Jump to content

esets_daemon freeze - 2020 version


Go to solution Solved by ESET Security Forum,

Recommended Posts

It looks like the problem is back again. I think Is is happen after todays update at 2PM.

 

/opt/eset/esets/sbin/esets_daemon --version
/opt/eset/esets/sbin/esets_daemon (esets) 4.5.15

There is a lot of /tmp/bt.esets_daemon.* files

cat bt.esets_daemon.EkR1IE
signal = 11
bad addr = 0xcfc00004

 

/opt/eset/esets/sbin/esets_update  --verbose
Naruszenie ochrony pamięci 
(translate: Memory protection violation)

 

Esets hung in starting loop

systemctl start esets.service
Job for esets.service failed because a fatal signal was delivered to the control process. See "systemctl status esets.service" and "journalctl -xe" for details.

"journalctl -xe"
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: ESET Security Daemon, Version 4.5.15
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: Start Antivirus scanner initialization
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: Searching for section dac in configuration
Nov 19 15:26:16 eset-mail esets_daemon[3065]: debug[0bf90000]: Using configuration for section dac
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: ESET Security Daemon, Version 4.5.15
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: Start Antivirus scanner initialization
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: Searching for section dac in configuration
Nov 19 15:26:20 eset-mail esets_daemon[3071]: debug[0bff0000]: Using configuration for section dac
Nov 19 15:26:23 eset-mail esets_daemon[3078]: debug[0c060000]: ESET Security Daemon, Version 4.5.15
Nov 19 15:26:23 eset-mail esets_daemon[3078]: debug[0c060000]: Start Antivirus scanner initialization
(...)

Server : centos 7.9.2009 (64), rebooted.

 

Link to post
Share on other sites
Quote

same problem started the same time. Possible corruption of new patterns?

same problem using RHEL 6 and also on CentOS7

daemon and eset_update throwing secmentation fault. Update logfile and systemctl status:
 

[root@server eset]# cat /tmp/bt.esets_update.yBOi3p
/lib/ld-linux.so.2(+0x9ab6)[0xf779bab6]
/lib/ld-linux.so.2(+0x9ab6)[0xf779bab6]
/lib/ld-linux.so.2(+0xa356)[0xf779c356]
/lib/libc.so.6(+0x134aec)[0xf76d0aec]
/lib/libc.so.6(_dl_sym+0x1a)[0xf76d0f8a]
/lib/libdl.so.2(+0xdf1)[0xf775cdf1]
/lib/ld-linux.so.2(+0xf9ba)[0xf77a19ba]
/lib/libdl.so.2(+0x138c)[0xf775d38c]
/lib/libdl.so.2(dlsym+0x58)[0xf775ce58]
./esets_update(_Z9nod_dlsymP11_nod_dll_t_PKc+0x3f)[0x809fccf]
./esets_update(_Z31AppGetProcAddressImplementationPvPKcPS_+0x25)[0x808bf34]
./esets_update(_Z12api_callbackjz+0x14fa)[0x8072d72]
[0xf723295d]
[0xf70c3f42]
[0xee25c7e6]
[0xee3f86fa]
[0xee3f863a]
signal = 11
bad addr = 0xcfc00004

[root@vm esets]# systemctl status esets
● esets.service - ESET Scanner Daemon
   Loaded: loaded (/usr/lib/systemd/system/esets.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Thu 2020-11-19 15:05:32 CET; 1h 36min ago
 Main PID: 35664 (code=exited, status=0/SUCCESS)

Nov 19 15:05:05 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[92027] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:08 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57176] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:10 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57270] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:13 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57280] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:16 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57290] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:18 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57300] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:21 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57310] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:23 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57320] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:27 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57330] did not handle signal 11, restart in 0 seconds
Nov 19 15:05:29 vm esets_daemon[35664]: error[8b500000]: Child process esets_daemon[57342] did not handle signal 11, restart in 0 seconds

 

Link to post
Share on other sites

Hi,

same issue here on multiple servers.

The following worked for me :

- removed current esets package

- purged /tmp/bt.esets* and /tmp/esets_update.lock and /etc/opt/esets (saving esets.cfg elsewhere)

- installed an older version of esets ( still had the installer for 4.5.6.0)

- Run esets_update

 

Link to post
Share on other sites

Can confirm. I'm having the exact same issue as of today.

