Jump to content

esets_daemon freeze - 2020 version


Go to solution Solved by ESET Security Forum,

Recommended Posts

It looks like the problem is back again. I think Is is happen after todays update at 2PM.

 

/opt/eset/esets/sbin/esets_daemon --version
/opt/eset/esets/sbin/esets_daemon (esets) 4.5.15

There is a lot of /tmp/bt.esets_daemon.* files

cat bt.esets_daemon.EkR1IE
signal = 11
bad addr = 0xcfc00004

 

/opt/eset/esets/sbin/esets_update  --verbose
Naruszenie ochrony pamięci 
(translate: Memory protection violation)

 

Esets hung in starting loop

systemctl start esets.service
Job for esets.service failed because a fatal signal was delivered to the control process. See "systemctl status esets.service" and "journalctl -xe" for details.

"journalctl -xe"
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: ESET Security Daemon, Version 4.5.15
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: Start Antivirus scanner initialization
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: Searching for section dac in configuration
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: Using configuration for section dac
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: ESET Security Daemon, Version 4.5.15
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: Start Antivirus scanner initialization
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: Searching for section dac in configuration
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: Using configuration for section dac
Nov 19 15:26:23 eset-mail esets_daemon[3078]: debug[0c060000]: ESET Security Daemon, Version 4.5.15
Nov 19 15:26:23 eset-mail esets_daemon[3078]: debug[0c060000]: Start Antivirus scanner initialization
(...)

Server : centos 7.9.2009 (64), rebooted.

 

Link to comment
Share on other sites

Quote

same problem started the same time. Possible corruption of new patterns?

same problem using RHEL 6 and also on CentOS7

daemon and eset_update throwing secmentation fault. Update logfile and systemctl status:
 

[root@server eset]# cat /tmp/bt.esets_update.yBOi3p
/lib/ld-linux.so.2(+0x9ab6)[0xf779bab6]
/lib/ld-linux.so.2(+0x9ab6)[0xf779bab6]
/lib/ld-linux.so.2(+0xa356)[0xf779c356]
/lib/libc.so.6(+0x134aec)[0xf76d0aec]
/lib/libc.so.6(_dl_sym+0x1a)[0xf76d0f8a]
/lib/libdl.so.2(+0xdf1)[0xf775cdf1]
/lib/ld-linux.so.2(+0xf9ba)[0xf77a19ba]
/lib/libdl.so.2(+0x138c)[0xf775d38c]
/lib/libdl.so.2(dlsym+0x58)[0xf775ce58]
./esets_update(_Z9nod_dlsymP11_nod_dll_t_PKc+0x3f)[0x809fccf]
./esets_update(_Z31AppGetProcAddressImplementationPvPKcPS_+0x25)[0x808bf34]
./esets_update(_Z12api_callbackjz+0x14fa)[0x8072d72]
[0xf723295d]
[0xf70c3f42]
[0xee25c7e6]
[0xee3f86fa]
[0xee3f863a]
signal = 11
bad addr = 0xcfc00004

[root@vm esets]# systemctl status esets
● esets.service - ESET Scanner Daemon
   Loaded: loaded (/usr/lib/systemd/system/esets.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2020-11-19 15:05:32 CET; 1h 36min ago
 Main PID: 35664 (code=exited, status=0/SUCCESS)

Nov 19 15:05:05 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[92027] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:08 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57176] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:10 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57270] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:13 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57280] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:16 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57290] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:18 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57300] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:21 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57310] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:23 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57320] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:27 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57330] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:29 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57342] did not handle signal 11, restart in 0 seconds

 

Link to comment
Share on other sites

Hi,

same issue here on multiple servers.

The following worked for me :

- removed current esets package

- purged /tmp/bt.esets* and /tmp/esets_update.lock and /etc/opt/esets (saving esets.cfg elsewhere)

- installed an older version of esets ( still had the installer for 4.5.6.0)

- Run esets_update

 

Link to comment
Share on other sites

Can confirm. I'm having the exact same issue as of today.

