- as wel l as mul ti -processor uni ts.
Advanced Heuristics
ESET Fi l e Securi ty i ncl udes uni que advanced heuri sti cs for Wi n32 worms, backdoor i nfecti ons and other forms of mal ware.
Built-In features
Bui l t-i n archi vers unpack archi ved objects wi thout the need for any external programs.
Speed and efficiency
To i ncrease the speed and effi ci ency of the system, i ts archi tecture i s based on the runni ng daemon (resi dent program) where
al l scanni ng requests are sent.
Enhanced security
Al l executi ve daemons (except esets_dac) run under non-pri vi l eged user account to enhance securi ty.
Selective configuration
The system supports sel ecti ve confi gurati on based on the user or cl i ent/server.
Multiple logging levels
Mul ti pl e l oggi ng l evel s can be confi gured to get i nformati on about system acti vi ty and i nfi l trati ons.
Web interface
Confi gurati on, admi ni strati on and l i cense management are offered through an i ntui ti ve and user-fri endl y Web i nterface.
Remote administration
The system supports ESET Remote Admi ni strati on for management i n l arge computer networks.
No external libraries
The ESET Fi l e Securi ty i nstal l ati on does not requi re external l i brari es or programs except for LIBC.
User-specified notification
The system can be confi gured to noti fy speci fi c users i n the event of a detected i nfi l trati on or other i mportant events.
Low system requirements
To run effi ci entl y, ESET Fi l e Securi ty requi res just 16MB of hard-di sk space and 32MB of RAM. It runs smoothl y under the 2.2.x,
2.4.x and 2.6.x Li nux OS kernel versi ons as wel l as under 5.x, 6.x FreeBSD OS kernel versi ons.
4
Performance and scalability
From l ower-powered, smal l offi ce servers to enterpri se-cl ass ISP servers wi th thousands of users, ESET Fi l e Securi ty del i vers
the performance and scal abi l i ty you expect from a UNIX based sol uti on, i n addi ti on to the unequal ed securi ty of ESET products.
5
2. Terminology and abbreviations
In thi s secti on we wi l l revi ew the terms and abbrevi ati ons used i n thi s document. Note that a bol dface font i s reserved for
product component names and al so for newl y defi ned terms and abbrevi ati ons. Terms and abbrevi ati ons defi ned i n thi s chapter
are expanded upon l ater i n thi s document.
ESETS
ESET Security i s a standard acronym for al l securi ty products devel oped by ESET, spol. s r. o. for Li nux, BSD and Sol ari s
operati ng systems. It i s al so the name (or i ts part) of the software package contai ni ng the products.
RSR
Abbrevi ati on for ‘RedHat/Novel l (SuSE) Ready’. Note that we al so support RedHat Ready and Novel l (SuSE) Ready vari ati ons of
the product. The RSR package di ffers from the ‘standard’ Li nux versi on i n that i t meets the FHS (Fi l e-system Hi erarchy Standard
defi ned as a part of Li nux Standard Base) cri teri a requi red by the RedHat Ready and Novel l (SuSE) Ready certi fi cate. Thi s means
that the RSR package i s i nstal l ed as an add-on appl i cati on - the pri mary i nstal l ati on di rectory i s ‘/opt/eset/esets’.
ESETS daemon
The mai n ESETS system control and scanni ng daemon: esets_daemon.
ESETS base directory
The di rectory where ESETS l oadabl e modul es contai ni ng the vi rus si gnature database are stored. The abbrevi ati on
@BASEDIR@ wi l l be used for future references to thi s di rectory. The @BASEDIR@ val ue for the fol l owi ng Operati ng Systems i s
l i sted bel ow:
Linux: /var/lib/esets
Linux RSR: /var/opt/eset/esets/lib
FreeBSD: /var/lib/esets
NetBSD: /var/lib/esets
Solaris: /var/opt/esets/lib
ESETS configuration directory
The di rectory where al l fi l es rel ated to the ESET Fi l e Securi ty confi gurati on are stored. The abbrevi ati on @ETCDIR@ wi l l be
used for future references to thi s di rectory. The @ETCDIR@ val ue for the fol l owi ng Operati ng Systems i s l i sted bel ow:
Linux: /etc/esets
Linux RSR: /etc/opt/eset/esets
FreeBSD: /usr/local/etc/esets
NetBSD: /usr/pkg/etc/esets
Solaris: /etc/opt/esets
ESETS configuration file
Mai n ESET Fi l e Securi ty confi gurati on fi l e. The absol ute path of the fi l e i s as fol l ows:
@ETCDIR@/esets.cfg
ESETS binary files directory
The di rectory where the rel evant ESET Fi l e Securi ty bi nary fi l es are stored. The abbrevi ati on @BINDIR@ wi l l be used for future
references to thi s di rectory. The @BINDIR@ val ue for the fol l owi ng Operati ng Systems i s l i sted bel ow:
Linux: /usr/bin
Linux RSR: /opt/eset/esets/bin
FreeBSD: /usr/local/bin
NetBSD: /usr/pkg/bin
Solaris: /opt/esets/bin
ESETS system binary files directory
The di rectory where the rel evant ESET Fi l e Securi ty system bi nary fi l es are stored. The abbrevi ati on @SBINDIR@ wi l l be used
for future references to thi s di rectory. The @SBINDIR@ val ue for the fol l owi ng Operati ng Systems i s l i sted bel ow:
Linux: /usr/sbin
Linux RSR: /opt/eset/esets/sbin
FreeBSD: /usr/local/sbin
NetBSD: /usr/pkg/sbin
Solaris: /opt/esets/sbin
6
ESETS object files directory
The di rectory where the rel evant ESET Fi l e Securi ty object fi l es and l i brari es are stored. The abbrevi ati on @LIBDIR@ wi l l be
used for future references to thi s di rectory. The @LIBDIR@ val ue for the fol l owi ng Operati ng Systems i s l i sted bel ow:
Linux: /usr/lib/esets
Linux RSR: /opt/eset/esets/lib
FreeBSD: /usr/local/lib/esets
NetBSD: /usr/pkg/lib/esets
Solaris: /opt/esets/lib
7
3. Installation
After purchasi ng ESET Fi l e Securi ty, you wi l l recei ve your authori zati on data (username, password and l i cense key). Thi s data
i s necessary for both i denti fyi ng you as our customer and al l owi ng you to downl oad updates for ESET Fi l e Securi ty. The
username/password data i s al so requi red for downl oadi ng the i ni ti al i nstal l ati on package from our web si te. ESET Fi l e Securi ty
i s di stri buted as a bi nary fi l e:
esets.i386.ext.bin
In the bi nary fi l e shown above, ‘ext’ i s a Li nux, BSD and Sol ari s OS di stri buti on dependent suffi x, i.e., ‘deb’ for Debi an, ‘rpm’ for
RedHat and SuSE, ‘tgz’ for other Li nux OS di stri buti ons, ‘fbs5.tgz’ for FreeBSD 5.x, ‘fbs6.tgz’ for FreeBSD 6.x, ‘nbs4.tgz’ for NetBSD 4.
