Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 57 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 205751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Avira up2date error: Is there any solution?

dempie

Hi,

since yesterday my XG-Firewall cannot download the pattern files for the AVIRA virus scanner any more. This is what I read from 'Log Viewer' under 'View Log for Admin':

2015-12-29 11:17:30 Up2Date FAILED - Failed to download file avira_1.00_1.0.12965_full.tar.gz.gpg 18030
2015-12-29 11:16:31 Up2Date FAILED - Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg 18030

This process repeats every 30 seconds and is wasting all of my Internet bandwidth, as the download starts, but cannot be finished successfully.

I disbled 'Auto Update' from System>Administration>Updates'. Nevertheless, the XG Firewall doesn't stop downloading these files.

Is there any solution?

Thanks for your help.

Best Regards



This thread was automatically locked due to age.
Parents
  • 0
    I'm not sure if anyone else found this but I did some HTTPS interception upstream of the XG (while troubleshooting this issue) which results in the certificates being re-signed by an untrusted CA. The XG still tried to download the files and ignored the invalid/untrusted CA; this doesn't seem ideal; anyone else have an opinion on this?

    Also, does anyone happen to know how the XG gets the content for /content/u2d/pattern ?
Reply
  • 0
    I'm not sure if anyone else found this but I did some HTTPS interception upstream of the XG (while troubleshooting this issue) which results in the certificates being re-signed by an untrusted CA. The XG still tried to download the files and ignored the invalid/untrusted CA; this doesn't seem ideal; anyone else have an opinion on this?

    Also, does anyone happen to know how the XG gets the content for /content/u2d/pattern ?
Children
  • 0 in reply to NathanPhelan
    If the pattern files are being signed by a cert which is linked back to a trusted root cert, and they're using certificate pinning when checking, it shouldn't matter if the patterns aren't downloaded over a secure connection or not as the signing check should detect corruption or tampering. This would be best practice.

    Still they need to fix the endless download if the patterns fail to match the check/hash.
  • 0 in reply to PhilSchneider
    I don't know if that's what they're doing though!
  • 0 in reply to PhilSchneider

    Good points Phil. I hadn't considered that; I just thought since they thought it worthwhile to use HTTPS they probably should be checking the cert as well.

    Yes, the endless downloads need to be fixed; this incident has consumed significant amounts of data for some of our clients (in two instances 40% of their monthly quota in 4 days of their office being empty due to holidays).

  • 0 in reply to NathanPhelan
    >>Also, does anyone happen to know how the XG gets the content for /content/u2d/pattern ?
    In my opinion the XG extracts the content for /content/u2d/pattern from package informations downloaded from Sophos up2date servers.
  • 0 in reply to NathanPhelan
    This is what /log/u2d.log says:

    DEBUG Jan 03 21:13:03 [30246]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG Jan 03 21:13:03 [30246]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG Jan 03 21:13:03 [30246]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG Jan 03 21:13:03 [30246]: --serial = <removed>
    DEBUG Jan 03 21:13:03 [30246]: --deviceid = <removed>
    DEBUG Jan 03 21:13:03 [30246]: --fwversion = 15.01.0.376
    DEBUG Jan 03 21:13:03 [30246]: --productcode = CN
    DEBUG Jan 03 21:13:03 [30246]: --model = SF01V
    DEBUG Jan 03 21:13:03 [30246]: --vendor = SO01
    DEBUG Jan 03 21:13:03 [30246]: --pkg_ips_version = 3.12.52
    DEBUG Jan 03 21:13:03 [30246]: --pkg_ips_cv = 10.0
    DEBUG Jan 03 21:13:03 [30246]: --pkg_atp_version = 1.0.0050
    DEBUG Jan 03 21:13:03 [30246]: --pkg_atp_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_savi_version = 1.0.8484
    DEBUG Jan 03 21:13:03 [30246]: --pkg_savi_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_avira_version = 1.0.12950
    DEBUG Jan 03 21:13:03 [30246]: --pkg_avira_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_apfw_version = 3.0.001
    DEBUG Jan 03 21:13:03 [30246]: --pkg_apfw_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_waf_version = 1.0.0006
    DEBUG Jan 03 21:13:03 [30246]: --pkg_waf_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_sslvpn_version = 1.0.004
    DEBUG Jan 03 21:13:03 [30246]: --pkg_sslvpn_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_clientauth_version = 1.0.0013
    DEBUG Jan 03 21:13:03 [30246]: --pkg_clientauth_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: --pkg_redfw_version = 1.0.004
    DEBUG Jan 03 21:13:03 [30246]: --pkg_redfw_cv = 1.00
    DEBUG Jan 03 21:13:03 [30246]: Final query string is :
    ?&serialkey=<removed>&deviceid=<removed>&fwversion=15.01.0.376&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=&pkg_ips_version=3.12.52&pkg_ips_cv=10.0&pkg_atp_version=1.0.0050&pkg_atp_cv=1.00&pkg_savi_version=1.0.8484&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.12950&pkg_avira_patch=2&pkg_avira_cv=1.00&pkg_clientauth_version=1.0.0013&pkg_clientauth_cv=1.00&pkg_apfw_version=3.0.001&pkg_apfw_cv=1.00&pkg_redfw_version=1.0.004&pkg_redfw_cv=1.00&pkg_waf_version=1.0.0006&pkg_waf_cv=1.00&pkg_sslvpn_version=1.0.004&pkg_sslvpn_cv=1.00
    DEBUG Jan 03 21:13:05 [30246]: Response code : 200
    DEBUG Jan 03 21:13:05 [30246]: Response body :
    <Up2Date>
    <Package u2dtype="pattern">
    <File name="avira_1.00_1.0.13028_full.tar.gz.gpg">
    <location>d30ncyzaneb4q0.cloudfront.net/.../location>
    <version>1.0.13028</version>
    <size>143717879</size>
    <md5sum>933ca22bd326b64479f18c38e7364d24</md5sum>
    <module>avira</module>
    <cv>1.00</cv>
    <type>full</type>
    </File>
    <File name="savi_1.00_1.0.8496_full.tar.gz.gpg">
    <location>d30ncyzaneb4q0.cloudfront.net/.../location>
    <version>1.0.8496</version>
    <size>136836547</size>
    <md5sum>05a1353bf526ec5714df6b4209cad394</md5sum>
    <module>savi</module>
    <cv>1.00</cv>
    <type>full</type>
    </File>
    </Package>
    </Up2Date>
    DEBUG Jan 03 21:13:05 [30246]: Response length : 782
    DEBUG Jan 03 21:13:05 [30246]: Received name : avira_1.00_1.0.13028_full.tar.gz.gpg
    DEBUG Jan 03 21:13:05 [30246]: Received location : d30ncyzaneb4q0.cloudfront.net/avira_1.00_1.0.13028_full.tar.gz.gpg
    DEBUG Jan 03 21:13:05 [30246]: Received version : 1.0.13028
    DEBUG Jan 03 21:13:05 [30246]: Received size : 143717879
    DEBUG Jan 03 21:13:05 [30246]: Received md5sum : 933ca22bd326b64479f18c38e7364d24
    DEBUG Jan 03 21:13:05 [30246]: Received module : avira
    DEBUG Jan 03 21:13:05 [30246]: Received cv : 1.00
    DEBUG Jan 03 21:13:05 [30246]: Received type : full
    DEBUG Jan 03 21:13:05 [30246]: Received name : savi_1.00_1.0.8496_full.tar.gz.gpg
    DEBUG Jan 03 21:13:05 [30246]: Received location : d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.8496_full.tar.gz.gpg
    DEBUG Jan 03 21:13:05 [30246]: Received version : 1.0.8496
    DEBUG Jan 03 21:13:05 [30246]: Received size : 136836547
    DEBUG Jan 03 21:13:05 [30246]: Received md5sum : 05a1353bf526ec5714df6b4209cad39
    WARNING Jan 03 21:13:05 [30246]: A new update is available for avira but we are ignoring it as download for a previous update is in progress.
    WARNING Jan 03 21:13:05 [30246]: A new update is available for savi but we are ignoring it as download for a previous update is in progress.
  • 0 in reply to NathanPhelan
    The log lines also show the reason why the pattern files weren't updated with the latest version:

    WARNING Jan 03 21:13:05 [30246]: A new update is available for avira but we are ignoring it as download for a previous update is in progress.
    WARNING Jan 03 21:13:05 [30246]: A new update is available for savi but we are ignoring it as download for a previous update is in progress.