Unexplained crashes of Eset Linux Mail Security for servers

[Dingolino 1]

Hi, I am more and more frustrated by the unstability of this product.

Before Xmas I had the problem described here:

I solved the issue as suggested in the thread.

Now it seems that the problems are back again although nothing on my system was changed.

linuxzwo:~ # systemctl status esets.service 
● esets.service - ESET Scanner Daemon
   Loaded: loaded (/etc/systemd/system/esets.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Di 2021-01-26 10:55:25 CET; 54min ago
  Process: 1125 ExecStart=/opt/eset/esets/sbin/esets_daemon (code=exited, status=0/SUCCESS)
 Main PID: 1361 (code=exited, status=0/SUCCESS)

Jan 26 10:54:51 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[1362] did not handle signal 11, restart in 0 seconds
Jan 26 10:54:54 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2327] did not handle signal 6, restart in 0 seconds
Jan 26 10:54:58 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2340] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:01 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2353] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:04 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2366] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:08 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2379] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:11 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2392] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:15 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2405] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:18 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2418] did not handle signal 6, restart in 0 seconds
Jan 26 10:55:21 linuxzwo esets_daemon[1361]: error[05510000]: Child process esets_daemon[2431] did not handle signal 6, restart in 0 seconds

What should I do to return to stability?

I have configured Eset to run as MDA, the other components are Postfix, Dovecot and Fetchmail.

My version is 4.5.16

linuxzwo:~ # uname -r
4.15.7-2.g353046a-default
linuxzwo:~ # cat /etc/*-release
NAME="openSUSE Leap"
VERSION="42.3"

 

[Krzysztof L. 2]

Hi, I also have this problem, it has occurred since 22/01/2021. Eset mail security crashes once a day (more or less every 24h).

Nothing in logs... also no bt.esets_daemon.* files in /tmp/ directory.

Centos 7 3.10.0-1160.11.1.el7.x86_64

# /opt/eset/esets/sbin/esets_update  --version
/opt/eset/esets/sbin/esets_update (esets) 4.5.15

 

# esets_update --verbose
Update is not necessary - the installed virus signature database is current.
ESETS Update utility
+-+--------------------+------------------------+------------------------+
| | Module             | Available version      | Installed version      |
+-+--------------------+------------------------+------------------------+
| | loader             |        1076 (20200313) |        1076 (20200313) |
| | perseus            |      1568.2 (20201214) |      1568.2 (20201214) |
| | engine             |       22709 (20210126) |       22709 (20210126) |
| | archiver           |        1312 (20201223) |        1312 (20201223) |
| | heuristic          |        1205 (20201209) |        1205 (20201209) |
| | cleaner            |        1214 (20200921) |        1214 (20200921) |
| | horus              |        7873 (20210115) |        7873 (20210115) |
| | dblite             |        1112 (20200928) |        1112 (20200928) |
+-+--------------------+------------------------+------------------------+

A workaround is to restart eset daemon:

systemctl stop esets.service
/usr/bin/killall -u esets -9
systemctl start esets.service

 

[J.J. 23]

Hello guys

Could you please enable core dumps and stack trace and provide us with log files collected by info_get command to investigate the issue?

Here you can obtain the mentioned script:

http://ftp.nod.sk/tools/info_get.command/

Steps to enable core dumps and stack trace:

1. Stop esets service

2.run command ulimit -c unlimited
to enable complete dumps

3. Please run the esets_daemon with the strace parameter
"strace -ffo esets_daemon.txt -s 256 /opt/eset/esets/sbin/esets_daemon"

4. Wait till issue occurs again and send us all esets_daemon.txt*,  and /tmp/bt.* files including fresh info_get command logs.

5. Output from the infoget command script which is available at: http://ftp.nod.sk/tools/info_get.command/

[Dingolino 1]

@J.J.

I have done as required. Where to upload the file? In here no tgz allowed as it seems...

[Peter Randziak 948]

Hello @Dingolino,

you can upload the logs to a safe location and send the download details to me and @J.J. via private message.

Thank you in advance, Peter

[J.J. 23]

Hello Dingolino

Thank you for provided log files. We can see the crashes but there are no dumps and stack traces collected,

It is needed to enable dumps and stack traces and wait for issue occurrence and than collect the dump and also text files from stack trace and info_get.command log. Info_get. command log does not automatically collects the dumps and stack traces and they have to be collected manually.

Thank you

[Dingolino 1]

@Peter+J.J.

I have uploaded the eset_daemon.txt files to the same location as yesterday.

But whe trying to tar the /tmp/bt* files I run into problems:

linuxzwo:~ # tar cvfz /root/btesetsdaemon.tar.gz /tmp/bt*
-bash: /bin/tar: Die Argumentliste ist zu lang

The last line means "list of files to tar too long". I am unexperienced. What can I do?

 

[Dingolino 1]

I think I managed to pack all the files.

[Peter Randziak 948]

3 hours ago, Dingolino said:

I think I managed to pack all the files.

Thank you, we are checking it with the dev teams.

Peter

[_YG_ 1]

Hello,

same problem here with Ubuntu 16.04 LTS

esets_daemon[122608]: error[def00000]: Child process esets_daemon[122609] did not handle signal 6, restart in 0 seconds

I have some logs, to whom should i send the link?