xx and ‘sol 10.pkg.gz‘ for Sol ari s 10.
Note that the Li nux RSR bi nary fi l e format i s:
esets-rsr.i386.rpm.bin
To i nstal l or upgrade the product, use the fol l owi ng command:
sh ./esets.i386.ext.bin
For the Li nux RSR vari ati on of the product, use the command:
sh ./esets-rsr.i386.rpm.bin
to di spl ay the product’s User Li cense Acceptance Agreement. Once you have confi rmed the Acceptance Agreement, the
i nstal l ati on package i s pl aced i nto the current worki ng di rectory and rel evant i nformati on regardi ng the package’s i nstal l ati on,
un-i nstal l ati on or upgrade i s di spl ayed onscreen.
Once the package i s i nstal l ed, you can veri fy that the mai n ESETS servi ce i s runni ng by usi ng the fol l owi ng command:
Li nux OS:
ps -C esets_daemon
BSD OS:
ps -ax | grep esets_daemon
Sol ari s:
ps -A | grep esets_daemon
After pressi ng ENTER, you shoul d see the fol l owi ng (or si mi l ar) message:
PID TTY TIME CMD
2226 ? 00:00:00 esets_daemon
2229 ? 00:00:00 esets_daemon
At l east two ESETS daemon processes are runni ng i n the background. The fi rst PID represents the process and threads manager
of the system. The other represents the ESETS scanni ng process.
8
4. Architecture Overview
Once ESET Fi l e Securi ty i s successful l y i nstal l ed, you shoul d become fami l i ar wi th i ts archi tecture.
Figure 4-1. Structure of ESET File Security.
The structure of ESET Fi l e Securi ty i s shown i n Fi gure 4-1. The system i s compri sed of the fol l owi ng parts:
CORE
The Core of ESET Fi l e Securi ty i s the ESETS daemon (esets_daemon). The daemon uses ESETS API l i brary l i besets.so and ESETS
l oadi ng modul es em00X_xx.dat to provi de base system tasks such as scanni ng, mai ntenance of the agent daemon processes,
mai ntenance of the sampl es submi ssi on system, l oggi ng, noti fi cati on, etc. Pl ease refer to the esets_daemon(8) man page for
detai l s.
AGENTS
The purpose of ESETS agent modul es i s to i ntegrate ESETS wi th the Li nux, BSD and Sol ari s Server envi ronment.
UTILITIES
The uti l i ty modul es provi de si mpl e and effecti ve management of the system. They are responsi bl e for rel evant system tasks
such as l i cense management, quaranti ne management, system setup and update.
CONFIGURATION
Proper confi gurati on i s the most i mportant aspect of a smooth-runni ng securi ty system - the remai nder of thi s chapter i s
dedi cated to expl ai ni ng al l rel ated components. A thorough understandi ng of the esets.cfg fi l e i s al so hi ghl y recommended, as
thi s fi l e contai ns i nformati on essenti al to the confi gurati on of ESET Fi l e Securi ty.
After the product i s successful l y i nstal l ed, al l i ts confi gurati on components are stored i n the ESETS confi gurati on di rectory.
The di rectory consi sts of the fol l owi ng fi l es:
@ETCDIR@/esets.cfg
Thi s i s the most i mportant confi gurati on fi l e, as i t control s al l major aspects of the product‘s functi onal i ty. The esets.cfg fi l e i s
made up of several secti ons, each of whi ch contai ns vari ous parameters. The fi l e contai ns one gl obal and several “agent“
secti ons, wi th al l secti on names encl osed i n square brackets. Parameters i n the gl obal secti on are used to defi ne confi gurati on
opti ons for the ESETS daemon as wel l as defaul t val ues for the ESETS scanni ng engi ne confi gurati on. Parameters i n agent secti ons
are used to defi ne confi gurati on opti ons of modul es used to i ntercept vari ous data fl ow types i n the computer and/or i ts
nei ghborhood, and prepare i t for scanni ng. Note that i n addi ti on to the vari ous parameters used for system confi gurati on, there
are al so rul es governi ng the organi zati on of the fi l e. For detai l ed i nformati on on the most effecti ve way to organi ze thi s fi l e,
9
pl ease refer to the esets.cfg(5) and esets_daemon(8) man pages, as wel l as rel evant agents‘ man pages.
@ETCDIR@/certs
Thi s di rectory i s used to store the certi fi cates used by the ESETS web i nterface for authenti cati on. Pl ease see the esets_wwwi(8)
man page for detai l s.
@ETCDIR@/license
Thi s di rectory i s used to store the product(s) l i cense key(s) you have acqui red from your vendor. Note that the ESETS daemon
wi l l check onl y thi s di rectory for a val i d l i cense key, unl ess the ‘license_dir’ parameter i n the ESETS confi gurati on fi l e i s redefi ned.
