yurisk.info » Esafe

Website/malware categorization in eSafe

Yuri — Fri, 12 Jun 2009 08:41:02 +0000

If some website gets blocked by eSafe for being categorized wrongly you
may fix it actually very simple. You enter the link below and change the website category; this takes some time , usually from few hours up to a day,for the change to take effect. If website has no category already then update takes effect fast.

filterdb.iss.net/urlcheck/

To see what each category includes:
www-935.ibm.com/services/us/index.wss/detail/iss/a1029077?cntxt=a1027244

When you want to report an item that was falsely detected as virus/malware by
eSafe you should send your request to :

eSafe Certified Professional

Yuri — Sat, 07 Mar 2009 15:30:52 +0000

Recently I’ve taken the 2-day course and then successfully passed eSCP certification and here are some impressions about that. First, for serial certification obtainers,for the main question – what is the gain here? – I will frankly say – I don’t know. This cert isn’t found under ‘most wanted/hot/industry leading’ headings anywhere, so whether it’s gonna get you an advantage in promotion/job search/etc remains an open question.
The course was fully funded by my work and I took part in it for the benfit of the knowledge I would gain there only. And to take test is possible only after you passed the course. So , let’s head over to the course.
The course was administered at 3rd-part learning center but by folks from Aladdin itself ONLY – one of the strong points of the course. As I understood even if the course would be given in the heart of Amazonia,Brazil it still would be presented by Aladdin folks, no ‘certified instructors’ are employed.
There were 2 instructors , one doing talking and helping in labs , and the other helping in labs . While first instructor is from Presale team, she could answer any technical questions I had (“- Can you remind me name of the file to add Ip address to the interface so it survives reboot, unlike ifconfig ?”).

The overall course consisted of approximately 20% presentations/talks and 80% hands-on labs. The contents can be seen here, only that we dealt with version 7 only, not 6.2 as in pdf:
ftp://ftp.aladdin.com/pub/marketing/eSafe/Agenda/Expert_Agenda.pdf .
Every pair of students was given Hellgate appliance to play with. And we used it to the full – our team even succeeded to push beyond the limit,crash and do RMA on our HellGate – fastest RMA ever seen – took 5 mins to bring new Hellgate.

Everyone was given a book-sized course material including presentations we heard and labs. The flow was – presentation then lab. Started with reimaging eSafe from usb, then all config labs as per pdf above. The LDAP lab took much more then was allocated for it as many (including me) are not good fiends with all the AD/LDAP/OU/CN/DN stuff ,eventhough the AD server was preconfigured and we had to just(?) connect eSafe to it.
Due to time shortage we haven’t done Web SSL/Reporter/Proxy (not a big deal for me as I am yet to see any of them in the wild) labs.
All setup had access to the Internet , so URL-filtering we could test real-time.

To conclude – I enjoyed the course, learned lots of new things (my job involves supporting already installed and working eSafe, so I don’t do installing/configuring from scratch the appliance, something our integration department always do) and therefore it was worthwhile.
Upon completion we were given link to password-protected CBT, possibility to open personal account with portal.aladdin.com , link to download eSafe 7.1 ISO disk (every eSafe has built-in evaluation license for 30 days), nice bag, and user/pass and link to the website to take exam.

Now to exam – it is a web based test, with 50 questions and 90 minutes to do it.
The test is pretty easy given you took active part in the course before as it recaptures the same topics. So I did it in about 30 mins, got the web page “Congradulations you passed” and a week later received by a courier framed certificate that I am now eSafe Certified Professional.

eSafe download – demo, docs

Yuri — Wed, 28 Jan 2009 18:48:10 +0000

Today newcomer to our department asked me how he should start learning eSafe – should he install Mail or Gateway on VMware ? Erm … May be docs and manuals (as I did) ? No ,old-fashioned, in our age of
CBTs/virtualization/Camtasia-everywhere buzzwords it needs to be with GUI and interactive, so …
The best way to start learning a product is first to see it – for this Aladdin made a demo econsole.
After you run it it presents you with dosen of eSafe ”machines” to any of which you can login by double clicking and feel like you are configuring a real eSafe machine – all GUI and options are exact copy of real
product. You can get it here after filling form with (ir)relevant details.
Demo econsole

Here is the link for econsole download eSafe 7.1, be aware that is quite important that you use econsole verison matching exactly the
eSafe software version you are trying to connect to. I once had client that installed eSafe 7.0 (some beta release) and downloaded locally econsole from the machine, all worked fine.Then he upgraded eSafe software to 7.1 but did NOT reinstall new econsole , as the result
he couldn’t find bunch of options in the econsole. In worst scenario using non-matching version of econsole to make configuration changes might cause substantial damage to the eSafe software, up to complete reinstall/reimage.
eSafe econsole 7.1
Docs Also freely available at :
eSafe Documenation
Knowledgebase – if you work for Aladdin partner you will have access to
complete knowledgebase , while anyone else can see a smaller part of it (that will suffice for few long
weeks of studying nevertheless ).
kb.aladdin.com

Esafe defaults and some debug commands

Yuri — Sat, 06 Sep 2008 08:50:57 +0000

As any other box esafe comes with some default configs , to much of my surprise it takes too long to find them in the Esafe docs, so here they are:

eConsole TCP port: 43970
eConsole UDP port: 43982
Webmin TCP port: 37233 - https to eSafe, when installed on linux [last eSAfe to support
Windows was eSafe 6 FR2] (https://ip_address_of_esafe:37233)

default username: root
default password: kn1TG7psLu
Webmin username: admin
Webmin password: esafe
econsole default username: admin
econsole default pasword: no such, you will be asked to set on first login or during Webmin configuration

————————————————————————–

Product Configuration file:
/opt/eSafe/eSafeCR/esafecfg.ini

Nitroinspection Configuration file:
/opt/eSafe/esafenipca.ini

eSafe Machine Configuration file:
/opt/eSafe/esafe.ini
eSafe Applifilter Configuration file:
/opt/eSafe/eSafeCR/applifilter2.ini

————————————————————————–

Spool Directory:
/opt/eSafe/eSafeCR/SPOOL/

Advanced antispam and URL filtering (cobion) database Directory:
/var/esafe/ofdb/

Session log files:
/opt/eSafe/eSafeCR/SessionLog/

Machine logs – when debug mode enabled logs get written here:
/var/esafe/log/eSafeCR

Debugging procedure , quite standard procedure, provided load on the machine permits
(High Debug mode loads the machine a lot!) you may shorten the time of troubleshooting
when opening ticket in Aladdin.
You need to re-create the problem first in high debug level (you can do it with eConsole: Options > Troubleshooting… > Clear Log Files > choose High troubleshooting level > re-create the problem > choose “Off” to turn off troubleshooting level)

How to create support file:

cd /opt/eSafe
./esafeinf
Collecting eSafe info and log files, Please wait …

Information successfully logged in
/var/log/1004562_xxxxxxx3430esglog.tar.gz.

or:

enter Webmin (https://ip_address_of_esafe:37233) > Support > Create and download eSafe Support Info file
————————————————————————–

eSafe Machine configuration script (script has same functionality as Webmin does):

cd /opt/eSafe
./esgmenu