Hi Paul,
I think the overview dashboard of part AV & Malware database show message "warning" because only symantec av of last version pattern updated date was late than present time. We tried to change activate to kaspersky av, the dashboard was normal state. If we revert to symantec av, have the same issue.
We checked the both 2 boxes of ASG and on website broadcom symantect virus definations & security, the symantec av pattern was the same version.
ref:
https://www.broadcom.com/support/security-center/definitions?pid=5aa80d2f72a8e On broadcom symantect virus definations & security site:
On ASG2 (Activate kaspersky av, the dashboard AV & Malware database show status "OK"):
Best & regardsPongsatorn Laohavijitchan
Original Message:
Sent: 05-26-2020 02:57 AM
From: Paul Vilarino
Subject: Dashboard AV & Malware databases show message "warning"
Hi Pongsatorn
start by freeing up as much space as you can, old firmwares, troubeshooting logs, cores, and system logs, see if that helps
Original Message:
Sent: 05-25-2020 10:57 AM
From: Pongsatorn Laohavijitchan
Subject: Dashboard AV & Malware databases show message "warning"
Hi Paul,
I found many errors in cas.log. I think the ASG can download pattern but can't install.
This's log as the last successful download and install pattern of kaspersky on May 23 09:49:28. The issue occurred on May 23 13:51:02.
Cas log:
May 23 09:49:28 CAS avservice[12419]: 2020-05-23 09:49:28 (UTC),Kaspersky Labs on CAS successfully updated,AV version: 8.6.1.71,AV pattern version: 200523.074100.14837733,AV pattern date: 2020/05/23 07:41:00,
May 23 13:51:02 CAS avservice[12419]: 2020-05-23 13:51:02 (UTC),Kaspersky Labs on CAS successfully updated,AV version: 8.6.1.71,AV pattern version: 200523.122000.14838117,AV pattern date: 2020/05/23 12:20:00,
May 23 13:58:51 CAS avservice[12419]: ERROR : FileStream::read: Error writing 8192 bytes to /data/bluecoat/avenger/tmp/icap[509].tmp: 28
May 23 13:58:53 CAS kaspersky[21663]: ERROR : FileStream::read: Error writing 102400 bytes to /data/bluecoat/avenger/tmp/kasp[1].tmp: 28
May 23 13:58:53 CAS kaspersky[23296]: ERROR : FileStream::read: Error writing 102400 bytes to /data/bluecoat/avenger/tmp/kasp[0].tmp: 28
May 23 13:58:53 CAS avservice[12419]: ERROR : FileStream::read: Error writing 1460 bytes to /data/bluecoat/avenger/tmp/icap[509].tmp: 28
May 24 06:10:09 CAS avservice[12419]: 2020-05-24 06:10:09 (UTC),Kaspersky Labs on CAS successfully updated,AV version: 8.6.1.71,AV pattern version: 200523.122000.14838117,AV pattern date: 2020/05/23 12:20:00,
May 24 08:21:30 CAS avservice[12419]: 2020-05-24 08:21:30 (UTC),Kaspersky Labs on CAS successfully updated,AV version: 8.6.1.71,AV pattern version: 200523.122000.14838117,AV pattern date: 2020/05/23 12:20:00,
May 24 17:26:47 CAS avservice[12419]: ERROR : scanAV exiting because av->IsAlive failed and we had a TIMEOUT (vendor: Kaspersky Labs)
May 24 17:26:48 CAS avservice[12419]: ERROR : scanAV exiting because av->IsAlive failed and we had a TIMEOUT (vendor: Kaspersky Labs)
May 24 17:26:49 CAS avservice[12419]: ERROR : scanAV exiting because av->IsAlive failed and we had a TIMEOUT (vendor: Kaspersky Labs)
May 24 17:26:50 CAS avservice[12419]: ERROR : scanAV exiting because av->IsAlive failed and we had a TIMEOUT (vendor: Kaspersky Labs)
May 24 17:26:55 CAS avservice[12419]: ERROR : Module::LaunchAll: live test failed kaspersky
May 24 17:26:55 CAS avservice[12419]: ERROR : Scanner::Scan: AV Scan failed (vendor: Kaspersky Labs)
May 24 17:26:56 CAS avservice[12419]: ERROR : Module::LaunchAll: live test failed kaspersky
May 24 17:26:56 CAS avservice[12419]: ERROR : Scanner::Scan: AV Scan failed (vendor: Kaspersky Labs)
