Endpoint Protection

 View Only

  • 1.  Linux - Symantec Antivirus client 1.0.6.10

    Posted Jul 06, 2011 12:55 PM

    Does anyone out there run the Symantec AV client on a Linux server?

    Is there a procedure available similar to Windows to clear corrupted AV defs? Has anyone seen this?

    Also is there a way to check if Liveupdate is running and to disable it?

    I have to update the AV defs manually. Updated AV defs last week and now the Symantec AV client status is disabled and will not enable. Suspect corrupted AV defs.

    From in the /opt/Symantec/Liveupdate folder there are tmpluxxx.lck files

    /opt/Symantec/virusdefs folder there are files,

    201106016.005

    20110629.002

    tmpxxxxxxda

    tmpxxxxxxcae

    Opening the AV client Progarm versions section is empty, Virus Definition file section is empty, and the Status section has Autoprotect: Disabled, RTV scan: Disabled and Scan: Unknown Status

     

     

     

     



  • 2.  RE: Linux - Symantec Antivirus client 1.0.6.10
    Best Answer

    Posted Jul 06, 2011 01:51 PM

    You can remediate SAVFL definitions with the following document. 

    How to remediate virus definitions in Symantec Antivirus for Linux (SAVFL) 1.0.x

    http://www.symantec.com/docs/TECH93435

     

     



  • 3.  RE: Linux - Symantec Antivirus client 1.0.6.10



  • 4.  RE: Linux - Symantec Antivirus client 1.0.6.10

    Posted Jul 06, 2011 02:23 PM

    Couple things.

    1) He would be compiling the AutoProtect kernel module, not the kernel. There is a difference and that can get confusing.

    2) The symptoms the OP describes don't point at it being an AutoProtect issue. As mentioned, rtvscan is reporting as disabled as well and there are no defs listed. This should remain the same even if the AutoProtect module was removed completely.

    3) The link you sent is for compiling on Ubuntu. The OP doesn't state what distribution he is on. There is a guide for compiling the kernel module at http://www.symantec.com/docs/TECH132773 I recommend this over other docs as it attempts to be a comprehensive guide to compiling the module on multiple Linux distributions. That said, I might be a bit bias as I wrote it :)

    4) I would also recommend updating to a newer version of SAVFL. The OP states he is on 1.0.6 and the latest version is 1.0.11 (released last month)



  • 5.  RE: Linux - Symantec Antivirus client 1.0.6.10

    Posted Jul 06, 2011 03:29 PM

    Thnaks thomas_m your solution at http://www.symantec.com/docs/TECH93435 did work for one of the servers. The other server is still giving the symptom I mentioned earlier after trying fix.

    Any idea about the .lck files in the /opt/Symantec/Liveupdate folder?

    I'll try your second fix and pass that on.



  • 6.  RE: Linux - Symantec Antivirus client 1.0.6.10

    Posted Jul 07, 2011 06:54 AM

    After checking this morning on the second problem server and running through the remediate AV defintions fix noticed the syncfgd and rtvscand daemons were not starting. Decided to reboot the server and when it came up Symantec client was up and running.

    These servers have been running just fine for over a year on this SAV and updating defs with no issues. I'm not sure of the need to compile the autoprotect kernel, maybe updating the client would have been the next attempt.

    Thanks for your help thomas_m and Rafeeq.