ESET Update Server Mirror on Linux
Each of you who have to keep a corporate linux server may face the fact that the remarkable ESET antivirus does not have an update server for linux , there is no desire to raise the windows virtual machine with ESET Remote Administrator Server for this, of course, which means it's time to write it by ourselves. The topic does not pretend to be an innovation, this issue has been sufficiently considered on the Internet, however, I have not come across any good solutions, let's bring the script to mind. Our script should be able to find new passwords for official servers on the Internet and support bases for the entire product line, such as Smart Security, Business Edition, Home Edition, Exchange Server.
Let us leave the legitimacy of these actions on your conscience, the article is given to familiarize yourself with the features of updating the anti-virus databases, and is not a guide to breaking the law. To avoid violations, you should use only the Evaluation License from ESET.
So, neonka inside:
Imagine that we have a home directory /var/www/site.ru/web, which is a DocumentRoot for your virtual host. We mean that we put all the files there, unless otherwise stated. Therefore, if we want to run the script through cron, at the beginning of our main script we must put the following actions.
I came across a multi-megabyte creation with the approximate name “Eset Password Finder”, I don’t remember exactly. It is difficult to find a much more effective way to distribute malware to anti-virus users. Quickly looking at the exe-shnik with a hex-viewer, a link to the Chinese site http://www.nnvv.org was found in the symbols, where fresh passwords are laid out daily. We will write a simple parser that outputs a couple of variables in the bash format at the output : We will not invent a bicycle and produce entities, take a ready-made PHP simplehtmldom framework for traversing the DOM tree. Thanks to him, our script will take the following form: make it executable chmod 755 ./getpass.php and leave it at that.
The structure completely repeats the hierarchy of directories on official servers.
Data on the current databases is stored in the file http://update.eset.com/eset_upd/update.ver and it is packed with the old free archiver unrar-0.0.1 , which, however, is incompatible with Roshalevsky . Download unrar-0.0.1 , compile, after compilation put the unrar binary to us in the directory of our place of action. After unpacking, update.ver can be parsed by generating lists of URLs for update files.
We grab fresh passwords using the PHP script we made earlier. To get the databases we use wget with the --timestamping option, which will allow us not to download previously downloaded files again. For caution, we use the official --user-agent , for authorization we use the usual pair --http-user / - http-password . The list of files for wget can be passed with the --input-file = parameter . It's all. Do not forget the resulting script (let's call it nodupdate.sh , for example) register in cron
The full script can be found on Pastebin .
As it turned out, no special utilities or special knowledge is required to make your own mirror of updates. You need to understand that the purpose of this post is only to familiarize yourself with the features of the ESET product update system, and the purpose of the solution is only to save corporate traffic, and in no way can violate the law. In theory, to use this script, you must have legally acquired licenses for all instances of the antivirus updated from the mirror, this remains on your conscience. You can rewrite the code so that it looks only for the Evaluation License, which, it seems, is quite legal to use. One friend has been using this solution for three years, almost unchanged. The weight of all updates will be somewhere around 300 megabytes, taking into account subsequent dockings can grow up to 700-900 meters. Once every six months, you can delete database files to get rid of obsolete files. The update.ver file format itself is very simple, divided into sections, from there you can find out the entire directory structure on the server, and after the release of new ESET products, simply add these paths to the script.
UPD 2012.04.24: Small changes (thanks to zombic y).
Instead of getpass.php we use getpass.sh:
$ cat getpass.sh
#! / Bin / sh
curl www.nnvv.org | \
grep -A1` date +% Y-% m-% d` | \
awk '$ 9 ~ / Password / \
{if (sub (/ Username: /, "+ USERNAME =")) \
{if (sub (/
Password: /, "+ PASSWORD =")) \
{if (sub (/ <\ / p> /, "\ n")) {print $ 8 "\ n" $ 9}}}} '| \
awk -F "+" '{print $ 2}'> pass.sh
The script takes username / password for today's number.
In the nodupdate.sh script, we respectively replace getpass.php with getpass.sh and comment out the line
sed -i 's / \ r //' pass.sh,
it is not necessary.
Let us leave the legitimacy of these actions on your conscience, the article is given to familiarize yourself with the features of updating the anti-virus databases, and is not a guide to breaking the law. To avoid violations, you should use only the Evaluation License from ESET.
So, neonka inside:
0. Location
Imagine that we have a home directory /var/www/site.ru/web, which is a DocumentRoot for your virtual host. We mean that we put all the files there, unless otherwise stated. Therefore, if we want to run the script through cron, at the beginning of our main script we must put the following actions.
CURDIR=/var/www/site.ru/web
cd $CURDIR
1. Where can I get license accounts?
I came across a multi-megabyte creation with the approximate name “Eset Password Finder”, I don’t remember exactly. It is difficult to find a much more effective way to distribute malware to anti-virus users. Quickly looking at the exe-shnik with a hex-viewer, a link to the Chinese site http://www.nnvv.org was found in the symbols, where fresh passwords are laid out daily. We will write a simple parser that outputs a couple of variables in the bash format at the output : We will not invent a bicycle and produce entities, take a ready-made PHP simplehtmldom framework for traversing the DOM tree. Thanks to him, our script will take the following form: make it executable chmod 755 ./getpass.php and leave it at that.
