How to remediate virus definitions in Symantec Endpoint Protection (SEP) for Linux.

Troubleshooting may determine that virus definitions in SEP for Linux need to be cleared and rebuilt with the help of an Intelligent Updater (IU).

For SEP 14.3 MP1 and earlier versions.

Note that Linux commands are case sensitive.

1. Stop the SEP Linux daemons (stopping symcfg will also stop rtvscand and smcd)
   /etc/init.d/symcfgd stop
    
2. Clear the virusdefs and /tmp folders:
   1. Check the /tmp folder at file system root and remove any tmpjlu*.lck or jlucache.xml files.
   2. Navigate to the antvirus definitions directory /opt/Symantec/virusdefs
   3. In virusdefs remove any tmp* folders, numbered folders (e.g. 20150528.006), lulock.dat, definfo.dat, and usage.dat.
   4. The only things remaining in virusdefs should be the following 3 empty folders; re-create them if necessary and remove their contents:
      binhub
      incoming
      texthub
       
3. Download and run the Intelligent Updater shell script. Please refer to the following publicly available document for assistance in this process: How to update a Linux-based computer with Intelligent Updater definitions
    
4. Start the SEP Linux daemons:
   /etc/init.d/symcfgd start (The daemon symcfgd must be started before rtvscand will start)
   /etc/init.d/rtvscand start
   /etc/init.d/smcd start