Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SBG 8.0.3 Can't Update Virus Definitions

Created: 16 Dec 2009 • Updated: 21 May 2010 | 19 comments
This issue has been solved. See solution.

I have an instance of SBG 8.0.3 which has not successfully updated its virus defintions via LiveUpdate since November 13th.  The gateway appears to be functioning properly otherwise.  I applied to update to 8.0.3 a few days ago to see if that would resolve the problem.  It has not.

The JLU Controller log is showing "The JLU process appears to be hanging and will be terminated".  I have confirmed that I have HTTP access to liveupdate.symantec.com from the gateway command line.  I have also adjusted the timeout period and update frequency to 1 hour with a 30 minute timeout - no change.

Any advice or guidance would be appreciated,

Thanks,

Comments 19 CommentsJump to latest comment

Thomas K's picture

Please see if this Symantec KB resolves your issue.

Error: The JLU process appears to be hanging and will be terminated.

http://service1.symantec.com/support/ent-gate.nsf/...

Best,
Thomas

AdnanH's picture

Seems like you have already looked at the following KB:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/...

Have you already tried restarting the LiveUpdate service?  If yes, then continue reading...

If you can confirm that the symptoms described in the following KB apply to your situation, then it's a known issue and you can contact Technical Support to see if they can provide a workaround:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/...

But if the symptoms do not match that of the above KB, then I suggest increasing the timeout futher (you can go as high as 90 minutes); may be the connection is really slow and it's taking longer to udpate the definitions.

Regards,

Adnan

arrow_203's picture

I've been trying to discover how to check the liveupdt.log file directly from the command line interface, to no avail.  How might I check that?

Also, the maximum timeout value is 60 minutes, which I have now configured up from 30.  I'll see what happens today.  Our Internet connection is 1.5 mbps, so I would think there should be plenty of bandwidth available for definition download.  If it doesn't clear up, I'll contact support. 

Thanks for your help.

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

TSE-JDavis's picture

Ouch, 1.5 Mbps is not good for a mail server, especially if you have users browsing the web on the same network.

There is no way for a user to access the liveupdt.log, it is locked out.

arrow_203's picture

1.5 mbps suffices just fine for now.

How am I supposed to determine if my symptoms match those stated in the KB if I can't read the liveupdt.log file???  Is it unavailable even using the support account?

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

TSE-JDavis's picture

May I ask what leads you to beleive 1.5Mpbs is sufficient? We have to download a 60Mb file for virus definitons and we also need to download 5-10Mb worth of data every 5-10 minutes for premium antispam rules. This is on top of any mail flowing in and any data users are pulling down.

I can barely watch Youtube or Hulu sometimes on my 1.5Mpbs connection at home.

arrow_203's picture

Because we don't allow streaming video or personal-related web browsing with our connection.

60 MB at 1.5 mbps takes ~5.3 minutes to download - plenty of margin there.

However, I would like to keep this discussion on topic.  I am fairly confident that definition downloads should be able to complete in the 60 minute window provided.

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

TSE-JDavis's picture

I would suggest changing your Liveupdate frequency to once per day and set it to some time after or before business hours and see what the results are.

AdnanH's picture

Mike, you can view liveupdt.log file using support account as follows:

tail /data/scanner/LiveUpdate/liveupdt.log

arrow_203's picture

The entirety of my JLU log is below.  I can't find any glaring errors...

