Jump to content

ESET SysRescue Live log bug


Recommended Posts

I scanned the whole disk with the latest version of ESET SysRescue Live and, at the end, it didn't show any (on-demand scan) log file. I tried twice. The problem may be that the log is too big since it found 7573 threats (I have a couple of Kali distribution installed). Actually in /var/log/esets/ there is a 14.5MB file named ndl3903085676.dat which should be it. How can I visualize/export its content? Thanks.

Edited by JustOneUser
Link to comment
Share on other sites

  • Most Valued Members
On 12/25/2021 at 10:22 PM, JustOneUser said:

I have just found out that someone else already encountered this bug @Vasili:

 

 

In the last post on the link @Marcosrecommended opening s support ticket so I'd recommend doing that as it's easier to track. 

As you mentioned it seems to occur when the log file is large, which seems to be why Marcos could not reproduce it

Link to comment
Share on other sites

On 12/25/2021 at 2:57 PM, JustOneUser said:

I scanned the whole disk with the latest version of ESET SysRescue Live and, at the end, it didn't show any (on-demand scan) log file.

Refer to the following:

Quote

Log files

The Log files contain information about all important program events that have occurred, and provide an overview of detected threats. Logging is an essential tool for system analysis, threat detection and troubleshooting. Logging is performed actively in the background with no user interaction.

When Advanced mode is enabled, you can click Tools > Log files from the main menu to view log files. Select the desired log type using the Log drop-down menu at the top of the window. The following logs are available:

Events – This option is designed for system administrators and users to solve problems. All important actions performed by ESET SysRescue are recorded in the Event logs.

On-demand scan – Results of all completed scans are displayed in this window. Double-click any entry to view details of a specific On-demand scan.

 

Edited by itman
Link to comment
Share on other sites

@itman I did that too, but the scan doesn't show up in that list. I have also tried to scan just the boot sector, so to have the log on that list; then I went to /var/log/esets/, deleted the corresponding ndlx...xx.dat file and renamed the big ndl3903085676.dat with the name of the one I deleted, hoping it would show up in place of the other one. But the list got empty again.

@peteytHow do you open a ticket? How do I check if it has been already opened by @Vasili or @Marcos? To reproduce it I would suggest to scan a Kali distribution, which is full of exploits and shellcodes. In any case I would already be happy if there was a way to visualize the content of the big ndl3903085676.dat file I got after a 12-hour scan. Some things, like filenames, are readable with a hex editor but it is mostly binary data.

Link to comment
Share on other sites

  • Administrators

ESET SysRescue is based on ESET NOD32 for Linux Desktop which is a legacy product, ie. it's neither developed nor possible bugs are fixed. SysRescue is an auxiliary tool that we recommend to use especially in case there's an active rootkit in the system.

If there's a problem viewing the dat file, I assume that customer care could convert it to a plain text log.

Link to comment
Share on other sites

I tried a bit and discovered that the name switching trick I was talking about works with smaller files. The maximum recognizable size seems to be around 11MB. Of course if I just truncate my file to that size I get a "file corrupted error" in the event log. I wonder if a different version of ESET antivirus would read them.


@itmanThe website you suggested gives error when I try to convert these .dat files. Anyway .dat is not a precise format like .csv or .pdf, it usually just means "binary data proprietary to the program that created it" (from Wikipedia). So it is very unlikely that a generic converter could recognize it correctly.

Link to comment
Share on other sites

2 hours ago, JustOneUser said:

The website you suggested gives error when I try to convert these .dat files.

Do two scans. Select half your directories for the first scan and the remainder for your second scan. This should keep you under the 11 MB log size maximum you noted.

Also as @Marcos noted, SysRescue is a free tool. As such, any modifications to it would only be done under Eset time available criteria. Other AV vendors have a like tool. You might give one of those a try.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...