![](https://seccdn.libravatar.org/avatar/7c8d44c6b8084760ec77c99f075de32d.jpg?s=120&d=mm&r=g)
On 2/14/21 3:59 PM, Carlos E.R. wrote:
On 14/02/2021 21.52, DennisG wrote:
On 2/14/21 2:40 PM, Doug McGarrett wrote: ...
What should I be doing to get all this done, neatly and cleanly?
Before you go: There MAY be a problem with the eset AV program. Is this something (which I paid for) that I have to eliminate, and if so, what can I replace it with? It seemed that before I went for eset I tried to install something free, but unsuccessfully.
Sorry for the long post, but you folks have been a big help to this newbie to OpenSUSE, and I hope you will do so again. Thank you!
I agree with Lew, you don't need to reinstall just yet.
The first likelihood is a conflict arising from the ESET driver. Products like NOD32 use a low-level driver which not only interrogates new files/mail/etc. for viruses but also hooks into processes used by apps. The version you have may have been installed incorrectly (I suspect this is your problem, with preload - see links I sent previous), but it may also be a bug (as was the case in one of the links) or it may be an incompatibility causing a service like d-bus to choke.
If trying the preload fix is too challenging, then just uninstall and request a refund.
If you really feel you need an antivirus on openSUSE, you should take a look at clamav. It provides a scanning daemon for file checking but IIRC it doesn't have the low-level hooks. It definitely does not include intrusion detection.
Aide is for intrusion detection and IIRC is based on SELinux. Rkhunter I think is an on-demand scanner for rootkits and backdoors. These are fairly advanced tools. Before going down either path you probably should take a look at AppArmor first. Please have a look at the "attack" described at the link to previous conversations, and then recommend a course of action:
Archived-At: https://lists.opensuse.org/archives/list/support@lists.opensuse.org/message/...
Specifically: https://lists.opensuse.org/archives/list/support@lists.opensuse.org/message/...
and
https://lists.opensuse.org/archives/list/support@lists.opensuse.org/message/...
I hadn't seen that thread. Good grief. Re the "hack", from the post it's not clear if the email supposedly from Amazon was some sort of phish and/or whether his Amazon account was actually compromised. As already stated, there is no way to know from the many possibilities just how his credentials were apparently stolen. And so no way to know how to prevent a repeat. Re NOD32, the "Security" version that Doug installed includes the "network detection" flavor of IDS which intercepts network traffic. I can't tell if it also does "host detection", where the driver hooks operating system files/processes. Both require invasive low-level access, one reason why it is not uncommon for a problem to arise with updates to the operating system - like, say, TW's frequent updates. I suggest to first check the NOD32 installation, particularly the preload issue discussed in the links I posted. That may clear up the software issues. That said however, with as powerful a system as is NOD32 Security with its IDS, I would be very hesitant to use it with a rolling release (i.e., TW) and only then if I really understood my system in-depth because otherwise there may be a problem for which "reinstall" is your only solution. If I felt a need for IDS, I would first look at AppArmor or then Aide, provided by my distro. And if I wanted a traditional file-scanning antivirus, I would consider clamav, also provided by openSUSE. And btw, if glibc-locale-base-32bit was installed from the pkgs.org site, replace it with the version from the TW repo (which was there all along). That's all I got. --dg