Hi,

Apologies if this is a known issue with a respective thread but I can't seem to find it.

I recently moved three Small Business Server Networks to Nod32. It was a big decision dropping Symantec and it wasn't made lightly. Four months later and I'm extremely happy. XMON kills about 20+ viruses per day on one of the Networks and my users don't even know - awesome. Zero viruses have made it through to my somewhat reckless and mostly unrestricted users.

I receive all events from Nod32 on all computers on all Networks so minimising the errors is important. Apart from the rare IMON alert, all e-mails are generated by the Servers, which is a good thing.

I still have one intermittent but nagging error, "Failed reading xxx bytes from stream". This occurs on a seemingly random basis, from SBS2K, SBS2003 and Win2K. AMON's excluded folders are INETSRV, Exchsrvr, IIS Temporary Compressed and M on the non 2003 Servers. I always receive about 10 errors in quick succession but these bursts could be weeks apart.

Also, one thing to be aware of. I went sailing for five weeks and left the Networks unmanaged - shock horror. Absolutely nothing serious went wrong, which is miraculous. On two machines however, the users had been given the reboot for new components message and chosen to ignore or cancel it. Nod32 was sitting in a "waiting for reboot" state and had stopped downloading the virus signatures. This went undetected for several weeks.

Anyway, if anyone can shed light on the "Failed reading xxx bytes from stream" error, it would be greatly appreciated.

Mick

I've also seen lockups on admin versions of NOD32 running on a fileserver (no-XMON) - when a component update was require - but it also seemed to lockup when I get windows updates that download and ask to be installed, so I'm not 100% that it's NOD32... that's why I never posted about my issues - a reboot seemed to cure them, but like I said - could be NOD32, or windows related in my estimation anyway...


I'm going to suggest emailing support or your resller with a link to this thread - but keep an eye on thread, not everyone who frequents here drops by hourly! ;)

It seems odd no-one else is seeing this when I'm getting it on three seperate Networks. Makes me wonder if there is something wrong with my Exchange configurations. I'll try support.

Mick,
I am having the same problem - around 8 to 13 "Failed reading xxx bytes from stream" messages in quick succession, and also wondered if it was some conflict with AMON.
When I contacted support they said it was an issue with Exchange not calculating attachment sizes correctly. They suggested that others were able to solve it with a reboot, but it didn't work for me. I seem to be getting a lot more messages than you though, more than 100 a day often.

What about turning off archives and SFX archives in the XMON setup? Does it make a difference?

I've turned Archives and SFX Archives off at one site, which seems to be playing up more than the others. I'll let you know how it goes but I would rather leave these options on. Desktop Nod32 would pick up any archives as they're opened but I like the idea of not letting anything anywhere near my users. This site has generated 2 or 3 bursts of 10 error messages per day for the last three days but nothing for a week before that. The other two sites are much less frequent. I haven't seen errors from the SBS2003 site for several weeks.

Reboots don't fix the problem permamently. I can reboot after hours from home so I'll do all three Servers tonight after a beer or two. I haven't rebooted for no reason for a while but the latest MS updates a few weeks ago required a reboot didn't they?

Turning off Archive and SFX Arhives did not help.

mickhardy,

if/when you get any more news/potential fixes etc from support, would you be so kind as to update thread so we can all learn.. thanks!

regards

Greg

I'll let you know if I resolve the issue. A reboot didn't fix it.

Support have advised me that a new version of XMON will be available next week with this issue resolved

We may be premature. I've been testing a new version at three sites and it hasn't resolved the issue. The issue is obviously documented and will be resolved as soon as possible. A few extra e-mails doesn't really hurt in the big picture.

Yup, have recently decided to look to NOD32 instead of McAfee's bloated unreliable monster. So far so good, but I am also seeing this stream error. How long before it is fixed? And of course is the attachment(s) causing the error being processed correctly? i.e. could this let in a virus?

Likely to be rolling this out to my many small customers - want to be sure it is 100% reliable.

This error is the only issue I have had with Nod32. I certainly recommend it. I switched from Symantec for bloatware reasons amongst others. I find Nod32 to be an administrator's friend. I quickly scan the e-mails, ensuring all alerts originate from the Server and that's it.

The only e-mails I've had from client machines have been genuine alerts from Imon. I immediately contact the user and they generally confess to some dodgy web surfing and acknowledge the Nod32 warning.

Xmon blocks about 10-30 incoming viruses per day across our three Networks. If you're running Exchange 2003, you can configure it so the user never even sees the e-mail.

As a quick update, I ran some filters across all the Nod32 generated emails. Nod32 was installed in April 2005. I'm now using rules to sort them all and should have done it ages ago. These are the statistics from the Networks.

Win2000 Network, 0 stream errors and 1 virus alert (limited e-mail activity)
SBS2000 Network, 799 stream errors and 292 virus alerts
SBS2003 Network, 278 stream errors and 1184 virus alerts

This error in the system event log is perfectly normal and is caused by the fact that XMON doesn't receive exact information about the particular attachment size from MS Exchange via VSAPI. From version 2.51, these errors should not appear in the NOD32 event log.

Have upgraded to version 2.51.12 but still the same errors.

In the NOD32 Event log?

Yes - same as before, batches of maybe 8 or 14 at a time.

There is not even a theoretical chance that this error would appear in the NOD32 event log even after installing NOD32 2.51.12 for MS Exchange as the error message was completely removed from the program. Please send the information on installed NOD32 along with your NOD32 Event log to support[at]eset.com with a link to this thread.

