Mirror ESET Update Server on Linux
Each of you who have to keep a corporate linux server may be confronted with the fact that the noticed ESET antivirus does not have an update server for linux; by ourselves. The topic does not claim to be new, this question has been sufficiently considered on the Internet, however, I did not come across any good solutions, let's bring the script to the mind. Our script should be able to find new passwords to official servers on the Internet and support the bases for the entire product line, such as Smart Security, Business Edition, Home Edition, Exchange Server.
Let us leave the legitimacy of these actions on your conscience, the article is given to familiarize with the features of updating antivirus databases, and is not a guide to the violation of the law. To avoid violations, you should use only the Evaluation License from ESET.
So, neonka vnutre:
Imagine that we have a home directory /var/www/site.ru/web, which is the DocumentRoot for your virtualhost. We mean that we put all the files there, unless otherwise stated. Therefore, if we want to run the script via cron, at the beginning of our main script we need to put the following actions.
I came across a multi-megabyte creation under the approximate name “Eset Password Finder”, I don’t remember exactly. It is difficult to find a much more effective way to distribute malware to anti-virus users. Skimming through the exe-shnik hex-viewer, a link to the Chinese site http://www.nnvv.org was found in the characters, where daily fresh passwords are laid out. Let's write a simple parser that outputs a couple of variables in the bash format:
Let's not invent a bicycle and produce entities, take the simplehtmldom PHP framework to bypass the DOM tree. Thanks to him, our script will take the following form:
The structure completely repeats the hierarchy of directories on official servers.
Data on current databases is stored in the file http://update.eset.com/eset_upd/update.ver and is packed with the old free archiver unrar-0.0.1 , which, however, is incompatible with Roshalovsky . Download unrar-0.0.1 , compile, after compilation put unrar binary in our directory of our locale. After unpacking, update.ver can be parsed by generating lists of update file URLs.
We rob fresh passwords with the help of the PHP script that we made earlier.
To get the databases, we use wget with the --timestamping parameter, which will allow us not to re-download already downloaded files. For caution, use the official --user-agent , for authentication, use the usual pair --http-user / - http-password . The file list for wget can be passed with the --input-file = parameter.
It's all. Do not forget the resulting script (let's call it nodupdate.sh , for example) register in cron
')
The full text of the script can be found on Pastebin .
As it turned out, no special tools or special knowledge are required to make your own mirror of updates. It should be understood that the purpose of this post is only familiarization with the features of the system of updates of ESET products, and the goal of the solution is only to save corporate traffic, and in no case is there a way to break the law. In theory, to use this script, you must have legally acquired licenses for all copies of antivirus updated from a mirror, this remains on your conscience. You can rewrite the code so that it only looks for the Evaluation License , which, it seems, is quite legal to use. One acquaintance has been using this decision for three years now, practically without any changes. The weight of all updates will be somewhere around 300 megabytes, taking into account subsequent downloads can grow to 700-900 meters. Every six months, you can delete database files to get rid of obsolete files. The format of the update.ver file itself is very simple, divided into sections, from there you can find out the entire directory structure on the server, and after the release of new ESET products, simply add these paths to the script.
UPD 2012.04.24: Minor changes (thanks to zombic y).
Instead of getpass.php use getpass.sh:
$ cat getpass.sh
#! / bin / sh
curl www.nnvv.org | \
grep -A1 `date +% Y-% m-% d` | \
awk '$ 9 ~ / Password / \
{if (sub (/ Username: /, "+ USERNAME =")) \
{if (sub (/ <br \ /> Password: /, "+ PASSWORD =")) \
{if (sub (/ <\ / p> /, "\ n")) {print $ 8 "\ n" $ 9}}}} '| \
awk -F "+" '{print $ 2}'> pass.sh
The script takes the username / password for today's number.
In the nodupdate.sh script, respectively, replace getpass.php with getpass.sh and comment the line
sed -i 's / \ r //' pass.sh,
it is not necessary.
Let us leave the legitimacy of these actions on your conscience, the article is given to familiarize with the features of updating antivirus databases, and is not a guide to the violation of the law. To avoid violations, you should use only the Evaluation License from ESET.
So, neonka vnutre:
0. Scene
Imagine that we have a home directory /var/www/site.ru/web, which is the DocumentRoot for your virtualhost. We mean that we put all the files there, unless otherwise stated. Therefore, if we want to run the script via cron, at the beginning of our main script we need to put the following actions.
CURDIR=/var/www/site.ru/web
cd $CURDIR1. Where to get license accounts?
I came across a multi-megabyte creation under the approximate name “Eset Password Finder”, I don’t remember exactly. It is difficult to find a much more effective way to distribute malware to anti-virus users. Skimming through the exe-shnik hex-viewer, a link to the Chinese site http://www.nnvv.org was found in the characters, where daily fresh passwords are laid out. Let's write a simple parser that outputs a couple of variables in the bash format:
USERNAME=EAV-xxx
PASSWORD=xxxLet's not invent a bicycle and produce entities, take the simplehtmldom PHP framework to bypass the DOM tree. Thanks to him, our script will take the following form:
./getpass.php:
#!/usr/bin/php
<?php
require('simple_html_dom.php'); //
$html = file_get_html('http://www.nnvv.org/');
$a=$html->getElementById("#nod32ids")->children(0)->children(0)->plaintext;
$a = str_replace("Username:", 'USERNAME=', $a);
$a = str_replace("Password:", 'PASSWORD=', $a);
echo $a."\n";
?>
let's make it executable chmod 755 ./getpass.php and leave it at that.2. Creating the necessary directories
mkdir -p ./download/engine3
mkdir -p ./download/engine3ess
mkdir -p ./eset_upd
mkdir -p ./download/win/emsx
mkdir -p ./download/win/v3eav
mkdir -p ./download/win/v3ess
mkdir -p ./download/win/v3eav/pre
mkdir -p ./download/win/v3ess/preThe structure completely repeats the hierarchy of directories on official servers.
