Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 8 subscribers
  • Views 1925 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus for Linux, SAV Dynamix Interface and Amavis-new on Ubuntu 16.04

duckAsylum

My amavis.new log gives me this every time an incoming or outgoing email message is handeled:

May 18 14:46:58 localhost amavis[26080]: (26080-08) (!)run_av (Sophie) FAILED - unexpected , output="-1\n"
May 18 14:46:58 localhost amavis[26080]: (26080-08) (!)Sophie av-scanner FAILED: CODE(0x2e93a28) unexpected , output="-1\n" at (eval 100) line 905.

 

My savdid.log has these related lines:

 

200518:145313 [5EBDB9B8] 00038400 New connection
To: /var/run/savdid/savdid.sock From User (115, 125), process 26079
200518:145313 [5EBDB9B8] 00038402 New session
200518:145513 [5EBDB9B8] 00038403 Session ended
200518:145513 [5EBDB9B8] 00038401 Connection ended
To: /var/run/savdid/savdid.sock From User (115, 125), process 26079

 

The  error is thrown right after "200518:145313 [5EBDB9B8] 00038402 New session"

 

Sophos-AV version is 5.63.0 and SAVDI version is 2.6.0. Is there a way to debug this further to see what is going on?

 

 

 



This thread was automatically locked due to age.
  • 0

    Hi  

    This would need a proper investigation to resolve, Could you please change loglevel default 0 loglevel=2 and restart SAV-DI. After this when the issue re-occurs, logs would be more helpful. 

    The loglevel is set in  /usr/local/savdi/savdid.conf  which is the SAV-DI configuration file. 

    The log location is also set there - /var/tmp/savdi/log/ - default logging directory. Kindly check this user manual for more information. 

  • 0 in reply to Shweta

    Thanks for the answer! I have this done already when I  installed SAVDI and Sophos-AV in 2018. The log files show the same pattern - new connection to socket, new session, delay, session ended, connection ended to socket. Nothing more. In the SAV Interface Developer Toolkit manual I can see some performance test done with with various benchmark programs/scripts - is it possible to get my hands on those to test the socket and rule out SAVDI as the problem and look at amavis-new more closely?

  • 0 in reply to duckAsylum

    Hi  

    I checked this with my team and in order to further investigate we will need in-depth troubleshooting. You can try the performance test as mentioned in the article if you have the license you can open a support case for further investigation. 

  • 0 in reply to Shweta

    I am running the free version and I doubt it will be feasible for me to buy a license just to debug a problem. I will check with local vendors just in case to see what the price range is (another company which is too afraid to list public prices). Too bad Sophos Anti-Virus for Linux needs to be "anally probed" to debug a simple but non informative error message.