YG

[Marcos 4,714]

You can message me, Peter or J.J. Tomorrow morning we're going to release a module that should address the issue.

[Peter Randziak 948]

Hello guys,

 

Fixed LiveGrid communication module 1099 is available on pre-release update channel and should be released for general public with next Detection engine update.

To resolve the issue it will be probably needed to stop the esets, run the update manually to receive LiveGrid communication module 1099 and start it again.

 

We apologize for the inconvenience caused by this,

Peter

 

[_YG_ 1]

Hello Peter,

just did an update with pre-releases, now the daemon crashes right away, will send you logs in a minute...

YG

[Peter Randziak 948]

Just now, _YG_ said:

just did an update with pre-releases, now the daemon crashes right away, will send you logs in a minute...

please make sure, that LiveGrid communication module 1099 is on the disk before you start the esets.

In case there is, please provide us with the logs collected by the  info_get.command and core dump files.

Thank you

[_YG_ 1]

how do i check LiveGrid version? And if it is not 1099 how do i install it?

[Peter Randziak 948]

Hello @_YG_

8 minutes ago, _YG_ said:

how do i check LiveGrid version? And if it is not 1099 how do i install it?

open the module em024_32.dat in a text mode, build number and version can be seen in the first lines of it.

The modules are by default stored in /var/opt/eset/esets/lib in Linux.

 

You will see output like 

"ESET-MODULE - copyright (c) 1994-2021 ESET software

version: 1098 (20210122)     
build: 1098
date (dd.mm.yyyy): 22.01.2021"

Peter

[Peter Randziak 948]

In case you have the version 1098, 1. stop the esets 2. delete em024_32.dat manually 3. run the update 4. start the esets again.

Peter

[_YG_ 1]

thanks, updated to 1099 and daemon is running now... lets see if it keep running

[Dingolino 1]

I did

rm -rf /var/opt/eset/esets/lib/*
/opt/eset/esets/sbin/esets_update --verbose
systemctl start esets

But eset crashed 3 minutes later

[Rincewind 4]

Have you enabled pre-release updates in the config (/etc/opt/eset/esets/esets.cfg)?
av_prerelease_updates = yes

Otherwise you will not receive the fixed module.

[Dingolino 1]

6 minutes ago, Rincewind said:

Have you enabled pre-release updates in the config (/etc/opt/eset/esets/esets.cfg)?
av_prerelease_updates = yes

Otherwise you will not receive the fixed module.

I had not. Thank you.
(This product is terribly tricky. Where can I read how to master all this? The manual is definitely too short)

[_YG_ 1]

Hello,

daemon still running but have an error on status, have xxx'ed personal parts. I never received any license errors befor update

YG

 

● esets.service - ESET Scanner Daemon
   Loaded: loaded (/lib/systemd/system/esets.service; enabled; vendor preset: enabled)
   Active: active (running) since Fr 2021-01-29 11:10:36 CET; 1h 7min ago
  Process: 136930 ExecStart=/opt/eset/esets/sbin/esets_daemon (code=exited, status=0/SUCCESS)
 Main PID: 136932 (esets_daemon)
   CGroup: /system.slice/esets.service
           ├─136932 /opt/eset/esets/sbin/esets_daemon
           └─136934 /opt/eset/esets/sbin/esets_daemon

Jan 29 12:12:39 mail esets_daemon[136934]: summ[16e60144]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:13:25 mail esets_daemon[136934]: summ[16e60145]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:13:25 mail esets_daemon[136934]: summ[16e60246]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:17:16 mail esets_daemon[136934]: error[16e60147]: Rejecting agent start: Agent not licensed
Jan 29 12:17:58 mail esets_daemon[136934]: summ[16e60148]: vdb=48296, agent=mda, name="xxx
Jan 29 12:17:58 mail esets_daemon[136934]: summ[16e60249]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:17:58 mail esets_daemon[136934]: summ[16e6024a]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:17:58 mail esets_daemon[136934]: summ[16e6024b]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:17:58 mail esets_daemon[136934]: summ[16e6024c]: vdb=48296, agent=mda, name="from: xxx
Jan 29 12:18:12 mail esets_daemon[136934]: summ[16e6024d]: vdb=48296, agent=mda, name="from: xxx
Hint: Some lines were ellipsized, use -l to show in full.

 

[Peter Randziak 948]

23 minutes ago, _YG_ said:

Jan 29 12:17:16 mail esets_daemon[136934]: error[16e60147]: Rejecting agent start: Agent not licensed

@_YG_ I checked with a colleague and it seems there might be some agent enabled in the config, which is not covered by your license like PAC or some other from the file security.

In case the service runs and scans the emails it should be O.K.

It just won't start the agent not covered by the license.

Peter

[_YG_ 1]

Hi,

with update daemon is running stable again... thanks!

YG

[J.J. 23]

On 1/29/2021 at 11:52 AM, Dingolino said:

I had not. Thank you.
(This product is terribly tricky. Where can I read how to master all this? The manual is definitely too short)

Hello

I would suggest man pages every agent have man page, for example you can usecommand man esets.cfg

Also I prepared and exported all of them to pdf, It would be more comfortable. Here you can download them:

http://ftp.nod.sk/~jedovnicky/esets_manpages.zip