Jump to content

J.J.

ESET Staff
  • Content Count

    49
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by J.J.

  1. Hello JasonLFL

    Thank you for provided log files.

    I checked them and it looks there are more issue at this machine:

    02/15/2021 10:05:39 AM,Real-time protection service,Syscall init_module returns error: Operation not permitted,root
    02/15/2021 10:05:39 AM,Real-time protection service,"Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs.",root
    02/15/2021 10:06:40 AM,Updating service,Error updating Antivirus modules: Update information is not consistent.,eset-eea-updated

    02/10/2021 02:27:21 PM,Updating service,Error updating Antivirus modules: Update information is not consistent.,eset-eea-updated
    02/10/2021 03:02:36 PM,Licensing service,Cannot receive data from server: Network is unreachable,eset-eea-licensed
    02/10/2021 03:02:36 PM,Licensing service,Cannot receive data from server: Network is unreachable,eset-eea-licensed
    02/04/2021 12:22:02 PM,Licensing service,Cannot read from file /var/opt/eset/eea/licensed/license_cfg.json: Permission denied,eset-eea-licensed
    02/04/2021 12:22:02 PM,Real-time protection service,Syscall init_module returns error: Operation not permitted,root

     

    There are issues with access rights and also with reaching our update servers and modules update. It could be caused by installing the product with lack of privileges etc. I would suggest to uninstall it and install with root privileges. And also check connection to our servers.

    Here you can find which ports and IPs needs to be reachable:

    https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-eset-product-with-a-third-party-firewall

    Also issue could be caused by secure boot please check if it is enabled. In case it is enabled it is needed to disable it because secure boot is not supported.

    You can use following commands to check the state of secure boot:

    sudo apt-get install mokutil
    mokutil --sb-state

  2. 21 hours ago, JasonLFL said:

    Hi JJ,

    I've pushed the logs to the ftp server.  I've uninstalled and reinstalled twice now - same issue each time.  When EEA/ESET packages are installed, it automatically downloads everything for 5.4 kernel.  If I try to uninstall the 5.4 kernel packages, EEA/ESET is included in the items to be removed as they are dependent on the 5.4 kernel.

    Hello

    Could you please provide me with the file name, I will need it to identify the file with log files. Please send me the file name via PM. I will check the logs and let you know.

    Thank you

  3. 4 hours ago, JasonLFL said:

    Marcos,

    I've got 7.1.9.0 installed - the eea/eset packages still insists that kernel 5.4 be installed even though the system is running on kernel 5.8.  It compiles the .ko against 5.4 rather than 5.8.

    At this point, it's not updating the detection engine nor is real-time file system protection running.

    image.thumb.png.495e03a2bce24895301e13db81c5acac.png

    Hello

    Could you please provide us with log files from affected machine?

    To collect log files please follow instructions in manual:

    https://help.eset.com/eeau/7/en-US/collect-logs.html

    Upload log files to ftp.nod.sk/support/

    And provide us with information about file name.

     

    Also recommendation I would suggest is to completely uninstall product, check if you have installed krenel, kernel-devel and kernel-headers in same version for kernel which is actually in use.

    Thank you.

  4. On 1/29/2021 at 11:52 AM, Dingolino said:

    I had not. Thank you.
    (This product is terribly tricky. Where can I read how to master all this? The manual is definitely too short)

    Hello

    I would suggest man pages every agent have man page, for example you can usecommand man esets.cfg

    Also I prepared and exported all of them to pdf, It would be more comfortable. Here you can download them:

    http://ftp.nod.sk/~jedovnicky/esets_manpages.zip

  5. 8 hours ago, P0RPL4 said:

    We use the Linux Openmediavault.
    Could you check the  compatibility, we can install ESET on it or not. 

    Thank you.