@ETCDIR@/scripts/license_warning_script
If enabl ed by the ESETS confi gurati on fi l e parameter ‘license_warn_enabled’, thi s scri pt wi l l be executed 30 days (once per day)
before product l i cense expi rati on, sendi ng an emai l noti fi cati on about the expi rati on status to the system admi ni strator.
@ETCDIR@/scripts/daemon_notification_script
If enabl ed by the ESETS confi gurati on fi l e parameter ‘exec_script’, thi s scri pt i s executed i n the event of a detected i nfi l trati on
by the anti vi rus system. It i s used to send emai l noti fi cati on about the event to the system admi ni strator.
10
5. Integration with File System services
Thi s chapter descri bes the On-demand and On-access scanner confi gurati on whi ch wi l l provi de the most effecti ve protecti on
from vi rus and worm fi l e system i nfecti ons. ESET Fi l e Securi ty’s scanni ng power i s deri ved from the On-demand scanner
command ‘esets_scan’ and the On-access scanner command ‘esets_dac’. The Li nux versi on of ESET Fi l e Securi ty offers an
addi ti onal On-access scanner techni que whi ch uses the prel oaded l i brary modul e libesets_pac.so. Al l of these commands are
descri bed i n the fol l owi ng secti ons.
Warning! Novel l Storage Servi ces (NSS) break common uni x securi ty pri nci pl es the scanner rel i es on when l i mi ti ng pri vi l eges.
Thi s resul ts i n no threat detecti on on NSS mounted vol umes. If you have such mounted vol ume, set the ‘esets_user’ parameter to
‘root’ i n ESETS confi gurati on fi l e and restart ESETS daemon.
5.1 On-demand scanner
The On-demand scanner can be i nvoked by a pri vi l eged user (usual l y a system admi ni strator) through the command l i ne
i nterface or web i nterface, or by the operati ng system’s automati c schedul i ng tool (e.g., cron). Thus, the term On-demand refers to
fi l e system objects whi ch are scanned on user or system demand.
The On-demand scanner does not requi re speci al confi gurati on i n order to run. After the ESETS package has been properl y
i nstal l ed and a val i d l i cense has been moved to the l i cense keys di rectory (@ETCDIR@/l i cense), the On-demand scanner can be
run i mmedi atel y usi ng the command l i ne i nterface or the Schedul er tool. To run the On-demand scanner from the command l i ne,
use the fol l owi ng syntax:
@SBINDIR@/esets_scan [option(s)] FILES
where FILES i s a l i st of di rectori es and/or fi l es to be scanned.
Mul ti pl e command l i ne opti ons are avai l abl e usi ng ESETS On-demand scanner. To see the ful l l i st of opti ons, pl ease see the
esets_scan(8) man page.
5.2 On-access scanner powered by Dazuko
The On-access scanner i s i nvoked by user(s) access and/or operati ng system access to fi l e system objects. Thi s al so expl ai ns
the term On-access; the scanner i s tri ggered on any attempt to access a sel ected fi l e system object.
The techni que used by ESETS On-access scanner i s powered by the Dazuko (da-tzu-ko) kernel modul e and i s based on the
i ntercepti on of kernel cal l s. The Dazuko project i s open source, whi ch means that i ts source code i s freel y di stri buted. Thi s
al l ows users to compi l e the kernel modul e for thei r own custom kernel s. Note that the Dazuko kernel modul e i s not a part of any
ESETS product and must be compi l ed and i nstal l ed i nto the kernel pri or to usi ng the On-access command esets_dac. On the other
hand the Dazuko techni que makes On-access scanni ng i ndependent from the fi l e system type used. It i s al so sui tabl e for
scanni ng of fi l e system objects vi a Network Fi l e System (NFS), Nettal k and Samba.
Important: Before we provi de detai l ed i nformati on rel ated to On-access scanner confi gurati on and use, i t shoul d be noted
that the scanner has been pri mari l y devel oped and tested to protect external l y mounted fi l e systems. In case of mul ti pl e fi l e
systems that are not external l y mounted, you wi l l need to excl ude them from fi l e access control i n order to prevent system hang
ups. An exampl e of a typi cal di rectory to excl ude i s the ‘/dev’ di rectory and any di rectori es used by ESETS.
5.2.1 Operation principle
The On-access scanner esets_dac (ESETS Dazuko-powered fi l e Access Control l er) i s a resi dent program whi ch provi des
conti nuous moni tori ng and control over the fi l e system. Every fi l e system object i s scanned based on customi zabl e fi l e access
event types. The fol l owi ng event types are supported by the current versi on:
Open events
To acti vate thi s fi l e access type set the val ue of the ‘event_mask’ parameter to open i n the [dac] secti on of the esets.cfg fi l e.
Thi s wi l l enabl e the ON_OPEN bi t of the Dazuko access mask.
Close events
To acti vate thi s fi l e access type set the val ue of the ‘event_mask’ parameter to cl ose i n the [dac] secti on of the esets.cfg fi l e.
Thi s wi l l enabl e the ON_OPEN bi t of the Dazuko access mask. Thi s wi l l enabl e the ON_CLOSE and ON_CLOSE_MODIFIED bi ts of the
Dazuko access mask.
NOTE: Some OS kernel versi ons do not support the i ntercepti on of ON_CLOSE events. In these cases, cl ose events wi l l not be
moni tored by esets_dac.
Exec events
To acti vate thi s fi l e access type set the val ue of the ‘event_mask’ parameter to exec i n the [dac] secti on of the esets.cfg fi l e. Thi s
11
wi l l enabl e the ON_EXEC bi t of the Dazuko access mask.
The On-access scanner ensures that al l opened, cl osed and executed fi l es are fi rst scanned by the esets_daemon for vi ruses.
Dependi ng on the scan resul ts, access to speci fi c fi l es i s deni ed or al l owed.
