XMON Failed Reading Bytes Stream

Discussion in 'Other ESET Home Products' started by mickhardy, Sep 8, 2005.

Thread Status:
Not open for further replies.
  1. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    Hi,

    Apologies if this is a known issue with a respective thread but I can't seem to find it.

    I recently moved three Small Business Server Networks to Nod32. It was a big decision dropping Symantec and it wasn't made lightly. Four months later and I'm extremely happy. XMON kills about 20+ viruses per day on one of the Networks and my users don't even know - awesome. Zero viruses have made it through to my somewhat reckless and mostly unrestricted users.

    I receive all events from Nod32 on all computers on all Networks so minimising the errors is important. Apart from the rare IMON alert, all e-mails are generated by the Servers, which is a good thing.

    I still have one intermittent but nagging error, "Failed reading xxx bytes from stream". This occurs on a seemingly random basis, from SBS2K, SBS2003 and Win2K. AMON's excluded folders are INETSRV, Exchsrvr, IIS Temporary Compressed and M on the non 2003 Servers. I always receive about 10 errors in quick succession but these bursts could be weeks apart.

    Also, one thing to be aware of. I went sailing for five weeks and left the Networks unmanaged - shock horror. Absolutely nothing serious went wrong, which is miraculous. On two machines however, the users had been given the reboot for new components message and chosen to ignore or cancel it. Nod32 was sitting in a "waiting for reboot" state and had stopped downloading the virus signatures. This went undetected for several weeks.

    Anyway, if anyone can shed light on the "Failed reading xxx bytes from stream" error, it would be greatly appreciated.

    Mick
     
  2. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    I've also seen lockups on admin versions of NOD32 running on a fileserver (no-XMON) - when a component update was require - but it also seemed to lockup when I get windows updates that download and ask to be installed, so I'm not 100% that it's NOD32... that's why I never posted about my issues - a reboot seemed to cure them, but like I said - could be NOD32, or windows related in my estimation anyway...


    I'm going to suggest emailing support or your resller with a link to this thread - but keep an eye on thread, not everyone who frequents here drops by hourly! ;)
     
  3. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    It seems odd no-one else is seeing this when I'm getting it on three seperate Networks. Makes me wonder if there is something wrong with my Exchange configurations. I'll try support.
     
  4. E2U7

    E2U7 Guest

    Mick,
    I am having the same problem - around 8 to 13 "Failed reading xxx bytes from stream" messages in quick succession, and also wondered if it was some conflict with AMON.
    When I contacted support they said it was an issue with Exchange not calculating attachment sizes correctly. They suggested that others were able to solve it with a reboot, but it didn't work for me. I seem to be getting a lot more messages than you though, more than 100 a day often.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    What about turning off archives and SFX archives in the XMON setup? Does it make a difference?
     
  6. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    I've turned Archives and SFX Archives off at one site, which seems to be playing up more than the others. I'll let you know how it goes but I would rather leave these options on. Desktop Nod32 would pick up any archives as they're opened but I like the idea of not letting anything anywhere near my users. This site has generated 2 or 3 bursts of 10 error messages per day for the last three days but nothing for a week before that. The other two sites are much less frequent. I haven't seen errors from the SBS2003 site for several weeks.
     
  7. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    Reboots don't fix the problem permamently. I can reboot after hours from home so I'll do all three Servers tonight after a beer or two. I haven't rebooted for no reason for a while but the latest MS updates a few weeks ago required a reboot didn't they?
     
  8. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    Turning off Archive and SFX Arhives did not help.
     
  9. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    mickhardy,

    if/when you get any more news/potential fixes etc from support, would you be so kind as to update thread so we can all learn.. thanks!

    regards

    Greg
     
  10. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    I'll let you know if I resolve the issue. A reboot didn't fix it.
     
  11. e2u7

    e2u7 Guest

    Support have advised me that a new version of XMON will be available next week with this issue resolved
     
  12. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    We may be premature. I've been testing a new version at three sites and it hasn't resolved the issue. The issue is obviously documented and will be resolved as soon as possible. A few extra e-mails doesn't really hurt in the big picture.
     
  13. Siliconbullet

    Siliconbullet Registered Member

    Joined:
    Oct 3, 2005
    Posts:
    3
    Yup, have recently decided to look to NOD32 instead of McAfee's bloated unreliable monster. So far so good, but I am also seeing this stream error. How long before it is fixed? And of course is the attachment(s) causing the error being processed correctly? i.e. could this let in a virus?

    Likely to be rolling this out to my many small customers - want to be sure it is 100% reliable.
     
  14. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    This error is the only issue I have had with Nod32. I certainly recommend it. I switched from Symantec for bloatware reasons amongst others. I find Nod32 to be an administrator's friend. I quickly scan the e-mails, ensuring all alerts originate from the Server and that's it.

    The only e-mails I've had from client machines have been genuine alerts from Imon. I immediately contact the user and they generally confess to some dodgy web surfing and acknowledge the Nod32 warning.

    Xmon blocks about 10-30 incoming viruses per day across our three Networks. If you're running Exchange 2003, you can configure it so the user never even sees the e-mail.
     
  15. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    As a quick update, I ran some filters across all the Nod32 generated emails. Nod32 was installed in April 2005. I'm now using rules to sort them all and should have done it ages ago. These are the statistics from the Networks.

