We are currently trying to install Linuxshield on our servers which are running SUSE Enterprise 10 SP2 with Novell OES SP1. We are finding that linuxshield is causing the servers to run %100 percent CPU time and creating havoc with our servers. Here is an email from our server specialists that explain part of the problem:
1) Because LinuxShield is 3rd party software, it is not integrated into the SLES distribution package management channels. Furthermore, since LinuxShield (as does any virus scanner) requires kernel-version specific modules, version dependencies between operating system (SLES) and virus scanner (LinuxShield) must be manually resolved, often hindering our ability to update our operating systems to Novell's latest released packages.
2) Both LinuxShield and EPO have displayed a tendency to permanently peg CPU utilization to 100% until manually killed from the command line. This seriously affects performance and availability of services on OES2 Linux.
Has anyone else experienced this problem? We are at the point now that we are going to remove McAfee from our servers all together. I am hoping this is just a configuration issue.
I was also looking for exclusions for linuxsheild but can't find any in the knowledge base.
Any help would be appreciated.
McAfee KB # 53375 describes in detail which versions of the Kernel and Operating system are supported. Regarding your point #2 I haven't heard anything similar so I would advise you to contact McAfee Support and raise a Service Request.
Hope this helps,
We are evaluating Linuxshield with Sles 10.2, OES2.1 64 bit with the original 2.16.60-0.21-smp kernel. We are updating Linuxshield to the latest version and still experiencing what appears to be a memory leak that consumes memory until the system locks up. Is this a 64 bit bug?
The lock up seems to be a similar issue to the one portraited in McAfee KB # KB65587 where running auditd and On Access Scanner lead to the system becoming unusable.
Can you try to disable the auditd and check if the phenomenon still happens ?
@ Ken, this may also help you can you check if auditd is also the root cause in your environment ?
Hope this helps,
No, unfortunately we have not found an answer and are not getting much help from technical support. the decisions was made to look at other solutions as we feel that the interest in McAfee to support Linuxsheild is not a high priority at this time
Mnn, I was afraid that this would be the answer. Ubelievable that such an expensive product works so bad, one of the reasons I've put on hold the license renewel for these customers.
I beleive I've it all working correctly now;
-Disabled auditd as suggested (tough auditd should be supported as it's enabled by default, at least on SLES)
-Removed the folling folders from scanninf (inclusing subfolders): /dev, /proc, /var/log, /var/opt/novell, /admin, /_admin
It's stabel for a few weeks now.
Hope this helps.