Opened 5 years ago

Closed 5 years ago

#590 closed enhancement (fixed)

Problems with active McAfee Virus Scanner

Reported by: mopp Owned by: bruno
Priority: normal Milestone: 3.0.2
Component: mondo Version: 3.0.1
Severity: normal Keywords: McAfee Scanner Blocked Files
Cc:

Description (last modified by bruno)

This problem is not really a mondo problem. But the McAfee scanner blocks in my default configuration certain files, which makes it impossible to create a backup. McAfee doesn't like some files in the tar archive. The problem cannot be solved by mondo, but my idea would be to write a big warning message into a log file.

Here are my error messages on SLES 11 SP1 with McAfee on access scanner. These messages are shown in the McAfee console:

The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/vc.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/rd.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/raw.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/nst.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/ida.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/dm.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/dev/dev-entries.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/cciss.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/usr/lib64/mindi/rootfs/ataraid.tgz, reason=NotScanned, uid=root, programPath=/bin/cp scanType=File
The file is a Block/Char/FIFO special file object=/var/cache/mondo.scratch.18997/mondo.scratch.3166/images/all.tar.gz, reason=NotScanned, uid=root, programPath=gzip scanType=File
The file is a Block/Char/FIFO special file object=/var/cache/mondo.scratch.18665/mondo.scratch.11691/images/all.tar.gz, reason=NotScanned, uid=root, programPath=gzip scanType=File

One idea to improve the error handling could be to run this script during the sanity check.

if [ $(cat /proc/linuxshield/enabled 2>/dev/null) = "1" ]; then
        echo "McAfee LinuxShield is enabled. McAfee might block access to certain special files."
        echo "Check in /var/opt/NAI/LinuxShield/etc/nailsd.cfg for 'nailsd.profile.OAS.action.error: Block'"
        echo "You have two options:"
        echo "Exclude all directories with special files (check McAfee System Events Log)"
        echo "Disable the scanner during the backup"
fi 

Another idea would be to do a simple check if the *.tgz files in /usr/lib64/mindi/rootfs/ are readable. My McAfee version blocks the access to the files. They are not readable.

There are some other virus protection tools available, which might cause the same problem.

Change History (2)

comment:1 Changed 5 years ago by bruno

  • Description modified (diff)
  • Milestone set to 3.0.2
  • Status changed from new to assigned
  • Version changed from 3.0.0 to 3.0.1

comment:2 Changed 5 years ago by bruno

  • Description modified (diff)
  • Resolution set to fixed
  • Status changed from assigned to closed

Thanks for your feedback. Your proposal have made their way in rev [2963].

Note: See TracTickets for help on using tickets.