By: Eset  09-12-2011
Keywords: scanner, File Servers, Heuristic Analysis

ESET File Security
The Best Protection for OpenSource File Servers & Desktops
ESET Antivirus for Linux File Servers (LFS) runs seamlessly on all mainstream Linux distributions (RedHat, Mandrake, SuSE, Debian and others) and FreeBSD. The small footprint and fast performance makes NOD32 optimally suited for real-time or on-demand protection of your Linux File System Servers.
Key features
  • ThreatSense™ technology — a single optimized anti-threat engine for analyzing code to identify malicious behavior such as viruses, spyware, adware, phishing, and more.
  • Unprecedented heuristic analysis capable of discovering new malware threats as they emerge.
  • Powerful virtual PC emulation technology enables unpacking and decryption of all types of archives and run-time packing.
  • User-friendly installation and simple configuration.
  • Does not require external libraries or programs except for libc.
  • Flexible six-level infiltration and activity logging.
  • Uses both the on-demand and on-access scanning techniques to secure and protect the entire file system and running processes.
  • Provide file access control over Samba, Nettalk and NFS.
System requirements
  • OS Linux (Kernel 2.2.x, 2.4.x and 2.6.x, glibc 2.2.5 or higher)
  • 5MB hard-disk space and 8MB RAM
  • Dazuko kernel module 2.0.0 and higher
Supported Distribution packages
  • RPM for RedHat, Mandrake and SuSE distributions
  • DEB for GNU/Linux Debian
  • TGZ for all other Linux flavors
  • TGZ for FreeBSD
System architecture
NOD32 for LFS consists of on-demand and on-access scanning modules. The on-demand scanner performs scanning of the selected file system upon user request via command line. Using standard Linux operating system schedulers, various periodic scanning tasks can be pre-defined. The on-access scanner daemon provides real-time monitoring of the entire file system. File scanning is triggered by user or system events that result in file access calls by the Linux kernel. The file infomation is passed on to the NOD32 scanning engine. Depending on the scanning results a predefined action on the file is triggered. File access can be allowed or denied and the appropriate log output is created.
Version 3.0.15
  • fixed some RTP archives unpacking
  • fixed notification scripts for FreeBSD
  • updated manual pages
  • esets_dac(EFS): fixed deadlock on FreeBSD
Version 3.0.14
  • fixed RA client password login to RA server
  • fixed license loading in Turkish locale
  • fixed memory leak in ThreatSense.NET
  • esets_wwwi: enhanced statistics
  • esets_smfi (EMS): using also server's Received header for spam recognition
  • esets_http (EGS): URL whitelist
 Version 3.0.13
  • esets_http (EGS): fixed premature interrupt of connections
Version 3.0.12
  • http server for modules local mirror
  • changed default of av_clean_mode from rigorous to standard
  • esets_daemon: changed settings for ThreatSense.NET
  • esets_imap (EMS): corrected performance with Mozilla Thunderbird
  • esets_http (EGS): fixed threat log in virus notification e-mail
  • esets_http, esets_icap (EGS): optimized URL blocking cache
Version 3.0.11
  • support for FreeBSD 7
  • added system dependencies into 64-bit rpm packages
  • fixed listing of network interfaces with unknown addresses
  • esets_daemon: fixed license issue for EAV BE
  • esets_daemon: continuing even after failed first-time anti-spam modules update
  • esets_daemon: fixed startup with only expired licenses
  • esets_cgp (EMS): CommunigatePro filter
  • esets_scan (EFS): supported ADS scanning
  • esets_scan (EFS): activity indicator for pipe/file output
  • esets_icap, esets_http (EGS): fixed URL blocking cache
  • esets_ssfi (EGS): added man page
  • esets_wwwi: quarantine support
  • esets_wwwi: updated php to 5.2.8
  • esets_quar: fixed samples sending and listing, new option: --list-fmt
  • esets_quar: supported separate quarantine for all users
  • esets_inst: enhanced compatibility with qmail
Version 3.0.10
  • revisited products documentation
  • esets_daemon: fixed memory leak
Version 3.0.9
  • fixed definition of groups of modules for mirror
  • esets_daemon: corrected algorithm for loading of the new modules
  • esets_update: corrected first time update
  • esets_scan (EFS): fixed definition of multiple excludes
  • esets_scan (EFS): no first time update required
Version 3.0.8
  • esets_daemon: no Internet access required for initialization
  • esets_daemon, esets_update: fixed invalid username/password issue for update
Version 3.0.7
  • esets_daemon: fixed Remote Administration client reload on Solaris
  • esets_daemon: fixed unfinished scanlogs sending by Remote
    Administration client on Solaris
  • esets_daemon: secured communication socket removal
  • esets_daemon, esets_update: corrected groupadd and useradd
  • esets_daemon: suppressed long timeouts when terminating
  • esets_daemon: fixed samples submission system reload
  • esets_wwwi: fixed esets_daemon reload on Solaris
  • esets_update: added verbose actualization process output
  • esets_scan (EFS): fixed file scanning on read-only filesystems
Version 3.0.6
  • added checking of user specified TMPDIR environment variable
  • support for MAILBOX format scanning
  • esets_daemon: fixed ESETS_RECIPIENT environment variable
  • esets_inst: added full paths of Postfix binary files
  • esets_update: fixed parsing of update.ver info file
  • esets_wwwi: fixed relocation error on Solaris
  • esets_wwwi: corrected excesive back slashes
  • esets_wwwi: added product version check
  • esets_http (EGS): support for multipart content type scanning
  • esets_dac (EFS): fixed handling of big files (> 2GB)
Version 3.0.5
  • corrected esets user switching
  • enhanced compatibility of Remote Administration client with Solaris
  • fixed higher memory consumption of daemon agents
  • esets_update: corrected defaults setting
  • esets_scan (EFS): enhanced filename character encoding of scanned objects
  • esets_icap (EGS): ICAP server for scanning HTTP messages
  • esets_wwwi: added login/logout control
Version 3.0.4
  • esets_daemon: added control of syntax errors in main configuration file
  • esets_daemon: added anti-virus scanning limits for maximum object size and for maximum object size in self-extracting archives
  • esets_wwwi: enhanced compatibility with Solaris
  • esets_smtp (EMS): correction of TLS support in MTA Postfix
  • esets_scan (EFS): fixed automatic scan of local disks (command line option '--auto')
  • esets_scan (EFS): correction of multiple directories exclusion
  • esets_scan (EFS): fixed Remote Administration client logging
Version 3.0.3
  • Fixed antispam scanning for unprivileged daemon
  • Fixed antispam loading on 64-bit Debian
  • Fixed package extraction on Solaris
  • Fixed non-english messages
  • Updated PHP to version 5.2.6
Version 3.0.2
  • technology ThreatSense v3.0
