Avira up2date error: Is there any solution?

I was able to solve the failed virus pattern updates on my XG firewall. The problem seems to be that the firewall gets wrong file size and hash informations for Avira AV pattern v1.0.12965 and Sophos AV pattern v1.0.8492. After I filled in the correct values the firewall software installed these pattern files and downloaded and installed another set of pattern files (the latest ones) from the download server. Now my firewall is using v1.0.13096 of Avira AV pattern and v1.0.8522 of Sophos AV pattern.

Disclaimer:
I shall not be held liable for any damages or problems incurred as a consequence of executing one or all of the following steps. The use of this information is at your own risk.

The information for the pattern files is stored in the file pattern under /content/u2d. I don't know if the AV engines of the firewall need to be updated sequentially. As there are more recent pattern files than the ones that got stucked it might be sufficient to get the latest one.

1. So you could rename the file pattern in /content/u2d (mv /content/u2d/pattern /content/ud2/pattern.org) and try to update the pattern files with the GUI using System > Administration > Updates.
Give the firewall about 10 minutes for the update process. The pattern files are each more than 130MB in size.
If the update was successfull you will see an update message in System > Diagnostics > Log Viewer 'View Log for System'.
You can stop here.

2. What I did to get the stucked update for pattern files v1.0.12965 and v1.0.8492 running was to change the values in /content/u2d/pattern. Before doing this please make a copy of the pattern file.
Before editing my pattern file looked like this:

#avira_1.00_1.0.12965_full.tar.gz.gpg#https://d30ncyzaneb4q0.cloudfront.net/avira_1.00_1.0.12965_full.tar.gz.gpg#1.0.12965#142763349#61319209ae709790bb4c2af30c61308a#avira#1.00#full
#savi_1.00_1.0.8492_full.tar.gz.gpg#https://d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.8492_full.tar.gz.gpg#1.0.8492#136774155#f48e5b801bb8067eb8ae81435056027c#savi#1.00#full

So the values 142763349 and 136774155 seem to be the file sizes, 61319209ae709790bb4c2af30c61308a and f48e5b801bb8067eb8ae81435056027c look like md5 hashes.
I checked these values with the files I manually downloaded from the url addresses and they were different. So this is what my pattern file looked like after editing:

#avira_1.00_1.0.12965_full.tar.gz.gpg#https://d30ncyzaneb4q0.cloudfront.net/avira_1.00_1.0.12965_full.tar.gz.gpg#1.0.12965#142763133#ecaa79ee3e7eb7a72422afa5047b4ed3#avira#1.00#full
#savi_1.00_1.0.8492_full.tar.gz.gpg#https://d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.8492_full.tar.gz.gpg#1.0.8492#136774428#c914b03ba829d85e45d38dde70c9dc5c#savi#1.00#full

After saving my changes I started a pattern update via GUI using System > Administration > Updates.

My firewall installed pattern Avira AV pattern v1.0.12965 and Sophos AV pattern v1.0.8492 first, after that it downloaded and installed v1.0.13096 of Avira AV pattern and v1.0.8522 of Sophos AV pattern.

Hope this helps.
Best Regards.

An XG beginners question on this: how do I get to the command prompt in order to rename the file? I did start the console from the UI (admin-console) and started the CLI by pressing enter and logged in. When I now select "4" for the device's console it only allows me to start tools like ping but not to do commands like ls etc.

Can you tell me the names of the files which fail?
The latest pattern files are:
savi_1.00_1.0.8522_full.tar.gz.gpg
avira_1.00_1.0.13096_full.tar.gz.gpg
It took about 10 minutes on my firewall to download and install them but this may vary depending on the hardware of the firewall.

Best Regards.

I'd love to but how to find out? In the log viewer it looks like I could open a more detailled message by clicking on the "Failed to check" text (appears like a link). But when doing so nothing happens. So currently I do not know more about why it fails.
BTW, the /content/u2d currently only has 3 items in it: the pattern.org, dr and firmware. I think I deleted 2 savi and 2 avira files before which hopefully did not screw everything. I thought those will be recreated anyway...

Please write what you exactly see in the System > Diagnostics > Log Viewer under 'View Log for Admin'. And what do you see in System > Diagnostics > Log Viewer 'View Log for System'. Screenshots would be helpfull.
Thanks.

from admin log:

2016-01-05 12:14:31
Up2Date
FAILED
-
Failed to download file savi_1.00_1.0.8492_full.tar.gz.gpg
18030

2016-01-05 12:14:30
Up2Date
FAILED
-
Failed to download file avira_1.00_1.0.12965_full.tar.gz.gpg
18030

from system log:

2016-01-05 14:56:41
Up2Date
FAILED
-
Failed to check for updates
18029

Hi Stefan,
your firewall cannot contact the sophos update servers. This is what I read from your system log entry.
Please check the Internet connectivity of your firewall. You can use the GUI tools from System > Diagnostics > Tools.
1. What is the result of a ping request to 92.122.192.170? Please use your WAN-Interface Port for this test.
2. Try a ping on www.cisco.com. Does your firewall resolve the DNS name and do you get a reply?
3. From your other thread I know that you made changes on your DSL modem/ router to stop traffic. Did you revert them?
4. What is with other configuration changes you made on the firewall to stop the traffic? Might one of them be the reason why you can't connect to the update servers?

Best Regards.

Hi dempie,

You're my hero! I actually still had blocked port 443 in the router to prevent those continues downloads...

So it seems removing that rule brought me half way. From the log:

"Avira AV definitions upgraded from 1.0.12950 to 1.0.13110"

Now I still get download failures from savi_1.00_1.0.8522_full.tar.gz.gpg. I did rename pattern once again and started over again. This time monitoring (with my limited Linux know how) the progress as you can see below. The download runs fine up to 64401 (blocks?). Then it stops and the log shows the error message.

Does anybody have any other idea?

Hi dempie,
I sent a longer post before including "you are my hero" but obviously because of a screenshot that was not posted automatically. So here is the text summary:
- you were 100% correct. I still had a blocker on port 443 (aaargh)
- after removing the Avira update went fine
- the savi_1.00_1.0.8522_full.tar.gz.gpg still fails though after download 60000ish blocks
- renaming pattern again and asking for update again did not help so far
Do you or anybody else have another idea? (btw, ping worked fine as you can imagine because of the different port...)

I am now trying your second option of the original explanation. I.e. trying to find out the correct numbers for editing the pattern file...

Hm, kind of bad news. The filesize of 137206979 Bytes and the MD5 code of the downloaded file from the link below are the same like defined in the pattern file. So editing won't help I assumme :-(.
This is the content of my current pattern file.
#savi_1.00_1.0.8522_full.tar.gz.gpg#d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.8522_full.tar.gz.gpg

Hm, I start thinking if the problem is either time or server related. The download once reached 110MB although most of the time stopping aborting around 67MB after pretty much exactly 28 seconds.
Hopefully somebody has a smart idea which explains this behaviour.

Hm, I start thinking if the problem is either time or server related. The download once reached 110MB although most of the time stopping aborting around 67MB after pretty much exactly 28 seconds.
Hopefully somebody has a smart idea which explains this behaviour.