5.2.2 Installation and configuration
The Dazuko kernel modul e must be compi l ed and i nstal l ed wi thi n the runni ng kernel before i ni ti al i zi ng esets_dac. For detai l s
on how to compi l e and i nstal l Dazuko, pl ease see:
http://www.dazuko.org
Once Dazuko i s i nstal l ed, revi ew and edi t the [global] and [dac] secti ons of the ESETS confi gurati on fi l e (esets.cfg). Note that
proper functi oni ng of the On-access scanner i s dependent upon confi gurati on of the ‘agent_enabled’ opti on wi thi n the [dac]
secti on of thi s fi l e. Addi ti onal l y, you must defi ne the fi l e system objects (i.e. di rectori es and fi l es) that are to be moni tored by the
On-access scanner. Thi s can be accompl i shed by defi ni ng the parameters of the ‘ctl_incl’ and ‘ctl_excl’ opti ons, whi ch are al so
l ocated wi thi n the [dac] secti on. After maki ng changes to the esets.cfg fi l e, you can force the newl y created confi gurati on to be re-
read by rel oadi ng the ESETS daemon.
5.2.3 Tips
To ensure that the Dazuko modul e l oads pri or to i ni ti al i zati on of the esets_dac daemon, fol l ow these steps:
Pl ace a copy of the Dazuko modul e i n ei ther of the fol l owi ng di rectori es reserved for kernel modul es:
/lib/modules
or
/modules
Use the kernel uti l i ti es ‘depmod’ and ‘modprobe’ (For BSD OS, use ‘kl dconfi g’ and ‘kl dl oad’) to handl e dependenci es and
successful i ni ti al i zati on of the newl y added Dazuko modul e.
In the esets_daemon i ni ti al i zati on scri pt ‘/etc/i ni t.d/esets_daemon’, i nsert the fol l owi ng l i ne before the daemon i ni ti al i zati on
statement:
/sbin/modprobe dazuko
For BSD OS’s the l i ne
/sbin/kldconfig dazuko
must be i nserted i nto the ‘/usr/l ocal/etc/rc.d/esets_daemon.sh’ scri pt.
Warning! It i s extremel y i mportant that these steps are executed i n the exact order gi ven. If the kernel modul e i s not l ocated
wi thi n the kernel modul es di rectory i t wi l l not properl y l oad, causi ng system hang-ups.
5.3 On-access scanner using preload LIBC library
In the previ ous secti ons we descri bed the i ntegrati on of the On-access scanner powered by Dazuko wi th Li nux/BSD fi l e system
servi ces. If, however, the use of Dazuko i s not feasi bl e, for exampl e for system admi ni strators who mai ntai n cri ti cal systems
where:
the source code and/or confi gurati on fi l es rel ated to the runni ng kernel are not avai l abl e,
the kernel i s more monol i thi c than modul ar,
the Dazuko modul e si mpl y does not support the gi ven OS.
In any of these cases, the On-access scanni ng techni que based on the prel oad LIBC l i brary shoul d be used. See the fol l owi ng
topi cs i n thi s secti on for detai l ed i nformati on. Pl ease note that thi s secti on i s rel evant onl y for Li nux OS users and contai ns
i nformati on regardi ng the operati on, i nstal l ati on and confi gurati on of the On-access scanner usi ng the prel oad l i brary
‘libesets_pac.so’.
12
5.3.1 Operation principle
The On-access scanner libesets_pac.so (ESETS Prel oad l i brary based fi l e Access Control l er) i s a shared objects l i brary whi ch i s
acti vated at system start-up. Thi s l i brary i s used for LIBC cal l s by fi l e system servers such as FTP server, Samba server etc. Every
fi l e system object i s scanned based on customi zabl e fi l e access event types. The fol l owi ng event types are supported by the
current versi on:
Open events
Thi s fi l e access type i s acti vated i f the word ‘open’ i s present i n the ‘event_mask’ parameter i n the esest.cfg fi l e ([pac] secti on).
Close events
Thi s fi l e access type i s acti vated i f the word ‘close’ i s present i n the ‘event_mask’ parameter i n the esets.cfg fi l e ([pac] secti on).
In thi s case, al l fi l e descri ptor and FILE stream cl ose functi ons of the LIBC are i ntercepted.
Exec events
Thi s fi l e access type i s acti vated i f the word ‘exec’ i s present i n the ‘event_mask’ parameter i n the esets.cfg ([pac] secti on). In
thi s case, al l exec functi ons of the LIBC are i ntercepted.
Al l opened, cl osed and executed fi l es are scanned by the ESETS daemon for vi ruses. Based on the resul t of such scans, access
to gi ven fi l es i s deni ed or al l owed.
5.3.2 Installation and configuration
The libesets_pac.so l i brary modul e i s i nstal l ed usi ng a standard i nstal l ati on mechani sm of the prel oaded l i brari es. One has
just to defi ne the envi ronment vari abl e ‘LD_PRELOAD’ wi th the absol ute path to the libesets_pac.so l i brary. For more i nformati on,
pl ease refer to the ld.so(8) man page.
NOTE: It i s i mportant that the ‘LD_PRELOAD‘ envi ronment vari abl e i s defi ned onl y for the network server daemon processes
(ftp, Samba, etc.) that wi l l be under control of the On-access scanner. General l y, prel oadi ng LIBC cal l s for al l operati ng system
processes i s not recommended, as thi s can dramati cal l y sl ow the performance of the system or even cause the system to hang. In
thi s sense, the ‘/etc/l d.so.prel oad’ fi l e shoul d not be used, nor shoul d the ‘LD_PRELOAD‘ envi ronment vari abl e be exported
gl obal l y. Both woul d overri de al l rel evant LIBC cal l s, whi ch coul d l ead to system hang-up duri ng i ni ti al i zati on.