USERNAME=EAV-xxx
PASSWORD=xxx
./getpass.php:
#!/usr/bin/php
require('simple_html_dom.php'); // положите файл фреймворка в наш каталог
$html = file_get_html('http://www.nnvv.org/');
$a=$html->getElementById("#nod32ids")->children(0)->children(0)->plaintext;
$a = str_replace("Username:", 'USERNAME=', $a);
$a = str_replace("Password:", 'PASSWORD=', $a);
echo $a."\n";
?>
2. Creating the necessary directories
mkdir -p ./download/engine3
mkdir -p ./download/engine3ess
mkdir -p ./eset_upd
mkdir -p ./download/win/emsx
mkdir -p ./download/win/v3eav
mkdir -p ./download/win/v3ess
mkdir -p ./download/win/v3eav/pre
mkdir -p ./download/win/v3ess/pre
The structure completely repeats the hierarchy of directories on official servers.
3. Getting update information
Data on the current databases is stored in the file http://update.eset.com/eset_upd/update.ver and it is packed with the old free archiver unrar-0.0.1 , which, however, is incompatible with Roshalevsky . Download unrar-0.0.1 , compile, after compilation put the unrar binary to us in the directory of our place of action. After unpacking, update.ver can be parsed by generating lists of URLs for update files.
wget -q --timestamping http://update.eset.com/eset_upd/update.ver
mv -f update.ver update.rar
cd eset_upd
../unrar e -f -y -c- ../update.rar 2>&1 >/dev/null
cd ..
mv -f update.rar update.ver
grep file= $CURDIR/eset_upd/update.ver |grep "engine3/"| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist1.txt
grep file= $CURDIR/eset_upd/update.ver |grep engine3ess| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist2.txt
grep file= $CURDIR/eset_upd/update.ver |grep emsx| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist5.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3eav|grep -v pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist3.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3ess|grep -v pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist4.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3eav|grep pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist6.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3ess|grep pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist7.txt
4. Receive updates
We grab fresh passwords using the PHP script we made earlier. To get the databases we use wget with the --timestamping option, which will allow us not to download previously downloaded files again. For caution, we use the official --user-agent , for authorization we use the usual pair --http-user / - http-password . The list of files for wget can be passed with the --input-file = parameter . It's all. Do not forget the resulting script (let's call it nodupdate.sh , for example) register in cron
./getpass.php > ./pass.sh
sed -i 's/\r//' pass.sh # убираем виндовый перенос строки после первой строчки, иначе wget с параметром --http-user=$USERNAME не может подключиться к серверу.
source ./pass.sh
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../downlist1.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../engine3ess/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../downlist2.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../win/v3eav/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../downlist3.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../v3ess/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../downlist4.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../emsx/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../downlist5.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../v3eav/pre/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../../downlist6.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../../v3ess/pre/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../../downlist7.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
# sudo crontab -e
50 * * * * /var/www/site.ru/web/nodupdate.sh 2> /dev/null
5. Client setup
- We call the antivirus window
- Press F5, the Advanced setup settings window will appear.
- Update - Update server - Edit - Add
- Add the line http://site.ru if we worked in DocumentRoot, then the update location is like a root, that is, / and not / mirror / or / update / , as it occurs here and there.
- click OK.
- For the greater importance, clear the update cache - Clear update cache . The fact is that an uncleaned update cache can become the reason why an antivirus sometimes stops updating.
6. Summary
The full script can be found on Pastebin .
As it turned out, no special utilities or special knowledge is required to make your own mirror of updates. You need to understand that the purpose of this post is only to familiarize yourself with the features of the ESET product update system, and the purpose of the solution is only to save corporate traffic, and in no way can violate the law. In theory, to use this script, you must have legally acquired licenses for all instances of the antivirus updated from the mirror, this remains on your conscience. You can rewrite the code so that it looks only for the Evaluation License, which, it seems, is quite legal to use. One friend has been using this solution for three years, almost unchanged. The weight of all updates will be somewhere around 300 megabytes, taking into account subsequent dockings can grow up to 700-900 meters. Once every six months, you can delete database files to get rid of obsolete files. The update.ver file format itself is very simple, divided into sections, from there you can find out the entire directory structure on the server, and after the release of new ESET products, simply add these paths to the script.
UPD 2012.04.24: Small changes (thanks to zombic y).
Instead of getpass.php we use getpass.sh:
$ cat getpass.sh
#! / Bin / sh
curl www.nnvv.org | \
grep -A1` date +% Y-% m-% d` | \
awk '$ 9 ~ / Password / \
{if (sub (/ Username: /, "+ USERNAME =")) \
{if (sub (/
Password: /, "+ PASSWORD =")) \
{if (sub (/ <\ / p> /, "\ n")) {print $ 8 "\ n" $ 9}}}} '| \
awk -F "+" '{print $ 2}'> pass.sh
The script takes username / password for today's number.
In the nodupdate.sh script, we respectively replace getpass.php with getpass.sh and comment out the line
sed -i 's / \ r //' pass.sh,
it is not necessary.