Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 57 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 205717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Avira up2date error: Is there any solution?

dempie

Hi,

since yesterday my XG-Firewall cannot download the pattern files for the AVIRA virus scanner any more. This is what I read from 'Log Viewer' under 'View Log for Admin':

2015-12-29 11:17:30 Up2Date FAILED - Failed to download file avira_1.00_1.0.12965_full.tar.gz.gpg 18030
2015-12-29 11:16:31 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030

This process repeats every 30 seconds and is wasting all of my Internet bandwidth, as the download starts, but cannot be finished successfully.

I disbled 'Auto Update' from System>Administration>Updates'. Nevertheless, the XG Firewall doesn't stop downloading these files.

Is there any solution?

Thanks for your help.

Best Regards



This thread was automatically locked due to age.
  • 0
    I am having this exact same problem. I also attempted to disable the auto updates, however the download attempts keep on occurring.

    This is a serious issue with the new XG firewall. My internet bandwidth is constantly being maxed out.
  • 0
    2015-12-31 11:14:31 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030
    2015-12-31 11:10:30 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030
    2015-12-31 11:06:31 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030
    2015-12-31 11:05:31 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030
    2015-12-31 11:02:30 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030

    I'm also not impressed with the new log viewer compared with UTM 9, there seems to be less information, and it's hard to filter for the content you're looking for
  • 0

    This is what I'm getting in the u2d.log:

    Thu Dec 31 11:26:30 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:26:31 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

    Thu Dec 31 11:30:31 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:30:31 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

    Thu Dec 31 11:34:30 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:34:30 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

    Thu Dec 31 11:38:31 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:38:31 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

    Thu Dec 31 11:42:30 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:42:30 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

    Thu Dec 31 11:46:30 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:46:31 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

    Thu Dec 31 11:50:30 2015 Download for file savi_1.00_1.0.8492_full.tar.gz.gpg was interrupted/did not complete.

    Thu Dec 31 11:50:30 2015 Retrying/Resuming download for file savi_1.00_1.0.8492_full.tar.gz.gpg.

  • 0
    Same problem for me with my XG firewall. Last successful Avira AV update was 12/24, and last successful Sophos AV update was 12/26.
  • 0
    I've managed to work around the issue, but before I detail there are a few items for any Sophos reps who might be reading:

    There are a number of issues that need to be addressed here:

    • The UI for updates does not accurately reflect the configured state
    • Changes made through the updates UI do not have their intended effect on the system
    • There should be some sort of throttling implemented for repeated failure to download and unpack updates, currently the task seems to kick off every minute on the half minute mark.

    This is something that is imperative to get right about this product, as while the product allows me to restrict connections made either side of my network, it does not appear that I can restrict the firewall itself from making unwanted connections. This issue in particular has potential to cause significant cost to the customer due to internet usage charges.

    Now to the workaround:

    Accessing the 'Advanced Shell' of the device, one can edit the hosts file of the Linux OS to change the resolution of the server from where it's downloading the updates to localhost (127.0.0.1).

    In my investigation I was able to identify a curl task that was responsible for downloading the update; in my case it was downloading from 'd30ncyzaneb4q0.cloudfront.net', however I wouldn't count out geographical differences in resolution, so I would recommend determining the hostname yourselves.

    Making this change causes the curl process to fail immediately, and has returned my internet consumption to normal.

    ** there may be other unintended effects from this change
    ** this change will likely not persist across restarts of the device
    ** the hostname for the server(s) where the download is hosted may change in the future, in which case the process will need to be repeated
  • 0 in reply to PhilSchneider
    I forgot to add, naturally when Sophos resolve this issue properly, you'll want to reverse this change so the XG can once again download updates.
  • 0
    Same here. It seems there is no way to control traffic coming from the firewall itself. Furthermore the GUI option for disabling 'Auto Update' does not work as expected.

    So the only way I found to see what's going wrong was by using the 'Packet Capture' feature of the firewall. It showed up traffic coming from the outgoing interface of the firewall to some IP addresses in network 54.240.162.0/24 with no corrsponding traffic coming from inside of my network.

    I blocked this network on my outer DSL-router. This stopped the traffic.

    The drawback: Some Amazon services are not accessible any more as the Avira pattern downloads are downloaded from the Amazon cloud.
  • 0
    @Phil: May I ask how you find out the URL from which the update files are downloaded?
    Thanks.