    Hello,

    The following operating systems of 64-bit architecture are officially supported:

    RedHat Enterprise Linux (RHEL) 6 64-bit

    RedHat Enterprise Linux (RHEL) 7 64-bit

    RedHat Enterprise Linux (RHEL) 8 64-bit

    CentOS 6 64-bit

    CentOS 7 64-bit

    Centos 8 64-bit

    Ubuntu Server 16.04 LTS 64-bit

    Ubuntu Server 18.04 LTS 64-bit

    Ubuntu Server 20.04 LTS 64-bit

    Debian 9 64-bit

    Debian 10 64-bit

    SUSE Linux Enterprise Server (SLES) 12 64-bit

    SUSE Linux Enterprise Server (SLES) 15 64-bit

     

    ESET File Security for Linux has been tested on the latest minor releases of the listed operating systems. Update your operating system before installing ESET File Security for Linux.

    https://help.eset.com/efs/7/en-US/?system_requirements.html

     

    Anyway you can install ESET File Security for Linux also at not supported operating system to test if it works, on your own. If os met all requirements it should work on it, but in case of any issue it will not be supported.

  6. Hello Dingolino

    Thank you for provided log files. We can see the crashes but there are no dumps and stack traces collected,

    It is needed to enable dumps and stack traces and wait for issue occurrence and than collect the dump and also text files from stack trace and info_get.command log. Info_get. command log does not automatically collects the dumps and stack traces and they have to be collected manually.

    Thank you

  7. Hello guys

    Could you please enable core dumps and stack trace and provide us with log files collected by info_get command to investigate the issue?

    Here you can obtain the mentioned script:

    http://ftp.nod.sk/tools/info_get.command/

    Steps to enable core dumps and stack trace:

    1. Stop esets service

    2.run command ulimit -c unlimited
    to enable complete dumps

    3. Please run the esets_daemon with the strace parameter
    "strace -ffo esets_daemon.txt -s 256 /opt/eset/esets/sbin/esets_daemon"

    4. Wait till issue occurs again and send us all esets_daemon.txt*,  and /tmp/bt.* files including fresh info_get command logs.

    5. Output from the infoget command script which is available at: http://ftp.nod.sk/tools/info_get.command/

  8. 1 hour ago, MatthieuB said:

    Hello,
    From a police in Security Management Center I activated the web interface for ESET File Security for Linux clients.
    I have configured the socket, the certifcat and the mdp. I have good access to the interface but cannot connect because I have to enter a login but I did not have to configure it. I tried "admin", "root", "eset" with the password defined in the policy but it does not work.
    What is this default login?
    Regards,

    Hello

    When you want to enable the web interface from ESMC steps are as follows:

    - you will create policy to enable Web Interface

    image.png

    Assign policy to client:

    image.png

    Then you have to generate certificate, so you create new client task to generate certificate and password:

    image.png

    -r is for generating certificate and --password is password:

    image.png

    Then again you choose target:

    image.png

    And its done :)

     

     

  9. Man pages can be accessed from terminal once product is installed commands are:

    man esets_smtp, man esets_pop3, man esets.cfg etc.

    Also here you can download exported man pages http://ftp.nod.sk/~jedovnicky/esets_manpages.zip

    Here is information about user specific configuration:

    USER SPECIFIC CONFIGURATION

     

    The ESETS system implements possibility to define so called user specific configuration, i.e. rele vant con-figuration parameters specific for e-mail recipient and/or e-mail sender can be defined.

     

    As described in section USER SPECIFIC CONFIGURATION of esets.cfg(5) manual page the user spe-cific configuration is created when an appropriate special configuration section created within a special con-figuration file path referenced from this agent section (see main ESETS configuration file) by option user_config = path.

     

    The header name of user specific section must be in general of the following format,

     

    [s_eml|c_eml]

     

    where 's_eml' is server's (i.e. recipient's) fully qualified email address or its domain subset, 'c_eml' is client's (i.e. sender's) fully qualified email address or its subset.

     

    Note that it is not mandatory to define both client' s and server's parts of the header name. In this case the appropriate part not present within header name will be assumed to be not restricted. The following exam-ple shows definition of section with the section header name compound only from the client' s e-mail address for which we would like to define special configuration.

     

    [|username@domain.com]

     

    av_scan_obj_archives = yes

     

    Please, note that thanks to '|' character present at the beginning of section header name, the main ESETS daemon knows that an appropriate email address represents the client's part of the section header name. In case you omit the character '|', the appropriate content of the section header name will be assumed to be its server's part as shown in an example below.

     

    [username@domain.com]

     

    av_scan_obj_archives = yes

     

    Note also that the section header name can be only domain subset of an appropriate fully qualified email address as shown in an example below

     

    [domain.com]

     

    av_scan_obj_archives = yes

     

    or even

     

    [org|domain.com]

     

    av_scan_obj_archives = yes

     

    Once user specific configuration defined, it will be used if main ESETS system control and scanning dae-mon has been instructed about it. The esets_smtp agent will do this automatically and tell the daemon about the first recipient and also about the sender of the message.