  • configuration, logging and handle object policy rewritten
  • added Remote Administration client
  • additional supported OS: NetBSD 4, Solaris 10
  • support for 64-bit Linux OS: native binaries (except esets_daemon)
  • esets_http (EGS) - support for non-transparent ftp scanning
  • esets_ftp (EGS) - added huge object handling
  • esets_zmfi (EMS) - ZMailer's content-filter
  • libesets_pac (EFS) - available for all platforms
Version 3.0.1
  • 64bit systems support
  • Added possibilty to run ESET components under user accounts instead of superuser account
  • Added support of FTP communication scanning in manual HTTP proxy mode
  • esets_daemon: added information USERSPEC into daemon log and daemon notification script
  • esets_daemon: correction of infiltrations information passed to agents
  • esets_cli (EMS): correction of action evaluation when multiple files scanned
  • esets_ssfi.so (EGS): support for SafeSquid of version 4.2 and higher
  • esets_http (EGS): support of CONNECT method for user defined ports
  • esets_smfi (EMS): implementation of predefined response of server using SetReply.
  • esets_http (EGS): correction of deleted objects handling
  •  esets_http (EGS): correction of not scanned objects handling
  • esets_ftp (EGS): correction of random stuck of passive connection when STOR command used
  • new product ESET Gateway Security (EGS)
  • existing products NOD32LMS and NOD32LFS were renamed to ESET Mail Security (EMS)
  • and ESET File Security (EFS)
  • antispam engine (EMS)
  • esets_daemon: periodic update of antivirus and antispam databases
  • esets_update: update utility
  • esets_imap, esets_pop3 (EMS): IMAP and POP3 filters
  • esets_http, esets_ftp, esets_ssfi.so (EGS): HTTP, FTP filters
  • and SafeSquid plugin
  • esets_wwwi: web administration interface
  • esets_lic: license utility
  • esets_setup, esets_inst: user-friendly system integrator
  •  Compatibility with 64-bit Debian OS
  • Support for 64bit Linux systems (binaries are executed in 32bit mode
  • nod32d: Fixed bug in daemon communication in case the license has expired
  • Fixed installation instructions for Exim
  •  nod32d: Fixed bug with opening files in quarantine
  •  nod32d: Fixed bug in memory allocation/deallocation with connections established through a proxy server
  • nod32update: Fixed starting of nod32umc and nod32upd.
  • nod32update: Fixed issue with download timeout.
  • nod32d: Improved signal handling regarding download functionality.
  • nod32set: Automatic section creation, if not exists.
  • nod32d, nod32update: More accurate waiting on update completion, fixed bug in memory freeing.
  • nod32update: Fixed issue in finding directory with binary executables
  • nod32smtp (LMS): Mail's header pollution bugfix.
  • nod32d - Added support for scanning of unwanted applications.
  • nod32d - Added functionality to update and reload anti-virus modules.
  • Added possibility to define scanner parameters individually according to the client/server identification.
  • Added possibility to define update parameters via main configuration file.
  • More evaluated product installation mechanism. The installation package does not contain NOD32 modules any more. These are downloaded during the product first initialization stage, if necessary. The package installation process is more user friendly now.
  • nod32d - Enhancement of the license expiration warning functionality.
    The mechanism does not block the scanned objects processing after license expiration, only deactivates the anti-virus scanning functionality and starts
    sending the expiration report notification about scanner deactivation to system administrator.
  • Command line interface testing functionality of NOD32 agent modules is fully replaced by the testing functionality using agent identification parameter 'aid'.
  • Major changes in documentation.
  •  nod32 - Command line parameters support of scan-timeout, scan-max-size,
    max-archive-level and tmp-dir in on-demand scanner.
  • nod32 - Implementation of new command line parameters max-subdir-level, symlink
    in on-demand scanner.
  • nod32 - Fixed bug related with the determination of directories excluded
    from scanning using command line interface.
  • libnod32pac.so - SELinux support implementation.
  • nod32d - Fixed bug in thread manager.
  • Better system coordination based on maintenance of all resident agent modules services by using main system daemon 'nod32d'  (Start of resident agent modules is controlled by parameters 'agent_enabled' of the main NOD32 configuration file.)
  • Implementation of so called actions policy in 'on-access' scanner, i.e. possibility to define a variety of actions depending on the scanning result.
  • Unified logging system of all the modules.
  • Implementation of nod32set module to provide comfortable modifications of NOD32 configuration file.
  • Update of the product documentation (changed structure, new information).
  • End of the product development for FreeBSD OS version 4.X. (technical support stays for NOD32BFS 2.51.x). The reason is insufficient support of libc.so.4 library used in FreeBSD OS version 4.x.
  • nod32 - license handling fixed in on-demand scanner module
  • nod32_update - implementation of mechanism to solve critical states during update
  • correct handling of restart statement within initialization scripts of deb packages
  • fixed parsing in e-mail header for logs
  • fixed bug in state of scan (clean vs. not scanned)
  • Performance improvements in NOD32MDA
  • Minor bug fixes in NOD32MDA
  • Implementation of maximum archives descension level of scanner.
  • Implementation of maximum scanning time (soft limit).
  • Implementation of maximum unpacked archive size limit.
  • Quarantine functionality implementation.
  • Support for logrotate of internal daemon logging output.
  • nod32umc: selective download of groups of component modules.
  • Samples submission system re-implemented as individual process automanaged by main daemon.
  • License expiration warning mechanism added.
  • Better temporary files handling.
  • Daemon--agent communication stability fixed.
  • Support for scanning of uuencoded messages.
  • nod32lfs - selfextracting archives support added
  • nod32lfs - adware and unsafe applications scanning support added
  • nod32 - prompt action added into on-demand scanner
  • nod32 - fifo pipes scanning bug fixed
  • nod32umc - return values problem fixed
  • support for Linux Kernel 2.6.x
  • support for FreeBSD 5.x
  • nod32upd (possibility to create mirror even if base directory is not defined)
  • nod32 (possibility to add exclusions to the scanlist)
  • nod32 (simple activity indicator)
  • nod32 (logging format changed)
  • nod32 (debug log level added - reports all scanned objects)
  • nod32 (correct handling of symbolic links)
  • nod32 and nod32fac (scanner modules versions info available)
  • nod32unc (possibility of obsolete modules removal)

