Some of the most common "Antivirus Update failed:" error messages are the following:
1) DNS name not resolved.
2) Failed to parse new filelist file.
3) Unable to connect with remote host.
4) AVUpdater: test FAILED
5) Could not get antivirus engine update location.
6) Could not unzip antivirus update Error code 9 (the specified zipfiles were not found).
7) Could not unzip antivirus update Error code 50 (the disk is (or was) full during extraction).
8) Could not unzip antivirus update Error code 259
9) failed! "Default" HTTP error occurred. Status code: 500. Host: av-download.bluecoat.com:443
10) failed! "default state unable to connect with remote host.
11) failed! "default state HTTPS client error: server does not reply on handshake
12) paused: cannot connect to av-download.bluecoat.com:443
Cases 1), 3) and 5) The ProxyAV is inability to connect to AV update server.
Cases 2), 5), 6) AV update server has been connected but the downloaded content is not complete or incorrect.
In previous cases, for further troubleshooting you can enable HTTP AV download (disable checkbox "Enable Client/Server HTTPs connection" in page: Advanced - SSL Client ) and try to force an update again.If it will not fix the problem a packet captures will be useful to to understand what AV server replies, and what part of the AV update file has been downloaded successfully.
Cases 4), 7) could happen due to some ProxyAV bugs fixed in version 188.8.131.52
Case 8) is generated when the antivirus definition unzip process could not finish on time. It generally means that the ProxyAV is heavily loaded and not able to allocate enough CPU power for the virus definition unzip process. When this message is present, try configuring the ProxyAV to update its virus definitions off peak hours. (from /articles/Solution/CouldnotunzipantivirusupdateErrorcode259)
Cases 9), 10), 11), and 12) are caused by issues with HTTP certificate exchange between the ProxyAV appliance and the AV update server. If a ProxySG appliance is in the path between the ProxyAV and the Internet, ensure that SSL interception is bypassed for the ProxyAV IP address. If this is not the case, refer to 000016296 for more information.