mail about Anti-virus database expired,

marjanoussama · ‎12-24-2013

We are recieving e-mails from our Ironport that says Sophos Anti-Virus database on this system is expired.

Any idea what this is about, is it an issue?

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired. Although the system

will continue to scan for existing viruses, new virus updates will no

longer be available. Please run avupdate to update to the latest engine

immediately. Contact Cisco IronPort Customer Support if you have any

questions.

Current Sophos Anti-Virus Information:

SAV Engine Version 4.90

IDE Serial

Last Engine Update Sun Sep 29 04:01:42 2013

Last IDE Update Sun Sep 29 04:01:32 2013

Last message occurred 89 times between Sun Dec 22 10:35:39 2013 and Sun Dec 22 11:32:10 2013.

Version: 7.6.2-014

Serial Number:

Timestamp: 22 Dec 2013 11:32:53 +0000

Thank you

Tze Tai Mak · ‎12-24-2013

Did you recently upgrade your AsyncOS from older release to AsyncOS 7.6.2?

Please note that in AsyncOS 7.6.3, there is a known issue

CSCzv15563

Sophos engine get expired after upgrade

Upgrade to latest AsyncOS which is having Expired Sophos engine will alert the user stating that it is expired. This issue occurs when user upgrades to latest available AsyncOS which has Expired Sophos Engine. An alert will be sent to user stating that the Sophos engine is expired.

Please see if you want to upgrade to a newer release. The latest one is 8.0.

Tommy

Alvaro J Gordon-Escobar · ‎12-24-2013

Hello Marjannoussama

Please issue the command antivirusupdate force:

Alvaro.lab01> antivirusupdate force

Requesting forced update of Sophos Anti-Virus.

This will force the unit to get a new engine. your engine is old, per the output you gave, its running 4.90. You should have 4.95. As Tommy pointed out, you might have an expire engine for two reasons.

1. engine has not updated, and hence expired :-)

2. you upgraded to an engine that was packaged into an OS upgrade that at its QA time, had a valid engine. But now the engine has expired. This normally fixes it self, as the unit fetches updates on its own. If it is not able to get one, it will continue to alert, until it can get the update.

Please ensure nothing hinders this device from reaching the Cisco Content Security update servers (IronPort Updater).

Alvaro.lab01> antivirusstatus

SAV Engine Version 3.2.07.389_4.95

IDE Serial 2013122404

Last Engine Update 13 Dec 2013 00:05 (GMT +00:00)

Last IDE Update 24 Dec 2013 20:48 (GMT +00:00)

Best Regards,

-Alvaro

Robert Sherwin · ‎12-24-2013

Also - with the information you provided, your timestamps are old - try to run 'antivirusupdate force' --- this will reload both the engine and ruleset for Sophos.

Run the following:

antivirusstatus

antivirusupdate force

antivirusstatus

From the updater_logs, you will want to see:

Tue Dec 24 10:48:19 2013 Info: sophos verifying applied files

Tue Dec 24 10:48:19 2013 Info: sophos updating the client manifest

Tue Dec 24 10:48:19 2013 Info: sophos update completed

Tue Dec 24 10:48:19 2013 Info: sophos waiting for new updates

And then with the 'antivirusstatus', you will want to see:

> avstatus

Choose the operation you want to perform:

- MCAFEE - Display McAfee Anti-Virus version information

- SOPHOS - Display Sophos Anti-Virus version information

[]> sophos

SAV Engine Version 3.2.07.389_4.95

IDE Serial 2013122404

Last Engine Update 24 Dec 2013 15:48 (GMT +00:00)

Last IDE Update 24 Dec 2013 15:48 (GMT +00:00)

Hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cheers,
Robert Sherwin