This is likely closely associated with the behaviour mentioned by Ian at https://community.sophos.com/products/unified-threat-management/astaroorg/f/81/t/65264 though with the IP address 64.69.88.50. I'd like to go a bit deeper into it...
These downloads appear to be associated with Sophos PureMessage blocklist feature integration in the 9.2 beta (9.165). (Please tell us more about this feature.)
Is this recurring data download configurable? /etc/crontab and /etc/crontab.blocker suggest "not via supported mechanisms"
Will the update (/var/mdw/scripts/pmx-blocklist-update) script/process use the delta files (soon?) or will it continue to download a ~11MB file as frequently as every 10 minutes for the forseeable future?
Does/should this download only happen (only) with particular features enabled? None of the email features have been enabled on this UTM/VM. Do any non-email features leverage this blocklist?
Do these database updates get logged anywhere?
My internet connection is generally 512kbps and typically starts out with triple digit latency (ms) so I feel a more little pain with large unscheduled and/or recurring downloads.
Guest User!
You are not Sophos Staff.
