5 Replies Latest reply on Oct 6, 2015 9:17 AM by PhilR

    VirusScan Enterprise for Linux Hotfix

    mobin.qasim

      I'm running VirusScan Enterprise for Linux 2.0.2.29099 on CentosOS 7.x. I've just installed Hotfix HF-1064407, but OpenSSL version is still showing same as before, though hotfix was installed successfully as the following message appeared after installation:

       

      /opt/NAI/LinuxShield/apache/bin/apachectl startssl: nailswebd started

      McAfee VirusScan Enterprise for Linux 2.0.2.29099 Hotfix has been installed successfully.

       

      As mentioned in the release notes OpenSSL version should be upgraded to 1.0.1m but OpenSSL version is still 1.0.1m even after installing HF-1064407.

       

      I'm checking OpenSSL version by following:

      openssl version -v

      OpenSSL 1.0.1e-fips 11 Feb 2013

       

      Also I checked installed hotfix by running following command:

      [root@testvm ~]# cat /opt/NAI/LinuxShield/etc/HF-Version

      HF-1064407

       

      Do I need to check somewhere else for OpenSSL version?

       

      Please help.

       

      Regards,

       

      Mobin

       

       

       

       

       

       

       

       

       

       

        

        • 1. Re: VirusScan Enterprise for Linux Hotfix
          PhilR

          On a fully updated CentOS 7 system:

           

          # which openssl

          /usr/bin/openssl

          # ls -l /usr/bin/openssl

          -rwxr-xr-x. 1 root root 508680 Jun 29 13:48 /usr/bin/openssl

          # rpm -qa | grep openssl

          openssl-libs-1.0.1e-42.el7.9.x86_64

          openssl-1.0.1e-42.el7.9.x86_64

           

          Which contains this security patch (and a later bugfix):

           

          https://rhn.redhat.com/errata/RHSA-2015-1072.html

           

          I suspect you're looking in the wrong place.

           

          Does Virusscan for Linux use statically linked libraries, perhaps, or loads them from somewhere in the product's directory tree?

          • 2. Re: VirusScan Enterprise for Linux Hotfix
            mobin.qasim

            Hi, thanks for the reply. I've ran the above mentioned commands and getting the exact same results, but version shown is 1.0.1e not 1.0.1m.

             

            [root@testvm ~]# which openssl

            /usr/bin/openssl

            [root@testvm ~]# ls -l /usr/bin/openssl

            -rwxr-xr-x. 1 root root 508656 Jun 17  2014 /usr/bin/openssl

            [root@testvm ~]# rpm -qa | grep openssl

            openssl-libs-1.0.1e-34.el7.x86_64

            openssl-1.0.1e-34.el7.x86_64

             

            As Patch was applied successfully, openssl version should be upgraded to 1.0.1m as per release notes.

            Sorry I'm lost about the linked libraries. How can I verify that?

             

            Cheers

            • 3. Re: VirusScan Enterprise for Linux Hotfix
              PhilR

              The Linux command ldd is what you need to use.

               

              I don't have virusscan for Linux installed anywhere to check for myself.

               

              Cheers,

               

              Phil

              • 4. Re: VirusScan Enterprise for Linux Hotfix
                mobin.qasim

                Hi, I don't have knowledge about ldd, but I was able to run following commands:

                 

                root@testvm ~]# ldd $(which ssh) | grep libssl

                        libssl3.so => /lib64/libssl3.so (0x00007f16e1a80000)

                [root@testvm ~]# ldconfig -p | grep libssl

                        libssl3.so (libc6,x86-64) => /lib64/libssl3.so

                        libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10

                 

                I still can't find any info related to OpenSSL version 1.0.1m stated in HF release notes.

                 


                Can someone please help.

                 

                Regards,

                 

                Mobin

                • 5. Re: VirusScan Enterprise for Linux Hotfix
                  PhilR

                  You need to run ldd against the virusscan executable.

                   

                  Or be pragmatic and accept what McAfee says about the hotfix.

                   

                  Hint, it's a hotfix for Virusscan for linux, not your OS, so is unlikely to touch any of the OS-installed components.