I had the same problem. The issue is prelink (/etc/cron.daily/prelink), and the only way I found to solve the issue is to move prelink out of the cron.daily directory. After that remove /usr/lib/AntiVir/antivir and reinstall the antivirus toolkit. Regards/Casper On Tue, 2004-01-06 at 00:03, John Stroud wrote: > I need a little help trying to solve a fedora-related mystery... I'm hoping someone has seen this or has some magical insight... > > The executable file /usr/bin/AntiVir/antivir (http://www.hbedv.com/) is getting modified sometime during or after the default cron.daily run. After the cron job the file is 1160 bytes longer than it was prior. (See [1]) > > There are no direct log entries in /var/log/messages indicating why this might be. Additionally, the timestamp on the file is not changed. Here is what I find in pertinent areas. Notice the antivir binary runs correctly before the cron job, and fails after... (It's a one hour cron in the root crontab entry, and the preceding 11 runs are all good.) (See [2.1/2.2] > > Some notes on what I've looked at: > This anomaly occurs on two different Fedora Core 1 + 'yum update' installs using the same tarball to install antivir and the same iso images to install Fedora. > > One machine is running the AMD kernel, while the other is running i686. (The AMD uname is not included, as I repartioned it and installed RH9, below) > uname -a > Linux everwood.amberorder.com 2.4.22-1.2135.nptl #1 Mon Dec 15 15:55:18 EST 2003 i686 i686 i386 GNU/Linux) > > This anomaly does NOT occur on RH9 + 'up2date -u' on 1/3/2004 with AMD kernel. > uname -a > Linux serendipity.amberorder.com 2.4.20-27.9 #1 Thu Dec 11 14:01:47 EST 2003 i686 athlon i386 GNU/Linux > > In all corruption cases, copying a backup binary over the corrupted one alleviates the symptom until the next cron.daily runs at ~4:00am local time. > > Any thoughts appreciated... thanks! > > ---------- > > [1] > Prior to event: > [root@everwood bear]# ls -l /usr/lib/AntiVir/antivir > -rwx------ 1 uucp uucp 730624 Jan 4 10:28 antivir > > After the mysterious event: > [root@everwood bear]# ls -l /usr/lib/AntiVir/antivir > -rwx------ 1 uucp uucp 731784 Jan 4 10:28 antivir > > [2.1] > LOG: > tail -n20 /var/log/messages.1 > > <Note: antivir checks for previous hourly runs are the same as 7993 below, or it updates itself, if update available> > Jan 4 03:35:03 everwood antivir[7993]: AntiVir is up-to-date > Jan 4 03:44:17 everwood dhcpd: Wrote 4 leases to leases file. > Jan 4 03:44:17 everwood dhcpd: DHCPREQUEST for 192.168.100.252 from 00:02:2d:28:9a:83 (osprey) via eth0 > Jan 4 03:44:17 everwood dhcpd: DHCPACK on 192.168.100.252 to 00:02:2d:28:9a:83 (osprey) via eth0 > Jan 4 04:02:12 everwood cups: cupsd shutdown succeeded > Jan 4 04:02:15 everwood modprobe: modprobe: Can't locate module char-major-188 > Jan 4 04:02:15 everwood last message repeated 15 times > Jan 4 04:02:16 everwood cups: cupsd startup succeeded > > ------------ > [2.2] > more /var/log/messages > > Jan 4 04:02:17 everwood syslogd 1.4.1: restart. > Jan 4 04:05:55 everwood init: Trying to re-exec init > Jan 4 04:35:00 everwood antivir[15093]: Error: integrity selftest FAILED > Jan 4 04:35:00 everwood antivir[15093]: Error: unable to initialize engine (/usr/lib/AntiVir/antivir : /usr/lib/AntiVir/antivir.vdf) > > -- > John Stroud Senior System Admin > Piedmont, CA 510-501-9173 (Cell) -- GPG Public key is available from: http://www.keyserver.net/ Fingerprint = 56ED 74A4 7B00 20E2 B493 0C1A 6B4E BF8F A086 FE57
Attachment:
signature.asc
Description: This is a digitally signed message part
