Endpoint Protection

 View Only
Expand all | Collapse all

SAVFL Updating Issue

  • 1.  SAVFL Updating Issue

    Posted Aug 09, 2011 10:52 AM

    Hi,

    I've installed the SAVFL 1.0.9 rpms (sav & jlu) from the SEP 11 DVD on a RedHat 5 machine.
    I configured the /etc/liveupdate.conf to pull updates from my internal Liveupdate server.
    At first It didn't work and I found a solution in this forum - https://www-secure.symantec.com/connect/forums/issue-liveupdate-upgrading-sep-javalangnullpointerexception

    After deleting the relevent files the action (sav liveupdate -u) was completed but no succesfully as the definitions were not updated.
    In the log file I see the update has began and even started downloading the updates from the correct repository however stopped after a few kb.
    The definitions were not updated.

    After each update command /etc/liveupdate.conf seems to be overwritten with blank data for some reason
    Also I wasn't able to run "sav info -d" since I installed the RPMs, It just stalls and nothing happens.

    Any ideas? I need to get this machine updated ASAP!!

     

    Thanks



  • 2.  RE: SAVFL Updating Issue



  • 3.  RE: SAVFL Updating Issue

    Posted Aug 09, 2011 11:27 AM

    Is that a one time procedure?
    I did most of what's written but didn't use the Intelligent Updater shell script since I want the machine to be updated from the internal live update.



  • 4.  RE: SAVFL Updating Issue

    Posted Aug 09, 2011 11:34 AM

    Once the Liveupdate files are cleared; try running the Lu again; can you check in the LU logs ; what does it say?

    Is LU closed by any firewall, is it open?



  • 5.  RE: SAVFL Updating Issue

    Posted Aug 09, 2011 02:14 PM

    JavaLiveUpdate is a pretty robust little program, but it does require a few things (most notably, Sun Java not Open Source Java). I've sent you a PM with into to download the SAVFL Support tool, can you run that and then send me the log file.



  • 6.  RE: SAVFL Updating Issue

    Posted Aug 10, 2011 05:21 AM

    "Thumbs up" for the recommendation to use this tool. It is a great way to ensure that definitions ar ebrought up-to-date.

    Just to confirm: IU is a one time update.



  • 7.  RE: SAVFL Updating Issue

    Posted Aug 10, 2011 05:26 AM

    Hi Igor,

    Just to rule a few things out: which internal LU tool are you using, and how have you configured it?  Here is a good article on LUA 2.x:

    Configuring LiveUpdate Administrator 2.x to Download and Distribute Symantec Antivirus for Linux ContentsArticle: TECH152311
    http://www.symantec.com/docs/TECH152311

    Also see:

    Best Practices for LiveUpdate Administrator (LUA) 2.x
    Article: TECH93409
    Article URL http://www.symantec.com/docs/TECH93409

    Definitely make sure that you are using LUA 2.3 and distributing the content correctly. 

    Thanks and best regards,

    Mick

     



  • 8.  RE: SAVFL Updating Issue

    Posted Aug 15, 2011 04:51 AM

    Tried it..

    After the "intelligent" script ends successfully the virusdefs/incoming folder remains empty and non of the definition files is populated with data.
    I tried to debug it and saw that the new definition are indeed written to the incoming folder but are immediately deleted.
    And of course the "sav info -d" gives me nothing..

    Why are the files deleted?
    Same thing happens with the /etc/liveupdate.conf that becomes blank after each "sav liveupdate -u"..

     

    What's going on??
     



  • 9.  RE: SAVFL Updating Issue

    Posted Aug 15, 2011 04:53 AM

    Hey thomas,
    I saw your message unfortunatly I can't send you the log due to company policy..



  • 10.  RE: SAVFL Updating Issue

    Posted Aug 15, 2011 06:53 AM

    I've verified that the liveupdate server has the savfl in the product catalog.
    I ran "sav liveupdate -u" again. The liveupdate log seemed ok, managed to download the parts and all..

    However in /var/log/messages I get errors such as:

    navdefutil: CDefUtil::GetNewesDef(): Missing DEFINFO.DAT
    navdefutil: Missing USAGE.DAT; RebuildUsageFile() failed as well

    And as I said even before I tried to update the AV I couldn't run "sav info -d" and got the following message in the /var/log/messages:
    rtvscand: Symantec Anti-Virus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definition are downloaded to this computer.

     

    Any ideas?



  • 11.  RE: SAVFL Updating Issue

    Posted Aug 15, 2011 08:55 AM

    Does the server have access to the Internet?

    Can you verify that SAVFL is properly installed by updating it from the Internet first?

    I assume you have changed your JCE files as per http://www.symantec.com/docs/TECH96651 ?



  • 12.  RE: SAVFL Updating Issue

    Posted Aug 15, 2011 10:33 AM

    Unfortunatly the server is not connected to the Internet so I can't update it from the internet first.

    Never heard about JCE...We don't seem to have on the linux machine.
    What does it do and is it relevant for the linux installation since all the examples are for win machines?



  • 13.  RE: SAVFL Updating Issue

    Posted Aug 22, 2011 11:24 AM

    JCE is required for Java LiveUpdate to function correctly. It is the Java Cryptography Extensions that allow encrypting and decrypting of the liveupdate.conf file. It is the reason you are seeing this

    After each update command /etc/liveupdate.conf seems to be overwritten with blank data for some reason

    You need to install the JCE policy files into the lib/security sub-directory of the Java installation (not to mention that Sun (Oracle) Java is required, not Open Source Java as is shipped with most Linux distros). I recommend installing the Sun Java in the /opt/Symantec directory, installing the JCE files, then pointing JAVA_HOME in /etc/Symantec.conf to the correct version of Java.

     

    Also I wasn't able to run "sav info -d" since I installed the RPMs, It just stalls and nothing happens.

    This is likely happening due to a LiveUpdate process that is currently running. I've seen these hang in the past. Check your processes that are running and if you see any liveupdate processes (it would be a fairly lengthy java process that has liveupdate in the name) then kill it and remove the lock and tmp files from the liveupdate directory. 



  • 14.  RE: SAVFL Updating Issue

    Posted Aug 22, 2011 11:31 AM

    not sure what happened there, I might to paste this URL http://www.symantec.com/business/support/index?page=content&id=TECH150596&actp=search&viewlocale=en_US&searchid=1314026979577

    Thomas's post below also covers this.  You MUST have JCE installed properly, otherwise it SAVFL and LiveUpdate won't work properly.