Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

AVError Error in AntivirusFilter (Streaming Content Issues and Multiple Errors in Log Files)

  1. Last updated
  2. Save as PDF

In Skyhigh Web Gateway (SWG), streaming content fails to play due to policy misconfigurations. The swg-core.errors.log file logs repeated antivirus scanning errors when the policy either passes non-streamable traffic to the stream scanner or includes custom rules that operate on the file body. These configurations force the gateway to download the entire file, disrupting the streaming process. Typical error messages include:

[AV] [AVError] Error in AntivirusFilter: 'got whole stream of size XXXXXXXX bytes as one single chunk -> switching to file scan'
[AV] [AVError] Error in AntivirusFilter: 'error during stream scanning: too large chunk (XXXXXXXX bytes)'
 

Restore Default Stream Scanner Conditions

This applies to the error:

vbnet
got whole stream of size XXXXXXXX bytes as one single chunk -> switching to file scan

To resolve:

  1. Open the Gateway Anti-Malware, Start Media Stream Scanner rule.

  2. Restore the original condition:

    sql
cycle.Name equals "Response" AND StreamDetector.IsMediaStream<Default Streaming Detection> equals true

  3. Avoid adding custom logic such as:

    sql
OR MediaType.EnsuredTypes contains some/type

    These conditions force unsupported media types into the stream scanner and may result in failures.

NOTE. Only the stream scanner can handle media that will return true from the default stream detector. If support is missing for a specific type, wait for an SWG release with updated stream handling logic.

Adjust Rules That Operate on File Body

This applies to the error:

go
error during stream scanning: too large chunk (XXXXXXXX bytes)

To fix:

  1. Identify policy rules using full body inspection, for example:

    css
Body.ToString(0, Body.Size) contains "XXX"

  2. Apply one of the following solutions:

    • Reorder the rules: Move the full-body inspection rules after the Start Media Stream Scanner rule.

    • Refine conditions: Prevent these rules from acting on streaming content. Examples:

      sql
MediaType.EnsuredTypes contains application/pdf AND <original-condition>

      or

      sql
(Cycle.Name equals "Request" OR StreamDetector.IsMediaStream<Default Streaming Detection> equals false) AND <original-condition>

These refinements ensure that stream-incompatible operations are not applied to streaming traffic.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.