T430:/ # /opt/eset/esets/sbin/esets_daemon --version
/opt/eset/esets/sbin/esets_daemon (esets) 4.0.93
T430:/ #
T430:/ # ls -l /tmp/bt.esets_daemon.* | wc -l
143
T430:/ # cat /tmp/bt.esets_daemon.zQcNEM
/lib/ld-linux.so.2(+0xac36)[0xf7f38c36]
/lib/ld-linux.so.2(+0xac36)[0xf7f38c36]
/lib/ld-linux.so.2(+0xb735)[0xf7f39735]
/lib/libc.so.6(+0x14750b)[0xf7d2f50b]
/lib/libdl.so.2(+0x1441)[0xf7ddd441]
/lib/libc.so.6(_dl_catch_exception+0xa3)[0xf7d2fc53]
/lib/libc.so.6(_dl_catch_error+0x30)[0xf7d2fd30]
/lib/libdl.so.2(+0x1b11)[0xf7dddb11]
/lib/libdl.so.2(dlsym+0x71)[0xf7ddd4c1]
/opt/eset/esets/lib32/libesets.so.4(_Z9nod_dlsymP11_nod_dll_t_PKc+0x4b)[0xf7e4c732]
/opt/eset/esets/lib32/libesets.so.4(+0x4a91e)[0xf7e6d91e]
/opt/eset/esets/lib32/libesets.so.4(+0x16f1c)[0xf7e39f1c]
[0xeda6d95d]
[0xeb093f42]
[0xe23637e6]
[0xe24ff6fa]
[0xe24ff63a]
signal = 11
bad addr = 0xd4
T430:/ #
Link to comment
Share on other sites

4 minutes ago, povas said:

Same for me, on all Linux machines, both running SUSE and Centos. Do anybody have any solution for this?

I'm running openSuse Tumbleweed.

Link to comment
Share on other sites

solution (just tested with one of our systems) for our site:
 

[root@vm /]# cd /var/opt/eset/esets/lib
[root@vm lib]# mv em002_32.dat em002_32.dat.o

[root@vm lib]# cd /opt/eset/esets/sbin/
[root@vm sbin]# ./esets_update --verbose
Virus signature database has been updated successfully.                        
ESETS Update utility
+-+--------------------+------------------------+------------------------+
| | Module             | Available version      | Installed version      |
+-+--------------------+------------------------+------------------------+
|*| loader             |        1076 (20200313) |                        |
|*| perseus            |      1566.4 (20201006) |                        |
|*| engine             |       22334 (20201117) |                        |
|*| archiver           |        1310 (20201029) |                        |
|*| heuristic          |        1203 (20201015) |                        |
|*| cleaner            |        1214 (20200921) |                        |
| |                    |                        | �o}��Ue��o}��<{��0|�p6{�0�[�� |
| |                    |                        |                        |
| |                    |                        |                      
                                                                        |
+-+--------------------+------------------------+------------------------+
[root@vm sbin]# ./esets_update --verbose
Update is not necessary - the installed virus signature database is current.   
ESETS Update utility
+-+--------------------+------------------------+------------------------+
| | Module             | Available version      | Installed version      |
+-+--------------------+------------------------+------------------------+
| | loader             |        1076 (20200313) |        1076 (20200313) |
| | perseus            |      1566.4 (20201006) |      1566.4 (20201006) |
| | engine             |       22334 (20201117) |       22334 (20201117) |
| | archiver           |        1310 (20201029) |        1310 (20201029) |
| | heuristic          |        1203 (20201015) |        1203 (20201015) |
| | cleaner            |        1214 (20200921) |        1214 (20200921) |
+-+--------------------+------------------------+------------------------+
[root@vm sbin]# systemctl start esets
[root@vm sbin]# systemctl status esets
● esets.service - ESET Scanner Daemon
   Loaded: loaded (/usr/lib/systemd/system/esets.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-11-19 16:59:09 CET; 4s ago
  Process: 94942 ExecStart=/opt/eset/esets/sbin/esets_daemon (code=exited, status=0/SUCCESS)
 Main PID: 94943 (esets_daemon)
   CGroup: /system.slice/esets.service
           ├─94943 /opt/eset/esets/sbin/esets_daemon
           ├─94944 /opt/eset/esets/sbin/esets_daemon
           └─94945 /opt/eset/esets/lib/esets_wwwi

 

 

Link to comment
Share on other sites

Hi,

same here.. esets started to fail after today's update...

