Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 57 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 205732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Avira up2date error: Is there any solution?

dempie

Hi,

since yesterday my XG-Firewall cannot download the pattern files for the AVIRA virus scanner any more. This is what I read from 'Log Viewer' under 'View Log for Admin':

2015-12-29 11:17:30 Up2Date FAILED - Failed to download file avira_1.00_1.0.12965_full.tar.gz.gpg 18030
2015-12-29 11:16:31 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030

This process repeats every 30 seconds and is wasting all of my Internet bandwidth, as the download starts, but cannot be finished successfully.

I disbled 'Auto Update' from System>Administration>Updates'. Nevertheless, the XG Firewall doesn't stop downloading these files.

Is there any solution?

Thanks for your help.

Best Regards



This thread was automatically locked due to age.
Parents
  • 0
    I've managed to work around the issue, but before I detail there are a few items for any Sophos reps who might be reading:

    There are a number of issues that need to be addressed here:

    • The UI for updates does not accurately reflect the configured state
    • Changes made through the updates UI do not have their intended effect on the system
    • There should be some sort of throttling implemented for repeated failure to download and unpack updates, currently the task seems to kick off every minute on the half minute mark.

    This is something that is imperative to get right about this product, as while the product allows me to restrict connections made either side of my network, it does not appear that I can restrict the firewall itself from making unwanted connections. This issue in particular has potential to cause significant cost to the customer due to internet usage charges.

    Now to the workaround:

    Accessing the 'Advanced Shell' of the device, one can edit the hosts file of the Linux OS to change the resolution of the server from where it's downloading the updates to localhost (127.0.0.1).

    In my investigation I was able to identify a curl task that was responsible for downloading the update; in my case it was downloading from 'd30ncyzaneb4q0.cloudfront.net', however I wouldn't count out geographical differences in resolution, so I would recommend determining the hostname yourselves.

    Making this change causes the curl process to fail immediately, and has returned my internet consumption to normal.

    ** there may be other unintended effects from this change
    ** this change will likely not persist across restarts of the device
    ** the hostname for the server(s) where the download is hosted may change in the future, in which case the process will need to be repeated
  • 0 in reply to PhilSchneider
    Phil thank you for your post.
    When you say editing hosts file, you mean /etc/hosts?
    If yes, mine already point to itself.

    Luk
Reply Children
No Data