[pmg-devel] Antivirus support for Kaspersky Endpoint Security for Linux (kesl)

Davide Bozzelli davide.bozzelli at gmail.com
Thu Jan 10 11:56:09 CET 2019 

Hi

This is the wrapper shell script  I'm using from perl code:

#!/bin/sh

version="1.0"
# $1=subject
# $2=text

die () {

    if [ -e $task_file ]; then
        rm -f $task_file
    fi

    # delete task in the end
    /opt/kaspersky/kesl/bin/kesl-control --delete-task $task_name
>/dev/null 2>&1

    echo >&2 "$@"
    exit 1
}

# verify parms
[ "$#" -eq 3 ] || die "3 argument required, $# provided,
1=task_uuid,2=task_settings_filename,3=file_to_scan"

# use var for command line parms
task_name=$1
task_file=$2
scan_file=$3

# check scan file
if [ ! -e $scan_file ]; then
         die "KAV_ERROR_000: task file: $scan_file does not exist"
fi

# create task
if [ ! -e $task_file ]; then
        die "KAV_ERROR_000: task file: $task_file does not exist"
fi

/opt/kaspersky/kesl/bin/kesl-control --create-task $task_name --type ODS
--file $task_file >/dev/null 2>&1
ret_create_task=$?

# check return value
if [ $ret_create_task -gt 0 ]; then
        die "KAV_ERROR_$ret_create_task: task: $task_name cannot be created"
fi

# start  task
/opt/kaspersky/kesl/bin/kesl-control --start-task $task_name -W >/dev/null
2>&1
ret_run_task=$?

# check return value
if [ $ret_run_task -gt 0 ]; then
        die "KAV_ERROR_$ret_run_task: task: $task_name cannot be started"
fi

# delete task in the end
/opt/kaspersky/kesl/bin/kesl-control --delete-task $task_name >/dev/null
2>&1

# get events
output=`/opt/kaspersky/kesl/bin/kesl-control -E --query
"TaskName=='$task_name' and EventType=='ThreatDetected' and
ObjectName=='File' and Filename like '%$scan_file%'"`
ret_show_events=$?

if [ $ret_show_events -gt 0 ]; then
        die "000_KAV_ERROR_$ret_show_events: task: $task_name cannot show
events"
fi

echo "$output"

exit 0


On Tue, Jan 8, 2019 at 4:38 PM Davide Bozzelli <davide.bozzelli at gmail.com>
wrote:

> As promised the following is some info about kesl (kaspersky enpoint
> security).
>
> The command line utility to interact with the service
> is: /opt/kaspersky/kesl/bin/kesl-control
> There is no simple way to have  a clamdscan like functionality in oder to
> scan a file and get the virus name.
>
> HOW TO RUN A SCAN
> --------------------------------
>
> So after some researching i've found the following steps:
>
> 1) create a task file settings in which i will put the filename to scan,
> something linke:
> FirstAction=Skip
> ScanMailBases=Yes
> ScanPlainMail=Yes
> UseAnalyzer=Yes
> HeuristicLevel=Medium
> [ScanScope.item_1]
> Path=/tmp/eicar_com.zip
>
> 2) create a task: /opt/kaspersky/kesl/bin/kesl-control --create-task
> $task_name --type ODS --file $task_file
>
> 3) run task: /opt/kaspersky/kesl/bin/kesl-control --start-task $task_name
> -W
>      the -W parameter force to wait the end of the task
>
> 4) delete task: /opt/kaspersky/kesl/bin/kesl-control --delete-task
> $task_name
>
> 5) run a query to find out scan info about filename AND task:
>     /opt/kaspersky/kesl/bin/kesl-control -E --query
> "TaskName=='$task_name' and EventType=='ThreatDetected' and
> ObjectName=='File' and Filename like '%$scan_file%'"
>
> HOW TO INTEGRATE WITH PMG-SMTP-FILTER
> -------------------------------------------------------------------
>
> Early i haved used system() to run various command but this leads in a
> fork() for each command.
> I've prefer then to put all the  tasks operation in a shell script and
> then let run it from perl code.
> In this way the perl code is more or less similar to the other used for
> avast or clamd.
>
> I'm going to post perl and shell code in a separate mail on this list
> under this thread.
>
> Thx
>
>
>
>
>
>
> On Tue, Jan 8, 2019 at 12:48 PM Stoiko Ivanov <s.ivanov at proxmox.com>
> wrote:
>
>> Hi,
>>
>> Thank you for providing the links and the time you spent integrating it!
>>
>> I'll give it a look and will try to post my results here this week.
>>
>>
>>
>> On Fri, 28 Dec 2018 15:53:01 +0100
>> Davide Bozzelli <davide.bozzelli at gmail.com> wrote:
>>
>> > Basically the product is one: kaspersky endpoint security for linux,
>> > sold in two version
>> > 1) as endpoint product (standalone av)
>> > 2) as specifically for file server
>> >
>> > LINKS:
>> > 1)
>> > https://www.kaspersky.com/small-to-medium-business-security/file-server
>> > 2)
>> >
>> https://www.kaspersky.com/small-to-medium-business-security/endpoint-linux
>> >
>> > Pricing for 1 license of  "kaspersky security for file server" is
>> > circa 400 euros.
>> > Price seems to be fair.
>> > AV is daemonized and performace seems to be good (but more slower than
>> > avast/clamd).
>> > Deb package exists for debian and it's easily to download and test.
>> > There is not a simple command line interface like clamdscan or
>> > scan/avast but i was able
>> > to simulate it.
>> >
>> > Thx
>> >
>> >
>> >
>> > On Fri, Dec 28, 2018 at 3:10 PM Dietmar Maurer <dietmar at proxmox.com>
>> > wrote:
>> >
>> > > > As per topic, I was able to integrate the kaspersky antivirus with
>> > > > pmg-smtp-filter.
>> > > > I would'nt give any implementation's details here as don't know
>> > > > if could
>> > > be
>> > > > interesting
>> > > > for the product.
>> > > >
>> > > > Do you think would be useful ?
>> > >
>> > > What is the pricing of that product? Do you have a link to the
>> > > product page?
>> > >
>> > >
>> >
>>
>>
>> _______________________________________________
>> pmg-devel mailing list
>> pmg-devel at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>>
>
>
> --
> Got problems with Windows? - ReBooT
> Got problems with Linux? - Be RooT
>


-- 
Got problems with Windows? - ReBooT
Got problems with Linux? - Be RooT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pmg-devel/attachments/20190110/6875bb67/attachment.html>

More information about the pmg-devel mailing list