Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1200 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV failed to update

David Clark1

Yesterday Sophos AV on XG V 18.5 MR1 failed to upgrade. Trying to do manual update from pattern, it fails also:

Sophos AV
1.0.17271
-
20:38:14, Nov 15 2021
Failed

When this failed, WAF failed with daemon error and stopped inbound traffic.

How to troubleshoot this?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hey David, Thanks for reaching out to Sophos Community.

    Make sure that there's enough disk space available on the device. 

    Run the command in Advanced shell (Option 5 > Option 3)  --> "df -kh". This will list the available disk space.

    Also, check the u2d.log file by running the command --> "tail -f /log/u2d.log". Once you run the command, it'll start showing the logs and then you can try to update the patterns once again. Share the output so we can dig further in. 

    Regards,

Reply
  • FormerMember
    0 FormerMember

    Hey David, Thanks for reaching out to Sophos Community.

    Make sure that there's enough disk space available on the device. 

    Run the command in Advanced shell (Option 5 > Option 3)  --> "df -kh". This will list the available disk space.

    Also, check the u2d.log file by running the command --> "tail -f /log/u2d.log". Once you run the command, it'll start showing the logs and then you can try to update the patterns once again. Share the output so we can dig further in. 

    Regards,

Children
  • 0 in reply to FormerMember

    Plenty of space:

    SFVH_SO01_SFOS 18.5.1 MR-1-Build326# df -h

    Filesystem                Size      Used Available Use% Mounted on

    none                    220.5M      2.8M    202.1M   1% /

    none                      2.9G     24.0K      2.9G   0% /dev

    none                      2.9G      6.1M      2.9G   0% /tmp

    none                      2.9G     14.6M      2.9G   0% /dev/shm

    /dev/boot               127.7M     49.5M     75.5M  40% /boot

    /dev/mapper/mountconf

                            385.4M     73.7M    307.6M  19% /conf

    /dev/content              7.3G    645.8M      6.7G   9% /content

    /dev/var                 62.7G     12.6G     50.1G  20% /var

    here is log file info:

    Tue Nov 16 19:55:28 2021 pt_dload_checker: Starting download for file avira_4.00_1.0.417974_immdiff.tar.gz.gpg

    Tue Nov 16 19:55:28 2021 pt_dload_checker: Starting download for file savi_1.00_1.0.17282_fdiff20.tar.gz.gpg

    Tue Nov 16 19:56:28 2021 pt_dload_checker: Download completed for file avira_4.00_1.0.417974_immdiff.tar.gz.gpg

    gpg: Signature made Tue Nov 16 13:09:29 2021 EST using RSA key ID 6A20EB0B

    gpg: NOTE: trustdb not writable

    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"

    Tue Nov 16 19:56:28 2021 pt_dload_checker: Download for file avira_4.00_1.0.417974_immdiff.tar.gz.gpg passed integrity and gpg checks

    Tue Nov 16 19:56:28 2021 pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, avira_417973-417974.tar.gz,

    Tue Nov 16 19:56:28 2021 pt_dload_checker: Current avira patterns are at /content/avira_4.00/1.0.417973

    Tue Nov 16 19:56:28 2021 pt_dload_checker: New updated patterns are now at /content/avira_4.00/1.0.417974

    Tue Nov 16 19:56:51 2021 pt_dload_checker: Updated signature db for avira, version = 1.0.417974.

    Tue Nov 16 19:56:51 2021 pt_dload_checker: Deleted pattern for module avira, version = 1.0.417973 at /content/avira_4.00/1.0.417973.

    Tue Nov 16 19:56:51 2021 pt_dload_checker: Download completed for file savi_1.00_1.0.17282_fdiff20.tar.gz.gpg

    gpg: Signature made Tue Nov 16 01:23:30 2021 EST using RSA key ID 6A20EB0B

    gpg: NOTE: trustdb not writable

    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"

    Tue Nov 16 19:56:51 2021 pt_dload_checker: Download for file savi_1.00_1.0.17282_fdiff20.tar.gz.gpg passed integrity and gpg checks

    Tue Nov 16 19:56:51 2021 pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, savi_17262-17282.tar.gz,

    Tue Nov 16 19:56:51 2021 pt_dload_checker: Current savi patterns are at /content/savi_1.00/1.0.17271

    Tue Nov 16 19:56:51 2021 pt_dload_checker: New updated patterns are now at /content/savi_1.00/1.0.17282

    Tue Nov 16 19:56:54 2021 pt_dload_checker: Callback u2d_pt_installed failed for savi, version = 1.0.17282.

    Tue Nov 16 19:56:54 2021 pt_dload_checker: Setting status 'fail' in DB and reverting link for savi to old version = 1.0.17271.

    Tue Nov 16 19:56:54 2021 pt_dload_checker: savi patterns are again at /content/savi_1.00/1.0.17271

  • FormerMember
    0 FormerMember in reply to David Clark1

    Hey David, I have dropped you a PM to collect more logs and some observations too :) 

    Regards,

  • 0 in reply to FormerMember

    Issue resolved itself after a few days. It's back to applying the update correctly.