cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2203
Views
0
Helpful
3
Replies

mail about Anti-virus database expired,

marjanoussama
Level 1
Level 1

We are recieving e-mails from our Ironport that says Sophos Anti-Virus database on this system is expired.

Any idea what this is about, is it an issue?

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired. Although the system

will continue to scan for existing viruses, new virus updates will no

longer be available. Please run avupdate to update to the latest engine

immediately. Contact Cisco IronPort Customer Support if you have any

questions.

Current Sophos Anti-Virus Information:

SAV Engine Version 4.90

IDE Serial

Last Engine Update Sun Sep 29 04:01:42 2013

Last IDE Update Sun Sep 29 04:01:32 2013

Last message occurred 89 times between Sun Dec 22 10:35:39 2013 and Sun Dec 22 11:32:10 2013.

Version: 7.6.2-014

Serial Number:

Timestamp: 22 Dec 2013 11:32:53 +0000

Thank you

3 Replies 3

Tze Tai Mak
Level 1
Level 1

Did you recently upgrade your AsyncOS from older release to AsyncOS 7.6.2?

Please note that in AsyncOS 7.6.3, there is a known issue

Sophos engine get expired after upgrade

Upgrade to latest AsyncOS which is having Expired Sophos engine will alert the user stating that it is expired. This issue occurs when user upgrades to latest available AsyncOS which has Expired Sophos Engine. An alert will be sent to user stating that the Sophos engine is expired.

Please see if you want to upgrade to a newer release. The latest one is 8.0.

Tommy

Alvaro J Gordon-Escobar
Cisco Employee
Cisco Employee

Hello Marjannoussama

Please issue the command antivirusupdate force:

Alvaro.lab01> antivirusupdate force

Requesting forced update of Sophos Anti-Virus.

This will force the unit to get a new engine.  your engine is old,  per the output you gave, its running 4.90.    You should have 4.95.  As Tommy pointed out, you might have an expire engine for two reasons. 

1.  engine has not updated, and hence expired :-)

2. you upgraded to an engine that was packaged into an OS upgrade that at its QA time, had a valid engine. But now the engine has expired.    This normally fixes it self, as the unit fetches updates on its own.  If it is not able to get one, it will continue to alert, until it can get the update.

Please ensure nothing hinders this device from reaching the Cisco Content Security update servers (IronPort Updater).

Alvaro.lab01> antivirusstatus

    SAV Engine Version        3.2.07.389_4.95

    IDE Serial                2013122404

    Last Engine Update        13 Dec 2013 00:05 (GMT +00:00)

    Last IDE Update           24 Dec 2013 20:48 (GMT +00:00)

Best Regards,

-Alvaro

Robert Sherwin
Cisco Employee
Cisco Employee

Also - with the information you provided, your timestamps are old - try to run 'antivirusupdate force' --- this will reload both the engine and ruleset for Sophos.

Run the following:

antivirusstatus

antivirusupdate force

antivirusstatus

From the updater_logs, you will want to see:


Tue Dec 24 10:48:19 2013 Info: sophos verifying applied files

Tue Dec 24 10:48:19 2013 Info: sophos updating the client manifest

Tue Dec 24 10:48:19 2013 Info: sophos update completed

Tue Dec 24 10:48:19 2013 Info: sophos waiting for new updates

And then with the 'antivirusstatus', you will want to see:

> avstatus

Choose the operation you want to perform:

- MCAFEE - Display McAfee Anti-Virus version information

- SOPHOS - Display Sophos Anti-Virus version information

[]> sophos

    SAV Engine Version        3.2.07.389_4.95

    IDE Serial                2013122404

    Last Engine Update        24 Dec 2013 15:48 (GMT +00:00)

    Last IDE Update           24 Dec 2013 15:48 (GMT +00:00)


Hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: