Jump to content

Mirror tools linux as offline repository virus signature


Recommended Posts

Good day comrad,

May i use mirror tools linux as offline repository virus signature?

I have Linux ESET Protect 8.0, and performed the mirror tool. Opened the directory of mirrorepo through apache on http.

Acted according to the instructions: https://help.eset.com/protect_install/80/en-US/mirror_tool_linux.html

Setting test workstation (ESET MA 8.0.1238.0 and ESET EA 6.5.2132.6 ) on intranet repository and when update virus signature have error "File on server not found"

 

 

Link to post
Share on other sites
  • Administrators

A preferred way to update more machines in a network is via an http proxy. Unlike update from a mirror, the machines would receive streamed updates and would also communicate with LiveGrid servers and thus receive maximum protection at all times.

As for the issue updating from the mirror, how did you configure the update server on clients? Can the path to the mirror be opened in a browser?

Link to post
Share on other sites
10 minutes ago, Marcos said:

As for the issue updating from the mirror, how did you configure the update server on clients?

For begin i setting update server manualy hxxp://192.168.0.25/mirrorRepo

10 minutes ago, Marcos said:

Can the path to the mirror be opened in a browser?

Yes, it`s opened.

Apache log when trying to update a workstation:

192.168.0.124 - - [16/Feb/2021:10:18:28 +0300] "HEAD /mirrorRepo/update.ver HTTP/1.1" 404 196 "-" "ESS Update (Windows; U; 32bit; PVT F; BPC 6.5.2132.6; OS: 5.1.2600 SP 3.0 NT; TDB 48489; CL 1.0.0; LNG 1049; x32c; APP eea; ASP 0.0; PX 0; PUA 1; CD 0; RA 1; UNS 1; SHA256 0; WU 4; HWF: 010075DE-583E-8AA1-EC9D-A2A92FEEF81C; PLOC ru_ru; PCODE 107.0.0; PAR -1; ATH -1; DC 0; RET 2103)"

 

Use command for create repo:
 

./MirrorTool --repositoryServer AUTOSELECT \
--offlineLicenseFilename /etc/eset/ERA-Endpoint.lic \
--intermediateRepositoryDirectory /tmp/repoTemp \
--outputRepositoryDirectory /var/www/html/mirrorRepo/ \
--languageFilterForRepository ru_RU \
--productFilterForRepository Antivirus Security \
--downloadLegacyForRepository

 

Edited by sergio_sd
Link to post
Share on other sites
  • Administrators
2 minutes ago, sergio_sd said:

This is upset :(

https://help.eset.com/protect_install/80/en-US/apache_http_proxy.html

Caching function

Apache HTTP Proxy downloads and caches:

ESET module updates

Installation packages from repository servers

Product component updates

Cached data is distributed to endpoint clients on your network. Caching can significantly decrease internet traffic on your network.

Link to post
Share on other sites
  • Administrators
22 minutes ago, sergio_sd said:

Apache log when trying to update a workstation:


192.168.0.124 - - [16/Feb/2021:10:18:28 +0300] "HEAD /mirrorRepo/update.ver HTTP/1.1" 404 196 "-" "ESS Update (Windows; U; 32bit; PVT F; BPC 6.5.2132.6; OS: 5.1.2600 SP 3.0 NT; TDB 48489; CL 1.0.0; LNG 1049; x32c; APP eea; ASP 0.0; PX 0; PUA 1; CD 0; RA 1; UNS 1; SHA256 0; WU 4; HWF: 010075DE-583E-8AA1-EC9D-A2A92FEEF81C; PLOC ru_ru; PCODE 107.0.0; PAR -1; ATH -1; DC 0; RET 2103)"

It looks like that module updates work. If you want to update from a mirror and troubleshoot the issue, please provide a screen shot from Endpoint with the error.

Link to post
Share on other sites
root@esetsrv:/var/www/html# ls -la /var/www/html/mirrorRepo/
итого 20
drwxr-xr-x 4 root   root   4096 фев 12 15:14 .
drwxrwxr-x 5 tomcat tomcat 4096 фев 12 15:56 ..
drwxr-xr-x 3 root   root   4096 фев 12 15:09 com
-rw-r--r-- 1 root   root   3621 фев 12 15:14 info.meta
drwxr-xr-x 3 root   root   4096 фев 12 15:09 third_party
root@esetsrv:/var/www/html#
No file update.ver 

apache.png.20cddca2273fd26fa96b0292ff2a3719.png

EEA.png.693d1b057912f5f1cf1f6b6bbc95d577.png

Link to post
Share on other sites
1 hour ago, sergio_sd said:

Use command for create repo:
 



./MirrorTool --repositoryServer AUTOSELECT \
--offlineLicenseFilename /etc/eset/ERA-Endpoint.lic \
--intermediateRepositoryDirectory /tmp/repoTemp \
--outputRepositoryDirectory /var/www/html/mirrorRepo/ \
--languageFilterForRepository ru_RU \
--productFilterForRepository Antivirus Security \
--downloadLegacyForRepository

 

Be aware that this creates a software repository (offline copy of the installers) and not a module update mirror.

The mirror tool will create either a repository or a update mirror depending on the parameters.

An example for creating a update mirror look like this:

sudo ./MirrorTool --mirrorType regular \
--intermediateUpdateDirectory /tmp/mirrorTool/mirrorTemp \
--offlineLicenseFilename /tmp/mirrorTool/offline.lf \
--outputDirectory /tmp/mirrorTool/mirror

 

You can find a full rundown of the parameters in the online help pages:

 https://help.eset.com/protect_install/80/en-US/mirror_tool_linux.html 

Edited by Rincewind
Link to post
Share on other sites
  • Administrators

The pre-release update channel serves modules before they are server on the regular update channel. I'd say that in 99% modules from the pre-release channel are same as those that are later put on the release channel. However, we don't recommend using pre-release modules on production machines. On the other hand, we recommend using them on a few non-critical systems so that you can notify us about possible issues before the modules are released for all users.

Regarding mirror vs http proxy update, here are several benefits of using http proxy:
- streamed updates; machines are updated every few minutes which enables them to protect you from the very latest threats
- LiveGrid provides another technique for providing rapid response to new threats
- only files that are actually needed to update clients are downloaded. Mirror contains a lot of files that clients will never need. This way you should be able to save even GBs of Internet traffic per month.

Link to post
Share on other sites

Great, it`s work.

./MirrorTool --mirrorType regular \
--intermediateUpdateDirectory /tmp/mirrorTool/mirrorTemp \
--offlineLicenseFilename /etc/eset/MirrorSMK.lf \
--outputDirectory /var/www/html/mirror \
--excludedProduct ep4 ep5 ep7 era6

 

Now be try proxy-apache.

Thanks Marcos, thanks Rincewind.

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...