Knowledge Base

How to setup external scan agent(s)

One of the greatest features of the new architecture is that it enables scaling of a deployment in a very nice way. The Metascan Linux Server scanning capacity is easily extended using external scan agents.

To provide more scanning capacity to Metascan clients you need to deploy a simple agent to other computers. We strongly suggest creating a dedicated network or VLAN between Metascan Server and the scan agents. You can deploy up to 256 scan agents behind a Metascan Server.

NOTE: Metascan Linux Server has an internal scan agent in place (locally) by default so you can also test Metascan without external agents.

This scan agent will be allocated all available Linux-based engines installed on Metascan server for scanning. Just in case you would like to setup some external (remote) scan agents on different machines, please check details below:

 

Configuring Metascan Server to accept external scan agents

  1. Open the /etc/ometascan/ometascan.conf configuration file on Metascan Server (e.g. command: sudo  vim  /etc/ometascan/ometascan.conf )



  2. In the [global] section create a new entry: address. Value should be one of the IP addresses of that computer or 0.0.0.0 if you want to allow external agents on all network interfaces. In this example, I just need to uncomment (remove "#") for line "address" (you may need to press "Insert" to start edit mode on VIM console)



  3. In the [global] section create a new entry: port. Suggested value is 8009. In this example, I just need to uncomment (remove "#") for line "port" 



  4. Save changes (Press "ESC" to exit insert mode, and then type ":wq" to save changes)
  5. Restart ometascan service using your distribution service manager utility (info) Start / Stop Metascan services

Installing a scan agent on a computer

  1. Download ometascan-agent package from OPSWAT Portal. Be careful to download the suitable package for your distribution. For example, I have a CentOS Metascan server and now I want to setup an external scan agent installed on Ubuntu OS, so should download ".deb" scan agent installation file.



  2. Upload installation package to your test computers. 



  3. Install product:
    • CentOS: sudo yum install <scan_agent_installer>.rpm
    • Debian / Ubuntu: sudo dpkg -i  <scan_agent_installer>.deb

Configuring a scan agent

  1. Open /etc/ometascan-agent/ometascan-agent.conf configuration file on the computer you installed scan agent (e.g. command: sudo vim /etc/ometascan-agent/ometascan-agent.conf )



  2. In the [global] section create an new entry: serveraddress. Value should be the IP address of Metascan Server (in this example, 192.168.200.145). If you have more than one IP address on the server please make sure you enter the address that you put into the configuration file on the server.



  3. In the [global] section create an new entry: serverport. Value should be the same port number you specified in the server configuration.



  4. Save changes (Press "ESC" to exit insert mode, and then type ":wq" to save changes)
  5. Restart ometascan service using your distribution service manager utility (info) Start / Stop Metascan services
  6. Metascan Server starts deploying scan engines and malware databases onto this new agent. You can check the status of installation on Metascan web interface in the Inventory > Scan agents menu.