     

    Once fully qualified recipient' s and/or sender's email address passed to the daemon, it is compared with section header names found in the special configuration file. The comparison is performed with all section header names consecutively in order as they are written within the file. The configuration appropriate to the first matched section is chosen. If no section header name matches the recipient's/sender's email address passed to the daemon, the configuration appropriate to the agent section from main ESETS configuration file is chosen. The section header name matching algorithm is as follows:

     

    If no recipient's address passed to the daemon or no recipient's part of the section header name present, the algorithm returns match for this part of section header name. If fully qualified recipient' s address 'rcptname@rcptdomain.com' passed to the daemon, the algorithm compares this address and its parts (i.e. consecutively 'rcptname@rcptdomain.com', 'rcptdomain.com', 'com' is compared) with the recipi-ent's part of the section header name.

    Similarly if no sender's address passed to the daemon or no sender's part of the section header name present, the algorithm returns match for this part of section header name. If fully qualified sender' s address 'sndrname@sndrdomain.com' passed to the daemon, the algorithm compares this address and its parts (i.e. consecutively 'sndrname@sndrdomain.com', 'sndrdomain.com', 'com' is compared) with the sender's part of the section header name.

     

    If both comparison steps described above return match the configuration appropriate to the section header name is chosen. On the other hand if at least one of the steps returns no match, an appropriate section is skipped.

  10. Hello Pentode

    To install ESET NOD32 Antivirus for Linux Desktop on Mint which is based on Ubuntu (Debian) it is needed to:

    • Open Terminal
    • Set root password using command (sudo passwd root)
    • Install glibc library using command (apt-get install libc6:i386)
    • Install libappindicator1 to show icon in upper tray using command (apt-get install libappindicator1)
    • Download the install package and set the execute privileges
    • Install package, reboot, icon will be shown at upper right corner

    Some info also mentioned in following KB:

    https://support.eset.com/kb2653/?locale=en_US&viewlocale=en_US

    There is some post for solving this issue at Ubuntu itself too (Just for information):

     

  11. On 5/24/2019 at 7:43 PM, Nova said:

    Thank you J.J. that worked for 1 Server hopefully it will last for a while! 

    On the second server it doesn't work with these instructions got "Error downloading update.." had to purge the deb packet.

    After reinstallation the update works but on the first server i had newer files:

    +-+--------------------+------------------------+------------------------+
    | | Module             | Available version      | Installed version      |
    +-+--------------------+------------------------+------------------------+
    | | loader             |        1072 (20180813) |        1072 (20180813) |
    | | perseus            |      1551.1 (20190424) |      1551.1 (20190424) |
    |*| engine             |       19412 (20190524) |       19411 (20190524) |
    | | archiver           |        1287 (20190516) |        1287 (20190516) |
    | | heuristic          |        1192 (20190204) |        1192 (20190204) |
    | | cleaner            |        1192 (20190507) |        1192 (20190507) |
    +-+--------------------+------------------------+------------------------+
     

    as on the backup server:

    Virus signature database has been updated successfully.
    ESETS Update utility
    +-+--------------------+------------------------+------------------------+
    | | Module             | Available version      | Installed version      |
    +-+--------------------+------------------------+------------------------+
    | | loader             |        1072 (20180813) |        1072 (20180813) |
    | | perseus            |      1549.3 (20190326) |      1549.3 (20190326) |
    | | engine             |       18779 (20190128) |       18779 (20190128) |
    | | archiver           |        1285 (20190313) |        1285 (20190313) |
    | | heuristic          |        1192 (20190204) |        1192 (20190204) |
    | | cleaner            |        1183 (20190305) |        1183 (20190305) |
    +-+--------------------+------------------------+------------------------+
     

    How to fix that without corrupting the installation again?

    thx

    It work for me when I deleted modules and updated using esets_update. This looks that something else is corrupted or some other issue with download. It is strange if both updates directly from ESET servers. It should work when you clean the cache and modules that all will be downloaded completely fresh.