To ensure that onl y rel evant fi l e access cal l s wi thi n a gi ven fi l e system are i ntercepted, executabl e statements can be
overri dden usi ng the fol l owi ng l i ne:
LD_PRELOAD=/usr/lib/libesets_pac.so COMMAND COMMAND-ARGUMENTS
where ‘COMMAND COMMAND-ARGUMENTS’ i s the ori gi nal executabl e statement.
Revi ew and edi t the [global] and [pac] secti ons of the ESETS confi gurati on fi l e (esets.cfg). In order for the On-access scanner to
functi on correctl y, you must defi ne the fi l e system objects (i.e. di rectori es and fi l es) that are requi red to be under control of the
prel oad l i brary. Thi s can be achi eved by defi ni ng the parameters of the ‘ctl_incl’ and ‘ctl_excl’ opti ons i n the [pac] secti on of the
ESETS confi gurati on fi l e. After maki ng changes to the esets.cfg fi l e, you can force the newl y created confi gurati on to be re-read by
rel oadi ng the ESETS daemon.
5.3.3 Tips
In order to acti vate the On-access scanner i mmedi atel y after fi l e system start-up, the ‘LD_PRELOAD’ envi ronment vari abl e must
be defi ned wi thi n the appropri ate network fi l e server i ni ti al i zati on scri pt.
Example: Let’s assume we want to have the On-access scanner to moni tor al l fi l e system access events i mmedi atel y after
starti ng the Samba server. Wi thi n the Samba daemon i ni ti al i zati on scri pt (/etc/i ni t.d/smb), we woul d repl ace the statement
daemon /usr/sbin/smbd $SMBDOPTIONS
wi th the fol l owi ng l i ne:
LD_PRELOAD=/usr/lib/libesets_pac.so daemon /usr/sbin/smbd $SMBDOPTIONS
In thi s way, sel ected fi l e system objects control l ed by Samba wi l l be scanned at system start-up.
13
6. Important ESET File Security mechanisms
6.1 Handle Object Policy
The Handl e Object Pol i cy (see fi gure 6-1) mechani sm provi des fi l teri ng of scanned objects based on thei r status. Thi s
functi onal i ty i s based on the fol l owi ng confi gurati on opti ons:
acti on_av
acti on_av_i nfected
acti on_av_notscanned
acti on_av_del eted
For detai l ed i nformati on on these opti ons, pl ease refer to the esets.cfg(5) man page.
Figure 6-1. Scheme of Handle Object Policy mechanism.
Every object processed i s fi rst handl ed accordi ng to the confi gurati on of the ‘action_av‘ opti on. If thi s opti on i s set to ‘accept’
(or ‘defer’, ‘discard’, ‘reject’) the object i s accepted (or deferred, di scarded, rejected). If the opti on i s set to ‘scan’ the object i s
scanned for vi rus i nfi l trati ons, and i f the ‘av_clean_mode’ opti on i s set to ‘yes’, the object i s al so cl eaned. In addi ti on, the
confi gurati on opti ons ‘action_av_infected’, ‘action_av_notscanned’ and ‘action_av_deleted’ are taken i nto account to further
eval uate handl i ng of the object. If an ‘accept’ acti on has been taken as a resul t of these three acti on opti ons, the object i s
accepted. Otherwi se, the object i s bl ocked.
6.2 User Specific Configuration
The purpose of the User Speci fi c Confi gurati on mechani sm i s to provi de a hi gher degree of customi zati on and functi onal i ty. It
al l ows the sytem admi ni strator to defi ne ESETS anti vi rus scanner parameters based on the user who i s accessi ng fi l e system
objects.
A detai l ed descri pti on of thi s functi onal i ty can be found i n the esets.cfg(5) man page; i n thi s secti on we wi l l provi de onl y a
short exampl e of a user-speci fi c confi gurati on.
In thi s exampl e, the goal i s to use the esets_dac modul e to control the ON_OPEN and ON_EXEC access events for an external
di sc mounted under the /home di rectory. The modul e can be confi gured i n the [dac] secti on of the ESETS confi gurati on fi l e. See
bel ow:
[dac]
agent_enabled = yes
event_mask = "open"
ctl_incl = "/home"
action_av = "scan"
To speci fy scan setti ngs for an i ndi vi dual user, the ‘user_config’ parameter must speci fy the speci al confi gurati on fi l ename
where the i ndi vi dual scanni ng rul es wi l l be stored. In the exampl e shown here, the speci al confi gurati on fi l e i s cal l ed
‘esets_dac_spec.cfg’ and i s l ocated wi thi n the ESETS confi gurati on di rectory (Thi s di rectory i s based on your operati ng system.
Pl ease see Termi nol ogy and abbrevi ati ons page).
14
[dac]
agent_enabled = yes
event_mask = "open"
ctl_incl = "/home"
action_av = "scan"
user_config = "esets_dac_spec.cfg"
Once the ‘user_config’ fi l e parameter i s speci fi ed wi thi n the [dac] secti on, the ‘esets_dac_spec.cfg’ fi l e must be created i n the
ESETS confi gurati on di rectory. Fi nal l y, add the desi red scanni ng rul es.
[username]
action_av = "reject"
At the top of the speci al secti on, enter the username to whi ch the i ndi vi dual rul es wi l l be appl i ed. Thi s confi gurati on wi l l
al l ow al l other users attempti ng to access the fi l e-system to be processed normal l y. i.e., al l fi l e system objects accessed by other
users wi l l be scanned for i nfi l trati ons, except for the user ‘username’, whose access wi l l be rejected (bl ocked).
6.3 Samples Submission System
The Sampl es submi ssi on system i s an i ntel l i gent ThreatSense.Net technol ogy that col l ects i nfected objects whi ch have been
detected by advanced heuri sti cs and del i vers them to the sampl es submi ssi on system server. Al l vi rus sampl es col l ected by the
sampl e submi ssi on system wi l l be processed by the ESET vi rus l aboratory and i f necessary, added to the ESET vi rus si gnature
database.