Hi, I've been getting these errors too.

Recently I switched to a brand new exchange server, with brand new disks, and I am still getting the error.

After talking to Mike at nod32 support, he said I should upgrade to the latest (2.5) and then the problem would go away?

I upgraded and I still get the problem:

11/23/2005 11:48:18 AM - During execution of XMON - Antivirus Monitor for MS Exchange Server on the computer PEGASUS, the following warning occurred: Failed reading 4608 bytes from stream.

I wish they would at least includ some more detail in the error message, like what nod32 was doing at the time, which stream was being read etc?

-{ Quote: "There is not even a theoretical chance that this error would appear in the NOD32 event log even after installing NOD32 2.51.12 for MS Exchange as the error message was completely removed from the program. Please send the information on installed NOD32 along with your NOD32 Event log to support[at]eset.com with a link to this thread." }-

Hi Marcos, I upgraded to 2.51.12 (I uninstalled my prev version), and I am still getting this error:

11/23/2005 11:48:18 AM - During execution of XMON - Antivirus Monitor for MS Exchange Server on the computer PEGASUS, the following warning occurred: Failed reading 4608 bytes from stream.

I talked to Mark Zeman at eset and he said:

Hi Alex,

"unfortunately, it's impossible for us to tell why Exchange does not allow XMON to read data from a stream. I asked our developers if a logging version could shed a little light, but they said the log would only tell that MS Exchange refused XMON's request for a stream."

Given he knows told me to and knows Ihave upgraded to 2.5.12 then he seems to be implying that this message is still in the software.

Here is what nod32 2.5 control center reports in information:

NOD32 antivirus system information
Virus signature database version: 1.1302 (20051124)
Dated: Wednesday, November 23, 2005
Virus signature database build: 6384

Information on other scanner support parts
Advanced heuristics module version: 1.023 (20051109)
Advanced heuristics module build: 1094
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.035 (20051027)
Archive support module build version: 1134

Information about installed components
NOD32 For Windows NT/2000/XP/2003/x64 - Administrative tools
Version: 2.51.12
NOD32 For Windows NT/2000/XP/2003/x64 - Base
Version: 2.51.12
NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
Version: 2.51.12
NOD32 for Windows NT/2000/XP/2003/x64 - XMON
Version: 2.51.12

Operating system information
Platform: Windows 2003
Version: 5.2.3790 Service Pack 1
Version of common control components: 5.82.3790
RAM: 1008 MB
Processor: AMD Duron(tm) Processor (1294 MHz)

I've created rules to filter these errors and the virus alerts, which helps a lot. I only get the errors on the two Small Business Servers. The vanilla Win2K Server has never generated this error. Is it specific to SBS?

These are my statistics to date. It seems odd that Win2K has never generated the error but it does have less viruses and e-mails.

Win2000 Network, 0 stream errors and 29 virus alert (limited e-mail activity)
SBS2000 Network, 1272 stream errors and 409 virus alerts
SBS2003 Network, 335 stream errors and 2007 virus alerts

Hi there,

Did anyone ever find any resolution for this? I've just noticed batches of this appearing on a clients SBS2003 SP1 server ???

Time Module Event User
28/03/2006 12:45:54 XMON Failed reading 4608 bytes from stream. NT AUTHORITY\SYSTEM
28/03/2006 09:44:36 XMON Failed reading 1536 bytes from stream. NT AUTHORITY\SYSTEM
28/03/2006 09:44:36 XMON Failed reading 10 bytes from stream. NT AUTHORITY\SYSTEM

14 of them in this instance, all at exactly the same time to the second. The are other spits of it in long and short batches.

NOD32 antivirus system information
Virus signature database version: 1.1465 (20060331)
Dated: 31 March 2006
Virus signature database build: 6992

Information on other scanner support parts
Advanced heuristics module version: 1.028 (20060324)
Advanced heuristics module build: 1107
Internet filter version: 1.002 (20040708 )
Internet filter build: 1013
Archive support module version: 1.040 (20051222)
Archive support module build version: 1142

Information about installed components
NOD32 For Windows NT/2000/XP/2003/x64 - Administrative tools
Version: 2.51.12
NOD32 For Windows NT/2000/XP/2003/x64 - Base
Version: 2.51.12
NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
Version: 2.51.12
NOD32 for Windows NT/2000/XP/2003/x64 - XMON
Version: 2.51.12

Operating system information
Platform: Windows 2003
Version: 5.2.3790 Service Pack 1
Version of common control components: 5.82.3790
RAM: 2047 MB
Processor: Intel(R) Xeon(TM) CPU 3.20GHz (3200 MHz)

Thanks.

You are not using the latest version of XMON, please download and install v. 2.51.15

I'll give it a go, thanks. :thumb:

-{ Quote: "You are not using the latest version of XMON, please download and install v. 2.51.15" }-
Please help... How to upgrade NOD32 v2.51.12?

Hi Carambos, welcome to Wilders.

-{ Quote: "Please help... How to upgrade NOD32 v2.51.12?" }-Are you talking about the RA version of NOD32 or a home user license?

Cheers ;D

-{ Quote: "Hi Carambos, welcome to Wilders.

Are you talking about the RA version of NOD32 or a home user license?

Cheers ;D" }-

Yea, RA version, and i have the same problem with XMON.???

It's a problem of XMON that it doesn't automatically filter out these message in older versions.

Carry on as follows:
1. Download XMON 2.51.15 from http://www.eset.com/download/index.php
2. Install it over the current version
3. Restart the server