Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SAV for Linux: Virus definitions not reported as being updated

  • 1.  SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 04, 2013 07:28 AM

    I am using Ubuntu 12.10 (Precise Pangolin), 64-bit, English with the latest kernel version 3.5.0.23-generic. (Note: I had to remove the outdated Autoprotect kernel modules and compile new ones to be compatible with the new kernel version.)

    The version of SAV for Linux installed is 1.0.14.13 with the scan engine version 121.3.0.78

    I use the SAVFL GUI or icon to initiate a liveupdate session. It downloaded the latest virus definitions which for today is February 2, 2013. However the date still remains as 02/01/2013.

    I issued the command: sav info --defs to confirm the date of the virus definitions. And it is still 02/01/2013 when it should be 02/02/2013.

    Could someone tell me how to resolve the above issue?



  • 2.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 04, 2013 07:33 AM

    Check this article by Mick as it has some troubleshooting for this issue:

    https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-3

    Symantec AntiVirus for Linux (SAVFL) client fails to update definition through LiveUpdate

    Article:TECH93974  |  Created: 2009-01-12  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/TECH93974

    Did this just start?



  • 3.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 04, 2013 09:49 AM

    The article by Mick2009 that you referred to does not resolve my issue.



  • 4.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 05, 2013 05:41 AM

    Hi BCBIT,

    Good to see that SAVFL admins are keeping a close eye on any failures or irregularities- too often definition trouble goes for weeks or months in an organization before it is noticed.

    This article has a great section on how to get a debug JLU log:

    Troubleshooting Java LiveUpdate 3.x
    Article URL http://www.symantec.com/docs/TECH123310 
     

    In brief: run this command: java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate –d  and then the liveupdt.log will have extra detailed infromation about downloading and applying definitions.  If there are any errors in there, feel free to post/attach the log to your thread and some experts here in the forum may be able to spot any points of failure.

    All the best,

    Mick

     



  • 5.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 05, 2013 02:40 PM
      |   view attached

    @ Mick2009

    Please find attached the liveupdt.log file for your necessary action. I have saved it in ODT format.

    Thanks in advance.

    Attachment(s)

    odt
    liveupdt.odt   85 KB 1 version


  • 6.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 06, 2013 05:40 AM

    Cheers BCBIT!  Here is what I am seeing....

    At the start of this most recent run, the current defs were dated Feb 5 2013, revision 3. 

    Feb 6, 2013 3:23:24 AM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, HubDefs, 0
    Feb 6, 2013 3:23:24 AM   Avenge MicroDefs25 SavCorp10 Linux, MicroDefsB.CurDefs, SymAllLanguages, CurDefs, 130205003

    It's a little odd that there's no date listed for the HubDefs.  Also, the date for CurDefs briefly disappeared a time or two recently:

    Jan 31, 2013 2:58:53 AM   Avenge ... CurDefs, 130130004
    Jan 31, 2013 3:10:43 AM   Avenge ... CurDefs, 130130004
    Feb 2, 2013 6:34:44 AM   Avenge ... CurDefs, 130130004
    Feb 2, 2013 6:34:59 AM   Avenge ... CurDefs, 0
    Feb 2, 2013 6:34:59 AM   Avenge ... CurDefs, 130201004
    Feb 4, 2013 7:19:26 PM   Avenge ... CurDefs, 130201004
    Feb 4, 2013 7:20:53 PM   Avenge ... CurDefs, 0
    Feb 4, 2013 7:20:53 PM   Avenge ... CurDefs, 130203009
    Feb 6, 2013 3:21:02 AM   Avenge ... CurDefs, 130203009
    Feb 6, 2013 3:23:24 AM   Avenge ... CurDefs, 130205003
     

    The fact that the CurDefs date has been changing upwards does show successful download and processing of those definitions, though.  This SAVFL client is updating its definitions, regardless of what the GUI indicates.

    This is a success:

    Feb 6, 2013 3:21:03 AM Making /tmp/1360092062158/1360092063904/navupcur.dis executable ...
    Feb 6, 2013 3:21:03 AM Running /tmp/1360092062158/1360092063904/navupcur.dis ...
    Feb 6, 2013 3:21:03 AM Selection.updateSequenceNumber: SEQ.CurDefs=130205003
    Feb 6, 2013 3:21:03 AM Selection.updateItemName: NAME.CurDefs=Virus Definitions
    Feb 6, 2013 3:21:03 AM Selection.updateLastUpdateTimestamp: TIMESTAMP.CurDefs=1360092063985
    Feb 6, 2013 3:21:03 AM Selection.updateDescription: DESCRIPTION.CurDefs=Symantec AntiVirus Definitions
    Feb 6, 2013 3:21:03 AM
    Feb 6, 2013 3:21:03 AM The Java LiveUpdate session has completed successfully.
    Feb 6, 2013 3:21:03 AM Return code = 0
     

    If the GUI or ./sav info -d is showing a different date, then you may wish to follow steps in the following article.  I can confirm that the latest protection is in place, though.

    How to remediate virus definitions in Symantec Antivirus for Linux (SAVFL) 1.0.x
    http://www.symantec.com/docs/TECH93435 
     

    Please do update this thread with your progress!  &: )



  • 7.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 06, 2013 07:14 AM

    @ Mick2009

    Thanks for your reply and taking the time to look into my issue.

    If the GUI or ./sav info -d is showing a different date, then you may wish to follow steps in the following article.  I can confirm that the latest protection is in place, though.

    I am glad that the latest protection is in place as per your confirmation.

    I wish to let you know that it is the GUI and the ./sav info -d showing a different date that prompted me to post on this forum in the first place.

    I shall keep you updated as soon as I work on the steps outlined in "How to remediate virus definitions in Symantec Antivirus for Linux (SAVFL) 1.0.x"



  • 8.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 08, 2013 06:07 AM

    Hi BCBIT,

    Just a ping to see how that remediation steps went and if the defs displayed is now accurate. 

    With the best regards,

    Mick



  • 9.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 11, 2013 11:21 AM

    Updating this thread with a minor observation: one of my own SAVFL clients was behaving in a similar fashion.  Immediately what liveupdt.log confirms is a successful LiveUpdate session, sav info -d  still displayed an old definitions date.  Checking again a few minutes later, the correct (updated) defs date was displayed.  So, this older date can be shown while post-session processing is still under way.   



  • 10.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 12, 2013 04:33 PM

    Updating this thread with a minor observation: one of my own SAVFL clients was behaving in a similar fashion.

    Would you consider the above to be a bug and perhaps fix it before Symantec releases an update to SAV for Linux?



  • 11.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Feb 13, 2013 04:35 AM

    If this temporary delay in reporting the latest defs is a bug, it would be a low-priority cosmetic one.  Security is the main focus.

    There are some cool developments underway in the Linux arena.  I am not at liberty to comment on the roadmap, but those votes in the Ideas section of Connect seem to have been heard.  More news in due course......  



  • 12.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted Mar 08, 2013 02:20 AM

    This new article may be of interest to followers of this thread...

    SAV for Linux: A (Somewhat) Illustrated Guide Part 4: SAVFL Reporter
    https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-4-savfl-reporter



  • 13.  RE: SAV for Linux: Virus definitions not reported as being updated

    Posted May 06, 2013 10:43 PM

    How big is the definition files normally for your SAVFL ?