Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Error 68: Virus Definitions may be missing or corrupt.

Created: 04 Sep 2007 • Updated: 21 May 2010 | 7 comments

I've had Symantec Information Foundation Mail Security/Anti-Spam Ver. 6.0.2.198 installed for about a month.  I've fine-tuned it and it works flawlessly for about a week.  Then after no configuration changes whatsoever, it hoses up what I believe to be the Auto-Protect feature.  Every new email in the company will show up in Outlook with the message header, but the body will say:  " This item cannot be displayed in the Reading Pane."

Event Log repeats the same errors:
68:  "Unable to initialize Scan Engine.  The virus def's may be missing or corrupt.  Perform a LiveUpdate to retreive the latest def's.
110:  "SAVFMSESp.exe failed to start. (0XC009008A)
167/168:   %MISC SYM SERVER% restarted/failed to start.

I've updated the def's sucessfully and rebooted the server thereafter.  No fix.

The only way to get up and running again is if I turn Auto-Protect off.  Once I rip out the entire product and reinstall, it works fine for about a week before the same problem happens/same fix.  I'm literally configuring it the exact same way each time.

I'm wondering if my quarantine limits are obstructing something...but they're all defaulted and I have it set up to alert me when any problem occurs with the limits.  I have received quarantine limit emails but never when Auto-Protect crashes.

Discussion Filed Under:

Comments 7 CommentsJump to latest comment

gsmith-violyco's picture
Anyone else with this issue?  Having the exact same problem, occurring directly after some hourly RapidRelease updates.  It clears itself with subsequent updates.  Does this mean the downloads are corrupt?  Is there a way to refresh the Virus Definitions database?
 
 
HammerData's picture

Anytime you manually run a live-update it should(key word) overwrite the last set of updates.  In my configuration I never even turned on the rapid-release.  Only had it configured to receive the weekly "gold-tested" by a monkey release, which means a load of poo to me now. 

After the 4th time through that little cycle of mine, the product wouldn't even come back to life.  Same problem even after a complete uninstall/reinstall.  I ended up just giving up on the Symantec product altogether.  I've always had horrible support experiences with them anyway.  Given that we only invested in a trial, Symantec won't support their product at all even after I agreed to buy it only if they could fix their trial.  Obviously, if the trial product crashed hard there's no way in hell we're going to purchase that.  If Symantec had helped us get that fixed, they would have had our $$$ months ago.

If someone out there is smarter than the average monkey, please enlighten the both of us b/c I did love this product....if it could stay afloat longer than 1 week.

mgriba's picture
Did anybody ever get a resolution to this?  I am in the same boat and was able to repair it for about three days until it resurfaced.  Hoping somebody has a concrete solution.  Thank you.
Ernie DeVries's picture

A list of current updates is available at:  http://definitions.symantec.com/defs/

In addition to the error messages noted above, we noticed that we were getting sequentially numbered virusdef folders in C:\Program Files\Common Files\Symantec Shared\definitions\AntiVirus.  We appeared to be getting approximately 1 per second.

In our case the following fixed the issue at least temporarily without re-installing the product.

Stop the Symantec mail services, and disable realtime file protection within the SAV client.

Delete the contents of C:\Program Files\Common Files\Symantec Shared\definitions\AntiVirus\incoming.
Delete the newly created Virusdefsxxxx folders.

Restart the services, and realtime protection.  Instruct SMS to update.





Ernie DeVries's picture

The same problem occurred again after the update we received at 1:00 p.m. MST on 17Feb08.  This procedure again fixed the problem, with one modification.  "Enable auto-protect" is grayed-out on the SAV system tray icon so I was not able to disable/enable it as outlined above.  Apparently that step is not necessary.

BlackFog's picture

@Ernie DeVries: Thx worked for me!

Btw: while such operations I recommend always stopping/killing the affected services before!

I found two strange things
First regarding
C:\Program Files\Common Files\Symantec Shared\definitions\AntiVirus\VirusDefs

The contents of the virus definition folder "VirusDefs" was not equal in size (21.7 MB) as the new created "VirusDefs00000001" (55.6 MB) from a "Run LiveUpdate Certfied Definitions"  but stated from SMSMSE as equal definitions (you have the most recent definitions). So I stopped SMSMSE again and exchanged VirusDefs with the new downloaded once (but kept the old for backup purpose). SMSMSE seems to be happy with the "new" definitions, too.

Second regarding:
C:\Program Files\Common Files\Symantec Shared\VirusDefs
I also cleaned the contents of it and let it recreate with an Intelligent Updater (probably with a LUALL, too). The directory size here is smaller then the old one like above but SEP seems to be happy too.

This Exchange server was upgraded from SAV 10.1 and SMSMSE 5.0 to SEP 11MR1 and SMSMSE 6.0.4.209.


JT2's picture
Hi..
 
Thanks...
 
This solution solved the problem, but only temporarily.. It happens like once every two weeks...  any idea from Symantec why this happens?
 
Best regards...