[support@kscusbg LiveUpdate]$ cat liveupdt.log
Dec 18, 2009 9:00:04 AM Java LiveUpdate launched with the command line = --available-list /data/scanner/stats/jluzeGY0N [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ]
Dec 18, 2009 9:00:04 AM   SMS for SMTP Avenge Definitions for x86-redhat7.2, 5.0, SymAllLanguages, VirusDef, 0
Dec 18, 2009 9:00:04 AM Using character set UTF-8
Dec 18, 2009 9:00:04 AM Command-line Product Selections to update:
Dec 18, 2009 9:00:04 AM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Dec 18, 2009 9:00:04 AM Java Version 1.6.0_02.
Dec 18, 2009 9:00:04 AM Linux 2.6.28-9_smsprod
Dec 18, 2009 9:00:04 AM Java LiveUpdate version 3.6 Build 16.
Dec 18, 2009 9:00:04 AM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate
Dec 18, 2009 9:00:04 AM Inventory File Product Selections to update:
Dec 18, 2009 9:00:04 AM (ProdName, Version, Lang, ItemSeqName, SeqNum)
Dec 18, 2009 9:00:04 AM The property maxZipFileSize is not set in config file
Dec 18, 2009 9:00:04 AM The property maxZipFileSize in config file changed to 614,400
Dec 18, 2009 9:00:04 AM The property maxTriFileSize is not set in config file
Dec 18, 2009 9:00:04 AM The property maxTriFileSize in config file changed to 10,485,760
Dec 18, 2009 9:00:04 AM The property maxPackageSize is not set in config file
Dec 18, 2009 9:00:04 AM The property maxPackageSize in config file changed to 734,003,200
Dec 18, 2009 9:00:04 AM The property maxPackageContentSize is not set in config file
Dec 18, 2009 9:00:04 AM The property maxPackageContentSize in config file changed to 734,003,200
Dec 18, 2009 9:00:04 AM The property enableIPv4Preference is not set in config file
Dec 18, 2009 9:00:04 AM Checking to see if JLU can connect to its own listener thread.
Dec 18, 2009 9:00:04 AM Checking to see if a session of JLU is running at port 56820.
Dec 18, 2009 9:00:04 AM An active JLU session has been detected.
Dec 18, 2009 9:00:04 AM JLU was able to successfully connect to its own listener thread.
Dec 18, 2009 9:00:04 AM Failed to parse the cache meta data XML.
Dec 18, 2009 9:00:04 AM Not a problem. This exception occurs in some systems. Just ignore.
Dec 18, 2009 9:00:04 AM IdsServerLoggingError
Dec 18, 2009 9:00:04 AM Downloading minitri.flg to /tmp/jlu_downloads/1261155604414/minitri.flg ...
Dec 18, 2009 9:00:04 AM Connecting to liveupdate.symantecliveupdate.com:80 via HTTP ...
Dec 18, 2009 9:00:05 AM Connected to 77.67.111.202 sending request ...
Dec 18, 2009 9:00:05 AM Waiting for response ...
Dec 18, 2009 9:00:05 AM Content-Type of HTTP response for minitri.flg is text/plain
Dec 18, 2009 9:00:05 AM Receiving file ...
Dec 18, 2009 9:00:05 AM Transfer completed in 329 ms (793 bytes/sec)
Dec 18, 2009 9:00:05 AM Downloading sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip to /tmp/jlu_downloads/1261155604414/sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip ...
Dec 18, 2009 9:00:05 AM Connecting to 77.67.111.202 via HTTP ...
Dec 18, 2009 9:00:05 AM Connected to 77.67.111.202 sending request ...
Dec 18, 2009 9:00:05 AM Waiting for response ...
Dec 18, 2009 9:00:05 AM Receiving file ...
Dec 18, 2009 9:00:05 AM Transfer completed in 100 ms (33,380 bytes/sec)
Dec 18, 2009 9:00:05 AM The zip entry is liveupdt.tri
Dec 18, 2009 9:00:05 AM The zip entry is liveupdt.grd
Dec 18, 2009 9:00:05 AM The zip entry is liveupdt.sig
Dec 18, 2009 9:00:05 AM Unzipping sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip into /tmp/jlu_downloads/1261155604414/sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip1261155605243 ...
Dec 18, 2009 9:00:05 AM The zip file downloaded is a catalog file
Dec 18, 2009 9:00:05 AM Extracting liveupdt.tri
Dec 18, 2009 9:00:05 AM Total number of bytes read is 530
Dec 18, 2009 9:00:05 AM Extracting liveupdt.grd
Dec 18, 2009 9:00:05 AM Total number of bytes read is 1,794
Dec 18, 2009 9:00:05 AM Extracting liveupdt.sig
Dec 18, 2009 9:00:05 AM Total number of bytes read is 2,267
Dec 18, 2009 9:00:05 AM Unzipping completed
Dec 18, 2009 9:00:05 AM Loading root certificate
Dec 18, 2009 9:00:05 AM Setting certificate restrictions
Dec 18, 2009 9:00:05 AM Loading guard file:  /tmp/jlu_downloads/1261155604414/sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip1261155605243/liveupdt.grd
Dec 18, 2009 9:00:05 AM
Dec 18, 2009 9:00:05 AM The Java LiveUpdate session has completed successfully.
Dec 18, 2009 9:00:05 AM Return code = 0
Dec 18, 2009 9:00:05 AM
Dec 18, 2009 9:00:05 AM User in not an administrator so configuration will not be saved
============================================================
<IdsJluCommandLine><--available-list /2Fdata/2Fscanner/2Fstats/2FjluzeGY0N [ -p SMS for SMTP Avenge Definitions for x86-redhat7.2 -v 5.0 -l SymAllLanguages -t VirusDef ] >
<IdsJluCommandLineCharacterSet><UTF-8>
<IdsPVLListing1>
<IdsPVLListing2>
<IdsJavaVersion><1.6.0_02>
<IdsJavaLiveUpdateVersion><3.6><16>
<IdsProductInventoryParsedDefault></2Fetc/2FProduct.Catalog.JavaLiveUpdate>
<IdsPVLListing3>
<IdsPVLListing2>
<IdsMaxSizeNull><maxZipFileSize>
<IdsMaxSizeChanged><maxZipFileSize><614400>
<IdsMaxSizeNull><maxTriFileSize>
<IdsMaxSizeChanged><maxTriFileSize><10485760>
<IdsMaxSizeNull><maxPackageSize>
<IdsMaxSizeChanged><maxPackageSize><734003200>
<IdsMaxSizeNull><maxPackageContentSize>
<IdsMaxSizeChanged><maxPackageContentSize><734003200>
<IdsEnableIPv4PreferenceNull><enableIPv4Preference>
<IdsJluSyncCheckCurrentSession>
<IdsJluSyncCheckPort><56820>
<IdsJluSyncCheckActive>
<IdsJluSyncCurrentSessionActive>
<IdsCacheStoreParseFail>
<IdsCacheNotaProblem>
<IdsDownloadMsg><minitri.flg></2Ftmp/2Fjlu_downloads/2F1261155604414/2Fminitri.flg>
<IdsHttpConnectionMsg2><liveupdate.symantecliveupdate.com><80><HTTP>
<IdsHttpConnectedMsg><77.67.111.202>
<IdsHttpWaitingMsg>
<IdsContentType><minitri.flg><text/2Fplain>
<IdsHttpReceivingFileMsg>
<IdsTransferCompleteMsg><329><793>
<IdsDownloadMsg><sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip></2Ftmp/2Fjlu_downloads/2F1261155604414/2Fsms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip>
<IdsHttpConnectionMsg><77.67.111.202><HTTP>
<IdsHttpConnectedMsg><77.67.111.202>
<IdsHttpWaitingMsg>
<IdsHttpReceivingFileMsg>
<IdsTransferCompleteMsg><100><33380>
<IdsZipEntryName><liveupdt.tri>
<IdsZipEntryName><liveupdt.grd>
<IdsZipEntryName><liveupdt.sig>
<IdsUnzipMsg><sms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip></2Ftmp/2Fjlu_downloads/2F1261155604414/2Fsms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip1261155605243>
<IdsZipFileIsCatalog>
<IdsUnzipExtract><liveupdt.tri>
<IdsTotalNumBytesRead><530>
<IdsUnzipExtract><liveupdt.grd>
<IdsTotalNumBytesRead><1794>
<IdsUnzipExtract><liveupdt.sig>
<IdsTotalNumBytesRead><2267>
<IdsUnzipComplete>
<IdsSecurityLoadingRootCert>
<IdsSecuritySetCertRestrictions>
<IdsSecurityGuardLoad></2Ftmp/2Fjlu_downloads/2F1261155604414/2Fsms$20for$20smtp$20avenge$20definitions$20for$20x86$2dredhat7.2_5.0_symalllanguages_livetri.zip1261155605243/2Fliveupdt.grd>
<IdsJavaSessionSuccess>
<IdsJavaSessionReturnCode><0>
============================================================
[support@kscusbg LiveUpdate]$

