DAT updates fail on a Linux operating system when the noexec flag is added to the /var partition
技術的な記事 ID:
KB88518
最終更新: 1/30/2017
環境
McAfee VirusScan Enterprise for Linux (VSEL) 1.9.x
SUSE Linux Enterprise Server (SLES) 11
システムの変更
Added the noexec flag to the /var partition for security.
原因
VSEL fails to dynamically load the engine library /var/McAfee/agent/update/UpdateDir/liblnxfv.so.4 when the /var partition is mounted with the noexec flag.
解決策
Remove the noexec flag from the /var partition.
回避策
Use the following command to create a symbolic link from /var/McAfee/agent/update to /opt/McAfee/agent/update
ln -s /opt/McAfee/agent/update /var/McAfee/agent/update
/dev/mapper/vg_sys_r1-var /var ext3 rw,nodev,noexec,noatime,errors=continue,user_xattr,acl,barrier=1,data=ordered 0 0
The McScript log contains the following errors:
2016-10-21 14:24:10 [53537] (16384) [ScrptUtl] [D] Trying full path /var/McAfee/agent/update/UpdateDir/liblnxfv.so.4
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] Error trace:
-----
-----
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Line 1115: RunScript dwRet = /var/McAfee/agent/update/Current/VSCANDAT1000/DAT/0000/V2datinstall.mcs, ScriptMain]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section ScriptMain]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [LoopIf]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section EnumerateThroughProducts]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Call]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section UpdateProduct]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [CallIf]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section V2Update]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Call]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section TestNewEngineDATsV2]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Call]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section ScanV2_32_64]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [CallIf]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [Executing section ScanV2]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] [ScanCheck]->
2016-10-21 14:24:10 [53537] (16384) [ScrptExe] [E] Failed to initialize engine
55536 open("/var/McAfee/agent/update/UpdateDir/liblnxfv.so.4", O_RDONLY) = 32
55536 read(32, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340t\4\0004\0\0\0"..., 512) = 512
55536 fstat64(32, {st_mode=S_IFREG|0644, st_size=6106368, ...}) = 0
55536 mmap2(NULL, 6175612, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 32, 0) = -1 EPERM (Operation not permitted)
55536 close(32)