Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Linux - Symantec Antivirus client 1.0.6.10

Created: 06 Jul 2011 • Updated: 07 Jul 2011 | 5 comments
This issue has been solved. See solution.

Does anyone out there run the Symantec AV client on a Linux server?

Is there a procedure available similar to Windows to clear corrupted AV defs? Has anyone seen this?

Also is there a way to check if Liveupdate is running and to disable it?

I have to update the AV defs manually. Updated AV defs last week and now the Symantec AV client status is disabled and will not enable. Suspect corrupted AV defs.

From in the /opt/Symantec/Liveupdate folder there are tmpluxxx.lck files

/opt/Symantec/virusdefs folder there are files,

201106016.005

20110629.002

tmpxxxxxxda

tmpxxxxxxcae

Opening the AV client Progarm versions section is empty, Virus Definition file section is empty, and the Status section has Autoprotect: Disabled, RTV scan: Disabled and Scan: Unknown Status

 

 

 

 

Comments 5 CommentsJump to latest comment

thomas_m's picture

You can remediate SAVFL definitions with the following document. 

How to remediate virus definitions in Symantec Antivirus for Linux (SAVFL) 1.0.x

http://www.symantec.com/docs/TECH93435

 

 

Symantec Technical Support Engineer, SEP, SAV for Linux<

SOLUTION
thomas_m's picture

Couple things.

1) He would be compiling the AutoProtect kernel module, not the kernel. There is a difference and that can get confusing.

2) The symptoms the OP describes don't point at it being an AutoProtect issue. As mentioned, rtvscan is reporting as disabled as well and there are no defs listed. This should remain the same even if the AutoProtect module was removed completely.

3) The link you sent is for compiling on Ubuntu. The OP doesn't state what distribution he is on. There is a guide for compiling the kernel module at http://www.symantec.com/docs/TECH132773 I recommend this over other docs as it attempts to be a comprehensive guide to compiling the module on multiple Linux distributions. That said, I might be a bit bias as I wrote it :)

4) I would also recommend updating to a newer version of SAVFL. The OP states he is on 1.0.6 and the latest version is 1.0.11 (released last month)

Symantec Technical Support Engineer, SEP, SAV for Linux<

ggagnon's picture

Thnaks thomas_m your solution at http://www.symantec.com/docs/TECH93435 did work for one of the servers. The other server is still giving the symptom I mentioned earlier after trying fix.

Any idea about the .lck files in the /opt/Symantec/Liveupdate folder?

I'll try your second fix and pass that on.

ggagnon's picture

After checking this morning on the second problem server and running through the remediate AV defintions fix noticed the syncfgd and rtvscand daemons were not starting. Decided to reboot the server and when it came up Symantec client was up and running.

These servers have been running just fine for over a year on this SAV and updating defs with no issues. I'm not sure of the need to compile the autoprotect kernel, maybe updating the client would have been the next attempt.

Thanks for your help thomas_m and Rafeeq.