T430:/ # /opt/eset/esets/sbin/esets_daemon --version
/opt/eset/esets/sbin/esets_daemon (esets) 4.0.93
T430:/ #
T430:/ # ls -l /tmp/bt.esets_daemon.* | wc -l
143
T430:/ # cat /tmp/bt.esets_daemon.zQcNEM
/lib/ld-linux.so.2(+0xac36)[0xf7f38c36]
/lib/ld-linux.so.2(+0xac36)[0xf7f38c36]
/lib/ld-linux.so.2(+0xb735)[0xf7f39735]
/lib/libc.so.6(+0x14750b)[0xf7d2f50b]
/lib/libdl.so.2(+0x1441)[0xf7ddd441]
/lib/libc.so.6(_dl_catch_exception+0xa3)[0xf7d2fc53]
/lib/libc.so.6(_dl_catch_error+0x30)[0xf7d2fd30]
/lib/libdl.so.2(+0x1b11)[0xf7dddb11]
/lib/libdl.so.2(dlsym+0x71)[0xf7ddd4c1]
/opt/eset/esets/lib32/libesets.so.4(_Z9nod_dlsymP11_nod_dll_t_PKc+0x4b)[0xf7e4c732]
/opt/eset/esets/lib32/libesets.so.4(+0x4a91e)[0xf7e6d91e]
/opt/eset/esets/lib32/libesets.so.4(+0x16f1c)[0xf7e39f1c]
[0xeda6d95d]
[0xeb093f42]
[0xe23637e6]
[0xe24ff6fa]
[0xe24ff63a]
signal = 11
bad addr = 0xd4
T430:/ #
Link to post
Share on other sites

solution (just tested with one of our systems) for our site:
 

[root@vm /]# cd /var/opt/eset/esets/lib
[root@vm lib]# mv em002_32.dat em002_32.dat.o

[root@vm lib]# cd /opt/eset/esets/sbin/
[root@vm sbin]# ./esets_update --verbose
Virus signature database has been updated successfully.                        
ESETS Update utility
+-+--------------------+------------------------+------------------------+
| | Module             | Available version      | Installed version      |
+-+--------------------+------------------------+------------------------+
|*| loader             |        1076 (20200313) |                        |
|*| perseus            |      1566.4 (20201006) |                        |
|*| engine             |       22334 (20201117) |                        |
|*| archiver           |        1310 (20201029) |                        |
|*| heuristic          |        1203 (20201015) |                        |
|*| cleaner            |        1214 (20200921) |                        |
| |                    |                        | �o}��Ue��o}��<{��0|�p6{�0�[�� |
| |                    |                        |                        |
| |                    |                        |                      
                                                                        |
+-+--------------------+------------------------+------------------------+
[root@vm sbin]# ./esets_update --verbose
Update is not necessary - the installed virus signature database is current.   
ESETS Update utility
+-+--------------------+------------------------+------------------------+
| | Module             | Available version      | Installed version      |
+-+--------------------+------------------------+------------------------+
| | loader             |        1076 (20200313) |        1076 (20200313) |
| | perseus            |      1566.4 (20201006) |      1566.4 (20201006) |
| | engine             |       22334 (20201117) |       22334 (20201117) |
| | archiver           |        1310 (20201029) |        1310 (20201029) |
| | heuristic          |        1203 (20201015) |        1203 (20201015) |
| | cleaner            |        1214 (20200921) |        1214 (20200921) |
+-+--------------------+------------------------+------------------------+
[root@vm sbin]# systemctl start esets
[root@vm sbin]# systemctl status esets
● esets.service - ESET Scanner Daemon
   Loaded: loaded (/usr/lib/systemd/system/esets.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-11-19 16:59:09 CET; 4s ago
  Process: 94942 ExecStart=/opt/eset/esets/sbin/esets_daemon (code=exited, status=0/SUCCESS)
 Main PID: 94943 (esets_daemon)
   CGroup: /system.slice/esets.service
           ├─94943 /opt/eset/esets/sbin/esets_daemon
           ├─94944 /opt/eset/esets/sbin/esets_daemon
           └─94945 /opt/eset/esets/lib/esets_wwwi

 

 

Link to post
Share on other sites

Hi,

same here.. esets started to fail after today's update...

