bd scanner is not created

JoshuaThompsonJoshuaThompson
in Firebox - Subscription Services

M370 Firebox running 12.8 update 1.
As of around 11:20 PM last night (April 4th, 2023) I am receiving similar alerts like below for each inbound message.

SMTP-Incoming.1-av

Appliance: M370
Time: Wed Apr 05 06:17:55 2023 (PDT)
Process: smtp
Message: Policy Name: Mimecast-SMTP-Inbound-Proxy-00 Action: ProxyAllow: Reason: SMTP cannot perform Gateway AV scan Source IP: 207.211.31.81 Source Port: 55963 Destination IP: 38.104.125.186 Destination Port: 25 sender: (SENDER EMAIL ADDRESS)
recipients: (RECEPIENT EMAIL ADDRESS) error: bd scanner is not created filename: N/A

In reviewing my GAV updates, I can see that they were last updated April 4, 2023 at 11:10 PM, right before my issue started happening. Email flow still works but I get this scanner error on each inbound message.

Support is asking me to update to the latest fireware version and I am looking into it but so far not seeing anything in the release notes about this being a known issues that requires an update to the latest fireware version.

As of this morning 05:30am there is not a newer GAV version.

Any advise?

Comments

  • Bruce_BriggsBruce_Briggs

    Update to the latest firmware will do a reboot, which may on its own solve the issue.

    There is a post here with the same error:
    AV Scan Errors
    https://community.watchguard.com/watchguard-community/discussion/1493/av-scan-errors

  • JoshuaThompsonJoshuaThompson

    Any way to start and stop the GAV process via command line that you know of? I am really trying to avoid a restart of the firebox.

  • Bruce_BriggsBruce_Briggs

    No idea.
    Ask that on your support case.

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited April 2023

    BD Scanner not created is usually due to one of two things:
    -The GAV engine not having definitions downloaded. This is usually the case if you see this error on a brand new firewall.
    -The GAV engine can't reserve enough memory to scan the file in question, so it errors out.

    If you're still running 12.8 U1, I'd suggest upgrading to the latest build -- there are several memory management improvements that have been released since that build, and that may help with your issue.
    *note that the fixes aren't specific to GAV, but should generally result in lower RAM usage by other processes.

    -James Carson
    WatchGuard Customer Support

  • JoshuaThompsonJoshuaThompson

    A restart of the firebox fixed this for me. Thank all!

Sign In to comment.