Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 39 replies
  • Subscribers 21 subscribers
  • Views 41899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Version 9.353-4 Released

utmadm

I received email notifications about the 9.353-4 update this morning. It appeared on both of my UTMs this morning. One is supported hardware and the other is a virtual machine at home. I have not installed the update yet. I am waiting to see if others (who are braver than me) report any serious issues.

I have learned that Sophos UTM updates go out in phases. Your UTM may not have the update available yet. I have seen a gap of several weeks between when an update appears on my home UTM and when it appears on the hardware UTM.

Moderators: Feel free to edit the subject of this thread to add "Do not install!" if it seems appropriate. I won't complain. Hopefully this is a good, solid release.

Other forum members: Please comment here if you have installed the 9.353-4 update. Please share your experiences (good and bad) here. Thanks!



This thread was automatically locked due to age.
  • in reply to lms87
    Hi lms87,

    the fastest way in for this behaviour is to create an system backup, reinstall it and update it to the version of your backup version. Please notice, when you using the smtp/pop proxy, your quarantine and all the logfiles for the system are gone.
  • installed my SG310 Cluster without problems from 9.351-3 (got all the bugs mentioned).. all bugs gone as far as i can see.

    also updated my home zotac box to 9.353-4.. also no problem.
  • in reply to AndreasRieger
    I did consider that but haven't for the reasons you pointed out...not until the quarantine queue is sorted!

    Is there anything else I can do?
  • I updated the office UTM 120 from 9.317-5 to 9.353-4 last night at 1:46 AM via scheduled update. I scheduled only the 9.353-4 update and the rest were included automatically. I can see Flow Monitor tabular and chart views, no problem. I am at a remote location. It is very early and nobody is in the office yet, but everything seems okay.

    I looked through the up2date log and there were some scary looking entries. It finished around 2:01 AM, except that one package had a delayed install until 3:00 AM. It all seemed to work out in the end. Here are some selected "scary" entries from the Up2Date log:

    2016:02:02-01:52:41 MyUTM auisys[11414]: Another instance of auisys is already running.
    2016:02:02-01:52:41 MyUTM auisys[11414]: Aappending job to queue! Exiting
    2016:02:02-01:52:45 MyUTM audld[11248]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="appctrl4"
    2016:02:02-01:52:48 MyUTM auisys[11454]: no HA system or cluster node
    2016:02:02-01:52:48 MyUTM auisys[11454]: waiting for db_verify to return (30 seconds max)
    2016:02:02-01:52:51 MyUTM auisys[11454]: >=========================================================================
    2016:02:02-01:52:51 MyUTM auisys[11454]: db_verify failed wih return code 256
    2016:02:02-01:52:51 MyUTM auisys[11454]:
    2016:02:02-01:52:51 MyUTM auisys[11454]: 1. Modules::Logging::msg:46() /</sbin/auisys.plx>Modules/Logging.pm
    2016:02:02-01:52:51 MyUTM auisys[11454]: 2. Modules::Auisys::RPMDBCheck::check:65() /</sbin/auisys.plx>Modules/Auisys/RPMDBCheck.pm
    2016:02:02-01:52:51 MyUTM auisys[11454]: 3. main::main:226() auisys.pl
    2016:02:02-01:52:51 MyUTM auisys[11454]: 4. main::top-level:35() auisys.pl
    2016:02:02-01:52:51 MyUTM auisys[11454]: |=========================================================================
    2016:02:02-01:52:51 MyUTM auisys[11454]: db_verify: Page 0: page 2098 encountered a second time on free list
    2016:02:02-01:52:51 MyUTM auisys[11454]: db_verify: /var/lib/rpm/Packages: DB_VERIFY_BAD: Database verification failed
    2016:02:02-01:52:51 MyUTM auisys[11454]:
    2016:02:02-01:52:51 MyUTM auisys[11454]:
    2016:02:02-01:52:51 MyUTM auisys[11454]: 1. Modules::Logging::msg:46() /</sbin/auisys.plx>Modules/Logging.pm
    2016:02:02-01:52:51 MyUTM auisys[11454]: 2. Modules::Auisys::RPMDBCheck::check:66() /</sbin/auisys.plx>Modules/Auisys/RPMDBCheck.pm
    2016:02:02-01:52:51 MyUTM auisys[11454]: 3. main::main:226() auisys.pl
    2016:02:02-01:52:51 MyUTM auisys[11454]: 4. main::top-level:35() auisys.pl
    2016:02:02-01:52:51 MyUTM auisys[11454]: |=========================================================================
    2016:02:02-01:52:51 MyUTM auisys[11454]: Rpm database is broken. Can not install until problem is solved. Will terminate now.

