Symantec IT Risk and Compliance Product Group

 View Only
Expand all | Collapse all

bv-for-unix problem: ignoring ignoring the command for "path", because of potential risk of remote command execution

  • 1.  bv-for-unix problem: ignoring ignoring the command for "path", because of potential risk of remote command execution

    Posted Jul 20, 2011 08:43 AM

    Hi all,

    Does anyone have ever suffered this error "ignoring ignoring the command for %path%, because of potential risk of remote command execution" with bv-for-unix on AIX machines? All I found is a knowledgebase article that describes the problem (http://www.symantec.com/business/support/index?page=content&id=TECH114721&key=53782&actp=LIST), but it only provides a solution for an agent based envirenment. I am using CCS 10.5 in an agentless envirenment. Anyone here who has a hint on that?

    best

    Robert



  • 2.  RE: bv-for-unix problem: ignoring ignoring the command for "path", because of potential risk of remote command execution

    Posted Sep 07, 2011 11:51 PM

    look in the X:\program files (x86)\Symantec\RMS\Control\Unix\ConfigFiles\

    There are several files that control what the Agentless Unix product does here.  There is the bvagentlessconfig.ini and other files there that would list out secure files or commands.   Check out this article to give you some direction:

    http://www.symantec.com/docs/TECH114243

    Hope this helps.



  • 3.  RE: bv-for-unix problem: ignoring ignoring the command for "path", because of potential risk of remote command execution

    Posted Oct 03, 2011 10:01 AM

    Symantec support could identify the problem. The error message is caused by special characters (like "~", ")", "[", ...) in filenames while iterating through the file system. I have seen hundreds of files with such characters on customers unix server, so making an exception for such a huge amount of filenames is not feasable.

    Nevertheless, now that I know the reason for the error, I reviewed all the filenames causing the error. These files aren't from higher interesst as they are no configuration files. It is ok to ignore the error message for these files.