Nov 19 15:28:30 mx2 esets_daemon[35373]: debug[8a2d0000]: Start
Antivirus modules update
...
Nov 19 15:29:24 mx2 esets_daemon[35372]: error[8a270000]: Child process
esets_daemon[65332] did not handle signal 11, restart in 0 seconds
Nov 19 15:29:24 mx2 esets_daemon[65342]: debug[ff3e0000]: Server is
listening on /tmp/esets.sock.1202801592
Nov 19 15:29:27 mx2 esets_daemon[35372]: debug[8a270000]: Sessions
processing done
Nov 19 15:29:27 mx2 esets_daemon[35372]: debug[8a270000]: Waiting for
child processes...
Nov 19 15:29:27 mx2 esets_daemon[35372]: debug[8a270000]: Daemon exit

now it looks like update nor daemon is failing, for example

[root@mx2 ~]# /opt/eset/esets/sbin/esets_update --verbose
Segmentation fault

but just version info works...

[root@mx2 ~]# /opt/eset/esets/sbin/esets_update -v
/opt/eset/esets/sbin/esets_update (esets) 4.5.15

 

Link to post
Share on other sites

My ex colleagues confirmed to me that they have the same issue. 

They are running on:

Centos 7 x86_64

systemctl start esets.service Job for esets.service failed because a fatal signal was delivered to the control process. See "systemctl status esets.service" and "journalctl -xe" for details.

 

Link to post
Share on other sites

I tried the "Windows Admin Approach" of uninstalling, downloading the latest installer and reinstalling the product and it seems to have worked.

What was the underlying issue I have no idea.

T430:/ # LANG=C systemctl status esets
● esets.service - LSB: ESET NOD32 Antivirus
     Loaded: loaded (/etc/init.d/esets; generated)
     Active: active (running) since Thu 2020-11-19 13:21:12 -03; 5min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 1377 ExecStart=/etc/init.d/esets start (code=exited, status=0/SUCCESS)
      Tasks: 11 (limit: 4915)
     CGroup: /system.slice/esets.service
             ├─1484 /opt/eset/esets/sbin/esets_daemon
             ├─1485 /opt/eset/esets/sbin/esets_daemon
             └─1486 /opt/eset/esets/lib/esets_mac

Nov 19 13:21:08 T430 systemd[1]: Starting LSB: ESET NOD32 Antivirus...
Nov 19 13:21:12 T430 esets[1377]: Starting ESET NOD32 Antivirus..done
Nov 19 13:21:12 T430 systemd[1]: Started LSB: ESET NOD32 Antivirus.

 /me tips hat towards win admins out there.

Link to post
Share on other sites

my solution to get it running again, looks like a bad file(from another post I think):

mv /var/opt/eset/esets/lib/em002_32.dat /var/opt/eset/esets/lib/em002_32.dat.old
systemctl stop esets
rm -rf /tmp/*update.lock; /opt/eset/esets/sbin/esets_update --verbose
systemctl restart esets
systemctl status esets

Link to post
Share on other sites

I also confirm that solution from you all is working. Thank you all.

(Burk code)

cd /var/opt/eset/esets/lib
ls -la
mv em002_32.dat em002_32.dat.o
cd /opt/eset/esets/sbin/
./esets_update --verbose
systemctl start esets
systemctl status esets

Povas i agree, we need to wait for next update.

Edited by Krzysztof L.
typo
Link to post
Share on other sites
On 11/20/2020 at 12:44 AM, ESET Security Forum said:

Please see our knowledgebase article for the latest information related to this issue:
https://support.eset.com/en/alert7704-detection-engine-22346-showing-false-positive

That link is now returning 404. Has it been deleted, and is there a newer replacement knowledgebase article?

Link to post
Share on other sites
  • ESET Moderators
On 11/21/2020 at 8:05 AM, ThorstenJ said:

Question: Your solution says "Delete content of modules directory in /var/opt/eset/esets/lib/"

Do you mean only files in this folder or all subfolders also (rm -r )?

rm -rf /tmp/esets_update.lock /var/opt/eset/esets/lib/*

/opt/eset/esets/lib/esets_modules

 

Peter

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...