    ...

    2016:02:02-03:02:35 MyUTM auisys[10200]: Install u2d packages <aptp>
    2016:02:02-03:02:35 MyUTM auisys[10200]: Starting installing up2date packages for type 'aptp'
    2016:02:02-03:02:35 MyUTM auisys[10200]: Installing up2date package: /var/up2date/aptp/u2d-aptp-9.13487.tgz.gpg
    2016:02:02-03:02:35 MyUTM auisys[10200]: Verifying up2date package signature
    2016:02:02-03:02:35 MyUTM auisys[10200]: Unpacking installation instructions
    2016:02:02-03:02:36 MyUTM auisys[10200]: parsing installation instructions
    2016:02:02-03:02:36 MyUTM auisys[10200]: Unpacking up2date package container
    2016:02:02-03:02:36 MyUTM auisys[10200]: Running pre-installation checks
    2016:02:02-03:02:36 MyUTM auisys[10200]: Starting up2date package installation
    2016:02:02-03:02:56 MyUTM auisys[10200]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.13487" package="aptp"

    After that, the Up2Date log appears normal.
  • in reply to utmadm
    P.S. The update from 9.317-5 to 9.353-4 overwrote the replacement top banner that I created for the WebAdmin interface. (The purpose of the replacement banner is to help distinguish between multiple different UTMs, because the WebAdmin interfaces look so much alike.)

    When I asked Sophos support for "explicit permission" to edit the file, they warned me that it could be overwritten in a future Up2Date update. Apparently they were right.

    I looked in the directory, and discovered that:
    * The replacement topbar_left.png was identical to my previous copy of the file from before, which I named, "topbar_left_orig.png" (They have the same date and size, and I checked with diff).
    * The new "topbar_left_new.png" was still in the directory, despite the update and replacement.
    * All I needed to do was log in as root and copy the new file while retaining my copy of the original just in case. "cp -p topbar_left_new.png topbar_left.png" (Reminder: You may void your warranty or support without explicit permission from Sophos)

    I describe the WebAdmin replacement procedure in this thread:

    community.sophos.com/.../285640

    Look for "3. Edit the Top Banner on the WebAdmin Pages" in the fourth post in that thread.

  • A while back, I installed the 9.352-6 update and experienced the same issues as others so I rolled back to 9.351-3 which worked fine. Just now, I updated to the latest (9.353-4) and got the Flow Monitor issue with IE11. Did not try any other browsers since others have reported that Flow Monitor is working with many of the other popular browsers. I immediately ran CCleaner to clean all cache and temp files and tried Flow Monitor with IE11, again, and it's now working without error. I have IE11 set to not save any data and clear history on close but running CCleaner was still necessary.

    The email reports do contain the graphs. I also noticed a 2.5% drop in Memory/Swap Usage.

    I'll post if I encounter any issues.

  • in reply to Jeff x
    Yep! All sorted, so it looks like they're all happy now... Glad I didn't have to reinstall the base utm image! Thanks
  • Updated from 9.352-6 to 9.353-4 on 28 JAN. Executive report graphs working again, but a marked decrease in IPS attack events reported. Was from 10 to 30 per day (or more) of various type attacks reported... since update, most days report zero events, very few on a couple of days. Concerned that intrusions are getting through, especially to my web/mail server. Reverting to 9.351-3.
  • in reply to utmadm
    I went from 9.351-3 to 9.353-4
  • in reply to MikeWelsh
    I don't think the issues are related. Attacks seem to come in waves, so whoever was knocking on your door recently has moved on. Some of my clients never see any such activity.

    Cheers - Bob