cancel
Showing results for 
Search instead for 
Did you mean: 

[Resolved] Linux fspms virus definition distribution error

Aspirant

[Resolved] Linux fspms virus definition distribution error

Hi,

 

I use the f-secure management suite under Linux Debian 7.4 64bits.

fsaua, fsaus en fspms seems to work correctly, except for virus distribution to workstation.

In the fspms logs I receive a realloc() error :

sudo -u fspms /opt/f-secure/fspms/bin/fsavupd --debug

avmisc seems to be non extract Sending registeration Asking latest segmentation rules Sending update request for avmisc version 1369636185 Sending update request for BLENG version 2013052701 Sending update request for gemdb version 1397198576 Sending update request for hipscfg version 1397212201 Sending update request for idsdb version 1232363088 Sending update request for SCDB3 version 2013071801 Sending update request for SCDB31 version 0 Sending update request for hydrawin version 1397208048 Sending update request for hydralinux version 1397208044 Sending update request for mlcwin version 1391497725 Sending update request for aquawin32 version 1397204042 Sending update request for fsav_900_bin version 1390295866 Sending update request for orsp-win-v2 version 1370467978 Sending update request for litmus-bin version 1394529059 Sending update request for exploitshield_v2 version 1329915224 Sending update request for css_720_bin version 1395139428 Sending update request for aqualnx32 version 1397204108 Sending update request for commtouchunix version 1395063913 Sending update request for fmlibunix version 1396531743 Sending update request for fsav_1000_bin version 1396533212 Sending update request for fsav_1100_bin version 1396533309 Sending update request for hipsn version 1393853040 Sending update request for nifbin version 1396349931 Sending update request for lynx-windows version 0 Sending update request for sidegrade version 1391674522 Requesting AUA to perform immediate update Received segrules Received packet UPDATE_REQUEST_OK, avmisc version 1369636185 Received packet UPDATE_REQUEST_OK, BLENG version 2013052701 Received packet UPDATE_REQUEST_OK, gemdb version 1397198576 Received packet UPDATE_REQUEST_OK, hipscfg version 1398216600 Received packet UPDATE_REQUEST_OK, idsdb version 1232363088 Received packet UPDATE_REQUEST_OK, SCDB3 version 2013071801 Received packet UPDATE_REQUEST_OK, SCDB31 version 0 Received packet UPDATE_REQUEST_OK, hydrawin version 1398417652 Received packet UPDATE_REQUEST_OK, hydralinux version 1398417648 Received packet UPDATE_REQUEST_OK, mlcwin version 1391497725 Received packet UPDATE_REQUEST_OK, aquawin32 version 1398640671 Received packet UPDATE_REQUEST_OK, fsav_900_bin version 1390295866 Received packet UPDATE_REQUEST_OK, orsp-win-v2 version 1370467978 Received packet UPDATE_REQUEST_OK, litmus-bin version 1398327260 Received packet UPDATE_REQUEST_OK, exploitshield_v2 version 1329915224 Received packet UPDATE_REQUEST_OK, css_720_bin version 1395139428 Received packet UPDATE_REQUEST_OK, aqualnx32 version 1398640714 Received packet UPDATE_REQUEST_OK, commtouchunix version 1395063913 Received packet UPDATE_REQUEST_OK, fmlibunix version 1398250516 Received packet UPDATE_REQUEST_OK, fsav_1000_bin version 1398250783 Received packet UPDATE_REQUEST_OK, fsav_1100_bin version 1398255865 Received packet UPDATE_REQUEST_OK, hipsn version 1393853040 Received packet UPDATE_REQUEST_OK, nifbin version 1396349931 Received packet UPDATE_REQUEST_OK, lynx-windows version 0 Received packet UPDATE_REQUEST_OK, sidegrade version 1391674522 Download complete for hipscfg version 1398216600, OK Republishing update...running /opt/f-secure/fsaus/bin/bwadmin with args: 0: /opt/f-secure/fsaus/bin/bwadmin 1: addsubchannel 2: -name 3: DB Updates 4: -q running /opt/f-secure/fsaus/bin/bwadmin with args: 0: /opt/f-secure/fsaus/bin/bwadmin 1: addexpgroup 2: -scname 3: DB Updates 4: -name 5: Main 6: -q running /opt/f-secure/fsaus/bin/bwadmin with args: 0: /opt/f-secure/fsaus/bin/bwadmin 1: set_segrules 2: -path 3: /tmp/fsauasc_72ed_segrules 4: -q running /opt/f-secure/fsaus/bin/bwadmin with args: 0: /opt/f-secure/fsaus/bin/bwadmin 1: add_prs 2: -scname 3: DB Updates 4: -egname 5: Main 6: -localdir 7: /tmp/fsauasc_72ed 8: -q OK *** glibc detected *** /opt/f-secure/fsaua/bin/fsauasc: realloc(): invalid next size: 0x0000000001784c60 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x76d76)[0x7f124eb08d76] /lib/x86_64-linux-gnu/libc.so.6(+0x7ca4c)[0x7f124eb0ea4c] /lib/x86_64-linux-gnu/libc.so.6(realloc+0xf0)[0x7f124eb0ed60] /opt/f-secure/fsaua/bin/fsauasc[0x412e05] /opt/f-secure/fsaua/bin/fsauasc[0x4132cb] /opt/f-secure/fsaua/bin/fsauasc[0x41340b] /opt/f-secure/fsaua/bin/fsauasc(fsl_unix_socket_readwrite_cb+0x9b)[0x4178fb] /opt/f-secure/fsaua/bin/fsauasc[0x40fb9b] /opt/f-secure/fsaua/bin/fsauasc[0x4101bd] /opt/f-secure/fsaua/bin/fsauasc[0x404580] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f124eab0ead] /opt/f-secure/fsaua/bin/fsauasc[0x40322a] ======= Memory map: ======== 00400000-00434000 r-xp 00000000 08:01 1700871 /opt/f-secure/fsaua/bin/fsauasc 00534000-00535000 rw-p 00034000 08:01 1700871 /opt/f-secure/fsaua/bin/fsauasc 01783000-017a5000 rw-p 00000000 00:00 0 [heap] 7f1248000000-7f1248021000 rw-p 00000000 00:00 0 7f1248021000-7f124c000000 ---p 00000000 00:00 0 7f124e87c000-7f124e891000 r-xp 00000000 08:01 1177348 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f124e891000-7f124ea91000 ---p 00015000 08:01 1177348 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f124ea91000-7f124ea92000 rw-p 00015000 08:01 1177348 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f124ea92000-7f124ec14000 r-xp 00000000 08:01 1181072 /lib/x86_64-linux-gnu/libc-2.13.so 7f124ec14000-7f124ee13000 ---p 00182000 08:01 1181072 /lib/x86_64-linux-gnu/libc-2.13.so 7f124ee13000-7f124ee17000 r--p 00181000 08:01 1181072 /lib/x86_64-linux-gnu/libc-2.13.so 7f124ee17000-7f124ee18000 rw-p 00185000 08:01 1181072 /lib/x86_64-linux-gnu/libc-2.13.so 7f124ee18000-7f124ee1d000 rw-p 00000000 00:00 0 7f124ee1d000-7f124ee1f000 r-xp 00000000 08:01 1181086 /lib/x86_64-linux-gnu/libdl-2.13.so 7f124ee1f000-7f124f01f000 ---p 00002000 08:01 1181086 /lib/x86_64-linux-gnu/libdl-2.13.so 7f124f01f000-7f124f020000 r--p 00002000 08:01 1181086 /lib/x86_64-linux-gnu/libdl-2.13.so 7f124f020000-7f124f021000 rw-p 00003000 08:01 1181086 /lib/x86_64-linux-gnu/libdl-2.13.so 7f124f021000-7f124f038000 r-xp 00000000 08:01 1181090 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f124f038000-7f124f237000 ---p 00017000 08:01 1181090 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f124f237000-7f124f238000 r--p 00016000 08:01 1181090 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f124f238000-7f124f239000 rw-p 00017000 08:01 1181090 /lib/x86_64-linux-gnu/libpthread-2.13.so 7f124f239000-7f124f23d000 rw-p 00000000 00:00 0 7f124f23d000-7f124f25d000 r-xp 00000000 08:01 1181094 /lib/x86_64-linux-gnu/ld-2.13.so 7f124f440000-7f124f443000 rw-p 00000000 00:00 0 7f124f45a000-7f124f45c000 rw-p 00000000 00:00 0 7f124f45c000-7f124f45d000 r--p 0001f000 08:01 1181094 /lib/x86_64-linux-gnu/ld-2.13.so 7f124f45d000-7f124f45e000 rw-p 00020000 08:01 1181094 /lib/x86_64-linux-gnu/ld-2.13.so 7f124f45e000-7f124f45f000 rw-p 00000000 00:00 0 7fff60e2e000-7fff60e4f000 rw-p 00000000 00:00 0 [stack] 7fff60fff000-7fff61000000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted

 And, of course, the virus definition update are not distributed to clients.

on the other side, the policies are well distributed.

 

Is this may be due to the Debian version I used (7.4 64b)?

I didn't try  with older Debian distro yet.

 

Thanks

Claude

1 ACCEPTED SOLUTION

Accepted Solutions
Aspirant

[Resolved] Re: Linux fspms virus definition distribution error

Thanks for your reply.

 

Unfortunately, it's hard to find a download of Debian Wheezy 7.2, all references I've found on Debian web sites are about the 7.5 version.

 

Anyway, I have tried with Ubuntu 12.04 64 bits, and it seems to be working.

 

Thanks again.

 

 

 

6 REPLIES 6
Aspirant

Re: Linux fspms virus definition distribution error

More informations :

Here are the deb packages I've installed :

f-secure-automatic-update-agent_8.36.33_amd64.deb

f-secure-policy-manager-server_10.40.51057_amd64.deb

f-secure-policy-manager-console_10.40.51057_amd64.deb

 

All are 64 bits version. 

It's strange that the version mentionned in the file name of the fsecure automatic update agent is 8.36.33 versus 10.40.51057 for the policy manager server and console. all debs are downloaded from F-Secure download page : http://www.f-secure.com/en/web/business_global/support/downloads/-/carousel/view/82

 

here are the lasted log content for fsaua :

Tue Apr 29 13:26:12 2014(2):  Connecting to fsbwserver.f-secure.com (no BW proxy, no HTTP proxy)...
Tue Apr 29 13:26:13 2014(3):  Database 'hydrawin' version '1398763249' db_size '12264699', free '97217490944'
Tue Apr 29 13:26:13 2014(3):  Downloaded 'F-Secure Hydra Update 2014-04-29_02' - 'hydrawin' version '1398763249', 12264699 bytes (51349 bytes downloaded)
Tue Apr 29 13:26:13 2014(3):  Database 'hydralinux' version '1398763246' db_size '12868181', free '97212915712'
Tue Apr 29 13:26:13 2014(3):  Downloaded 'F-Secure Hydra Update 2014-04-29_02' - 'hydralinux' version '1398763246', 12868181 bytes (642 bytes downloaded)
Tue Apr 29 13:26:13 2014(2):  Update check completed successfully.
Tue Apr 29 14:26:12 2014(2):  Connecting to fsbwserver.f-secure.com (no BW proxy, no HTTP proxy)...
Tue Apr 29 14:26:12 2014(2):  Update check completed successfully. No updates are available.
Tue Apr 29 15:26:12 2014(2):  Connecting to fsbwserver.f-secure.com (no BW proxy, no HTTP proxy)...
Tue Apr 29 15:26:12 2014(2):  Update check completed successfully. No updates are available.

 Updates seems to be well downloaded from f-secure servers but they aren't distributed to my Windows Clients.

 

my Linux Virtual Machine (under ESXI) uname -a : Linux F-SecureManager 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64 GNU/Linux

Highlighted
F-Secure

Re: Linux fspms virus definition distribution error

Hi Claude,

 

The program has been tested to work correctly under:

 

DebianGNU Linux 6.0 (Squeeze) 32/64bit
Debian GNU Linux 7.2 (Wheezy) 32/64bit

 

The product may also work on other Linux versions however none of those are supported officially.

 

It is possible the cause of the issue is due to a different version of glibc. I would recommend if you could test the installation on 7.2 to see if you encounter the same issue.

 

Regards,

 

Aspirant

[Resolved] Re: Linux fspms virus definition distribution error

Thanks for your reply.

 

Unfortunately, it's hard to find a download of Debian Wheezy 7.2, all references I've found on Debian web sites are about the 7.5 version.

 

Anyway, I have tried with Ubuntu 12.04 64 bits, and it seems to be working.

 

Thanks again.

 

 

 

Aspirant

Re: [Resolved] Re: Linux fspms virus definition distribution error

Hi.

 

On my installation i have the same problem. I have FSPMS 10.40 and FSCS 11.51. My f-secure client fetches policies form servere but not updates, even they are there.

 

On the server:

 

May 15 04:15:04 DL165G6 fsaua[2641]: Database 'aquawin32' version '1400105623' db_size '371374001', free '19063922688'
May 15 04:15:05 DL165G6 fsaua[2641]: Downloaded 'F-Secure Aquarius Update 2014-05-14_07' - 'aquawin32' version '1400105623', 371374001 bytes (116813 bytes downloaded)
May 15 04:15:43 DL165G6 fsaua[2641]: Serving aquawin32 version 1400105623 to fsauasc
May 15 04:15:47 DL165G6 fsaua[2641]: Database 'aqualnx32' version '1400105657' db_size '371961336', free '18694549504'
May 15 04:15:54 DL165G6 fsaua[2641]: Downloaded 'F-Secure Aquarius Update 2014-05-14_07' - 'aqualnx32' version '1400105657', 371961336 bytes (4532 bytes downloaded)
May 15 04:16:37 DL165G6 fsaua[2641]: Serving aqualnx32 version 1400105657 to fsauasc

 

But FCS reports that updates aren't available.

 

One solution: shutdonw FSPMS and let clients fetches updates from f-secure web site.

 

 

F-Secure Product Expert

Re: [Resolved] Linux fspms virus definition distribution error

Hi ipiasecki,

 

Kindly follow the steps in this KB article to reset both F-Secure Automatic Update Agent (AUA) and F-Secure Automatic Update Server (AUS) database repositories in your Linux PMS.

 

Thanks.

 

Best Regards,
Jayson

"A person who never made a mistake never tried anything new" -Albert Einstein

Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Aspirant

Re: [Resolved] Linux fspms virus definition distribution error

Hi. This article helps me. FSCS fetches again updates from FSPMS.

 

But, i Think, there is some fields to improve. When clients doesn/t get updates after some time from FSPMS, then they should fallback to method fetches updates from f-secure web site.

 

In my scenario - FSPMS is avail 24H and FSCS connected to him, don't fetches updates
(even on the server are updates), and this happen again in the loop. So my clients were,nt protected.

 

This mechanism should be improved.

 

In short: when clients notices no updates on FSPMS for some time, should comunicate with f-secure web site for updates.

 

Best regards.