Update not working

I have resigned myself to the fact that Sophos has no plans of investigating and addressing this that they are willing to say. If this issue effects you, you will only get an update when an updated installer package is released as the product will fail the same way every time.  A reinstall does not help.

I am now on Version 7.3.2C; Threat data: 4.68; Release date: August 1, 2011.

I suspect that common firewall settings are involved here.  My firewall has recorded several events that it thinks are outgoing attacks to hosts like a24-24-52-115.deploy.akamaitechnologies.com and a24-24-52-64.deploy.akamaitechnologies.com

I also suspect that the firewall rule that is getting tripped is "WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability "

Maybe Sophos can recommend an IP range to whitelist or something? Perhaps Sophos can look into potential problems with firewalls?

Which firewall are you using?  You definitely need access to Akamai servers to get the updates.

We have been continually investigating failed updates, but the truth is that each case tends to be different, based on network topography.  In the end, it generally comes down to a firewall somewhere blocking access to akamai servers.  Since IPs at akamai are dynamically pooled, and the specific domain/IP used changes based on locale and load, a small static IP whitelist will only apply to a single user for a limited amount of time.

You could always set a rule that allowed outgoing connections to *.akamaitechnologies.com -- it's generally only established  businesses that use Akamai, and you're dealing with outbound activity.

Thanks for the response. The firewall I'm behind is an Astaro (hardware/software).  Any changes I make to settings will effect more users than simply me, so I need to be very very sure what I'm doing is safe, necessary or worth it.

Well, you're in luck, as the Astaro firewall is one of our enterprise products :)  The issue you're experiencing is due to the firewall being configured to block downloads of installer packages (this is enabled by default), and the file you're downloading is in fact an installer package.  You can contact your listed customer support for your Astaro product if you need help reconfiguring the firewall settings.  They can also provide feedback to the SAV Mac dev team, so if you treat this as a firewall issue instead of an AV issue, you'll actually get access to our support department instead of just this community forum.

I presume this is for using a personal laptop behind a corporate firewall, but I should mention that SAV Mac HE is a home-use product, and we have an enterprise version with support for non-home-use such as business, educational, non-profit, etc. (you might even get a deal on it should you need it, since you're already a firewall customer).

hm, hope this is the right place to post.

anyway, i haven't been able to update my antivirus for a while now (since 9/6/2011). the console log simply tells me that "failed to count the number of files in 'system/library/startupitems: no such file or directory". :(

do i need to reinstall sophos? and is there any way to fix the problem w/o reinstalling? i'd rather not uninstall as a.) i'm a (fairly) new mac user and b.) i've heard that uninstalling programs on macs is a pain in the bootay.

(btw, i first installed sophos because it was the antivirus provided to me by my university. as it turns out, my university has since ended their formal contract with sophos -- could this be the reason why my antivirus isn't updating?)

Let's answer your last question first:

Yes :)

You are using our Enterprise product, and all updates are provided by your university.  As such, you are supposed to use your university's technical support for help.

However, since they no longer have a support contract, your best option is to uninstall the Enterprise product and install the Home Edition (which is what these forums support).

Generally, uninstalling programs on a Mac involves navigating to the Applications folder, and dragging the application you want to remove to the trash icon on the dock.

However, because of its function, Sophos Anti-Virus installs things all over the place, and is most easily uninstalled with an uninstall program.  See the uninstall instructions for SAV 7 Enterprise for more details.  That thread works through the confusion between the two products as well.

Once you've uninstalled your current AV software, you can download and install the Home Edition -- for your purposes there is very little difference, other than that updates come from Sophos instead of your university, and you control the software instead of the university administrators via SEC.

ahh.

thank you! :)

I was referred to this link. Many thanks for this it was a timesaver.

No update since 5th September?

Threat detection engine: 3.23.2

Threat data: 4.69

Release date: September 5, 2011

Protects against 2870863 threats

---

mjboon wrote:

No update since 5th September?

Threat detection engine: 3.23.2

Threat data: 4.69

Release date: September 5, 2011

Protects against 2870863 threats

---

The Release Date refers to the monthly data package update; in addition to this, there are usually around 6 daily incremental data updates.  If these aren't coming through, you'll get an X through your menu bar shield.  Each month, all the incremental updates are consolidated, superfluous data is removed, and the entire set of data is packaged up.  So, this indicates that your engine and threat data package are up to date.