NOTE: Accordi ng to our l i cense agreement, by enabl i ng sampl e submi ssi on system you are agreei ng to al l ow the computer
and/or pl atform on whi ch the esets_daemon i s i nstal l ed to col l ect data (whi ch may i ncl ude personal i nformati on about you
and/or the user of the computer) and sampl es of newl y detected vi ruses or other threats and send them to our vi rus l ab. Thi s
feature i s turned off by defaul t. Al l i nformati on col l ected wi l l be used onl y to anal yze new threats and wi l l not be used for any
other purpose.
In order to acti vate the Sampl es Submi ssi on System, the sampl es submi ssi on system cache must be i ni ti al i zed. Thi s can be
achi eved by enabl i ng the ‘samples_enabled’ opti on i n the [global] secti on of the ESETS confi gurati on fi l e. To al l ow for the actual
del i very of sampl es to the ESET vi rus l aboratory servers, the parameter ‘samples_send_period’ must al so be speci fi ed i n the same
secti on.
In addi ti on, users can choose to provi de the ESET vi rus l aboratory team wi th suppl ementary i nformati on usi ng the
‘samples_provider_mail’ and/or ‘samples_provider_country’ confi gurati on opti ons. The i nformati on col l ected usi ng these opti ons
wi l l assi st i n provi di ng the ESET team wi th an overvi ew about a gi ven i nfi l trati on whi ch may be spreadi ng over the Internet.
For more i nformati on on the Sampl es Submi ssi on System, refer to the esets_daemon(8) man page.
6.4 Web Interface
The Web Interface al l ows user-fri endl y confi gurati on, admi ni strati on and l i cense management of ESET Securi ty systems. Thi s
modul e i s a separate agent and must be expl i ci tl y enabl ed. To qui ckl y confi gure the Web Interface, set the fol l owi ng opti ons i n
the ESETS confi gurati on fi l e and restart the ESETS daemon:
[wwwi]
agent_enabled = yes
listen_addr = address
listen_port = port
username = name
password = pass
Repl ace the text i n i tal i cs wi th your own val ues and di rect your browser to ‘https://address:port’ (note the https). Logi n wi th
‘username/password’. Basi c usage i nstructi ons can be found on the hel p page and techni cal detai l s about esets_wwwi can be
found on the esets_wwwi(1) man page.
The web i nterface al l ows you to remotel y access the ESETS daemon and depl oy i t easi l y. Thi s powerful uti l i ty makes i t easy to
read and wri te confi gurati on val ues.
15
Figure 6-1. ESET Security for Linux - Home screen.
The web i nterface wi ndow of ESET Fi l e Securi ty i s di vi ded i nto two mai n secti ons. The pri mary wi ndow, that serves to di spl ay
the contents of the sel ected menu opti on and the mai n menu. Thi s hori zontal bar on the top l ets you navi gate between the
fol l owi ng mai n opti ons:
Home - provi des basi c system and ESET product i nformati on
Licenses - i s a l i cense management uti l i ty, see the fol l owi ng chapter for mode detai l s
Configuration - you can change the ESET Fi l e Securi ty system confi gurati on here
Control - al l ows you to run si mpl e tasks and vi ew gl obal stati sti cs about objects processed by esets_daemon
Help - provi des detai l ed usage i nstructi ons for the ESET Fi l e Securi ty web i nterface
Logout - use to end your current sessi on
6.4.1 License management
You can upl oad a new l i cense usi ng the Web i nterface, as shown i n Fi gure 6-2.
If you want to di spl ay l i censes i n the consol e, use the fol l owi ng command:
/usr/sbin/esets_lic --list
If you want to i mport new l i cense fi l es, use the fol l owi ng command:
/usr/sbin/esets_lic --import *.lic
Figure 6-2. ESET Licenses.
You can enabl e the l i cense noti fi cati on opti on i n the Global secti on opti ons. If enabl ed, thi s functi onal i ty wi l l noti fy you 30
days pri or to your l i cense expi rati on.
16
6.4.2 On-Access scanner (DAC) configuration example
There are two ways you can to confi gure ESETS. In our exampl e we wi l l demonstrate how to use ei ther of them to setup the DAC
modul e, descri bed i n secti on 5.2. You can choose the opti on that best sui ts you.
Usi ng the ESETS confi gurati on fi l e:
[dac]
agent_enabled = yes
event_mask = "open"
ctl_incl = "/home"
action_av_deleted = "reject"
action_av = "scan"
action_av_infected = "reject"
Usi ng the web i nterface:
Figure 6-3. ESETS - Configuration > On-Access scanner.
When changi ng setti ngs i n the web i nterface, al ways remember to save your confi gurati on by the cl i ck Save changes. To appl y
your new changes cl i ck the Apply changes button i n the Configuration secti ons panel.
6.4.3 On-Demand scanner
Thi s secti on compri ses an exampl e on how to run the On-Demand scanner to scan for vi ruses:
Navi gate to Control > On-Demand Scan
Enter the path to the di rectory you want to scan
Execute the Command-l i ne scanner by cl i cki ng the Scan button
17
Figure 6-4. ESETS - Control > On-Demand scanner.
ESET Command-l i ne scanner wi l l automati cal l y run i n the background. To see the scanni ng progress, cl i ck the View l i nk. A new
browser wi ndow wi l l open.
6.4.4 Statistics
You can vi ew stati sti cs for al l of acti ve ESETS agents here. Statistics summary refreshes every 10 seconds.
Figure 6-5. ESETS - Control > Statistics.
6.5 Remote Administration
ESETS supports ESET Remote Admi ni strati on for fi l e securi ty management i n l arge computer networks. The ESETS Remote
Admi ni strati on Cl i ent i s part of the mai n ESETS daemon and performs the fol l owi ng functi ons:
Communi cates wi th ERA Server and provi des you wi th system i nformati on, confi gurati on, protecti on statuses and several
other features
Al l ows cl i ent confi gurati ons to be vi ewed/modi fi ed usi ng the ESET Confi gurati on Edi tor and i mpl emented wi th the hel p of
confi gurati on tasks
Can perform Update Now tasks
Performs On-demand scans as requested, and submi ts the resul ti ng back to ERA Server Scan Log
Adds l ogs of notabl e scans performed by the ESETS daemon to Threat Log
Sends al l non-debug messages to Event Log
These functi onal i ti es are not supported:
Fi rewal l Log
Remote Instal l
18
Figure 6-6. ERA Console tabs.