  12. 8 hours ago, Nova said:

    Again, after sucessfull updates i see on my 2 Servers (Ubuntu Server 16.04) again errors in the syslog file that the update was not sucessfull. With manually started updates from the shell ./esets_update --verbose i get on both that 3 files are corrupted, after i got the updates fixed in the night after several times of manually start the update from the shell (./esets_update) - on both servers!

    As both servers are located in different data centers i believe your update files or servers are the reason, there is no proxy or something between my servers and the update servers. Over time it's annoying that this issue appears very often in some cases i could only fix it by copying the em*.dat files and whole lib folder from one server where the update is working to the other server where the update files are corrupted again.

    • Re-installation of the ESET Gateway Security as descriped in your manual doesn't fix the issue.
    • Removing/moving  the emu and dup files doesn't fix the issue.

    Without regular updates the product is useless? What's the solution?

     

     

     

     

    It is needed to do the following steps to fix the issue because some of the modules are probably corrupted.
    The best way is to stop the service, clean update cache, delete the modules and download completely fresh update files and modules will be recompiled and added to /var/opt/eset/esets/lib

    - stop service
    - delete content of modules directory /var/opt/eset/esets/lib
    - clean the update cache directory /var/opt/eset/esets/lib/data/updfiles
    - clean logs direcotry /var/log/esets/
    - run update manually deleted modules will be replaced for fresh /opt/eset/esets/sbin/esets_update --verbose
    - once update is successfully done you can start the service

  13. On 4/21/2019 at 12:58 PM, RajGopalBH said:

    Dear Eset ,

     

    I am trying to install eset nod 32 antivirus in Fedora 29 operating system . Earlier I used Ubuntu 18.04 and I had to type this command 

    "sudo apt-get install libcanberra-gtk-module:i386 " for installing antivirus  but Now I am confused with Fedora OS  .

    Can anyone specify the equivalent packages in fedora 29 so that I can proceed with installation ?

    Before installation I disabled selinux in this way .

    sudo sed -i 's/selinux=enforcing\|selinux=permissive/SELINUX=disabled/I' /etc/selinux/config .

     

    Please some one guide me to install this software in fedora 29 .

    Disable Selinux (Selinux is not supported by our product):

    To disable SELinux, configure SELINUX=disabled in /etc/selinux/config:
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #       enforcing - SELinux security policy is enforced.
    #       permissive - SELinux prints warnings instead of enforcing.
    #       disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of these two values:
    #       targeted - Targeted processes are protected,
    #       mls - Multi Level Security protection.
    SELINUXTYPE=targeted

    Disable Wayland (Wayland is not supported by our product)
    You can do this on Fedora 29 by editing /etc/gdm/custom.conf and uncommenting the line "#WaylandEnable=false"

    Install GlibC
    - yum install libc6.i686

    Install Gnome tweak tool:
    - yum install gnome-tweak-tool

    Install TopIcons Extension:
    - yum install gnome-shell-extension-topicons-plus

    Pre-Requisities: You need the make utility :
    # Debian, Ubuntu
    sudo apt-get install make
    # Red Hat, Fedora
    sudo dnf install make
    Download the code to any folder, using git:
    git clone https://github.com/phocean/TopIcons-plus.git

    Go into the TopIcons Plus project directory and execute the installation script.
    cd TopIcons-plus
    make install

    This will compile the glib schemas and copy all the necessary files to the GNOME Shell extensions directory for your own user account (so you don't need admin privileges to run make). By default, TopIcons Plus will live in the directory 
    ~/.local/share/gnome-shell/extensions/TopIcons@phocean.net/.

    If you want to install the extension so that it will be usable system-wide, you'll have to change the INSTALL_PATH variable, and run as root.
    sudo make install INSTALL_PATH=/usr/share/gnome-shell/extensions

    Finally, launch the gnome-tweak-tool utility to manage extensions. There, you can enable TopIcons Plus and then tweak its look and feel.

    Enable Top Icons plus using Gnome Tweak tool
    - Screenshot attached

    topicons01.jpg?version=1&modificationDat

    Install ESET NOD32A Antivirus for Linux Desktop

    topicons02.jpg?version=1&modificationDat

  14. 51 minutes ago, Axel.HARTH said:

    Thanks for your reply.

     

    Due to a project constraint, I have to use the 4.5.11.