May 24 17:26:57 CAS avservice[12419]: ERROR : Module::LaunchAll: live test failed kaspersky
May 24 17:26:57 CAS avservice[12419]: ERROR : Scanner::Scan: AV Scan failed (vendor: Kaspersky Labs)
clp_service:
May 25 06:36:41 CAS WARN com.bluecoat.clp.downloadutil.DownloadThread- Executing head request failed with unknown error for service name : SubscriptionService, url : /kaspersky86/engine, DownloadResponse: URI = https://subscription.es.bluecoat.com/kaspersky86/engine?device=3217320097, StatusCode = 0, StatusMessage = null, ReasonMessage = null, AmountDownloaded = 0, DownloadDate = 2020-05-25T06:36:41.192+0000, CurrentlyDownloading = false, StartTime = null, EndTime = null, RequestToken = null, ETag = "8.6.1.71_990702e22d8daf7e4f6a8c5ceddd860f"
May 25 06:36:41 CAS ErrorCode=1:ErrorMessage=% failed
May 25 06:36:41 CAS at com.bluecoat.clp.util.PasswordEncryption.decryptPasswordCommon(PasswordEncryption.java:175)
May 25 06:36:41 CAS at com.bluecoat.clp.util.PasswordEncryption.decryptPassword(PasswordEncryption.java:135)
May 25 06:36:41 CAS at com.bluecoat.clp.cli.CDBUtils.getProxySettingsPassword(CDBUtils.java:234)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.httpclient.SingleHttpClient.getSettingFromCDB(SingleHttpClient.java:278)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.httpclient.SingleHttpClient.checkProxyConfiguration(SingleHttpClient.java:217)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.httpclient.SingleHttpClient.executeRequest(SingleHttpClient.java:119)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.httpclient.SingleHttpClient.executeRequest(SingleHttpClient.java:97)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.DownloadThread.executeRequest(DownloadThread.java:150)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.DownloadThread.executeHeadRequest(DownloadThread.java:221)
May 25 06:36:41 CAS at com.bluecoat.clp.downloadutil.DownloadThread.run(DownloadThread.java:93)
May 25 06:36:41 CAS at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
May 25 06:36:41 CAS at java.util.concurrent.FutureTask.run(FutureTask.java:266)
May 25 06:36:41 CAS at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
May 25 06:36:41 CAS at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
May 25 06:36:41 CAS at java.lang.Thread.run(Thread.java:748)
May 25 06:36:43 CAS avservice[12419]: Subscription download state 403 : Forbidden https://subscription.es.bluecoat.com/cylance/engine
May 25 06:36:43 CAS avservice[12419]: Subscription download state 500 : Error % failed https://subscription.es.bluecoat.com/kaspersky86/engine
May 25 06:36:47 CAS avservice[12419]: Subscription download state 403 : Forbidden https://subscription.es.bluecoat.com/cylance/engine
May 25 06:36:47 CAS avservice[12419]: Subscription download state 500 : Error % failed https://subscription.es.bluecoat.com/kaspersky86/engine
From the logs, Please provide next step for solved that issue.
Best & regards
Pongsatorn Laohavijitchan
Original Message:
Sent: 05-25-2020 06:17 AM
From: Paul Vilarino
Subject: Dashboard AV & Malware databases show message "warning"
check the logs for hints as to what is going on, cas log and clp_services log would be the first place to start
these are under utilities -> system logs
Original Message:
Sent: 05-25-2020 01:41 AM
From: Pongsatorn Laohavijitchan
Subject: Dashboard AV & Malware databases show message "warning"
Hi all,
Our customer has issue about dashboard show pattern not up to date on the Bluecoat ASG S400-30. They use firmware version 6.7.4.14.
We can force update, status show "success" but on dashboard still show warning and pattern not update. Please provide step for fix this issue.
Best & regards
Pongsatorn Laohavijitchan