McAfee VirusScan Enterprise on Ubuntu

Asked by Ishan A B Ambanwela on 2013-02-08

Hi all,
I installed McAfee VirusScan Enterprise on Ubuntu 12.04 after that if I use apt-* commands or Software center or Synaptic makes syatem unstable.(really unusable)

I looked in to the problem and found that this occurs because McAfee client installs its own loaders under /lib folder

/lib/ld-nails.so.2 and /lib/ld-mfert.so.2

and commands or softwares(apt-get,apt-*,Synaptic) which associated with ldconfig leads to this issue.

After execute such application McAfees's ld-nails.so.2 or ld-mfert.so.2 is pointed instead of "ld-linux.so.2".

I found that sym links are created.I doubt that this causes by ldconfig which points any file with "ld-" prefis as default loader.

I need ldconfig expert help to solve this issue.

Thanks.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Ishan A B Ambanwela
Solved:
2013-02-21
Last query:
2013-02-21
Last reply:
2013-02-11
Ishan A B Ambanwela (ishanaba) said : #1

please don't ask me why McAfee It's enterprice environment not my decition.personally I feel still we do not need virus scan for ubuntu :).
Appriciate your Understanding Thank you.

Ishan A B Ambanwela (ishanaba) said : #2

and McAfee also has put some thing here but not much worth
https://kc.mcafee.com/corporate/index?page=content&id=KB76919

unless you run a mail server, or a file server with windows clients you don't need antivirus
librenix.com/?inode=21

Ishan A B Ambanwela (ishanaba) said : #4

@actionparsnip
yes...!

but any way i need to fix this issue.

not sure mcafee may know things. i'd ask them

Manfred Hampl (m-hampl) said : #6

There is a workaround listed in https://kc.mcafee.com/corporate/index?page=content&id=KB76919
Did you try that? Does it work?

Ishan A B Ambanwela (ishanaba) said : #7

@Manfred I tried it it works.
but I want to seek a permanent solution

does any one knows what happens if I remove "exec" from last line of /sbin/ldconfig since "exec" makes exits from script and add some code?

i.e.

exec /sbin/ldconfig.real "$@"

instead of above code

/sbin/ldconfig.real "$@"
----------and some code here----------

It works for me. I want to know will it cause problems?
and to ensure this will not cause problems.

Ishan A B Ambanwela (ishanaba) said : #8

I asked from McAfee they responds very slowly.

Duane Rezac (duane-rezac-ctr) said : #10

Here is something I have discoverd with this bug. The problem is caused by ldconfig following a symbolic link that points to a symbolic link. man ldconfig indicates that ldconfig should ignore symbolic links. We are running the McAfee Epo Ageent and LinuxShield. (we are also running the McAfee product on Redhat 5-enterprise, and this problem does not occur.)

In /lib, ld-nails.so.2 and ld-mfert.so.2 are both symboic links that point to a ld-linux.so.2 in McAfees /lib, ld-linux.so.2 in the mcafee libs are symbolic links to a mcafee lib. For Example. ld-mfert.so.2 in /lib points to /opt/McAfee/runtime/2.0/lib/ld-linux.so.2 which is a symbolic link to /opt/McAfee/runtime/2.0/lib/ld-2.5.so

Output of ldconfig -N -X -v shows that ldconfig is linking ld-linux.so.2 to /lib/ld-nails.so.2 or /llib/d-mfert.so.2.

ldconfig is following the symbolic link in /lib, and since the McAfee files contain the SONAME ld-linux.so.2, it links them to /lib
It appears that ldconfig is resolving the links, as the ld-linux.so.2 that it links in /lib fromo the MacAfee file (in this case ld-mfert.so.2) will point to /opt/McAfee/runtime/2.0/lib/ld-2.5.so

Note: once your system has been corrupted, an easy fix is to boot with a live cd, mount the root file system (for example, to /mnt/fubarroot) then use copy -P to copy /lib/ld-linux.so.2 from the live cd to your mounted root file system's /lib (copy -P /lib/ld-linux.so.2 /mnt/fubarroot/lib ) - reboot and all is well until ldconfig gets run again. The best workarount I have seen is to shut down nails and cma, remove the links, run updates, re-create the McAfee Links, restart cma and nails.

Scripts I use:

mcoff
#!/bin/sh
# keep McAfee from stepping on /lib/ld-linux.so.2
# turn off McAfee and unlink libs in /lib
/etc/init.d/nails stop
/etc/init.d/cma stop
rm /lib/ld-mfert.so.2
rm /lib/ld-nails.so.2
echo McAfee Agent and VSE Disabled

mcon
#!/bin/sh
# keep McAfee from stepping on /lib/ld-linux.so.2
# re-enable links and restart McAfee

ln -s /opt/McAfee/runtime/2.0/lib/ld-linux.so.2 /lib/ld-mfert.so.2
ln -s /opt/NAI/LinuxShield/lib/ld-linux.so.2 /lib/ld-nails.so.2
/etc/init.d/cma start
/etc/init.d/nails start
echo McAfee Agent and VSE enabled

thanks Duane,
I saw some similar work around in McAfee site.
Cheers...!