Helpful ReplyHot!Anti-Virus signature package does not update

Author
fjulianom
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
2017/10/11 07:38:19 (permalink)
0

Anti-Virus signature package does not update

Hi guys,
 
I am new in this forum and also in the Fortinet world, so here you are my first question. I have a FortiGate, but it seems FortiGuard Anti-virus signatures doesn't update. When I go to Services > Anti-Virus under www.fortiguard.com, I see the current version is 52.227. However, my FortiGate has version 50.00151, the license is not expired and the last update was some months ago. Also the update settings are OK. All these things are in the attached screenshot.
 
What am I missing? Why doesn't the Anvi-Virus package update?
 
Regards,
Julián
 
post edited by fjulianom - 2017/10/11 10:22:30

Attached Image(s)

#1
fjulianom
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: Anti-Virus signature package does not update 2017/10/12 15:42:06 (permalink)
0
Hi everyone,
 
Any ideas?
 
Regards,
Julián
#2
tanr
Gold Member
  • Total Posts : 286
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: Anti-Virus signature package does not update 2017/10/12 19:26:08 (permalink) ☄ Helpfulby fjulianom 2017/10/13 07:06:26
0
I'm assuming you've already run "exec update-av" or "exec update-now"? 
 
What does "diag autoupdate ver" show for Virus Definitions last updated and last update attempt? 
 
Does "diag debug crashlog read" show you anything related to the updates?
 
I have once had a FortiGate continuously fail to update the virus definitions.  When I opened a ticket with support they deleted the virus definitions file then the update ran just fine.
#3
fjulianom
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
Re: Anti-Virus signature package does not update 2017/10/13 07:29:42 (permalink)
0
Hi tanr,
 
Thank you for your interest. The output of "diag autoupdate ver":
 
Primary_Supra $ diag autoupdate ver

AV Engine
---------
Version: 5.00247
Contract Expiry Date: Sun Oct 21 2018
Last Updated using push update on Wed May 24 20:08:25 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Virus Definitions
---------
Version: 52.00274
Contract Expiry Date: Sun Oct 21 2018
Last Updated using push update on Fri Oct 13 08:42:36 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Extended set
---------
Version: 52.00274
Contract Expiry Date: Sun Oct 21 2018
Last Updated using push update on Fri Oct 13 08:42:36 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Mobile Malware Definitions
---------
Version: 52.00273
Contract Expiry Date: Wed Oct 10 2018
Last Updated using push update on Fri Oct 13 08:42:36 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

IPS Attack Engine
---------
Version: 3.00430
Contract Expiry Date: Sun Oct 21 2018
Last Updated using manual update on Mon Sep 11 19:36:46 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Attack Definitions
---------
Version: 6.00741
Contract Expiry Date: Sun Oct 21 2018
Last Updated using scheduled update on Fri Apr 21 12:41:38 2017
Last Update Attempt: Wed Jul 5 14:58:18 2017
Result: Connectivity failure

Attack Extended Definitions
---------
Version: 12.00244
Contract Expiry Date: Sun Oct 21 2018
Last Updated using manual update on Thu Oct 12 12:56:38 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Application Definitions
---------
Version: 12.00244
Contract Expiry Date: Sun Oct 21 2018
Last Updated using manual update on Thu Oct 12 12:56:38 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Industrial Attack Definitions
---------
Version: 12.00243
Contract Expiry Date: Sat Oct 21 2017
Last Updated using manual update on Wed Oct 11 12:27:40 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Botnet Definitions
---------
Version: 4.00068
Contract Expiry Date: Sun Oct 21 2018
Last Updated using manual update on Thu Oct 12 12:56:38 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Botnet Domain Database
---------
Version: 1.00837
Contract Expiry Date: Sun Oct 21 2018
Last Updated using push update on Thu Oct 12 15:27:58 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Internet-service Database Apps
---------
Version: 4.00193
Contract Expiry Date: n/a
Last Updated using manual update on Thu Oct 12 11:30:00 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Internet-service Database Maps
---------
Version: 4.00193
Contract Expiry Date: n/a
Last Updated using manual update on Thu Oct 12 11:30:00 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Device and OS Identification
---------
Version: 1.00061
Contract Expiry Date: Sun Oct 21 2018
Last Updated using manual update on Mon Sep 11 19:36:46 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

URL White list
---------
Version: 1.00670
Contract Expiry Date: Sun Oct 21 2018
Last Updated using manual update on Thu May 11 08:05:00 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

IP Geography DB
---------
Version: 1.00067
Contract Expiry Date: n/a
Last Updated using manual update on Fri Aug 4 17:07:00 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Certificate Bundle
---------
Version: 1.00009
Contract Expiry Date: n/a
Last Updated using manual update on Thu Jun 8 11:51:00 2017
Last Update Attempt: Fri Oct 13 08:55:24 2017
Result: No Updates

Modem List
---------
Version: 0.000

FDS Address
---------
65.210.95.242:443
 
Primary_Supra $ 
 
 
So for virus last update was today some minutes ago and the result shows "no updates".
And "diag debug crashlog read" shows the update was successful:
 
124: 2017-10-13 08:42:37 <00216> scanunit=manager str="Success loading anti-virus database."
125: 2017-10-13 08:51:34 scanunit=manager pid=216 str="AV database changed (1); restarting workers"
126: 2017-10-13 08:51:35 <00216> scanunit=manager str="Success loading anti-virus database."
127: 2017-10-13 09:00:22 the killed daemon is /bin/pyfcgid: status=0x0
128: 2017-10-13 09:01:35 scanunit=manager pid=216 str="AV database changed (1); restarting workers"
129: 2017-10-13 09:01:36 <00216> scanunit=manager str="Success loading anti-virus database."
Crash log interval is 3600 seconds

Primary_Supra $
 
Then I think that version 52.227 under Services > Anti-Virus at www.fortiguard.com has another meaning (version has changed 9 hours ago):
 
 
 
Executing the command "execute update-now" or "execute update-av" didn't change the AV definitions. Or could it be a bug? What do you think?
 
Regards,
Julián
 
 

Attached Image(s)

#4
tanr
Gold Member
  • Total Posts : 286
  • Scores: 12
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: Anti-Virus signature package does not update 2017/10/13 10:36:30 (permalink)
0
So from the CLI, all the versions seem correct?
 
Did you upgrade to a newer FortiOS version around the time that the GUI display of the version started to seem stuck at Virus Definition 50.00151?  If so, you might just need to clear your browser cache.  Even if not, you might want to clear the cache.
#5
Jump to:
© 2017 APG vNext Commercial Version 5.5