Link to home
Start Free TrialLog in
Avatar of robinluo
robinluo

asked on

Symantec AVF 3.0 for Exchange & Symantec Antivirus 9.0 Corp

Hi,

Can any one shed some light on this issue?

I used to run AVF 3.0 for Exchange & SAV 8.1 Corp edition on Exchange 2000. Worked great. Whenever there was infected email, e.g. W32.Netsky.C@mm, AVF 3.0 could catch it and replace the attachment with text message, notifying me there was virus.

However, recently, I upgrade SAV 8.1 to 9.0, and ever since that, AVF no longer works properly:

- AVF service can never start at server reboot, I have to configure the service to restart itself after failure, otherwise I will have to manually start it.

- AVF cannot detect the virus properly. Instead, it tells me "detected a message with unscannable attachment"


Have tried uninstall and reinstall Symantec, no improve.
Any idea? Thanks in advance!!
Avatar of Asta Cu
Asta Cu
Flag of United States of America image

I believe this will assist you.


Clients and secondary servers do not receive updates after updating Symantec AntiVirus Corporate Edition 8.x parent server with Intelligent Updater

Situation:
After updating a Symantec AntiVirus Corporate Edition parent server by using the Intelligent Updater, you find that the clients do not receive virus definitions using the Virus Definition Transport Method (VDTM).

Solution:
This is expected behavior with Symantec AntiVirus. The Intelligent Updater updates definitions by delivering a .vdb file, which was the standard method of delivery for previous versions. Symantec AntiVirus uses an .xdb file instead, which includes technology to allow incremental updates of clients. Since the Intelligent Updater does not include .xdb files, the Symantec AntiVirus server cannot update secondary servers or clients (including legacy clients) with definitions delivered by the Intelligent Updater. Similarly, Symantec AntiVirus cannot update secondary servers or clients if it has been updated manually with a .vdb file.

To update a Symantec AntiVirus server manually, download the most current .xdb file from the Symantec Security Response Web page and copy it to the server. For complete instructions, including steps to automate the process, read the document How to update virus definitions for Symantec AntiVirus Corporate Edition.

Source for more:  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2003061714012048?OpenDocument&src=ent_hot&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=9.0&tpre=
This and Intelligent Updater and more omitted above, sorry.  Long day.  Hopefully, some viable workarounds for you as well.
Did the EVENT LOGS show any problems?

http://service1.symantec.com/support/ent-security.nsf/docid/2002103012571948?Open&src=ent_hot&docid=2003061714012048&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=9.0&osv=&osv_lvl=

How to automatically update Symantec AntiVirus Corporate Edition 8.x definitions without using LiveUpdate
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002091816510548?Open&src=ent_hot&docid=2002103012571948&nsf=ent-security.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=9.0&osv=&osv_lvl=

Noted similar problems to yours because system wasn't rebooted after the upgrade, and other roadblocks; this may help as well to add insight and possibilities for you.
http://search.symantec.com/custom/us/query.html
Upgrading to Symantec AntiVirus Corporate Edition 9.0 requires restarting the computer
When performing an upgrade from previous versions of Symantec AntiVirus Corporate Edition to version 9, you must restart the computer.
 
New features in Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus™ Corporate Edition 9.0 includes a number of new and improved features. This document lists and describes what's new in this release.

Manually uninstalling Symantec AntiVirus Corporate Edition 9.x client from Windows NT/2000/ ...
This document describes how to uninstall Symantec AntiVirus Corporate Edition 9.x client from Windows NT/2000/XP or Windows Server 2003 (32-bit) manually.

How to install Symantec AntiVirus Corporate Edition 9.x clients using a logon script
This document gives step-by-step instructions to set up Symantec AntiVirus Corporate Edition 9.x client logon installation.

Four additional services appear after installing the Symantec AntiVirus Corporate Edition™ ...
You just installed only the Symantec AntiVirus Corporate Edition 9.0 client (not Symantec Client Firewall™), and you notice that four additional services are present on your computer. You want to know what they do.

