Jump to content

ESET NOD32 Antivirus for Linux Desktop version 4.0.95.0 bug, active detection don't work for all process


Recommended Posts

Thanks:
First thank you for this nice product :) 

Happy and sad: 
It's really tiring to always have one of version out of two working on Linux, other than the bad/weird fact that we have to check manually for app updates; Every time there is an update I get exited and get happy because the product is rarely updated (it does the job tho, this is what's most important) but on the other hand application updates (not the data base) are a true disaster for a professional commercial product; I always ask my self if the new version would works and do extensive tests each time I update, that should not be the case, we are not beta testers but your paying customers. I know Linux can be complicated (and/or required very technically capable developers) but it's not more complicated than windows on the contrary it's simpler and fully open source... speaking of which I really think you should opensource Nod32 for Linux the product would become way much better. you can still keep the license side of it closed source (even if it's no secret it just use a simple authentication user/pass over web to get the updates...), you really just need to opensource it with an adequate protective license.... anyway I just wanted to share this mixed paradoxal feeling about Nod32 for Linux, it's amazingly great but sadly it is also a mess. the application look like it is just maintained to survive with the very very minimal functionality... even on the financial aspect you have to manually give each new user its license (user/pass) manually, this does not feel like a product from a big company like yours.   

The v4.0.95.0 bug:
After upgrading from v4.0.93.0 to v4.0.95.0 and rebooting of course, start testing with the eicar test file... Nod32 does not detect the virus on a lot of application, chrome browser (was the case before), micro editor, cat from terminal... etc. but it did detect and block the test virus with ark and kwrite... Using a RHEL based system with kernel v4.14.  

Solution: 
Downgrade to v4.0.93.0 where everything works just fine, even with latest Firefox and Chrome...

Link to post
Share on other sites
  • ESET Moderators

Hello @intika,

 

10 hours ago, intika said:

Thanks:
First thank you for this nice product :) 

Thank you for your kind words.

11 hours ago, intika said:

Happy and sad: 
...

The business version is already available in version 7, you can download it at https://www.eset.com/int/business/endpoint-antivirus-linux/download/ according to what you say, I guess you are a business user (license over 5 seats)

It is fully manageable by means of ESET Security Management Center, including the activation (user-name and password is not used for it anymore). 

The on-access scanning is being handled by our own in-kernel module and the whole core product is based on a new, modern and maintained code so the whole UX should be much better for you.

 

11 hours ago, intika said:

The v4.0.95.0 bug:
After upgrading from v4.0.93.0 to v4.0.95.0 and rebooting of course, start testing with the eicar test file... Nod32 does not detect the virus on a lot of application, chrome browser (was the case before), micro editor, cat from terminal... etc. but it did detect and block the test virus with ark and kwrite... Using a RHEL based system with kernel v4.14.  

Please reproduce the issue and provide us with

1. screenshots of the situation 

2. output from the Log collector script https://support.eset.com/en/kb6159-run-the-info-getcommand-on-a-linux-virtual-machine-and-send-the-logs-to-eset-technical-support

3. output from cat /etc/redhat-release

You can pack them together, upload to a safe location and send me the download details over a private message.

Peter

Link to post
Share on other sites

Thanks for your answer, indeed I am running a company and indeed I have multiple licenses BUT i don't use the business version because it does not suit my needs, I don't need a central location to manage the different installations but I need that on each machine the main reason being technically advanced users that need to handle the AV themselves (and we are just 3 with 6 machines). 

On 8/5/2020 at 12:16 PM, Peter Randziak said:

the business version is already available in version 7, you can download it at https://www.eset.com/int/business/endpoint-antivirus-linux/download/ according to what you say, I guess you are a business user (license over 5 seats)

 

I tested the business version as it looked very interesting on paper... BUT it has its glitch as well... 

- First the GUI is just used for notifications, there is no GUI nor possibility to use without ESMC
- "/var/run" which is a system file/directory is included in your rpm for no reason, that can lead to serious issue
- The kernel module had troubles to find the Linux sources...
- The application is hardly linked to openssl v1.0.2 wich is a complete non sens (can not work with greater/lower versions of openssl)  

 

On 8/5/2020 at 12:16 PM, Peter Randziak said:

1. screenshots of the situation 
2. output from the Log collector script https://support.eset.com/en/kb6159-run-the-info-getcommand-on-a-linux-virtual-machine-and-send-the-logs-to-eset-technical-support
3. output from cat /etc/redhat-release

 

I don't have the time for the moment to reinstall and troubleshoot the new version, and i can not send back global logs, the bug is clearly introduced by the new change to your library libesets_pac.so 

I'll post back some logs if I have the time to test that on a vm ;) 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...