BACKGROUND: I've been wanting to install a reliable antivirus/antimalware agent. I found many articles in the LQ Security forum and in the Slackbook. Both still recommend an antivirus as part of the security toolkit. I work in a heterogenous environment of LINUX and WINDOWS, situated behind a ADSL Router with firewall blocking inbound ssh and remote administration (probable the ISP doesn't like that but it's CERT recommended). I also found test and evaluation articles on AV-Comparatives.com and AV-Test.com specifically about LINUX products and performance. In the past two years I've been using CLAMAV with CLAMAV unofficial signatures, but the AV-Test results are really poor for CLAMAV. I also had BitDefender for Unices installed, but have email from company that they are no longer developing the product,it is now removed. So I went in search of other vendors that supported a straight binary install with good documentation (BTW AV-Comparatives has a great write-up about installation, interface and quality, with a summary features chart at end.) I took the AV-Comparatives and the AV-Test reports together and settled on preferences of high detection rates (97 or higher) for Windows and Linux virus/malware, heuristics, on-access scanning, and preferable from a non-old Soviet Bloc country, moderately priced (<$99/yr/device). That resulted in Symantec Endpoint Protection (#2 in detection quality 100 Windows/97.2% Linux), however all the LQ articles I could find said it was difficult to install requiring a remote console and no trial version for download. Sophos AntiVirus for Linux (UK) (#3 in detection 99.8/95%) installed but I couldn't get the webpage interface (localhost to connect. So I settled on trying the #1 detection rated product ESET (99.8/99.7%), although it too is a break from my desired criteria, but it has the highest recommendation from both AV-Comparatives and AV-Test.

PROBLEM: After downloading the ESET NOD32 Antivirus 4 for Linux file, chmod the file to executable and running it for install, everything loaded and ran. However on reboot, I get a stream of ERROR: ld.so unable to load libesets_pac.so called from /etc/ld.so.preload. ESET is installing in the /opt/eset directory. The ldesets_pac.so exists in /opt/eset/esets/lib and /opt/eset/esets/lib32. The ESET file is recommended for DEB and RPM systems, but the downloaded file is neither a DEB or RPM, it is a binary. So is ld.so broken? No. I read MAN ld.so and there is ld.so.conf to give direction to libraries, but the /opt/eset/esets/lib or /opt/eset/esets/lib32 directories are missing. They were added and then a new reboot, with same error. The program functions properly, updates, scans, senses files and email attachments. It is only on reboot that the error occurs, but I'd like to clear it up. The ESET memory requirement is about 107M resident (ClamAV was 430M) My system is setup with LVM and the /opt partition is a separate mount point.

QUESTION: 1) does ld.so load before the remaining mount points are activated, which is why adding /opt to the ld.so.conf file is ineffective?
2) Should I be copying libesets_pac.so to one of the the other ld.so.conf reference locations and remove the /opt/eset/esets/lib reference?
3) Since ESET is recognizing a 64/32 bit capable platform should both libesets_pac.so files be loading?
4) Has anyone else successfully loaded ESETS more recent than the 2011 article on LQ dealing with a different issue?

Any other questions or ideas are truly appreciated as I try to get rid of this error. (PS ESET says supported is only availbel for Debian and RedHat/Centos/SUSE so they haven't answered my quiry in their support forum). ESET is only $40/2yr/device, really decent for such a great product.

QUESTION: 1) does ld.so load before the remaining mount points are activated, which is why adding /opt to the ld.so.conf file is ineffective?
I doubt it. There isn't a guarantee which order the file systems are going to mount (I think it's determined by their order in /etc/fstab /mtab) so ld should only start linking after all volumes mount. (imagine the fun if it didn't?)
Assuming your /opt directory is mounting cleanly you should be fine.
2) Should I be copying libesets_pac.so to one of the the other ld.so.conf reference locations and remove the /opt/eset/esets/lib reference?
I'd try soft linking it rather than copying it first, but that sounds like it's worth a try.

The tip off might be it throws the error... but still works. To me, at least, it sound like ld is not finding the object where it expects to find it, but it does find it eventually.