Setting up Symantec AntiVirus Corporate Edition 9.x for Web-based deployment using IIS 4.x ...
This document explains how to set up Symantec AntiVirus™ Corporate Edition 9.x for Web-based deployment, using Microsoft Internet Information Server (IIS) 4.x or 5.x.

General overview of a Group Policy Object (GPO) installation using Symantec AntiVirus ...
You want a to install Symantec AntiVirus Corporate Edition 9.x using a Windows 2000 Active Directory Group Policy Object.

Many more, but hope this helps; off to work for me.  Good luck,
Asta


 







Avatar of robinluo
robinluo

ASKER

Thanks Asta,

I don't really think this is defination updating issue. AVF runs on server end. In my case, it resides on the same server where SAV and Exchange are installed. Therefore, AVF and SAV are sharing the same virus defination file, which is always up to date via liveupdate.

To me, it seems to be a setting somewhere not configured properly, so AVF cannot identify a virus attachment but instead treats it as "unscannable attachment".

I will read the links you provided in your 2nd post and see if there is any hint in here. Will get back to you ASAP.
ASKER CERTIFIED SOLUTION
Avatar of Asta Cu
Asta Cu
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
How to verify that a Symantec corporate antivirus product is set to scan all files
Norton AntiVirus 2003 and 2004 scan all files by default. Do the following to insure that you are using the default settings.
Start Norton AntiVirus. If Norton AntiVirus is installed as a part of Norton Internet Security or Norton SystemWorks, then start that program.
Click Options. If a menu appears, click Norton AntiVirus.
When the Norton AntiVirus Options dialog box appears, in the left pane, click Manual Scan.
http://service1.symantec.com/SUPPORT/nav.nsf/docid/1999110513272906
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002052213125148?OpenDocument&src=sec_doc_nam&src=bar_sch_nam

Setting up Symantec AntiVirus Corporate Edition 9.x exclusions for NetWare 5.x and 6.x
http://service1.symantec.com/SUPPORT/ent-security.nsf/c9b1ac1936fbf63488256e77006521df/98f924100d58458688256e7d006a930d?OpenDocument&src=bar_sch_nam

Custom-scheduled scan settings disappear after the primary master server is restarted
http://service1.symantec.com/SUPPORT/ent-security.nsf/552ba2f7636bedf088256818006f78bf/560bcde642e0988a88256a220026ac9e?OpenDocument&src=bar_sch_nam

Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange (AV/F Exchange) is installed and is enabled to protect your Exchange server. Some text attachments that are sent through the Exchange 2000 email server are quarantined for a violation of the unscannable file rule. These text attachments open normally with no sign of corruption. Duplicating the text in a new message and then sending it through the email server triggers the unscannable file rule.
http://service1.symantec.com/SUPPORT/ent-gate.nsf/43bfd8ba5687ac2585256ada0047b096/dc49830e3056b94c88256bd0007e5185?OpenDocument&src=bar_sch_nam

My thinking is that perhaps the Default settings for the old version didn't get translated to the upgrade; more here on the default settings for V3 and Server 2000
Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange 2000 default settings

Situation: You want to know the default settings for a fresh installation of Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange 2000 (SAVFMSE).
Solution:   This table shows the default settings:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/43bfd8ba5687ac2585256ada0047b096/1729b3d86dd3964188256bd0007e4db9?OpenDocument&src=bar_sch_nam

I'm amazed at the number of possibilities that can trigger this problem, and losing my vision for the day, so off to spend time with the family.  I hope this has helped some.

Best of luck,
Asta



Asta, thanks for your help. Your post led me to the final solution:

I need to exclude the AVF's working folder from SAV, otherwise both antivirus programs touch their hands on it (not recommended by Symantec) and hence cause trouble.

What's interesting is, I never know this before and didn't configure this when running SAV 8.x, however AVF worked fine at that time. Anyway, good to learn something today.

Thanks again.
I'm so pleased and thank you as well; since we both learned something new in this process.  Thank you also for the fine grade and best wishes!
":0) Asta