Keywords: Emulation Technology, File Servers, Heuristic Analysis, scanner,

Contact Eset

Email - none provided

Print this page

Other products and services from Eset



Powerful virtual PC emulation technology enables unpacking and decryption of all types of archives and run-time packing. Streamline ThreatSense updates from a single office through this server version of NOD32 to save bandwidth. Prevents infected files from being opened and executed, and warns on creation of infected files. All the same great protection features as NOD32 for Windows. Server-based protection for workgroups and branch offices.



SysInspector Integration SysInspector is a powerful diagnostic tool allowing for in-depth analysis of aspects of the operating system, including running processes, registry content, startup items and network connections. Self-DefenseSelf-Defense is a useful feature protecting our processes and registry keys against malware trying to disable or negatively affect computer?s protection status.



It is a unique bundle, which includes subscriptions to NOD32 for windows workstations and file servers, as well as our powerful Remote Administrator Console. Simply indicate how many nodes you wish to protect on your network, how many file servers and what type, and we'll send you the appropriate license keys.



An on-demand scanner, which can be run manually on specific files or disk segments. Utilizes the proprietary Microsoft API for scanning Microsoft Office documents. It can also be scheduled to run during off-peak times.


Eset - Products

These are categorized into four different sections, each of which can be expanded into an easy-to-use directory tree style system. It provides access to the various features, tools and settings and fully integrates all installed system components. For increased security, the key settings can be password protected to prevent unauthorized access and modification. The NOD32 Control Center is the central management module.