Technical Tip: How to handle warning message on crashlog for the 'could not validate Antivirus package' error
| Description | This article describes how to resolve the issue related to the AntiVirus database validation. |
| Scope | FortiGate v7.2 and above. |
| Solution | The firewall goes into Frequent conserve mode due to the failed AntiVirus database verification check as given in the example crash log below:
scanunit=manager pid=189: Warning: could not validate av package /data2/mmdb
This is happening because the AntiVirus database package update is not working. The issue may be resolved by manually updating the signature using the command 'execute update-now'. During this process, the AntiVirus profile must be applied to the firewall policy.
For monitoring for errors during the upgrade process, the following commands could be used:
diagnose debug disable
To stop the debug, use the following command given below.
diagnose debug disable
The FortiGuard connection needs to be reachable to run the update successfully. If the FortiGuard is unreachable, the following KB article can be used: Troubleshooting Tip: Unable to connect to FortiGuard servers.
Related articles: Technical Tip: FortiGate cannot update IPS and antivirus databases Technical Tip: Verifying and troubleshooting FortiGuard updates status and versions |