ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Critical error of Scan Manager

‎06-25-2019 07:33 PM

Firmware is 6.3.0r13.0.

Just received an email alert

[00001] 2019-06-25 21:52:43 [Root]system-critical-00554: SCAN-MGR: Check AV pattern file failed with error code: test load db fail on worker load db failure.

Resource status is normal now. Memory is using about 50%.

This alert appear only one time last night. I don't know how much CPU and Memory left last night.

There is no more alert now. Is that mean the firewall status resume?

6 REPLIES 6
ScreenOS Firewalls (NOT SRX)
Solution
Accepted by topic author jlotag
‎06-26-2019 06:36 PM

Re: Critical error of Scan Manager

‎06-25-2019 08:10 PM
Hi,

[00001] 2019-06-25 21:52:43 [Root]system-critical-00554: SCAN-MGR: Check AV pattern file failed with error code: test load db fail on worker load db failure.

When the AV database is updated, a temporary directory is populated. The temporary directory includes a test DB. The test DB is compared to the worker DB to determine what needs to be updated. This message indicates that the comparison and loading of files between the test and worker DBs failed.

Can you please check from the events if you can see that the DB is updated successfully post 2019-06-25 21:52:43. You must see a message similar to "system notif 00554 SCAN-MGR: New AV pattern file has been updated. Version: 12/20/2018 06:29 GMT, virus records: 66633; size: 8046379 bytes."

Otherwise suggest to update the DB manually by following the method in the below mentioned KB.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB26652

Hope this helps.

Thanks,
Pradeep
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

Juniper Business Use Only
ScreenOS Firewalls (NOT SRX)

Re: Critical error of Scan Manager

‎06-25-2019 09:38 PM

The existing DB and the one downloaded will be different. The issue may have occurred either while comparing the DB’s or while loading the files. When the AV database is updated, a temporary directory is populated. The temporary directory includes a test DB. The test DB is compared to the worker DB to determine what needs to be updated.

 

If you are seeing the issue reptitively then the resolution shared the in the KB that pradkm shared should do the trick:

 

  • Turn off the auto update in the AV and unlink the avp.set file.


  • To unlink this file, run the exec vfs unlink flash :/kav_db/avp.set command.

  • Reboot the firewall.

  • After the reboot, try to manually update the AV.

    1. After this is done, you can turn on auto update.

     

    The F/W might have not experienced the same error again while performing an auto-update of AV pattern, hence you saw the log one time only.

     

     

    Tks,

    Abhishek

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

    ScreenOS Firewalls (NOT SRX)

    Re: Critical error of Scan Manager

    ‎06-25-2019 10:53 PM

    Normally we recieved  this kind of issue due to AV upadtion of database.

    you can cheke below link for it.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB26652&actp=search&viewlocale=en_US&searchi...

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB31429&cat=FIREWALL_IPSEC_VPN&actp=LIST

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

     

    Regards,

    Umesh Sharma

    ScreenOS Firewalls (NOT SRX)

    Re: Critical error of Scan Manager

    ‎06-26-2019 06:33 PM

    Hello pradkm,

    The message "SCAN-MGR: New AV pattern file has been updated. Version: 06/26/2019 21:29 GMT, virus records: 60474; size: 7978471 bytes." shows in Event. Confirm AV update resume.

    Should be an isolated incident. Thanks.

    ScreenOS Firewalls (NOT SRX)

    Re: Critical error of Scan Manager

    ‎06-26-2019 06:36 PM

    Hello abhisg,

    The error message shows only once. AV update resume now. Thanks. 

    ScreenOS Firewalls (NOT SRX)

    Re: Critical error of Scan Manager

    ‎06-27-2019 04:12 AM

    Hi,

     

    Yes, that message confirms the update being done successfully. In case, such updates, please follow the steps mentioned in the KB to update it manually. If it still fails, reach out to JTAC.

     

    Glad the update was successful.

     

    Regards,

    Pradeep.