    Win2000 Network, 0 stream errors and 1 virus alert (limited e-mail activity)
    SBS2000 Network, 799 stream errors and 292 virus alerts
    SBS2003 Network, 278 stream errors and 1184 virus alerts
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    This error in the system event log is perfectly normal and is caused by the fact that XMON doesn't receive exact information about the particular attachment size from MS Exchange via VSAPI. From version 2.51, these errors should not appear in the NOD32 event log.
     
  17. e2u7

    e2u7 Guest

    Have upgraded to version 2.51.12 but still the same errors.
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    In the NOD32 Event log?
     
  19. e2u7

    e2u7 Guest

    Yes - same as before, batches of maybe 8 or 14 at a time.
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    There is not even a theoretical chance that this error would appear in the NOD32 event log even after installing NOD32 2.51.12 for MS Exchange as the error message was completely removed from the program. Please send the information on installed NOD32 along with your NOD32 Event log to support[at]eset.com with a link to this thread.
     
  21. noirs

    noirs Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    2
    Hi, I've been getting these errors too.

    Recently I switched to a brand new exchange server, with brand new disks, and I am still getting the error.

    After talking to Mike at nod32 support, he said I should upgrade to the latest (2.5) and then the problem would go away?

    I upgraded and I still get the problem:

    11/23/2005 11:48:18 AM - During execution of XMON - Antivirus Monitor for MS Exchange Server on the computer PEGASUS, the following warning occurred: Failed reading 4608 bytes from stream.

    I wish they would at least includ some more detail in the error message, like what nod32 was doing at the time, which stream was being read etc?
     
  22. noirs

    noirs Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    2
    Hi Marcos, I upgraded to 2.51.12 (I uninstalled my prev version), and I am still getting this error:

    11/23/2005 11:48:18 AM - During execution of XMON - Antivirus Monitor for MS Exchange Server on the computer PEGASUS, the following warning occurred: Failed reading 4608 bytes from stream.

    I talked to Mark Zeman at eset and he said:

    Hi Alex,

    "unfortunately, it's impossible for us to tell why Exchange does not allow XMON to read data from a stream. I asked our developers if a logging version could shed a little light, but they said the log would only tell that MS Exchange refused XMON's request for a stream."

    Given he knows told me to and knows Ihave upgraded to 2.5.12 then he seems to be implying that this message is still in the software.

    Here is what nod32 2.5 control center reports in information:

    NOD32 antivirus system information
    Virus signature database version: 1.1302 (20051124)
    Dated: Wednesday, November 23, 2005
    Virus signature database build: 6384

    Information on other scanner support parts
    Advanced heuristics module version: 1.023 (20051109)
    Advanced heuristics module build: 1094
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.035 (20051027)
    Archive support module build version: 1134

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/x64 - Administrative tools
    Version: 2.51.12
    NOD32 For Windows NT/2000/XP/2003/x64 - Base
    Version: 2.51.12
    NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
    Version: 2.51.12
    NOD32 for Windows NT/2000/XP/2003/x64 - XMON
    Version: 2.51.12

    Operating system information
    Platform: Windows 2003
    Version: 5.2.3790 Service Pack 1
    Version of common control components: 5.82.3790
    RAM: 1008 MB
    Processor: AMD Duron(tm) Processor (1294 MHz)
     
  23. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    I've created rules to filter these errors and the virus alerts, which helps a lot. I only get the errors on the two Small Business Servers. The vanilla Win2K Server has never generated this error. Is it specific to SBS?

    These are my statistics to date. It seems odd that Win2K has never generated the error but it does have less viruses and e-mails.

    Win2000 Network, 0 stream errors and 29 virus alert (limited e-mail activity)
    SBS2000 Network, 1272 stream errors and 409 virus alerts
    SBS2003 Network, 335 stream errors and 2007 virus alerts
     
  24. Dezz

    Dezz Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    2
    Hi there,

    Did anyone ever find any resolution for this? I've just noticed batches of this appearing on a clients SBS2003 SP1 server o_O

    Time Module Event User
    28/03/2006 12:45:54 XMON Failed reading 4608 bytes from stream. NT AUTHORITY\SYSTEM
    28/03/2006 09:44:36 XMON Failed reading 1536 bytes from stream. NT AUTHORITY\SYSTEM
    28/03/2006 09:44:36 XMON Failed reading 10 bytes from stream. NT AUTHORITY\SYSTEM

    14 of them in this instance, all at exactly the same time to the second. The are other spits of it in long and short batches.

    NOD32 antivirus system information
    Virus signature database version: 1.1465 (20060331)
    Dated: 31 March 2006
    Virus signature database build: 6992

    Information on other scanner support parts
    Advanced heuristics module version: 1.028 (20060324)
    Advanced heuristics module build: 1107
    Internet filter version: 1.002 (20040708 )
    Internet filter build: 1013
    Archive support module version: 1.040 (20051222)
    Archive support module build version: 1142

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/x64 - Administrative tools
    Version: 2.51.12
    NOD32 For Windows NT/2000/XP/2003/x64 - Base
    Version: 2.51.12
    NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
    Version: 2.51.12
    NOD32 for Windows NT/2000/XP/2003/x64 - XMON
    Version: 2.51.12

    Operating system information
    Platform: Windows 2003
    Version: 5.2.3790 Service Pack 1
    Version of common control components: 5.82.3790
    RAM: 2047 MB
    Processor: Intel(R) Xeon(TM) CPU 3.20GHz (3200 MHz)

    Thanks.
     
    Last edited by a moderator: Mar 31, 2006
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    You are not using the latest version of XMON, please download and install v. 2.51.15
     
Thread Status:
Not open for further replies.