    Before, we were installation this version of ESET on SLES 12.3 and it was working well.

    We have recently moved to SLES 12.4 and we now get this error when starting the esets service.

     

    For information, esets.service exit with status=69

     

    Just for testing purposes can you check if it is working with newest version? It could be interesting to know, if issue is present too with new version. There can be some changes in SLES 12.4

  15. 24 minutes ago, Axel.HARTH said:

    Hi,

     

    I get the error "Cannot initialize scanner : Modules mapping directory not found " when I start the ESET file security.

    I have a Linux server with the OS SLES-12.4 installed on it.

     

    From a freshly installed Linux, I just install the glibc-locale-32bit and then I install the esets.x86_64.rpm.bin (version 4.5.11).

    I have imported my license file and then I start eset with the command

    $ systemctl start esets

     

    And I get the error "Cannot initialize scanner : Modules mapping directory not found ".

     

    Do you know what sould I do to fix this bug?

    May I ask why are you installing 4.5.11 when 4.5.13 is available?

    https://www.eset.com/int/business/file-security-linux/download/

    - I would suggest to uninstall previous version and make clean install of version 4.5.13 and check if issue persist.

    reboot system after uninstallation

  16. Here is detailed explanation how to properly install ESET NOD32 Antivirus for Linux desktop at Ubuntu 18.04

    To install ESET NOD32 Antivirus for Linux Desktop on Ubuntu 18.04

    • Open Terminal
    • Set root password using command (sudo passwd root)
    • Install glibc library using command (apt-get install libc6:i386)
    • Install libappindicator1 to show icon in upper tray using command (apt-get install libappindicator1)
    • Download the install package and set the execute privileges
    • Install package, reboot, icon will be shown at upper right corner

     ubu02.jpgubu01.jpg

    ubu03.jpg

    ubu04.jpg

    ubu05.jpg

    ubu06.jpg

    ubu07.jpg

    ubu08.jpg

    ubu09.jpg

  17. On 4/8/2019 at 10:45 AM, PodrskaNORT said:

    "Dashboard" page is resposive which is OK, I guess..

    Problem

    Looks like "Dashboard" is the only page that is responsive 😕

    Will that be addressed in final version?

    What is the operating system you are experiencing the issue? Maybe log files would be useful, because I am testing it too, but web interface works with no issues for me.

  18. 23 hours ago, PodrskaNORT said:

    Web interface password change procedure is a little bit "strange" for a modern web standards, and also differs from other programs of ours. Could confuse non-savvy users.

     

     

    Can you be little bit more specific?

    What is strange on using setgui with parameter -p?

    sudo /opt/eset/efs/sbin/setgui -h
    Usage: setgui [OPTIONS..]
    ESET File Security BETA GUI setup utility
    
    Options:
      -g, --gen-password            Generate new password
      -p, --password=PASSWORD       Set new password
      -f, --passfile=FILE           Set new password from file
      -r, --gen-cert                Generate new private key and certificate
      -a, --cert-password=PASSWORD  Set certificate password
      -l, --cert-passfile=FILE      Set certificate password from file
      -i, --ip-address=IP:PORT      Server address
      -c, --cert=FILE               Import certificate
      -k, --key=FILE                Import private key
      -d, --disable                 Disable GUI
      -e, --enable                  Enable GUI
    Common options:
      -h, --help                    show help and quit
      -v, --version                 show version information and quit
    
    
  19. 23 hours ago, PodrskaNORT said:

    When you try to download Eicar test in console - EFSLx stops it, deletes.

    But console shows that all is fine. Is that intended?

    • admin@server:~/Virus$ wget hxxp://www.eicar.org/download/eicar.com.txt
    • --2019-04-08 08:56:29--  hxxp://www.eicar.org/download/eicar.com.txt
    • Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
    • Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
    • HTTP request sent, awaiting response... 200 OK
    • Length: 68 [application/octet-stream]
    • Saving to: ‘eicar.com.txt’
    • eicar.com.txt 100%[==================================>]      68  --.-KB/s    in 0s
    • 2019-04-08 08:56:30 (21.4 MB/s) - ‘eicar.com.txt’ saved [68/68]

    Realtime protection works on events open, create, execute. It is not the protocol filtering. So, eicar was deleted by realtime protection during event create. This explains the behavior.

×
×
  • Create New...