Virus Definitions for Symantec Mail Security for Microsoft Exchange (SMSMSE) are out of date.  The date of the virus definitions is displayed in the SMSMSE Console on the Home tab.

Conditions

• Running LiveUpdate from the SMSMSE console reports an error and the definitions are not updated.
  
  View the definitions date using these steps:

1. Open the SMSMSE console.
2. Click on the Home tab. 
3. The virus definitions date is displayed in Status | Virus definitions date:.

Use the following steps to run Liveupdate:

1. Open the SMSMSE console.
2. Click on the Admin tab.
3. Click on Views | LiveUpdate/Rapid Release Status.
4. Click on Tasks | Run LiveUpdate Certified Definitions. 

• The liveupdate log file contains the error message The LiveUpdate session exited with a return code of 1835

1. Open the LiveUpdate log file Log.Liveupdate.

Windows 2003: Default location is C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: Default location is C:\ProgramData\Symantec\LiveUpdate

2. Look for the following sequence ending with the 1835 error message:

6/27/2011, 14:57:37 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "1309082742jtun_ennlu2.x86", Estimated Size: 127844081, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
6/27/2011, 14:57:37 GMT -> HttpSendRequest (status 200): Request succeeded
6/27/2011, 14:59:44 GMT -> CstInetGetFile::DoHTTPTransfer - Unable to complete downloading a file from the server; err=12017.
6/27/2011, 14:59:44 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1309082742jtun_ennlu2.x86", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1309082742jtun_ennlu2.x86" HR: 0x802A0046
6/27/2011, 14:59:44 GMT -> HR 0x802A0046 DECODE: E_UNABLE_TO_READ_DATA_FROM_SERVER
6/27/2011, 14:59:44 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0046, Num Successful: 0
6/27/2011, 14:59:44 GMT -> HR 0x802A0046 DECODE: E_UNABLE_TO_READ_DATA_FROM_SERVER
6/27/2011, 14:59:44 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 1 updates available, of which 0 were installed and 1 failed to install.  The LiveUpdate session exited with a return code of 1835, The LiveUpdate server failed to respond in a reasonable amount of time.

In this case LiveUpdate attempted to download the file 1309082742jtun_ennlu2.x86.  After approximately two minutes (120) seconds the download stopped because LiveUpdate was unable to read the data from the Symantec servers.

NOTE:  The timeout period is not the time between the start of the download to the end of the download.  The timeout occurs when LiveUpdate is unable to receive data for the duration of the timeout period. 

The following log is an example of this:

6/10/2011, 14:57:21 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "1307691784jtun_ennlu2.x86", Estimated Size: 125590565, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
6/10/2011, 14:57:21 GMT -> HttpSendRequest (status 200): Request succeeded
6/10/2011, 16:00:22 GMT -> CstInetGetFile::DoHTTPTransfer - Unable to complete downloading a file from the server; err=12030.
6/10/2011, 16:00:23 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1307691784jtun_ennlu2.x86", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1307691784jtun_ennlu2.x86" HR: 0x802A0046
6/10/2011, 16:00:23 GMT -> HR 0x802A0046 DECODE: E_UNABLE_TO_READ_DATA_FROM_SERVER
6/10/2011, 16:00:23 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0046, Num Successful: 0
6/10/2011, 16:00:23 GMT -> HR 0x802A0046 DECODE: E_UNABLE_TO_READ_DATA_FROM_SERVER
6/10/2011, 16:00:23 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 1 updates available, of which 0 were installed and 1 failed to install.  The LiveUpdate session exited with a return code of 1835, The LiveUpdate server failed to respond in a reasonable amount of time.

The download started at 14:57 GMT.  The download timed out at 16:00 GMT.  The download was fine for 63 minutes.  But then LiveUpdate was unable to receive more data and timed out the connection.

 The network request that LiveUpdate uses to download the signatures took longer than the configuration timeout.  The default time-out is 30 seconds.

A common cause of delay or failure is a firewall or other network device that is blocking LiveUpdate network packets.

Identify and configure the network device to allow LiveUpdate to download virus definitions signatures.

Workaround

Use one of the following workarounds:

• Configure LiveUpdate to have a longer timeout.

NOTE:  Configuring a longer timeout may reduce the frequency of LiveUpdate timeouts.  However the timeout issue may continue to occur until the networking issue is resolved.

1. Open the LiveUpdate configuration file Settings.LiveUpdate.

 NOTE:  It may be necessary to change the file to have Write permissions.

Windows 2003: Default location is C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: Default location is C:\ProgramData\Symantec\LiveUpdate.

2. Find and change the following settings:

PREFERENCES\INTERNET_CONNECT_TIMEOUT=<value in seconds>
PREFERENCES\INTERNET_READ_DATA_TIMEOUT=<value in seconds>

The following is an example of how this setting would appear for a 600-second time-out value:

PREFERENCES\INTERNET_CONNECT_TIMEOUT=600
PREFERENCES\INTERNET_READ_DATA_TIMEOUT=600

• Configure LiveUpdate to run more frequently.

1. Open the SMSMSE Administration Console.
2. Click on the Admin item and then click on LiveUpdate/Rapid Release Schedule.
3. Select 6 hours from the Run every dropdown.
4. Click the Deploy changes button.

In some situations the networking issues occur infrequently.  If that is the case then having LiveUpdate run more frequently may allow the signature downloads to complete occasionally during the day.  This may allow the signatures to be kept up to date.

Additional Troubleshooting

• Using a network trace will capture details on how long network packets take to go to/from the server to Symantec download sites.  Run a network capture on the server and a network capture on a router/computer immediately outside of the network.  By comparing the packets in the two traces it is possible to determine if the timeout is caused by Symantec download sites or inside the network.
• If the Windows Firewall is turned on a basic troubleshooting step of turning the Windows Firewall off may show if the Firewall is the cause of the timeouts.  This has been the case in some instances.
• The error codes listed in the LiveUpdate log file for the HTTP status are Windows error codes.  The list of error codes is here: INFO: WinInet Error Codes (12001 through 12156).

For example the following error code 12017 is a :

6/27/2011, 14:59:44 GMT -> CstInetGetFile::DoHTTPTransfer - Unable to complete downloading a file from the server; err=12017.

This error code is the following:

12017       ERROR_INTERNET_OPERATION_CANCELLED
               The operation was canceled, usually because the handle on
               which the request was operating was closed before the
               operation completed.

•  Use a script to download the Symantec Virus Definitions outside of the product.

The script attached to this article downloadSMSMSEVirusDefs.js uses HTTP calls to download the virus definitions directly from Symantec.  Running the script from the command line or by scheduling it in Windows Task Manager may demonstrate the networking issues. 

The script performs the following:

1. Logs all information to the log file c:\temp\virusDefsDownload.log.
2. Download the file http://liveupdate.symantecliveupdate.com/smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip via HTTP.
3. Extract the file liveupdt.tri and look for the following entry:

FileName=1311178201jtun_ennlu2.x86

4. Download the file from the Symantec System like this:  http://liveupdate.symantecliveupdate.com/1311178201jtun_ennlu2.x86

Any issues are logged to the log file and the console.

Perform the following steps to use the script:

1. Save the script to the file system.
2. Open the script in an editor and change the value of the temporary directory from c:\temp if desired:

var temporaryDirectory = "c:\\temp\\"

3. Save the script.
4. Open a command prompt and run the following command:

cscript downloadSMSMSEVirusDefs.js