Nov 19 15:28:30 mx2 esets_daemon[35373]: debug[8a2d0000]: Start
Antivirus modules update
...
Nov 19 15:29:24 mx2 esets_daemon[35372]: error[8a270000]: Child process
esets_daemon[65332] did not handle signal 11, restart in 0 seconds
Nov 19 15:29:24 mx2 esets_daemon[65342]: debug[ff3e0000]: Server is
listening on /tmp/esets.sock.1202801592
Nov 19 15:29:27 mx2 esets_daemon[35372]: debug[8a270000]: Sessions
processing done
Nov 19 15:29:27 mx2 esets_daemon[35372]: debug[8a270000]: Waiting for
child processes...
Nov 19 15:29:27 mx2 esets_daemon[35372]: debug[8a270000]: Daemon exit

now it looks like update nor daemon is failing, for example

[root@mx2 ~]# /opt/eset/esets/sbin/esets_update --verbose
Segmentation fault

but just version info works...

[root@mx2 ~]# /opt/eset/esets/sbin/esets_update -v
/opt/eset/esets/sbin/esets_update (esets) 4.5.15

 

Link to comment
Share on other sites

My ex colleagues confirmed to me that they have the same issue. 

They are running on:

Centos 7 x86_64

systemctl start esets.service Job for esets.service failed because a fatal signal was delivered to the control process. See "systemctl status esets.service" and "journalctl -xe" for details.

 

Link to comment
Share on other sites

I tried the "Windows Admin Approach" of uninstalling, downloading the latest installer and reinstalling the product and it seems to have worked.

What was the underlying issue I have no idea.

T430:/ # LANG=C systemctl status esets
● esets.service - LSB: ESET NOD32 Antivirus
     Loaded: loaded (/etc/init.d/esets; generated)
     Active: active (running) since Thu 2020-11-19 13:21:12 -03; 5min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 1377 ExecStart=/etc/init.d/esets start (code=exited, status=0/SUCCESS)
      Tasks: 11 (limit: 4915)
     CGroup: /system.slice/esets.service
             ├─1484 /opt/eset/esets/sbin/esets_daemon
             ├─1485 /opt/eset/esets/sbin/esets_daemon
             └─1486 /opt/eset/esets/lib/esets_mac

Nov 19 13:21:08 T430 systemd[1]: Starting LSB: ESET NOD32 Antivirus...
Nov 19 13:21:12 T430 esets[1377]: Starting ESET NOD32 Antivirus..done
Nov 19 13:21:12 T430 systemd[1]: Started LSB: ESET NOD32 Antivirus.

 /me tips hat towards win admins out there.

Link to comment
Share on other sites

my solution to get it running again, looks like a bad file(from another post I think):

mv /var/opt/eset/esets/lib/em002_32.dat /var/opt/eset/esets/lib/em002_32.dat.old
systemctl stop esets
rm -rf /tmp/*update.lock; /opt/eset/esets/sbin/esets_update --verbose
systemctl restart esets
systemctl status esets

Link to comment
Share on other sites

yum remove esets and redeploy with current esets worked for me now (probably only until auto update triggers...)

Edited by Dron
Link to comment
Share on other sites

The solution posted by markner and also indicated to me by Burk worked for me also, but the virus signature is from 2 days ago. Let's wait for the ESET team to fix it.

Link to comment
Share on other sites

I also confirm that solution from you all is working. Thank you all.

(Burk code)

cd /var/opt/eset/esets/lib
ls -la
mv em002_32.dat em002_32.dat.o
cd /opt/eset/esets/sbin/
./esets_update --verbose
systemctl start esets
systemctl status esets

Povas i agree, we need to wait for next update.

Edited by Krzysztof L.
typo
Link to comment
Share on other sites

Question: Your solution says "Delete content of modules directory in /var/opt/eset/esets/lib/"

Do you mean only files in this folder or all subfolders also (rm -r )?

 

Link to comment
Share on other sites

On 11/20/2020 at 12:44 AM, ESET Security Forum said:

Please see our knowledgebase article for the latest information related to this issue:
https://support.eset.com/en/alert7704-detection-engine-22346-showing-false-positive

That link is now returning 404. Has it been deleted, and is there a newer replacement knowledgebase article?

Link to comment
Share on other sites

  • ESET Moderators
On 11/21/2020 at 8:05 AM, ThorstenJ said:

Question: Your solution says "Delete content of modules directory in /var/opt/eset/esets/lib/"

Do you mean only files in this folder or all subfolders also (rm -r )?

rm -rf /tmp/esets_update.lock /var/opt/eset/esets/lib/*

/opt/eset/esets/lib/esets_modules

 

Peter

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...