Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 22 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 58296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos stucks on Downloading

lferrara

Hi All,

since yesterday my Sophos AV is not updating anymore. From /var/tslog/up2date_av.log the last events I see are:

2016-05-07 03:46:47 PM: savapi inc update...still looping
2016-05-07 03:46:49 PM: savapi inc update...still looping
2016-05-07 03:46:51 PM: savapi inc update...still looping
2016-05-07 03:46:53 PM: savapi inc update...still looping
2016-05-07 03:46:55 PM: savapi inc update...still looping
2016-05-07 03:46:57 PM: savapi inc update...still looping
2016-05-07 03:46:59 PM: savapi inc update...still looping
2016-05-07 03:47:02 PM: savapi inc update...still looping
2016-05-07 03:47:04 PM: savapi inc update...still looping
2016-05-07 03:47:06 PM: New savapi inc udate successfully done

Clicking on "update pattern now" does not change the up2date_av.log file at all.

Anyone is experiencing this issue?

Thanks.



This thread was automatically locked due to age.
  • 0

    Now even Avira stopped working.....Hope they will improve this aspect because on UTM happened very sporadically.

    Please provide a way to safe rebuild AV engines from CLI (from an older saved version).

    [:@][:@][:@]

  • 0 in reply to lferrara

    Here some output from u2d.log:

    SFVH_SO01_SFOS 15.01.0 MR-2# tail -f /var/tslog/u2d.log
    DEBUG     May 09 09:03:17 [20006]: Received name : savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
    DEBUG     May 09 09:03:17 [20006]: Received location : d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
    DEBUG     May 09 09:03:17 [20006]: Received version : 1.0.9121
    DEBUG     May 09 09:03:17 [20006]: Received size : 505169
    DEBUG     May 09 09:03:17 [20006]: Received md5sum : 05da6c169ea6086ee851107808cbceff
    DEBUG     May 09 09:03:17 [20006]: Received module : savi
    DEBUG     May 09 09:03:17 [20006]: Received cv : 1.00
    DEBUG     May 09 09:03:17 [20006]: Received type : fdiff20
    Mon May 09 09:03:30 2016 Starting download for file avira_1.00_1.0.14384_fdiff20.tar.gz.gpg
    Mon May 09 09:03:31 2016 Starting download for file savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
    Mon May 09 09:04:30 2016 Download completed for file avira_1.00_1.0.14384_fdiff20.tar.gz.gpg
    gpg: Signature made Sun May  8 14:51:08 2016 CEST using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    Mon May 09 09:04:30 2016 Download for file avira_1.00_1.0.14384_fdiff20.tar.gz.gpg passed integrity and gpg checks
    Mon May 09 09:04:31 2016 Either FILE or MSID received in U2DVERSION is blank, avira_14364-14384.tar.gz,
    Mon May 09 09:04:31 2016 Current avira patterns are at /content/avira_1.00/1.0.14377
    Mon May 09 09:04:31 2016 New updated  patterns are now at /content/avira_1.00/1.0.14384
    Mon May 09 09:04:32 2016 Callback u2d_pt_installed failed for avira, version = 1.0.14384.
    Mon May 09 09:04:32 2016 Setting status 'fail' in DB and reverting link for avira to old version = 1.0.14377.
    Mon May 09 09:04:32 2016 avira patterns are again at /content/avira_1.00/1.0.14377
    Mon May 09 09:04:32 2016 Download completed for file savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
    gpg: Signature made Sun May  8 15:00:06 2016 CEST using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    Mon May 09 09:04:32 2016 Download for file savi_1.00_1.0.9121_fdiff20.tar.gz.gpg passed integrity and gpg checks
    Mon May 09 09:04:33 2016 Either FILE or MSID received in U2DVERSION is blank, savi_9101-9121.tar.gz,
    Mon May 09 09:04:33 2016 Current savi patterns are at
    Mon May 09 09:04:33 2016 New updated  patterns are now at /content/savi_1.00/1.0.9121
    DEBUG     May 09 09:04:35 [21234]: --serial = C01001MQBJ83V4D
    DEBUG     May 09 09:04:39 [21234]: --deviceid = ba10d486-3028-49d9-b3c2-c0062a3aedcf
    DEBUG     May 09 09:04:39 [21234]: --fwversion = 15.01.0.418
    DEBUG     May 09 09:04:39 [21234]: --productcode = CN
    DEBUG     May 09 09:04:39 [21234]: --model = SF01V
    DEBUG     May 09 09:04:39 [21234]: --vendor = SO01
    DEBUG     May 09 09:04:39 [21234]: --pkg_sysupdate_version = 0
    DEBUG     May 09 09:04:39 [21234]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     May 09 09:04:39 [21234]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     May 09 09:04:39 [21234]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     May 09 09:04:39 [21234]: Final query string is :
    ?&serialkey=C01001MQBJ83V4D&deviceid=ba10d486-3028-49d9-b3c2-c0062a3aedcf&fwversion=15.01.0.418&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=&pkg_sysupdate_version=0
    DEBUG     May 09 09:04:39 [21234]: Response code : 200
    DEBUG     May 09 09:04:39 [21234]: Response body :
    <Up2Date/>

    DEBUG     May 09 09:04:39 [21234]: Response length : 11
    Mon May 09 09:04:40 2016 Callback u2d_pt_installed failed for savi, version = 1.0.9121.
    Mon May 09 09:04:40 2016 Setting status 'fail' in DB and reverting link for savi to old version = 1.0.9113.
    Mon May 09 09:04:40 2016 savi patterns are again at

    I tried even to rename pattern folder but nothing changed. I do not want to format the XG just because AV updates broke it.

  • 0 in reply to lferrara

    Got the same issue here too, I'm guessing that Sophos have an issue.

  • 0 in reply to TonyGrove

    Thank you Tony. At least I am not alone.

    They shall test their packages before they release them. It can happen, but at least the XG should be "intelligent" to return to previous AV engine definition and continue to work, sending an email to Admin that last update did not work.

    Also if you have XG configured inside a Company where HTTP Scan is enabled, it is a big issue, because pages stop loading correctly. This is not fair!

  • 0 in reply to lferrara

    Hi Luk,

    This instance is a known bug NC-8005 and resolution is targeted with the next release.

    Thanks

  • 0 in reply to sachingurung

    Saching,


    as always thank you for your answer. What do you mean when you say: "This instance is a known bug NC-8005 and resolution is targeted with the next release"?

    So for everyone who is experiencing this issue needs to reformat the XG or you mean that into next release, if the AV Engine fails to update, Admins will receive a notification and Engine will continue to work with older IDE without interrupting the HTTP SCAN traffic?

    Thanks.

  • 0 in reply to lferrara

    Hi,

    This means that the issue is pending a resolution and is under development. Just a recommendation, can you try changing the AV engine from Sophos to Avira and check if the update is successful?

    Thanks

  • 0 in reply to sachingurung

    Thank you Sachin. I am already using Avira, because I am using Sophos as Endpoint.

    Thanks.

  • 0 in reply to lferrara

    Hi Luk,

    Can you check it by navigating through system> system services> malware protection.

    Thanks