McAfee VirusScan Enterprise on Ubuntu

Asked by Ishan A B Ambanwela on 2013-02-08

Hi all,
I installed McAfee VirusScan Enterprise on Ubuntu 12.04 after that if I use apt-* commands or Software center or Synaptic makes syatem unstable.(really unusable)

I looked in to the problem and found that this occurs because McAfee client installs its own loaders under /lib folder

/lib/ and /lib/

and commands or softwares(apt-get,apt-*,Synaptic) which associated with ldconfig leads to this issue.

After execute such application McAfees's or is pointed instead of "".

I found that sym links are created.I doubt that this causes by ldconfig which points any file with "ld-" prefis as default loader.

I need ldconfig expert help to solve this issue.


Question information

English Edit question
Ubuntu Edit question
No assignee Edit question
Solved by:
Ishan A B Ambanwela
Last query:
Last reply:
Ishan A B Ambanwela (ishanaba) said : #1

please don't ask me why McAfee It's enterprice environment not my decition.personally I feel still we do not need virus scan for ubuntu :).
Appriciate your Understanding Thank you.

Ishan A B Ambanwela (ishanaba) said : #2

and McAfee also has put some thing here but not much worth

unless you run a mail server, or a file server with windows clients you don't need antivirus

Ishan A B Ambanwela (ishanaba) said : #4


but any way i need to fix this issue.

not sure mcafee may know things. i'd ask them

Manfred Hampl (m-hampl) said : #6

There is a workaround listed in
Did you try that? Does it work?

Ishan A B Ambanwela (ishanaba) said : #7

@Manfred I tried it it works.
but I want to seek a permanent solution

does any one knows what happens if I remove "exec" from last line of /sbin/ldconfig since "exec" makes exits from script and add some code?


exec /sbin/ldconfig.real "$@"

instead of above code

/sbin/ldconfig.real "$@"
----------and some code here----------

It works for me. I want to know will it cause problems?
and to ensure this will not cause problems.

Ishan A B Ambanwela (ishanaba) said : #8

I asked from McAfee they responds very slowly.

Duane Rezac (duane-rezac-ctr) said : #10

Here is something I have discoverd with this bug. The problem is caused by ldconfig following a symbolic link that points to a symbolic link. man ldconfig indicates that ldconfig should ignore symbolic links. We are running the McAfee Epo Ageent and LinuxShield. (we are also running the McAfee product on Redhat 5-enterprise, and this problem does not occur.)

In /lib, and are both symboic links that point to a in McAfees /lib, in the mcafee libs are symbolic links to a mcafee lib. For Example. in /lib points to /opt/McAfee/runtime/2.0/lib/ which is a symbolic link to /opt/McAfee/runtime/2.0/lib/

Output of ldconfig -N -X -v shows that ldconfig is linking to /lib/ or /llib/

ldconfig is following the symbolic link in /lib, and since the McAfee files contain the SONAME, it links them to /lib
It appears that ldconfig is resolving the links, as the that it links in /lib fromo the MacAfee file (in this case will point to /opt/McAfee/runtime/2.0/lib/

Note: once your system has been corrupted, an easy fix is to boot with a live cd, mount the root file system (for example, to /mnt/fubarroot) then use copy -P to copy /lib/ from the live cd to your mounted root file system's /lib (copy -P /lib/ /mnt/fubarroot/lib ) - reboot and all is well until ldconfig gets run again. The best workarount I have seen is to shut down nails and cma, remove the links, run updates, re-create the McAfee Links, restart cma and nails.

Scripts I use:

# keep McAfee from stepping on /lib/
# turn off McAfee and unlink libs in /lib
/etc/init.d/nails stop
/etc/init.d/cma stop
rm /lib/
rm /lib/
echo McAfee Agent and VSE Disabled

# keep McAfee from stepping on /lib/
# re-enable links and restart McAfee

ln -s /opt/McAfee/runtime/2.0/lib/ /lib/
ln -s /opt/NAI/LinuxShield/lib/ /lib/
/etc/init.d/cma start
/etc/init.d/nails start
echo McAfee Agent and VSE enabled

thanks Duane,
I saw some similar work around in McAfee site.