Mac OS X 10.9 "Mavericks" and SAV for Mac

Yeah traceroute can be very slow when the intermediate gateways don't respond. It isn't required for them to respond, just helpful when they do. Ping is a direct point-to-point connection and ICMP packets are hardly ever filtered these days.

What does this command (in Terminal) do?   curl http://http.00.s.sophosxl.net/V3/01/1.2342234-2serfbheprf-2sqlanzvp-2sybtb-2rwct.oynpxjvqbj.rat.fbcubf.w/

For me, curl will immediately return "w u h 0 0".

---

bobcook wrote:

Yeah traceroute can be very slow when the intermediate gateways don't respond. It isn't required for them to respond, just helpful when they do. Ping is a direct point-to-point connection and ICMP packets are hardly ever filtered these days.

What does this command (in Terminal) do?   curl http://http.00.s.sophosxl.net/V3/01/1.2342234-2serfbheprf-2sqlanzvp-2sybtb-2rwct.oynpxjvqbj.rat.fbcubf.w/

For me, curl will immediately return "w u h 0 0".

---

I got the same "w u h 0 0" after about 5 seconds or so.   Repeated attempts where immediate.   Wait a minute then try again it will take 2 or 3 seconds.

---

cashxx wrote:

I got the same "w u h 0 0" after about 5 seconds or so.   Repeated attempts where immediate.   Wait a minute then try again it will take 2 or 3 seconds.

---

That is bad news, it means something upstream is filtering and slowing those requests. The quick response on successive attempts likely means some caching, but once the cache expires then it takes a long time again.

I will let our operations team know about this. There is a chance its something wrong on our end, although less likely only because we'd be getting all sorts of misery about it from our business customers (you are sharing the same global infrastructure for SXL lookups).

Still unable to verify updates.

Unhappy.

It's been over a week.  Getting nervous about not being up to date.

Is there a manual process for putting an update in place?

Hi,

Thanks for the follow-up, sorry to hear its not sorted itself out. Its very concerning because it sounds like you are getting some data, just not all of it. Some things to check before doing more invasive things:

(1) what is the size of the folder /Library/Caches/com.sophos.sau/warehouse?

(2) is there a folder /Library/Caches/com.sophos.sau/CID?

(3) how many threads are running for SophosAutoUpdate? (you can check using Activity Monitor, View menu > All Processes)

(4) do you have any crash reports for SophosAutoUpdate? (you can check using Console, look in the Systems Diagnostics section)

We are investigating another report of AutoUpdate not successfully completing on 10.9. We haven't been able to reproduce it ourselves or otherwise diagnose a root cause. Can you grab a "Sample" (using Activity Monitor) of SophosAutoUpdate when its stuck, then restart it. Each time it is hung, please grab a new "Sample" (we would like to get five separate traces, if possible).

(1) what is the size of the folder /Library/Caches/com.sophos.sau/warehouse?

171.2mb for 3607 items

(2) is there a folder /Library/Caches/com.sophos.sau/CID?

no

(3) how many threads are running for SophosAutoUpdate? (you can check using Activity Monitor, View menu > All Processes)

5

(4) do you have any crash reports for SophosAutoUpdate? (you can check using Console, look in the Systems Diagnostics section)

No. 

Here's a snip of the sophos log from console:

com.sophos.autoupdate: Updating catalogue information at 13:46:05 12 November 2013
com.sophos.autoupdate: Catalogue updated at 13:46:05 12 November 2013
com.sophos.autoupdate: Download started at 13:46:05 12 November 2013
com.sophos.autoupdate: Download completed at 13:46:09 12 November 2013
com.sophos.autoupdate: Update started at 13:46:09 12 November 2013
com.sophos.autoupdate: Error:    Could not update Sophos Anti-Virus at 13:46 on 12 November 2013
com.sophos.autoupdate:     Verification failed
com.sophos.autoupdate:
com.sophos.autoupdate: Updating catalogue information at 14:46:09 12 November 2013
com.sophos.autoupdate: Catalogue updated at 14:46:09 12 November 2013
com.sophos.autoupdate: Download started at 14:46:09 12 November 2013
com.sophos.autoupdate: Download completed at 14:46:14 12 November 2013
com.sophos.autoupdate: Update started at 14:46:14 12 November 2013
com.sophos.autoupdate: Error:    Could not update Sophos Anti-Virus at 14:46 on 12 November 2013
com.sophos.autoupdate:     Verification failed
com.sophos.autoupdate:
com.sophos.autoupdate: Updating catalogue information at 19:01:11 12 November 2013
com.sophos.autoupdate: Catalogue updated at 19:01:12 12 November 2013
com.sophos.autoupdate: Download started at 19:01:12 12 November 2013
com.sophos.autoupdate: Download completed at 19:01:17 12 November 2013
com.sophos.autoupdate: Update started at 19:01:17 12 November 2013
com.sophos.autoupdate: Error:    Could not update Sophos Anti-Virus at 19:01 on 12 November 2013
com.sophos.autoupdate:     Verification failed
com.sophos.autoupdate:
 

I need to use this machine to do some maintenance on backup devices for my wife's work, and I'm reluctant to even plug them in to this mac until I know sophos is up and running.

Uninstall and reinstall sophos?

Ok this isn't the same thing as we've been chasing. The "Verification failed" message is significant because it means the content that was downloaded could not be validated as authentic. Delete /Library/Caches/com.sophos.sau, restart AutoUpdate, and update again.

On my Mac (9.0.3/ OSX 10.9) SAU stopped downloading since Monday 11th (16:00 GMT).  The computer was on all day Tuesday and online and it was only on Wednesday morning (today as of writing) I noticed the problem.  If I clicked on 'Update now' from the menu bar shield the AutoUpdate window would immediately appear and show the 11th November (i.e., two days ago).

I opened Activity Monitor and had to force kill the 'SophosAutoUpdate' process.  Then I could run an update and it actually checked in.

Filter the log in Console shows no attempts to check in on Tuesday...