Screen OS

Firmware is 6.3.0r13.0.

Just received an email alert

[00001] 2019-06-25 21:52:43 [Root]system-critical-00554: SCAN-MGR: Check AV pattern file failed with error code: test load db fail on worker load db failure.

Resource status is normal now. Memory is using about 50%.

This alert appear only one time last night. I don't know how much CPU and Memory left last night.

There is no more alert now. Is that mean the firewall status resume?

Hi,

[00001] 2019-06-25 21:52:43 [Root]system-critical-00554: SCAN-MGR: Check AV pattern file failed with error code: test load db fail on worker load db failure.

When the AV database is updated, a temporary directory is populated. The temporary directory includes a test DB. The test DB is compared to the worker DB to determine what needs to be updated. This message indicates that the comparison and loading of files between the test and worker DBs failed.

Can you please check from the events if you can see that the DB is updated successfully post 2019-06-25 21:52:43. You must see a message similar to "system notif 00554 SCAN-MGR: New AV pattern file has been updated. Version: 12/20/2018 06:29 GMT, virus records: 66633; size: 8046379 bytes."

Otherwise suggest to update the DB manually by following the method in the below mentioned KB.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB26652

Hope this helps.

Thanks,
Pradeep
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

Juniper Business Use Only

Hello pradkm,

The message "SCAN-MGR: New AV pattern file has been updated. Version: 06/26/2019 21:29 GMT, virus records: 60474; size: 7978471 bytes." shows in Event. Confirm AV update resume.

Should be an isolated incident. Thanks.

Hi,

 

Yes, that message confirms the update being done successfully. In case, such updates, please follow the steps mentioned in the KB to update it manually. If it still fails, reach out to JTAC.

 

Glad the update was successful.

 

Regards,

Pradeep.

The existing DB and the one downloaded will be different. The issue may have occurred either while comparing the DB’s or while loading the files. When the AV database is updated, a temporary directory is populated. The temporary directory includes a test DB. The test DB is compared to the worker DB to determine what needs to be updated.

 

If you are seeing the issue reptitively then the resolution shared the in the KB that pradkm shared should do the trick:

 

• Turn off the auto update in the AV and unlink the avp.set file.