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

TSE-JDavis's picture

This looks like a successful liveupdate, It gathered its catalog files and then ended. It looks like it determined no update was needed. What are you seeing in your licensing screen in the Appliance interface?

arrow_203's picture
System Status
System
Current software version: 8.0.3-11
All scanners accessible: Yes
Hardware status: Details
Definitions
Spam definitions: 13 Minutes Ago
Spim definitions: 10 Minutes Ago
Virus definitions: 2009-11-13 (3)
Licenses
Premium Content Control: Expires 03-13-10
Spam and spim: Expires 03-13-10
Virus: Expires 03-13-10

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

TSE-JDavis's picture

When you run an nslookup on '77.67.111.202' what is returned? I can get resolution on this IP address so I'm not sure what it is connecting to. You would want to run this on the appliance's CLI.

arrow_203's picture

[support@kscusbg support]$ nslookup 77.67.111.202
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find 202.111.67.77.in-addr.arpa.: NXDOMAIN

[support@kscusbg support]$

I do have an internal DNS server configured for SBG to point to, it seems strange that it's using the localhost.

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

arrow_203's picture

*Bump*

Anybody have any ideas?  If not, I'll open up a support case and update about its progress here.

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

arrow_203's picture

Tracking under case 410-698-444

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

arrow_203's picture

Changing the update type to Rapid Response has cleared out the old definitions and has successfully updated to today's rapid response definitions.  I've set it back to standard LiveUpdate and will report back tomorrow with whether or not that clears it up...

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

arrow_203's picture

Brian at SSG has advised that this is related to the known issue posted above AdnanH.

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009092508584054?Open&seg=ent

Apparently the fix will be available with version 9.0 of SBG which is due out in a couple months.  The Rapid Release updates appear to be working properly in the meantime, so I'll leave it at that.

Thanks for your help everyone.

Mike
Network Analyst

"Any sufficiently advanced technology is indistinguishable from magic!"

SOLUTION
TSE-JDavis's picture

I'm not sure what SSG is, but I was talking with Brian about this case earlier. Adnan is a much higher level of support than we are so he is the most authoritative voice on here. I would suggest maybe marking him as the solution instead of yourself.