Error Message

Below is the detailed description from CrowdStrike's Sandbox report:

Description: This file meets the File Analysis ML algorithm's lowest-confidence threshold for malware.
Detected: MM. DD, YYYY HH:MM:SS local time, (YYYY-MM-DD HH:MM:SS UTC)
Host name: /
Agent ID: XX
File name: veki_loggerd
File path: /opt/VRTSveki/veki_loggerd
Command line: /opt/VRTSveki/veki_loggerd
User name: root 

The issue is reported for veki_loggerd because the debug symbols have not been stripped from this binary, causing CrowdStrike to flag it as a vulnerability. 

Arctera has introduced the stripping of binaries related to VRTSveki as well as the latest packages that will be shipped as part of 9.0.2.

Workaround steps (Manually strip the symbols from veki_loggerd)

1)  # ps -aef | grep veki_loggerd

root      118040       1  0 15:06 ?        00:00:00 /opt/VRTSveki/veki_loggerd
root      118055  117410  0 15:06 pts/4    00:00:00 grep --color=auto veki_loggerd

2) Stop the veki_loggerd service (that will stop the daemon)

# systemctl stop veki_loggerd.service

# ps -aef | grep veki_loggerd

root      118105  117410  0 15:06 pts/4    00:00:00 grep --color=auto veki_loggerd

3) List one of the debug symbols from /opt/VRTSveki/veki_loggerd before stripping:

# strings /opt/VRTSveki/veki_loggerd | grep -i sys_rename

SYS_renameat __NR_renameat
SYS_renameat2 __NR_renameat2
SYS_rename __NR_rename

4) Strip the symbols using:
#/usr/bin/strip -d /opt/VRTSveki/veki_loggerd

5) Re-verify the binary for debug API symbols.
#strings /opt/VRTSveki/veki_loggerd | grep -i sys_rename

6) Start the veki_loggerd service

# systemctl start veki_loggerd.service