For more i nformati on, pl ease read the ESET Remote Admi ni strator manual. Thi s manual i s l ocated on our web si te at the
fol l owi ng l i nk:
http://www.eset.com/documentati on
6.5.1 Remote Administration usage example
Before commenci ng any remote admi ni strati on process ensure your system ful fi l l s the three fol l owi ng prerequi si tes:
Runni ng ERA Server
Runni ng ERA Consol e
Enabl e RA Cl i ent i n the ESETS daemon. Ensure that fi rewal l setti ngs do not bl ock traffi c to ERA Server or vi ce versa.
To setup the basi cs, speci fy the address of your ERA Server i n the ‘racl_server_addr’ parameter fi rst. If you are usi ng a password
to access the ERA Consol e password, you must edi t the val ue of the ‘racl_password’ parameter accordi ngl y. Change the val ue of
the ‘racl _i nterval ’ parameter to adjust the frequency of connecti ons to ERA Server (i n mi nutes).
You can ei ther use the web i nterface (see al so previ ous chapter) to appl y the new confi gurati on, or you can adjust these
parameters i n the [global] secti on of the ESETS confi gurati on fi l e as fol l ows:
racl_server_addr = "yourServerAddress"
racl_server_port = 2222
racl_password = "yourPassword"
racl_interval = 1
NOTE: Al l appl i cabl e ESET Remote Admi ni strati on Cl i ent vari abl es are l i sted on the esets_daemon(8) man page.
The ESETS daemon confi gurati on wi l l be rel oaded and RACL wi l l connect to ERA Server. You wi l l be abl e to see a newl y
connected cl i ent i n your ERA Consol e. Press the F5 button (or Menu > View > Refresh) to manual l y refresh the l i st of connected
cl i ents.
Figure 6-7. ERA Console.
By usi ng ERA Consol e you can create a confi gurati on task to ESETS daemon from ERA Consol e:
Ri ght cl i ck the connected Client Name
Navi gate to New Task > Configuration Task > Create...
Expand Unix ESET Security tree
For an exampl e of a confi gurati on task by the DAC agent, see bel ow:
19
Figure 6-8. ERA Configuration Editor.
The New Task context menu contai ns On-demand scanni ng opti ons (enabl ed/di sabl ed cl eani ng).
You can sel ect the desi red product, that you wi sh to set the task for, i n the On-Demand Scan pop-up wi ndow i n the
Configuration Section drop-down menu. Make sure that you sel ect the On-demand Scan task for Unix ESET Security Product opti on
(i.e. the product that i s i nstal l ed on your target workstati on).
Figure 6-9. ERA On-demand scan.
20
6.6 Logging
ESETS provi des system daemon l oggi ng vi a sysl og. Syslog i s a standard for l oggi ng program messages and can be used to l og
system events such as network and securi ty events.
Messages refer to a faci l i ty:
auth, authpriv, daemon, cron, ftp, lpr, kern, mail, ..., local0, ..., local7
Messages are assi gned a pri ori ty/l evel by the sender of the message:
Error, Warning, Summall, Summ, Partall, Part, Info, Debug
Thi s secti on descri bes how to confi gure and read the l oggi ng output of sysl og. The ‘syslog_facility’ opti on (defaul t val ue
‘daemon’) defi nes the sysl og faci l i ty used for l oggi ng. To modi fy sysl og setti ngs edi t the ESETS confi gurati on fi l e or use the web
i nterface. Modi fy the val ue of the ‘syslog_class’ parameter to change the l oggi ng cl ass. We recommend you modi fy these setti ngs
onl y i f you are fami l i ar wi th sysl og. For an exampl e of sysl og confi gurati on see bel ow:
syslog_facility = "daemon"
syslog_class = "error:warning:summall"
The name and l ocati on of the l og fi l e depend on your sysl og i nstal l ati on and confi gurati on (e.g. rsysl og, sysl og-ng, etc.).
Standard fi l enames for sysl og output fi l es are for exampl e ‘syslog’, 'daemon.log', etc. To fol l ow sysl og acti vi ty, run one of the
fol l owi ng commands from the consol e:
tail -f /var/log/syslog
tail -100 /var/log/syslog | less
cat /var/log/syslog | grep esets | less
If you enabl e ESET Remote Admi ni strati on, ERA l og entri es ol der than gi ven days by the opti on ‘racl_logs_lifetime’ wi l l be
automati cal l y del eted.
21
7. ESET Security system update
7.1 ESETS update utility
To mai ntai n the effecti veness of ESET Fi l e Securi ty, the vi rus si gnature database must be kept up to date. The esets_update
uti l i ty has been devel oped for thi s purpose. See the esets_update(8) man page for detai l s. To l aunch an update, the confi gurati on
opti ons ‘av_update_username’ and ‘av_update_password’ must be defi ned i n the [global] secti on of the ESETS confi gurati on fi l e.
In the event that your server accesses the Internet vi a HTTP proxy, the addi ti onal confi gurati on opti ons ‘proxy_addr’, ‘proxy_port’
must be defi ned. If access to the HTTP proxy requi res a username and password, the ‘proxy_username’ and ‘proxy_password’
opti ons must al so be defi ned i n thi s secti on. To i ni ti ate an update, enter the fol l owi ng command:
@SBINDIR@/esets_update
To provi de the hi ghest possi bl e securi ty for the end user, the ESET team conti nuousl y col l ects vi rus defi ni ti ons from al l over
the worl d - new patterns are added to the vi rus si gnature database i n very short i nterval s. For thi s reason, we recommend that
updates be i ni ti ated on a regul ar basi s. To speci fy the update frequency, the ‘av_update_period’ opti on must be defi ned i n the
[global] secti on of the ESETS confi gurati on fi l e. The ESETS daemon must be up and runni ng i n order to successful l y update the
vi rus si gnature database.
