Troubleshooting virus scanning

Find out some of the common causes for scanning-related error messages.

Virus scanner messages

You might see some of the following messages in the SystemOut.log file when you use the virus scanner:
  • This error is generated if the file that is being uploaded is bigger than the maximum size allowed on the scanner:
    [9/15/10 16:24:12:188 EDT] 00000063 GenericPersis I 
     com.ibm.sn.av.icap.net.GenericPersistentClient askServerPersistent 
     CLFAQ0012I: ICAP Headers: ICAP/1.0 200 OK
    ISTag: "78903A5CACDAB539F74FEF95A812239D"
    Date: Wed Sep 15 20:17:25 2010 GMT
    Service: Symantec Scan Engine/5.1.7.33
    Service-ID: Respmod AV Scan
    X-Infection-Found: Type=1; Resolution=2; Threat=File policy violation 
     File Size Blocked;
    X-Violations-Found: 1
    	no.file
    	File policy violation File Size Blocked
    	-1
    	0
    X-Outer-Container-Is-Mime: 0
    Encapsulated: res-hdr=0, res-body=83
  • This error is generated if a file upload times out before the scanner finishes extracting it:
    [9/15/10 16:28:06:063 EDT] 000000ba GenericPersis I 
     com.ibm.sn.av.icap.net.GenericPersistentClient askServerPersistent 
     CLFAQ0012I: ICAP Headers: ICAP/1.0 200 OK
    ISTag: "E7A38AFAE1C53F592855CD024058C2AD"
    Date: Wed Sep 15 20:21:19 2010 GMT
    Service: Symantec Scan Engine/5.1.7.33
    Service-ID: Respmod AV Scan
    X-Infection-Found: Type=2; Resolution=2; Threat=Container extract time 
     violation;
    X-Violations-Found: 1
    	no.file
    	Container extract time violation - scan incomplete.
    	-9
    	0
    X-Outer-Container-Is-Mime: 0
    Encapsulated: res-hdr=0, res-body=83
  • This error is generated if the scanner finds a virus, which is named in the "Threat=" string:
    9/15/10 16:30:38:923 EDT] 000000b8 GenericPersis I 
     com.ibm.sn.av.icap.net.GenericPersistentClient askServerPersistent 
     CLFAQ0012I: ICAP Headers: ICAP/1.0 200 OK
    ISTag: "4C65DD9AED9BF620ED7F72DF6B36BE66"
    Date: Wed Sep 15 20:23:52 2010 GMT
    Service: Symantec Scan Engine/5.1.7.33
    Service-ID: Respmod AV Scan
    X-Infection-Found: Type=0; Resolution=2; Threat=EICAR Test String;
    X-Violations-Found: 1
    	no.file
    	EICAR Test String
    	11101
    	2
    X-Outer-Container-Is-Mime: 0
    Encapsulated: res-hdr=0, res-body=83

Your virus detection product must include the headers X-Infection-Found and X-Violations-Found.