Wednesday, 22 August 2012

[Technical] - Bluecoat ProxyAV failes to get Kaspersky engine after upgrade

I have just resolved the following issue on a Bluecoat ProxyAV running 3.4.1.4.

After an software upgrade the AV wouldn't scan traffic and the Kaspersky AV engine couldn't be downloaded even if forced.
  The system was showing the error "Some files that are required by Antivirus were not found on your system. ProxyAV will attempt to update the files the next time you connect to the Internet." on the GUI and trying to download the engine would most times fail after 15mins.


No traffic was being scanned and the Internalinfo diagnostic log was showing;

2012-08-22 22:40:36+00:00UTC AV Updater: "get filelist" state, full AV update chosen
2012-08-22 22:47:06+00:00UTC AV Updater: "get full" state, 'BackgroundUpdaterThread' started
2012-08-22 22:47:09+00:00UTC AV Updater: "local file 'kaspersky_1xxx9931.zip' decrypted
2012-08-22 22:47:15+00:00UTC AV Updater: Files are present,test the new AV engines...
2012-08-22 22:47:15+00:00UTC AV Updater: starting test...
2012-08-22 22:48:05+00:00UTC AVScanner: eicar scanning failed MP_ERROR=29
2012-08-22 22:48:05+00:00UTC
2012-08-22 22:48:05+00:00UTC file d:\ositis\Temp\kaspersky_1xxx931.zip successfully backedup as DLxxx01378.log
2012-08-22 22:48:05+00:00UTC AV Updater: failed to scan eicar, re-copying backup engines...

The key here is the "eicar scanning failed MP_ERROR=29" which forces a restore from a non-existant backup..

After a number of attempted fixes, the solution was to downgrade to 3.3.1.2 then upgrade to 3.4.1.1 and finally to 3.4.1.4 whilst forcing the engine updats at each point.
 This worked for us, hope it helps for you.