Symantec Scan Engine (SSE) / Protection Engine (SPE) does not start on your Linux / Solaris server and the ScanEngineAbortLog.txt reports "400 CSAPI failed to initialize"

Article:TECH212465  |  Created: 2013-11-13  |  Updated: 2014-04-18  |  Article URL http://www.symantec.com/docs/TECH212465
Article Type
Technical Solution


Issue



The "symcscan" daemon for the SSE / SPE product will not stay running, and in the /opt/SYMCScan/ScanEngineAbortLog.txt file the following error appears.


Error



2013/11/13-12:01:36 400 CSAPI failed to initialize.
2013/11/13-12:01:36 0 Scan Engine is shutting down; logs may contain more information


Cause



The virus definitions which our product is attempting to use are corrupt, and our product is unable to start.


Solution



Before proceeding please download the latest virus definitions for your platform / product from the following site either directly to the affected box, or to media that you will use on this server.
- http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=cs

Be sure that you are logged in to the affected Protection Engine / Scan Engine box as "root" to perform the manual virus definition repair.

Please perform the following manual recovery steps:
1. Verify that the "symcscan" daemon is stopped by executing the following command: /etc/init.d/symcscan stop
2. Delete all the contents in the folders in the /opt/SYMCScan/bin/definitions/AntiVirus folder: for example  tmpIncoming, Incoming, and VirusDefs but do not delete these folders, only the VirusDefs*** numbered folders.
3. Edit the /opt/SYMCScan/bin/liveupdate.xml file in vi, and change the value under the <schedules> tag to: <enabled value="false"/>
4. From the command-line interface change directories to /opt/SYMCScan/bin/definitions/AntiVirus folder
-- execute the following command: ./setup-iu.sh enable
-- this step creates the /opt/Symantec/virusdefs/incoming folder and ensures that Symantec Scan Engine actively checks the incoming folder for new definitions and applies them.
5. From the command-line interface, navigate to the local folder containing the downloaded Intelligent update virus definitions, and execute the following:
-- for example our file is "20131113-001-unix.sh"
--- chmod 777 20131113-001-unix.sh
--- ./20131113-001-unix.sh
-- these steps make the file executable and extracts the virus definitions to the "/opt/Symantec/virusdefs/incoming" folder.
6. Change directories /opt/SYMCScan/bin/definitions/AntiVirus/VirusDefs folder and execute the following commands.
-- the steps below shows the "testuser" example account that was used during the install of the product
***Please be sure to substitute the actual account used in your environment***
-- cp /opt/Symantec/virusdefs/incoming/*.* .
-- touch CSAPIdefsutils.liveupdate
-- chmod 600 *.*
-- chmod 660 CSAPIdefsutils.liveupdate
-- chown testuser *.*
-- chgrp testuser *.*
7. Start the Scan Engine / Protection Engine Service with the following command: /etc/init.d/symcscan start
8. Verify that the "symcscan" daemon is now able to run by executing the following command:  ps -eaf|grep symcscan|grep -v grep
9. If the virus definition issue is resolved; please stop the service, change the items in Step #3 to <true>  and Step #4 to disabled, to once again receive virus definitions via the Java LiveUpdate process.

If the steps above do not resolve the error / issue then the only recourse is to remove the product, delete the program folder, and re-install.




Article URL http://www.symantec.com/docs/TECH212465


Terms of use for this information are found in Legal Notices