Video Screencast Help

SAVFL Updating Issue

Created: 09 Aug 2011 | 13 comments

Hi,

I've installed the SAVFL 1.0.9 rpms (sav & jlu) from the SEP 11 DVD on a RedHat 5 machine.
I configured the /etc/liveupdate.conf to pull updates from my internal Liveupdate server.
At first It didn't work and I found a solution in this forum - https://www-secure.symantec.com/connect/forums/issue-liveupdate-upgrading-sep-javalangnullpointerexception

After deleting the relevent files the action (sav liveupdate -u) was completed but no succesfully as the definitions were not updated.
In the log file I see the update has began and even started downloading the updates from the correct repository however stopped after a few kb.
The definitions were not updated.

After each update command /etc/liveupdate.conf seems to be overwritten with blank data for some reason
Also I wasn't able to run "sav info -d" since I installed the RPMs, It just stalls and nothing happens.

Any ideas? I need to get this machine updated ASAP!!

 

Thanks

Comments 13 CommentsJump to latest comment

Igor.liv's picture

Is that a one time procedure?
I did most of what's written but didn't use the Intelligent Updater shell script since I want the machine to be updated from the internal live update.

Mick2009's picture

"Thumbs up" for the recommendation to use this tool. It is a great way to ensure that definitions ar ebrought up-to-date.

Just to confirm: IU is a one time update.

With thanks and best regards,

Mick

Igor.liv's picture

Tried it..

After the "intelligent" script ends successfully the virusdefs/incoming folder remains empty and non of the definition files is populated with data.
I tried to debug it and saw that the new definition are indeed written to the incoming folder but are immediately deleted.
And of course the "sav info -d" gives me nothing..

Why are the files deleted?
Same thing happens with the /etc/liveupdate.conf that becomes blank after each "sav liveupdate -u"..

 

What's going on??
 

Rafeeq's picture

Once the Liveupdate files are cleared; try running the Lu again; can you check in the LU logs ; what does it say?

Is LU closed by any firewall, is it open?

thomas_m's picture

JavaLiveUpdate is a pretty robust little program, but it does require a few things (most notably, Sun Java not Open Source Java). I've sent you a PM with into to download the SAVFL Support tool, can you run that and then send me the log file.

Symantec Technical Support Engineer, SEP, SAV for Linux<

Igor.liv's picture

Hey thomas,
I saw your message unfortunatly I can't send you the log due to company policy..

Mick2009's picture

Hi Igor,

Just to rule a few things out: which internal LU tool are you using, and how have you configured it?  Here is a good article on LUA 2.x:

Configuring LiveUpdate Administrator 2.x to Download and Distribute Symantec Antivirus for Linux ContentsArticle: TECH152311
http://www.symantec.com/docs/TECH152311

Also see:

Best Practices for LiveUpdate Administrator (LUA) 2.x
Article: TECH93409
Article URL http://www.symantec.com/docs/TECH93409

Definitely make sure that you are using LUA 2.3 and distributing the content correctly. 

Thanks and best regards,

Mick

 

With thanks and best regards,

Mick

Igor.liv's picture

I've verified that the liveupdate server has the savfl in the product catalog.
I ran "sav liveupdate -u" again. The liveupdate log seemed ok, managed to download the parts and all..

However in /var/log/messages I get errors such as:

navdefutil: CDefUtil::GetNewesDef(): Missing DEFINFO.DAT
navdefutil: Missing USAGE.DAT; RebuildUsageFile() failed as well

And as I said even before I tried to update the AV I couldn't run "sav info -d" and got the following message in the /var/log/messages:
rtvscand: Symantec Anti-Virus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definition are downloaded to this computer.

 

Any ideas?

Paul Murgatroyd's picture

Does the server have access to the Internet?

Can you verify that SAVFL is properly installed by updating it from the Internet first?

I assume you have changed your JCE files as per http://www.symantec.com/docs/TECH96651 ?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Igor.liv's picture

Unfortunatly the server is not connected to the Internet so I can't update it from the internet first.

Never heard about JCE...We don't seem to have on the linux machine.
What does it do and is it relevant for the linux installation since all the examples are for win machines?

Paul Murgatroyd's picture

not sure what happened there, I might to paste this URL http://www.symantec.com/business/support/index?page=content&id=TECH150596&actp=search&viewlocale=en_US&searchid=1314026979577

Thomas's post below also covers this.  You MUST have JCE installed properly, otherwise it SAVFL and LiveUpdate won't work properly.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

thomas_m's picture

JCE is required for Java LiveUpdate to function correctly. It is the Java Cryptography Extensions that allow encrypting and decrypting of the liveupdate.conf file. It is the reason you are seeing this

After each update command /etc/liveupdate.conf seems to be overwritten with blank data for some reason

You need to install the JCE policy files into the lib/security sub-directory of the Java installation (not to mention that Sun (Oracle) Java is required, not Open Source Java as is shipped with most Linux distros). I recommend installing the Sun Java in the /opt/Symantec directory, installing the JCE files, then pointing JAVA_HOME in /etc/Symantec.conf to the correct version of Java.

 

Also I wasn't able to run "sav info -d" since I installed the RPMs, It just stalls and nothing happens.

This is likely happening due to a LiveUpdate process that is currently running. I've seen these hang in the past. Check your processes that are running and if you see any liveupdate processes (it would be a fairly lengthy java process that has liveupdate in the name) then kill it and remove the lock and tmp files from the liveupdate directory. 

Symantec Technical Support Engineer, SEP, SAV for Linux<