[pmg-devel] Antivirus support for Kaspersky Endpoint Security for Linux (kesl)
Davide Bozzelli
davide.bozzelli at gmail.com
Tue Jan 8 16:38:07 CET 2019
As promised the following is some info about kesl (kaspersky enpoint
security).
The command line utility to interact with the service
is: /opt/kaspersky/kesl/bin/kesl-control
There is no simple way to have a clamdscan like functionality in oder to
scan a file and get the virus name.
HOW TO RUN A SCAN
--------------------------------
So after some researching i've found the following steps:
1) create a task file settings in which i will put the filename to scan,
something linke:
FirstAction=Skip
ScanMailBases=Yes
ScanPlainMail=Yes
UseAnalyzer=Yes
HeuristicLevel=Medium
[ScanScope.item_1]
Path=/tmp/eicar_com.zip
2) create a task: /opt/kaspersky/kesl/bin/kesl-control --create-task
$task_name --type ODS --file $task_file
3) run task: /opt/kaspersky/kesl/bin/kesl-control --start-task $task_name
-W
the -W parameter force to wait the end of the task
4) delete task: /opt/kaspersky/kesl/bin/kesl-control --delete-task
$task_name
5) run a query to find out scan info about filename AND task:
/opt/kaspersky/kesl/bin/kesl-control -E --query "TaskName=='$task_name'
and EventType=='ThreatDetected' and ObjectName=='File' and Filename like
'%$scan_file%'"
HOW TO INTEGRATE WITH PMG-SMTP-FILTER
-------------------------------------------------------------------
Early i haved used system() to run various command but this leads in a
fork() for each command.
I've prefer then to put all the tasks operation in a shell script and then
let run it from perl code.
In this way the perl code is more or less similar to the other used for
avast or clamd.
I'm going to post perl and shell code in a separate mail on this list under
this thread.
Thx
On Tue, Jan 8, 2019 at 12:48 PM Stoiko Ivanov <s.ivanov at proxmox.com> wrote:
> Hi,
>
> Thank you for providing the links and the time you spent integrating it!
>
> I'll give it a look and will try to post my results here this week.
>
>
>
> On Fri, 28 Dec 2018 15:53:01 +0100
> Davide Bozzelli <davide.bozzelli at gmail.com> wrote:
>
> > Basically the product is one: kaspersky endpoint security for linux,
> > sold in two version
> > 1) as endpoint product (standalone av)
> > 2) as specifically for file server
> >
> > LINKS:
> > 1)
> > https://www.kaspersky.com/small-to-medium-business-security/file-server
> > 2)
> >
> https://www.kaspersky.com/small-to-medium-business-security/endpoint-linux
> >
> > Pricing for 1 license of "kaspersky security for file server" is
> > circa 400 euros.
> > Price seems to be fair.
> > AV is daemonized and performace seems to be good (but more slower than
> > avast/clamd).
> > Deb package exists for debian and it's easily to download and test.
> > There is not a simple command line interface like clamdscan or
> > scan/avast but i was able
> > to simulate it.
> >
> > Thx
> >
> >
> >
> > On Fri, Dec 28, 2018 at 3:10 PM Dietmar Maurer <dietmar at proxmox.com>
> > wrote:
> >
> > > > As per topic, I was able to integrate the kaspersky antivirus with
> > > > pmg-smtp-filter.
> > > > I would'nt give any implementation's details here as don't know
> > > > if could
> > > be
> > > > interesting
> > > > for the product.
> > > >
> > > > Do you think would be useful ?
> > >
> > > What is the pricing of that product? Do you have a link to the
> > > product page?
> > >
> > >
> >
>
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>
--
Got problems with Windows? - ReBooT
Got problems with Linux? - Be RooT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pmg-devel/attachments/20190108/a37447ab/attachment.html>
More information about the pmg-devel
mailing list