Protection Engine for Cloud Services

If the scan engine is quite busy this could cause this behavior but otherwise I would tend to suspect the network.

Hi Kris,

I would say you could start off by taking a network packet capture from the client sending the request (it looks like the client is not local to the scanner), and review ther packet capture during the times the error occurred.  This way you can confirm if it is an issue with Scan Engine just not responding to the client's scan request in time, or possible something else is happening on the client (for example it was not able to open a socket).

Thanks,
Ben

Hello experts,

I am evaluating the product by running few tests on certain file systems, on one occasion the scan process reported 2 errors:

==================================================================================

    Virus scan process began : Fri Oct 14 10:07:00 2011
Virus scan process completed : Fri Oct 14 19:02:12 2011

        Defs Version = 20110518.036
 Commandline Scanner = 4.3.2.19
             Elapsed = 32111.8750

      Files Excluded = 0
       Files Scanned = 2162681
 Directories Scanned = 1002
Directories Excluded = 0
       Files Skipped = 0
    Files Scan Error = 2
      Files Infected = 0

Error list:

Error processing file /objective/data1/volume1/doc/395/A2218395.3
Error processing file /objective/data1/volume1/doc/395/A2218395.4

===================================================================================

However these 2 files were marked as cleaned by another anti-virus product, they are not corrupted either, their file permission/attributes are same as other files on same directory.  What would be the possible cause?

BTW, files A2218395.1 and A2218395.2 had no error in scan.

Another issue is: I downloaded and installed the anti virus updates package (20111010-020-unix.sh) from FTP site, then restarted the scan engine, however the  "Defs Version" is still showing older version, am I missing any steps?  

Thank you in advance.

I tried to manaully download defs as well,

Just rememeber, these are in a different location to the normal SEP clients.

I.e.2008 > c:\Program Data\Symantec\Java LiveUpdate\Downloads

I also do not know why intellignet updaters does not detect this directroy - maybe you need to copy and run from the dir?

Scan Engine is not fully compatible with a 64-bit environment. On a 32-bit operating system, definitions are saved to C:\Progam Files\Common Files\Symantec Shared\VirusDefs. Scan Engine is hardcoded to only look here for the shared definitions site. Intelligent Updater knows that on a 64-bit operating system, 32-bit definitions are stored in C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs. Intelligent updater doesn't see any product using that directory, so it says no products found.

Please follow this document to manually drop the definitions into the directory Scan Engine is looking for them:

http://www.symantec.com/business/support/index?page=content&id=TECH98065

Thats great - thanks fo the detailed explanantion!

Makes sense now.