Description
In the situation where the AV engine is reported as "Version: 0.00000" it can be an indication that the AV engine is corrupted.
The version can be displayed in CLI:
# diagnose autoupdate versions
AV Engine
---------
Version: 0.00000
Contract Expiry Date: Sun Oct 2 2016
Last Updated using manual update on Thu Feb 19 20:56:20 2015
Last Update Attempt: Thu Feb 19 21:03:38 2015
Result: No Updates
The version can be displayed in CLI:
# diagnose autoupdate versions
AV Engine
---------
Version: 0.00000
Contract Expiry Date: Sun Oct 2 2016
Last Updated using manual update on Thu Feb 19 20:56:20 2015
Last Update Attempt: Thu Feb 19 21:03:38 2015
Result: No Updates
Scope
FortiOS v5.0.5, FortiOS v5.2.0
Solution
Steps for resolution:
1. If a copy of the AV engine file is not available, open a technical ticket with Fortinet Support to request one. Include the details of the issue or a reference to this KB article in the ticket notes.
[Example of AV filename: vsigupdate-OS5.04_5.164_ENG_ALL.pkg]
2. Switch AV database to normal one.
# config antivirus settings
# set default-db normal
# end
3. Upload new AV engine on the "System > Config > FortiGuard" page. Use "[Upload]" link next to AV definitions.
4. This step is needed only in the case where the procedure fails and the AV engine is still reported as 0.00000.
Download AV signatures from Fortinet's support portal at https://support.fortinet.com . Use option "Download > FortiGuard Service Updates". Upload new signature package the same way as the AV engine in point 3.
5. Run:
# exec update-av
... wait a while
# diagnose autoupdate versions
The AV engine should still present "Version: 5.00164" .
6. Now you can switch back the AV database:
# config antivirus settings
# set default-db extended
# end
7. Check the AV engine version again after the next update.
8. If this procedure fails, it is recommended to open a ticket through the Support web portal.
DEBUG:
Collect CLI output to simple text file and provide this file in the case where the procedure failed:
# diagnose debug reset
# diagnose debug enable
# diagnose debug application update -1
Collect the data and when finished run:
# diagnose debug reset
# diagnose debug disable
1. If a copy of the AV engine file is not available, open a technical ticket with Fortinet Support to request one. Include the details of the issue or a reference to this KB article in the ticket notes.
[Example of AV filename: vsigupdate-OS5.04_5.164_ENG_ALL.pkg]
2. Switch AV database to normal one.
# config antivirus settings
# set default-db normal
# end
3. Upload new AV engine on the "System > Config > FortiGuard" page. Use "[Upload]" link next to AV definitions.
4. This step is needed only in the case where the procedure fails and the AV engine is still reported as 0.00000.
Download AV signatures from Fortinet's support portal at https://support.fortinet.com . Use option "Download > FortiGuard Service Updates". Upload new signature package the same way as the AV engine in point 3.
5. Run:
# exec update-av
... wait a while
# diagnose autoupdate versions
The AV engine should still present "Version: 5.00164" .
6. Now you can switch back the AV database:
# config antivirus settings
# set default-db extended
# end
7. Check the AV engine version again after the next update.
8. If this procedure fails, it is recommended to open a ticket through the Support web portal.
DEBUG:
Collect CLI output to simple text file and provide this file in the case where the procedure failed:
# diagnose debug reset
# diagnose debug enable
# diagnose debug application update -1
Collect the data and when finished run:
# diagnose debug reset
# diagnose debug disable
