ESET SysRescue Live log bug

[JustOneUser 0]

I scanned the whole disk with the latest version of ESET SysRescue Live and, at the end, it didn't show any (on-demand scan) log file. I tried twice. The problem may be that the log is too big since it found 7573 threats (I have a couple of Kali distribution installed). Actually in /var/log/esets/ there is a 14.5MB file named ndl3903085676.dat which should be it. How can I visualize/export its content? Thanks.

Edited December 25, 2021 by JustOneUser

[JustOneUser 0]

I have just found out that someone else already encountered this bug @Vasili:

 

 

[peteyt 393]

On 12/25/2021 at 10:22 PM, JustOneUser said:

I have just found out that someone else already encountered this bug @Vasili:

 

 

In the last post on the link @Marcosrecommended opening s support ticket so I'd recommend doing that as it's easier to track. 

As you mentioned it seems to occur when the log file is large, which seems to be why Marcos could not reproduce it

[itman 1,659]

On 12/25/2021 at 2:57 PM, JustOneUser said:

I scanned the whole disk with the latest version of ESET SysRescue Live and, at the end, it didn't show any (on-demand scan) log file.

Refer to the following:

Quote

Log files

The Log files contain information about all important program events that have occurred, and provide an overview of detected threats. Logging is an essential tool for system analysis, threat detection and troubleshooting. Logging is performed actively in the background with no user interaction.

When Advanced mode is enabled, you can click Tools > Log files from the main menu to view log files. Select the desired log type using the Log drop-down menu at the top of the window. The following logs are available:

•Events – This option is designed for system administrators and users to solve problems. All important actions performed by ESET SysRescue are recorded in the Event logs.

•On-demand scan – Results of all completed scans are displayed in this window. Double-click any entry to view details of a specific On-demand scan.

 

https://help.eset.com/sysrescue_live/en-US/usage.html?logs.html

Edited December 27, 2021 by itman

[JustOneUser 0]

@itman I did that too, but the scan doesn't show up in that list. I have also tried to scan just the boot sector, so to have the log on that list; then I went to /var/log/esets/, deleted the corresponding ndlx...xx.dat file and renamed the big ndl3903085676.dat with the name of the one I deleted, hoping it would show up in place of the other one. But the list got empty again.

@peteytHow do you open a ticket? How do I check if it has been already opened by @Vasili or @Marcos? To reproduce it I would suggest to scan a Kali distribution, which is full of exploits and shellcodes. In any case I would already be happy if there was a way to visualize the content of the big ndl3903085676.dat file I got after a 12-hour scan. Some things, like filenames, are readable with a hex editor but it is mostly binary data.

[Marcos 5,070]

ESET SysRescue is based on ESET NOD32 for Linux Desktop which is a legacy product, ie. it's neither developed nor possible bugs are fixed. SysRescue is an auxiliary tool that we recommend to use especially in case there's an active rootkit in the system.

If there's a problem viewing the dat file, I assume that customer care could convert it to a plain text log.

[itman 1,659]

31 minutes ago, Marcos said:

If there's a problem viewing the dat file, I assume that customer care could convert it to a plain text log.

Here's a web site that will convert .dat to .txt: https://anyconv.com/dat-to-txt-converter/ . You can upload <= 100MB file.

[JustOneUser 0]

I tried a bit and discovered that the name switching trick I was talking about works with smaller files. The maximum recognizable size seems to be around 11MB. Of course if I just truncate my file to that size I get a "file corrupted error" in the event log. I wonder if a different version of ESET antivirus would read them.

@itmanThe website you suggested gives error when I try to convert these .dat files. Anyway .dat is not a precise format like .csv or .pdf, it usually just means "binary data proprietary to the program that created it" (from Wikipedia). So it is very unlikely that a generic converter could recognize it correctly.

[itman 1,659]

2 hours ago, JustOneUser said:

The website you suggested gives error when I try to convert these .dat files.

Do two scans. Select half your directories for the first scan and the remainder for your second scan. This should keep you under the 11 MB log size maximum you noted.

Also as @Marcos noted, SysRescue is a free tool. As such, any modifications to it would only be done under Eset time available criteria. Other AV vendors have a like tool. You might give one of those a try.

Edited December 28, 2021 by itman