When scanning files with Symantec Protection Engine (SPE), SPE logs a Generic Result ID 36 scan error.
The Generic 36 error indicates that the scan did not complete within the configured timeout period. This error will appear in the logs even if ByPassScanTimeoutError is set to true.
By default if a file takes longer that 20 seconds to scan it will timeout. The logs have a column called ScanDurationInSeconds. In the raw logs, this column is "|17|". Generic 36 errors will always have a ScanDurationInSeconds greater than the currently configured value for ScanTimeoutInSeconds.
This error is expected when scans are aborted due to the configured timeout and does not indicate a problem with scanning.
If reducing the number of Generic / 36 entries on the SPE logs is desired, do one or more of the following:
To set ScanTimeoutInSeconds for SPE 8.2.2
xmlmodifier -s //filtering/Container/ScanTimeoutInSeconds/@value <value> configuration.xml
* 0 to 86400
Default value: 0
NOTE: A value of 0 evaluates to 20 seconds. All other values evaluate to a value in seconds. When configuring for use with NetAppFiler, recommended value is 2/3 of the current setting for the Netapp Filer Request Service Timeout. A value of 0 evaluates to 20 seconds. All other values evaluate to a value in seconds on a 1:1 basis. When configuring for use with NetAppFiler, recommended value is 2/3 of the current setting for the Netapp Filer Request Service Timeout.
Consider reducing the maximum size of the file which the connector will send to SPE to reduce the number of Decomposer / 36 errors for large files that are not expected to complete scans.
An example of a connector which does this is the NetApp Filer which has a -max-file-size parameter for the various vscan commands, here:
NOTE: This link is offered as an example. BROADCOM is not responsible for content published by other vendors.
Other devices or applications will most likely have mechanisms, configuration values, or command parameters which permit similar configuration. Please consult documentation for your device or application to locate a similar setting or configuration.
To set ScanTimeoutInSeconds or ByPassScanTimout in SPE 8.2.1 or earlier
These values are in the category3.xml file instead of configuration.xml.