Knowledge Center Search


 

McAfee NetShield Virus Update Fails

  [KB6116] Show KB Properties

  [KB6116] Hide KB Properties

Categories:
Knowledge Base ID: KB6116
Last Updated: 31 Aug 2010
Version: 4.0

Summary:
McAfee NetShield Virus Update Fails

Problem or Goal:
Environment:
  • McAfee NetShield uses FTP scheduled updates to download latest virus signatures
Symptoms & Errors:
  • McAfee NetShield Virus Update Fails
  • There is no update file in the remote directory

Solution:

This solution applies to ScreenOS 4.0.0r4:

McAfee NetShield uses FTP scheduled updates to download the latest virus signatures.  However, the FTP server uses passive FTP to transfer Virus Signatures.

To resolve this problem, please refer to article KB6061 - Issuing LS Command on Passive FTP Fails to non-rfc compliant FTP Servers

If the problem persists, telnet to the NetScreen, and issue the get counter stat command.  Specifically look for the counter tcp out of seq. 

Example:

c1785735-a-> get counter stat
Hardware counters for interface trust:
in bytes        50853098 | out bytes      742080916 | early frame            0
in packets        472195 | out packets       709093 | late frame             0
in no buffer           0 | out no buffer          0 | re-xmt limit           0
in overrun             0 | out underrun           0 | drop vlan              0
in coll err            0 | out coll err           0 | out cs lost            0
in misc err            0 | out misc err           0 |
in dma err             0 | out bs pak           173 |
in crc err             1 | out discard            0 |
in align err           0 | out defer              0 |
in short frame         0 | out heartbeat          0 |
Total flow counters for interface trust:
in bytes        50820564 | out bytes      741614434 | tcp proxy              5
in packets        471720 | out packets       708920 | tear drop              0
in vlan                0 | out vlan               0 | src route              0
in arp req             0 | no g-parent            0 | ping of death          0
in arp resp            0 | no gate sess           0 | address spoof          0
in icmp                0 | no nat vector          0 | land attack            0
in self              183 | no map                 0 | icmp flood             0
in un-auth             0 | no conn                0 | udp flood              0
in unk prot            0 | no dip                 0 | winnuke                0
in vpn             29637 | no gate                0 | port scan              0
--- more ---
in other               0 | no xmit vpnf           0 | ip sweep               0
no mac address         0 | no route             180 | tcp out of seq      1352
mac relearn            0 | no frag sess           0 | wrong intf             0
slow mac               0 | no frag netpak         0 | wrong slot             0
trmng queue            0 | no sa                  0 | icmp broadcast         0
trmng drop             0 | no sa policy           0 | illegal pak           12
tiny frag              0 | sa inactive            0 | url block              0
syn frag               0 | sa policy deny         0 | encrypt fail           0
connections        13160 | policy deny            0 | mp fail                0
misc prot              0 | auth deny              0 | auth fail              0
loopback drop          0 | big bkstr              0 | proc sess              0
mal url                0 | sessn thresh           0 | invalid zone           0
null zone              0 | no nsp-tunnel          0 | IP cls failure         0
first pak frag         0 |

If the tcp out of seq counter increases, this means the sequence number is erroneously being altered by some device at the target site.  To fix this, issue the command:

set flow no-tcp-seq-check [Enter]


Purpose:
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.