Sophos stucks on Downloading

Now even Avira stopped working.....Hope they will improve this aspect because on UTM happened very sporadically.

Please provide a way to safe rebuild AV engines from CLI (from an older saved version).

[:@][:@][:@]

Here some output from u2d.log:

SFVH_SO01_SFOS 15.01.0 MR-2# tail -f /var/tslog/u2d.log
DEBUG     May 09 09:03:17 [20006]: Received name : savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
DEBUG     May 09 09:03:17 [20006]: Received location : d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
DEBUG     May 09 09:03:17 [20006]: Received version : 1.0.9121
DEBUG     May 09 09:03:17 [20006]: Received size : 505169
DEBUG     May 09 09:03:17 [20006]: Received md5sum : 05da6c169ea6086ee851107808cbceff
DEBUG     May 09 09:03:17 [20006]: Received module : savi
DEBUG     May 09 09:03:17 [20006]: Received cv : 1.00
DEBUG     May 09 09:03:17 [20006]: Received type : fdiff20
Mon May 09 09:03:30 2016 Starting download for file avira_1.00_1.0.14384_fdiff20.tar.gz.gpg
Mon May 09 09:03:31 2016 Starting download for file savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
Mon May 09 09:04:30 2016 Download completed for file avira_1.00_1.0.14384_fdiff20.tar.gz.gpg
gpg: Signature made Sun May  8 14:51:08 2016 CEST using RSA key ID 6A20EB0B
gpg: NOTE: trustdb not writable
gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
Mon May 09 09:04:30 2016 Download for file avira_1.00_1.0.14384_fdiff20.tar.gz.gpg passed integrity and gpg checks
Mon May 09 09:04:31 2016 Either FILE or MSID received in U2DVERSION is blank, avira_14364-14384.tar.gz,
Mon May 09 09:04:31 2016 Current avira patterns are at /content/avira_1.00/1.0.14377
Mon May 09 09:04:31 2016 New updated  patterns are now at /content/avira_1.00/1.0.14384
Mon May 09 09:04:32 2016 Callback u2d_pt_installed failed for avira, version = 1.0.14384.
Mon May 09 09:04:32 2016 Setting status 'fail' in DB and reverting link for avira to old version = 1.0.14377.
Mon May 09 09:04:32 2016 avira patterns are again at /content/avira_1.00/1.0.14377
Mon May 09 09:04:32 2016 Download completed for file savi_1.00_1.0.9121_fdiff20.tar.gz.gpg
gpg: Signature made Sun May  8 15:00:06 2016 CEST using RSA key ID 6A20EB0B
gpg: NOTE: trustdb not writable
gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
Mon May 09 09:04:32 2016 Download for file savi_1.00_1.0.9121_fdiff20.tar.gz.gpg passed integrity and gpg checks
Mon May 09 09:04:33 2016 Either FILE or MSID received in U2DVERSION is blank, savi_9101-9121.tar.gz,
Mon May 09 09:04:33 2016 Current savi patterns are at
Mon May 09 09:04:33 2016 New updated  patterns are now at /content/savi_1.00/1.0.9121
DEBUG     May 09 09:04:35 [21234]: --serial = C01001MQBJ83V4D
DEBUG     May 09 09:04:39 [21234]: --deviceid = ba10d486-3028-49d9-b3c2-c0062a3aedcf
DEBUG     May 09 09:04:39 [21234]: --fwversion = 15.01.0.418
DEBUG     May 09 09:04:39 [21234]: --productcode = CN
DEBUG     May 09 09:04:39 [21234]: --model = SF01V
DEBUG     May 09 09:04:39 [21234]: --vendor = SO01
DEBUG     May 09 09:04:39 [21234]: --pkg_sysupdate_version = 0
DEBUG     May 09 09:04:39 [21234]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
DEBUG     May 09 09:04:39 [21234]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
DEBUG     May 09 09:04:39 [21234]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
DEBUG     May 09 09:04:39 [21234]: Final query string is :
?&serialkey=C01001MQBJ83V4D&deviceid=ba10d486-3028-49d9-b3c2-c0062a3aedcf&fwversion=15.01.0.418&productcode=CN&appmodel=SF01V&appvendor=SO01&useragent=SF&oem=&pkg_sysupdate_version=0
DEBUG     May 09 09:04:39 [21234]: Response code : 200
DEBUG     May 09 09:04:39 [21234]: Response body :
<Up2Date/>

DEBUG     May 09 09:04:39 [21234]: Response length : 11
Mon May 09 09:04:40 2016 Callback u2d_pt_installed failed for savi, version = 1.0.9121.
Mon May 09 09:04:40 2016 Setting status 'fail' in DB and reverting link for savi to old version = 1.0.9113.
Mon May 09 09:04:40 2016 savi patterns are again at

I tried even to rename pattern folder but nothing changed. I do not want to format the XG just because AV updates broke it.

Hi Luk,

Can you check it by navigating through system> system services> malware protection.

Thanks

Sachin, I wil check. I am out of the office and I will be back on thursday.

Thanks.

I have the same issue (stuck on downloading Sophos AV since May 6th) I tried to fix it by rebooting the firewall, but then the download status changed to 'Failed'.

As suggested:

I've changed the web content filter from 'dual antivirus' to 'single antivirus' and I've changed the malware protection to 'Avira'

After this, I've manually updated the patterns.

The status of Sophos AV remains 'Failed'. So this workaround didn't do the trick. Any options to flush the update manually?

When is the patch to be released?

I have found a post on here https://community.sophos.com/products/xg-firewall/f/46/t/73626#pi394=3

posted by dempie, this has fixed my issues, it may sort yours out too.

this uses the console.

"In Main Menu choose:
5. Device Management
Then
3. Advanced Shell.
On command prompt type this command:
mv /content/u2d/pattern /content/u2d/pattern.org
This will rename the pattern file to pattern.org.
Now update the pattern files with the GUI using System > Administration > Updates.
Give the firewall some time to succeed the update process.

Hope this helps.

Best Regards."

Thank you Tony. Before creating the thread, I already tried the solution and moved even other folder. The fix did not help.

Thanks.

Thank you Tony, tried this, and after a while the Sophos AV definition was updated correctly to .9126.

The Avira definition (.14391) however is two days old, is this correct? Update status is: "success"

Hi Luk,

Please post u2d.log and fresh up2date_av.log.

Thanks

Sachin,

here both files:

1185.u2_logs.zip

I still have the same issue today even renaming patterns.

It is very sad that there is no way to fix it.

Hi Luk,

I investigated this, the issue is related with incorrect md5 checksum value passed , we are working to rectify this. This will be resolved with the next release. 

Thanks

Hi Luk,

I investigated this, the issue is related with incorrect md5 checksum value passed , we are working to rectify this. This will be resolved with the next release. 

Thanks

Sachin,

I appreciate your help and luckly I am still using XG at home. You can release something wrong, it could happen. The problem is that you have not provided a workaround.

Imagine I had the XG at work with 100 users and for this error, all web surfing traffic stopped working, do you image all the complaints from users and even from my Director?

The other issue is reporting. Formatting the XG will fix the issue but all the reporting will be lost. Not a nice deal. It is not my fault if I have to format the XG.

At home it is not a problem to lose reporting, but in working environment it is a big issue. You could say: buy iView but in some environment iView is not strictly needed so you should also provide a way to export reports and import again or the other option, provide a way to export them and use a tool (read-only) to read and query (no iView because is not free for customers).

Hope it is clear now.

Hi All,

A resolution to this question is posted on another thread, please refer : https://community.sophos.com/products/xg-firewall/f/129/p/77229/297105#297105.

Thanks