How to remediate virus definitions in Endpoint Protection for Linux

book

Article ID: 177624

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to remediate virus definitions in Symantec Endpoint Protection (SEP) for Linux.

Cause

Troubleshooting may determine that virus definitions in SEP for Linux need to be cleared and rebuilt with the help of an Intelligent Updater (IU).

Resolution

These instructions also apply to the older product, Symantec AntiVirus (SAV) for Linux, but the smcd daemon is present only in SEP. Note that Linux commands are case sensitive.

  1. Stop the SEP Linux daemons (stopping symcfg will also stop rtvscand and smcd)
    /etc/init.d/symcfgd stop
     
  2. Clear the virusdefs and /tmp folders:
    1. Check the /tmp folder at file system root and remove any tmpjlu*.lck or jlucache.xml files.
    2. Navigate to the antvirus definitions directory /opt/Symantec/virusdefs
    3. In virusdefs remove any tmp* folders, numbered folders (e.g. 20150528.006), lulock.dat, definfo.dat, and usage.dat.
    4. The only things remaining in virusdefs should be the following 3 empty folders; re-create them if necessary and remove their contents:
      binhub
      incoming
      texthub
       
  3. Download and run the Intelligent Updater shell script. Please refer to the following publicly available document for assistance in this process: How to update a Linux-based computer with Intelligent Updater definitions
     
  4. Start the SEP Linux daemons:
    /etc/init.d/symcfgd start (The daemon symcfgd must be started before rtvscand will start)
    /etc/init.d/rtvscand start
    /etc/init.d/smcd start