So the solution was found.
Open /etc/ld.so.preload using:
sudo vi /etc/ld.so.preload
and delete(dd) the row libesets_pac.so and save (wq!).

Open /etc/rc.d/rc.local using:
sudo vi /etc/rc.d/rc.local
add(i) line # Following line will start ESET NOD32 daemon and systray gui
add line /opt/eset/esets/sbin/esets_daemon
and save (wq!) then reboot the PC.

I simply removed the preload references from the ld.so.preload file and the reference I put in the ld.so.conf file. Then add the daemon and gui start to my rc.local instead. It eliminated the ld.so error and still starts eset as expected during bootup. I've read references before about using rc.local for local or customized service starts (like for NVIDIA binary drivers) and this seems like the right place to do it.

Hope this helps others understand how to get ESETS NOD32 Antivirus 4 Linux running under Slackware 14.1.
I've found important configuration aspects in the ESET User and Installation Guides and recommend reading them for proper configuration.

In February I will be testing F-Secure Linux Security. It is priced at a similar price as ESET ~$40/yr/2 devices. F-Secure also includes a Firewall/HIPS type function, although the AV-Test has a lower Linux malware detection rate the Windows detection rate is higher (which really matters in my heterogeneous network. It is from Finland rather than Slovakia. So there maybe an additional thread come February.

1 members found this post helpful.

Just want to bump this thread and Update that this process also worked with -current and kernel 4.4.20 which I'm now using.

1 members found this post helpful.

INSTALLATION DEPENDENCY: To make this article complete I want to note that ESET NOD32 for Linux does have a dependency for multilib. According to ESET support the program executes some of processes in 64 Bit and some in 32 Bit. It is very un-intrusive and has a low memory demand on Slackware64 14.2 version with multilib packages installed.

UPDATE: scanning the available Antivirus/AntiMalware products and test results for 2017/2018 there is little news. There has not been a new test run by AV-Comparatives or AV-Test sicne 2015. VB100 did do a test in February of 2017, https://www.virusbulletin.com/virusb...arative-review which tested Avast, BitDefender, E-Scan, and ESET. ESET Continues to perform with a Stable rating and 100% detection in VB100's test procedures on an Ubuntu Linux 16.04.2 LTS Server. ALL FOUR products were found to be usable for server platforms with 100% rating from VB100. ESET is the only one with a desktop standalone installer, which is my target platform. VB100 reports that other products didn't submit for testing possibly due to poor performance in past testing. Checking Shadowserver.org viruses detection rates, although the engine and updates are older versions, ESET continues to be the highest "Linux" detection product available. When reading Shadowserver.org, note that their testing process is not well explained and it states the results SHOULD NOT BE USED AS CONCLUSIVE COMPREHENSIVE COMPARISON TOOL since other testing houses are more appropriate. I view it only as a random test sampling and concluded that ESET is still a top performer for detecting malware and viruses, without categorization to windows/mac/linux as target of virus.

My own testing in 2015 also showed that ESET was the lightest on memory, much lower that free products like ClamAV at over 325M. ESET NOD32 Antivirus 4 engine 4.0.85.0 with signature 17143 (20180330) file, being run under Slackware64-14.2, the memory usage is 137M resident and 176M virtual according to HTOP. (YMMV)

ESET continues to be a high detection, light resource, non-intrusive Linux desktop solution. Pricing wise, at $74.99 for 2 PC for 2 years this is less than $18.75/PC/year. As a result of already owning, my renewal is going to be $10.66/PC/year, a real no brainer, plus free phone technical support for two years.

HTH, Cheers

While I've written in praise of cost and detection rates. I must let everyone know that I've had poor experiences with ESET technical support. My latest technical question is now two weeks old and I've still not received and answer. As a result I'm moving to a different product. Why, because although many ostridges like to stick their head in the sand, Linux attack vectors through rouge software do exist and AV's help block them. In particular, many virus come from email or browser passer-by hijacking. Also in a heterogeneous OS environment, no one wants to be known as the PC that passed the bug on to other simply because you weren't wearing protection or didn't believe it was necessary. Cheers

1 members found this post helpful.