During a backup cycle, it was found that, when trying to back up certain excel and docx files the backup software would log them as failed to be backed up. They are important files that must be backed up.

The logs on NetApp are showing that access is denied.

When disabling AV scanning on NetApp the backup goes through. The problem was to explain what is causing the error as it looked like only when the files were being submitted to the SPE server that the scans failed. A manual scan of the files on the local drive showed now viruses or malware was found.

Release : 8.2.2

The files that were failing were larger, compressed files in the form of *.xlsx and *.docx.  When they were being submitted to the SPE server it was unable to uncompress the files because there wasn't enough environment room declared to allow it. As a result SPE returned the following error (as an infection)

Error:  "Virus Name:     Container size violation - scan incomplete."

A close look at the raw SPE logs (C:\Program Files\Symantec\Scan Engine\log)  contained "|4|2|3|3|" after the epoch timestamp.  The file name was mentioned in the same line. This indicated a Decomposer 42 error.

Windows:

1. Open a command prompt on the SPE server
2. Change pointer to ".\Program Files\Symantec\Scan Engine\"
3. Run the following command:   xmlmodifier -s //filtering/Container/MaxExtractSize/@value 200 filtering.xml
4. Restart the SPE Service:     net stop symcscan && net start symcscan

Linux

1. At a bash prompt change pointers to "/opt/SYMCScan/bin"
2. Run the following command: ./xmlmodifier -s //filtering/Container/MaxExtractSize/@value 200 filtering.xml
3. Restart the SPE service:  /etc/init.d/symcscan restart

NOTE:  The XMLModifier command doubles the amount of space to set aside