Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ibituya
Staff
Staff

Created on ‎05-30-2024 03:03 AM Edited on ‎06-05-2024 02:23 AM By Community Manager

Article Id 318090

Troubleshooting Tip: Crash logs shows 'str="Failed to load anti-virus database."' after upgrade

Description

This article describes the action to take if the crash logs frequently show 'str="Failed to load anti-virus database."' after an upgrade.
Scope

FortiGate v6.4.13, v7.0.12 and v7.2.5.
Solution

The following troubleshooting steps can be performed when the FortiGate is frequently failing the automatic FortiGuard updates and showing below system event logs/crash logs entries even if the Antivirus databases show up as up to date.

 

System Event logs entry:

 

date=0000-00-00 time=14:46:47 eventtime=1705301208081875889 tz="+0800" logid="0100041001" type="event" subtype="system" level="critical" vd="root" logdesc="FortiGate update failed" status="update" msg="Fortigate scheduled update failed"

 

Crash logs entry:

 

660: 0000-00-00 01:54:01 <00158> scanunit=manager str="Failed to load anti-virus database."
661: 0000-00-00 01:54:02 scanunit=manager pid=158 cause='signal' str="AV database reload requested 1
662: 0000-00-00 01:54:02 times by updated (pid 159) failed"

 

To verify if the FortiGate is connected to the FortiGuard server and if the Antivirus databases show the latest version, run the following commands:

 

diagnose autoupdate status
diagnose autoupdate versions

 

If the output shows FDN availability is available, run the update debug while forcing a manual update:

 

diagnose debug application update -1
diagnose debug console timestamp enable
diagnose debug enable
execute update-now

 

If the following databases show as failed to install, check also on the update debug to confirm whether it is the delta update that is failing:

 

upd_install_pkg[1453]-Failed to install AVDB002(virdb) result=(-9,0).
upd_install_pkg[1453]-Failed to install AVDB007(etdb) result=(-9,0).
upd_install_pkg[1453]-Failed to install FLDB002(fldb) result=(-9,0).
upd_install_pkg[1453]-Failed to install MMDB001(mmdb) result=(-9,0).

 

Antivirus delta update is failing:

 

doInstallUpdatePackage[1087]-Delta obj found for AVDB2
doInstallUpdatePackage[1098]-Updating obj AVDB
installUpdateObject[279]-Step 1:Unpack delta obj 2, Total=1, cur=0
[592] ftnt_code_signing_verify_and_split:
[543] __ftnt_code_signing_verify:
[474] __parse_sig_data: Unrecognized digital signature.
installUpdateObject[311]-Signature verified for obj 2, ret=0, data_len=1827, obj_len=1827, sig_len=0.
installUpdateObject[348]-Step 2:Prepare temp file for delta obj 2
log_avdb_patching[50]-avSigpatch(/tmp/upd.new, /tmp/delta, upd.0.delta)
waitUpdateProcess[1066]-avdbPatch pid=4453 exit code 0
upd_obj_verify_signature[3072]-open signature file error No such file or directory.
installUpdateObject[413]-full signature verification failed for obj (2,2)

 

If the delta update is failing and crash logs show 'str="Failed to load anti-virus database."' but the Antivirus databases show as updated with the latest version, the FortiGate is potentially matching a known bug.

 

In the case of Antivirus delta update failure, a successful full Antivirus update is performed which is why the Antivirus databases are still showing as updated.

 

This issue has been resolved in FortiOS v6.4.16, v7.0.13, v7.2.6, and v7.4.1.
3173
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.