7.2 ESETS update process description
The update process consi sts of two stages: Fi rst, the precompi l ed update modul es are downl oaded from the ESET server. If the
opti on ‘av_mirror_enabled’ i s set to ‘yes’ i n the [global] secti on of the ESETS confi gurati on fi l e, copi es (or mi rror) of these update
modul es are created i n the fol l owi ng di rectory:
@BASEDIR@/mi rror
If desi red, the Mi rror di rectory path can be redefi ned usi ng the ‘av_mirror_dir’ opti on i n the [global] secti on of the ESETS
confi gurati on fi l e. The newl y created Mi rror can then serve as a ful l y functi onal update server and can be used to create l ower
(chi l d) Mi rror servers. See secti on 7.3 for detai l s.
The opti on ‘av_mirror_pcu’ al l ows you to downl oad Program Component Update (PCU) modul es for Wi ndows-based ESET
securi ty products. These modul es can be mi rrored from the ESET server.
NOTE: Once you set your username, password and l i cense for ESET Fi l e Securi ty to downl oad PCU's for ESET NOD32 Anti vi rus /
ESET Smart Securi ty, pl ease contact our Techni cal Support and request a change, that wi l l enabl e your ESET Fi l e Securi ty to
downl oad PCU's for our Wi ndows-based products.
The second stage of the update process i s the compi l ati on of modul es l oadabl e by the ESET Fi l e Securi ty scanner from those
stored i n the l ocal mi rror. Typi cal l y, the fol l owi ng ESETS l oadi ng modul es are created: l oader modul e (em000.dat), scanner
modul e (em001.dat), vi rus si gnature database modul e (em002.dat), archi ves support modul e (em003.dat), advanced heuri sti cs
modul e (em004.dat), etc. The modul es are created i n the fol l owi ng di rectory:
@BASEDIR@
Thi s i s the di rectory where the ESETS daemon l oads modul es from and thus can be redefi ned usi ng the ‘base_dir’ opti on i n the
[global] secti on of the ESETS confi gurati on fi l e.
7.3 ESETS mirror http daemon
ESETS mi rror http daemon i s i nstal l ed automati cal l y wi th ESET Fi l e Securi ty. The http mi rror daemon starts i f the opti on
‘av_mirror_httpd_enabled’ i n the [global] secti on of the ESETS confi gurati on fi l e i s set to ‘yes’ and the Mi rror i s enabl ed.
Opti ons ‘av_mirror_httpd_port’ and ‘av_mirror_httpd_addr’ defi ne the port (defaul t 2221) and address (defaul t: al l l ocal tcp
addresses) where the http server l i stens.
The opti on ‘av_mirror_httpd_auth_mode’ al l ows access authenti cati on (defaul t: none) to be changed to basi c. The opti ons
‘av_mirror_httpd_username’ and ‘av_mirror_httpd_password’ al l ow an admi ni strator to defi ne the l ogi n and password used to
access the Mi rror.
22
8. Let us know
Dear user, we hope thi s Gui de has provi ded you wi th a thorough understandi ng of the requi rements for ESET Fi l e Securi ty
i nstal l ati on, confi gurati on and mai ntenance. However, our goal i s to conti nual l y i mprove the qual i ty and effecti veness of our
documentati on. If you feel that any secti ons i n thi s Gui de are uncl ear or i ncompl ete, pl ease l et us know by contacti ng Customer
Care:
http://www.eset.com/support
or use di rectl y the support form:
http://www.eset.eu/support/form
We are dedi cated to provi de the hi ghest l evel of support and l ook forward to hel pi ng you shoul d you experi ence any probl ems
concerni ng thi s product.
23
9. Appendix A. PHP License
The PHP Li cense, versi on 3.01 Copyri ght (c) 1999 - 2006 The PHP Group. Al l ri ghts reserved.
Redi stri buti on and use i n source and bi nary forms, wi th or wi thout modi fi cati on, i s permi tted provi ded that the fol l owi ng
condi ti ons are met:
1.Redi stri buti ons of source code must retai n the above copyri ght noti ce, thi s l i st of condi ti ons and the fol l owi ng di scl ai mer.
2.Redi stri buti ons i n bi nary form must reproduce the above copyri ght noti ce, thi s l i st of condi ti ons and the fol l owi ng di scl ai mer
i n the documentati on and/or other materi al s provi ded wi th the di stri buti on.
3.The name “PHP” must not be used to endorse or promote products deri ved from thi s software wi thout pri or wri tten
permi ssi on. For wri tten permi ssi on, pl ease contact group@php.net.
4.Products deri ved from thi s software may not be cal l ed “PHP”, nor may “PHP” appear i n thei r name, wi thout pri or wri tten
permi ssi on from group@php.net. You may i ndi cate that your software works i n conjuncti on wi th PHP by sayi ng “Foo for PHP”
i nstead of cal l i ng i t “PHP Foo” or “phpfoo”
5.The PHP Group may publ i sh revi sed and/or new versi ons of the l i cense from ti me to ti me. Each versi on wi l l be gi ven a
di sti ngui shi ng versi on number. Once covered code has been publ i shed under a parti cul ar versi on of the l i cense, you may
al ways conti nue to use i t under the terms of that versi on. You may al so choose to use such covered code under the terms of
any subsequent versi on of the l i cense publ i shed by the PHP Group. No one other than the PHP Group has the ri ght to modi fy
the terms appl i cabl e to covered code created under thi s Li cense.
6.Redi stri buti ons of any form whatsoever must retai n the fol l owi ng acknowl edgment: “Thi s product i ncl udes PHP software,
freel y avai l abl e from <http://www.php.net/software/>”.
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.