3. Getting information about updates
Data on current databases is stored in the file http://update.eset.com/eset_upd/update.ver and is packed with the old free archiver unrar-0.0.1 , which, however, is incompatible with Roshalovsky . Download unrar-0.0.1 , compile, after compilation put unrar binary in our directory of our locale. After unpacking, update.ver can be parsed by generating lists of update file URLs.
wget -q --timestamping http://update.eset.com/eset_upd/update.ver
mv -f update.ver update.rar
cd eset_upd
../unrar e -f -y -c- ../update.rar 2>&1 >/dev/null
cd ..
mv -f update.rar update.ver
grep file= $CURDIR/eset_upd/update.ver |grep "engine3/"| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist1.txt
grep file= $CURDIR/eset_upd/update.ver |grep engine3ess| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist2.txt
grep file= $CURDIR/eset_upd/update.ver |grep emsx| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist5.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3eav|grep -v pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist3.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3ess|grep -v pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist4.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3eav|grep pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist6.txt
grep file= $CURDIR/eset_upd/update.ver |grep v3ess|grep pre| sed -e 's/file\=/http\:\/\/um10.eset.com/' |grep -v data > downlist7.txt4. Get updates
We rob fresh passwords with the help of the PHP script that we made earlier.
./getpass.php > ./pass.sh
sed -i 's/\r//' pass.sh # , wget --http-user=$USERNAME .
source ./pass.shTo get the databases, we use wget with the --timestamping parameter, which will allow us not to re-download already downloaded files. For caution, use the official --user-agent , for authentication, use the usual pair --http-user / - http-password . The file list for wget can be passed with the --input-file = parameter.
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../downlist1.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../engine3ess/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../downlist2.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../win/v3eav/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../downlist3.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../v3ess/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../downlist4.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../emsx/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../downlist5.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../v3eav/pre/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../../downlist6.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"
cd ../../v3ess/pre/
wget --timestamping --http-user=$USERNAME --http-password=$PASSWORD --input-file=../../../../downlist7.txt --user-agent="ESS Update (Windows; U; 32bit; VDB 7001; BPC 4.0.474.0; OS: 5.1.2600 SP 3.0 NT; CH 0.0; LNG 1049; x32c; UPD http://um10.eset.com; APP ess; BEO 1; CPU 5964; ASP 0.0)"It's all. Do not forget the resulting script (let's call it nodupdate.sh , for example) register in cron
# sudo crontab -e
50 * * * * /var/www/site.ru/web/nodupdate.sh 2> /dev/null5. Configure the client
- Call the antivirus window
- Press F5, the Advanced setup settings window appears.
- Update - Update server - Edit - Add
- Add a line http://site.ru if we worked in DocumentRoot, then the update location is like a root, that is / and not / mirror / or / update / , as it happens in some places.
- Click OK.
- For greater importance, clear update cache . The fact is that an unclean update cache may cause the antivirus to stop updating at times.
')
6. Summary
The full text of the script can be found on Pastebin .
As it turned out, no special tools or special knowledge are required to make your own mirror of updates. It should be understood that the purpose of this post is only familiarization with the features of the system of updates of ESET products, and the goal of the solution is only to save corporate traffic, and in no case is there a way to break the law. In theory, to use this script, you must have legally acquired licenses for all copies of antivirus updated from a mirror, this remains on your conscience. You can rewrite the code so that it only looks for the Evaluation License , which, it seems, is quite legal to use. One acquaintance has been using this decision for three years now, practically without any changes. The weight of all updates will be somewhere around 300 megabytes, taking into account subsequent downloads can grow to 700-900 meters. Every six months, you can delete database files to get rid of obsolete files. The format of the update.ver file itself is very simple, divided into sections, from there you can find out the entire directory structure on the server, and after the release of new ESET products, simply add these paths to the script.
UPD 2012.04.24: Minor changes (thanks to zombic y).
Instead of getpass.php use getpass.sh:
$ cat getpass.sh
#! / bin / sh
curl www.nnvv.org | \
grep -A1 `date +% Y-% m-% d` | \
awk '$ 9 ~ / Password / \
{if (sub (/ Username: /, "+ USERNAME =")) \
{if (sub (/ <br \ /> Password: /, "+ PASSWORD =")) \
{if (sub (/ <\ / p> /, "\ n")) {print $ 8 "\ n" $ 9}}}} '| \
awk -F "+" '{print $ 2}'> pass.sh
The script takes the username / password for today's number.
In the nodupdate.sh script, respectively, replace getpass.php with getpass.sh and comment the line
sed -i 's / \ r //' pass.sh,
it is not necessary.
Source: https://habr.com/ru/post/125367/
All Articles