Protection Engine for Cloud Services

 View Only

  • 1.  Malformed Container Violation

    Posted Apr 13, 2012 11:37 AM

    Hi,

    We are using the Symanetc Scan engine version 5.2.11.131. I tried creating a simple docx and xlsx files (files attached). They both get flagged for 'Malformed Container Violations' and are flagged as infected. We have the 'Blocked Malformed Container' option checked.

    Out of a total of 91 files scanned till date (API was installed on April 7,2012) 61 files were flagged for this violation. We are still in the dev environment and know that these files are clean.

    Please suggest a way out. What are the implications of unchecking the 'Blocked Malformed Container' option.

    thanks,

    Vineeta

     

     

     

    Attachment(s)

    docx
    Testviruscan1.docx   12 KB 1 version
    docx
    TestVirusScan2.docx   12 KB 1 version


  • 2.  RE: Malformed Container Violation

    Posted Apr 13, 2012 12:18 PM

    Greetings,

    That is very odd behavior for scan engine.  We do see unscannables for container violations and typically not for malformed container for MS created documents.

    I suspect that you may be having issues with compressed files such as .zips.  The 2007-2010 office documents with the x extension are just zip files.

    I would recommend to make sure that definitions have been updated.  I have seen with other Symantec products where the product can load definitions, but some of the data is corrupt causing oddities in scanning for different file types.

    Please review the following document for repairing definitions.

    How to apply Intelligent Updater virus definitions manually to Symantec Scan Engine 5.x

    http://www.symantec.com/business/support/index?page=content&id=TECH90925



  • 3.  RE: Malformed Container Violation

    Posted Apr 13, 2012 02:39 PM

    I enabled setup-iu.bat and our server can access the internet so it must be getting updates on virus information. I still have the same issue.

    I uncheked all the malformed container options from the admin console but still get the same error. Looks like some other issue.

    This is a trial version we are using right now. Not sure if that has any thing to do with the issue.

    Do you recommend reinstalling the scan engine? Some files do come back clean.

    Vineeta

     

     



  • 4.  RE: Malformed Container Violation

    Posted Apr 16, 2012 09:31 AM

    setup-iu does not enable the scan engine to access the internet. It enables to shadow defintions from some versions of Symantec AntiVirus and SEP on a 32bit platform. If you are running windows 2003 and SEP 11 or SAV 10 or earlier Scan Engine will be able to use those defintions with out needing to run live update. Otherwise Scan Engine will need to run liveupdate.