This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Peter_Baumann
Contributor
‎2019-01-22 04:56 AM

cp_file_convert always coredump

Hi all,

We're using Threat Prevention on a R80.10 VSX virtual system configured with MTA support.

The Threat Extraction is configured to convert to pdf in the policy, file types like docx, pps, xls etc. are according to profile converted to pdf then.

In the /var/log/messages we see many coredumps like these here:

kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.24156.core
kernel: cp_file_convert[14806]: segfault at 00000000000001a8 rip 00000000f6dc7129 rsp 00000000ffd471c4 error 4
kernel: do_coredump: corename = |/etc/coredump/compress.sh /var/log/dump/usermode/cp_file_convert.14806.core
kernel: do_coredump: argv_arr[0] = /etc/coredump/compress.sh
kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.14806.core
kernel: cp_file_convert[1235]: segfault at 00000000000001a8 rip 00000000f6d8c129 rsp 00000000ffb857f4 error 4
kernel: do_coredump: corename = |/etc/coredump/compress.sh /var/log/dump/usermode/cp_file_convert.1235.core
kernel: do_coredump: argv_arr[0] = /etc/coredump/compress.sh
kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.1235.core
kernel: cp_file_convert[10122]: segfault at 00000000000001a8 rip 00000000f6d63129 rsp 00000000ffec8174 error 4
kernel: do_coredump: corename = |/etc/coredump/compress.sh /var/log/dump/usermode/cp_file_convert.10122.core
kernel: do_coredump: argv_arr[0] = /etc/coredump/compress.sh
kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.10122.core
kernel: cp_file_convert[24497]: segfault at 00000000000001a8 rip 00000000f6d5f129 rsp 00000000ffe7c5b4 error 4
kernel: do_coredump: corename = |/etc/coredump/compress.sh /var/log/dump/usermode/cp_file_convert.24497.core
kernel: do_coredump: argv_arr[0] = /etc/coredump/compress.sh
kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.24497.core
kernel: cp_file_convert[15136]: segfault at 00000000000001a8 rip 00000000f6d9c129 rsp 00000000ffbe9b34 error 4
kernel: do_coredump: corename = |/etc/coredump/compress.sh /var/log/dump/usermode/cp_file_convert.15136.core
kernel: do_coredump: argv_arr[0] = /etc/coredump/compress.sh
kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.15136.core
kernel: cp_file_convert[5687]: segfault at 00000000000001a8 rip 00000000f6dd4129 rsp 00000000ffd0a414 error 4
kernel: do_coredump: corename = |/etc/coredump/compress.sh /var/log/dump/usermode/cp_file_convert.5687.core
kernel: do_coredump: argv_arr[0] = /etc/coredump/compress.sh
kernel: do_coredump: argv_arr[1] = /var/log/dump/usermode/cp_file_convert.5687.core

In /var/log/jail/$FWDIR/log/scrub_cp_file_convertd.elg we see the following:

 cp_file_convert_empty_tmp_oem_dir
 cp_file_convert_main: starting mainloop (initialized by fwd)
 cp_file_convert_urg_sig_handler: SIGPIPE received (ignored)

Has anyone with a similar config the same problems?

The whole system is running ok so far but why so many coredumps?

Thanks,

Peter

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2019-01-22 05:10 AM

I would consult TAC, even when there is no apparent issue...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Chinmaya_Naik
Advisor
‎2019-03-05 11:47 PM

Hii  Peter Baumann  I am also getting same logs and unable to convert to pdf (clean file)

Please share us the solution 

Thanks in advance

#Chinmaya Naik

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top