Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

Anti-Virus signature package does not update

Hi guys,

 

I am new in this forum and also in the Fortinet world, so here you are my first question. I have a FortiGate, but it seems FortiGuard Anti-virus signatures doesn't update. When I go to Services > Anti-Virus under www.fortiguard.com, I see the current version is 52.227. However, my FortiGate has version 50.00151, the license is not expired and the last update was some months ago. Also the update settings are OK. All these things are in the attached screenshot.

 

What am I missing? Why doesn't the Anvi-Virus package update?

 

Regards,

Julián

 

1 Solution
tanr
Valued Contributor II

I'm assuming you've already run "exec update-av" or "exec update-now"? 

 

What does "diag autoupdate ver" show for Virus Definitions last updated and last update attempt? 

 

Does "diag debug crashlog read" show you anything related to the updates?

 

I have once had a FortiGate continuously fail to update the virus definitions.  When I opened a ticket with support they deleted the virus definitions file then the update ran just fine.

View solution in original post

4 REPLIES 4
fjulianom
New Contributor III

Hi everyone,

 

Any ideas?

 

Regards,

Julián

tanr
Valued Contributor II

I'm assuming you've already run "exec update-av" or "exec update-now"? 

 

What does "diag autoupdate ver" show for Virus Definitions last updated and last update attempt? 

 

Does "diag debug crashlog read" show you anything related to the updates?

 

I have once had a FortiGate continuously fail to update the virus definitions.  When I opened a ticket with support they deleted the virus definitions file then the update ran just fine.

fjulianom
New Contributor III

Hi tanr,

 

Thank you for your interest. The output of "diag autoupdate ver":

 

Primary_Supra $ diag autoupdate ver AV Engine --------- Version: 5.00247 Contract Expiry Date: Sun Oct 21 2018 Last Updated using push update on Wed May 24 20:08:25 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Virus Definitions --------- Version: 52.00274 Contract Expiry Date: Sun Oct 21 2018 Last Updated using push update on Fri Oct 13 08:42:36 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Extended set --------- Version: 52.00274 Contract Expiry Date: Sun Oct 21 2018 Last Updated using push update on Fri Oct 13 08:42:36 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Mobile Malware Definitions --------- Version: 52.00273 Contract Expiry Date: Wed Oct 10 2018 Last Updated using push update on Fri Oct 13 08:42:36 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates IPS Attack Engine --------- Version: 3.00430 Contract Expiry Date: Sun Oct 21 2018 Last Updated using manual update on Mon Sep 11 19:36:46 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Attack Definitions --------- Version: 6.00741 Contract Expiry Date: Sun Oct 21 2018 Last Updated using scheduled update on Fri Apr 21 12:41:38 2017 Last Update Attempt: Wed Jul 5 14:58:18 2017 Result: Connectivity failure Attack Extended Definitions --------- Version: 12.00244 Contract Expiry Date: Sun Oct 21 2018 Last Updated using manual update on Thu Oct 12 12:56:38 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Application Definitions --------- Version: 12.00244 Contract Expiry Date: Sun Oct 21 2018 Last Updated using manual update on Thu Oct 12 12:56:38 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Industrial Attack Definitions --------- Version: 12.00243 Contract Expiry Date: Sat Oct 21 2017 Last Updated using manual update on Wed Oct 11 12:27:40 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Botnet Definitions --------- Version: 4.00068 Contract Expiry Date: Sun Oct 21 2018 Last Updated using manual update on Thu Oct 12 12:56:38 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Botnet Domain Database --------- Version: 1.00837 Contract Expiry Date: Sun Oct 21 2018 Last Updated using push update on Thu Oct 12 15:27:58 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Internet-service Database Apps --------- Version: 4.00193 Contract Expiry Date: n/a Last Updated using manual update on Thu Oct 12 11:30:00 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Internet-service Database Maps --------- Version: 4.00193 Contract Expiry Date: n/a Last Updated using manual update on Thu Oct 12 11:30:00 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Device and OS Identification --------- Version: 1.00061 Contract Expiry Date: Sun Oct 21 2018 Last Updated using manual update on Mon Sep 11 19:36:46 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates URL White list --------- Version: 1.00670 Contract Expiry Date: Sun Oct 21 2018 Last Updated using manual update on Thu May 11 08:05:00 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates IP Geography DB --------- Version: 1.00067 Contract Expiry Date: n/a Last Updated using manual update on Fri Aug 4 17:07:00 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Certificate Bundle --------- Version: 1.00009 Contract Expiry Date: n/a Last Updated using manual update on Thu Jun 8 11:51:00 2017 Last Update Attempt: Fri Oct 13 08:55:24 2017 Result: No Updates Modem List --------- Version: 0.000 FDS Address --------- 65.210.95.242:443

 

Primary_Supra $ 

 

 

So for virus last update was today some minutes ago and the result shows "no updates".

And "diag debug crashlog read" shows the update was successful:

 

124: 2017-10-13 08:42:37 <00216> scanunit=manager str="Success loading anti-virus database." 125: 2017-10-13 08:51:34 scanunit=manager pid=216 str="AV database changed (1); restarting workers" 126: 2017-10-13 08:51:35 <00216> scanunit=manager str="Success loading anti-virus database." 127: 2017-10-13 09:00:22 the killed daemon is /bin/pyfcgid: status=0x0 128: 2017-10-13 09:01:35 scanunit=manager pid=216 str="AV database changed (1); restarting workers" 129: 2017-10-13 09:01:36 <00216> scanunit=manager str="Success loading anti-virus database." Crash log interval is 3600 seconds Primary_Supra $

 

Then I think that version 52.227 under Services > Anti-Virus at www.fortiguard.com has another meaning (version has changed 9 hours ago):

 

 

 

Executing the command "execute update-now" or "execute update-av" didn't change the AV definitions. Or could it be a bug? What do you think?

 

Regards,

Julián

 

 

tanr
Valued Contributor II

So from the CLI, all the versions seem correct?

 

Did you upgrade to a newer FortiOS version around the time that the GUI display of the version started to seem stuck at Virus Definition 50.00151?  If so, you might just need to clear your browser cache.  Even if not, you might want to clear the cache.

Labels
Top Kudoed Authors