10-05-2013 10:06 AM
We are recieving e-mails (we I mean IT department) from our Ironport C160 that says Sophos Anti-Virus database on this system is expired. I checked our feature key and our Sophos subscription doesn't run out until March of 2014 - in which I promptly e-mailed our vendor for a quote :-)
Any idea what this is about, is it an issue?
The Warning message is:
sophos antivirus - The Anti-Virus database on this system is expired. Although the system will continue to scan for existing viruses, new virus updates will no longer be available. Please run avupdate to update to the latest engine immediately. Contact your IronPort support provider if you have any questions.
Current Sophos Anti-Virus Information:
SAV Engine Version 4.84
IDE Serial 2013100502
Last Engine Update Sat Oct 5 12:53:22 2013
Last IDE Update Sat Oct 5 06:07:22 2013
Last message occurred 5 times between Sat Oct 5 12:54:46 2013 and Sat Oct 5 12:55:46 2013.
Solved! Go to Solution.
05-02-2016 05:26 AM
Hey Burkhard, the reason for this is the fact that you are running an end of life "EOL" AsyncOS version.
Check the following link:
http://www.cisco.com/c/en/us/products/collateral/security/email-security-appliance/eos-eol-notice-c51-732594.html
What i would suggest is to follow this upgrade path
7.6.2-014 > 8.0.1-023 > 8.5.6-074
AsyncOS version 8.0.1 release notes:
http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-0/release_notes/ESA_8-0-1_Release_Notes.pdf
AsyncOS version 8.5.6 release notes:
http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_Release_Notes.pdf
Regards,
Raed
05-02-2016 02:22 AM
antivirusstatus
SAV Engine Version 3.2.07.364.0_5.24
IDE Serial 2016050201
Last Engine Update 09 Mar 2016 03:54 (GMT +00:00)
Last IDE Update 02 May 2016 06:20 (GMT +00:00)
Version
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Model: X1070
Version: 9.7.0-125
I had the same issue twice in the past, running 'antivirusupdate force' fixed it the first time.
The 2nd time it happened to me, it was because VM ESAppliance are using a different update servers than the HW ESAppliance, and this breaks when you have a cluster of mixed Virtual and Hardware appliances. If it's your case,
virtual ESA uses : update-manifests.sco.cisco.com:443
hardware ESA uses : update-manifests.cisco.com:443
In my case, it broke everything for a couple of days, until i realized they needed different dynamichost config ...
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118065-maintainandoperate-esa-00.html#anc5
05-16-2014 12:57 PM
Hi!
Any update? I'm still have the problem here
05-17-2014 06:25 AM
Ours picked up the new engine and all is well about 22:37 est yesterday. Looks good.
Fri May 16 22:37:46 2014 Info: Server manifest specified an update for sophos
Fri May 16 22:37:46 2014 Info: sophos was signalled to start a new update
Fri May 16 22:37:46 2014 Info: sophos processing files from the server manifest
Fri May 16 22:37:46 2014 Info: sophos started downloading files
Fri May 16 22:37:46 2014 Info: sophos waiting on download lock
Fri May 16 22:37:46 2014 Info: sophos acquired download lock
Fri May 16 22:37:46 2014 Info: sophos beginning download of remote file "http://updates.ironport.com/sophos/libsavi/1400293724"
Fri May 16 22:37:53 2014 Info: sophos released download lock
Fri May 16 22:37:53 2014 Info: sophos successfully downloaded file "sophos/libsavi/1400293724"
Fri May 16 22:37:53 2014 Info: sophos started applying files
Fri May 16 22:37:54 2014 Info: sophos updating component libsavi
Fri May 16 22:37:54 2014 Info: sophos updated engine,ide links successfully
Fri May 16 22:37:54 2014 Info: sophos cleaning up base dir /data/third_party/sophos
Fri May 16 22:37:54 2014 Info: sophos sending version details {'sophos': {'version': '4.98', 'ide': '2014051700'}} to hermes
Fri May 16 22:37:54 2014 Info: sophos verifying applied files
Fri May 16 22:37:54 2014 Info: sophos updating the client manifest
Fri May 16 22:37:54 2014 Info: sophos update completed
Fri May 16 22:37:54 2014 Info: sophos waiting for new updates
antivirusstatus
Choose the operation you want to perform:
- MCAFEE - Display McAfee Anti-Virus version information
- SOPHOS - Display Sophos Anti-Virus version information
[]> sophos
SAV Engine Version 3.2.07.392_4.98
IDE Serial 2014051701
Last Engine Update 17 May 2014 02:37 (GMT +00:00)
Last IDE Update 17 May 2014 10:13 (GMT +00:00)
Tony
05-16-2014 05:06 AM
No TAC case needed - we are aware and fully working the issue. Currently pending Sophos update and release of the new engine, and then this will be pushed. Keep an eye on the main forums posting - I will update there as soon as I can, and we can get this resolved.
-Robert
05-16-2014 05:08 AM
Thanks for your answer, Robert !
05-16-2014 12:42 PM
Thanks Robert. Any update?
05-16-2014 08:34 AM
My server C370: This same problem...
SAV Engine Version 3.2.07.350.1_4.97 (expired)
IDE Serial 2014051603
Last Engine Update 16 May 2014 12:18 (GMT +00:00)
Last IDE Update 16 May 2014 12:18 (GMT +00:00)
05-16-2014 09:20 AM
Same issue for us as well.
SAV Engine Version 3.2.07.350.1_4.97 (expired)
IDE Serial 2014051603
Last Engine Update 16 May 2014 12:18 (GMT +00:00)
Last IDE Update 16 May 2014 12:18 (GMT +00:00)
02-26-2015 08:11 AM
Hi Robert,
Is this issue still present?
Our Ironport seems to be experiencing the same issues
"antivirusupdate force" does not seem to resolve it:
SAV Engine Version 5.04 (expired)
IDE Serial 2014110404
Last Engine Update 26 Feb 2015 15:51 (GMT)
Last IDE Update 26 Feb 2015 15:53 (GMT)
Last Update Attempt 26 Feb 2015 15:54 (GMT)
Last Update Success 26 Feb 2015 15:51 (GMT)
Also, updater_logs does not seem to display any force/extra attempts at updating:
Thu Feb 26 15:46:21 2015 Info: Starting scheduled update
Thu Feb 26 15:46:21 2015 Info: Scheduled next update to occur at Thu Feb 26 15:51:21 2015
Thu Feb 26 15:51:21 2015 Info: Starting scheduled update
Thu Feb 26 15:51:21 2015 Info: Scheduled next update to occur at Thu Feb 26 15:56:21 2015
Thu Feb 26 15:56:21 2015 Info: Starting scheduled update
Thu Feb 26 15:56:21 2015 Info: Scheduled next update to occur at Thu Feb 26 16:01:21 2015
Thu Feb 26 16:01:21 2015 Info: Starting scheduled update
Thu Feb 26 16:01:21 2015 Info: Scheduled next update to occur at Thu Feb 26 16:06:21 2015
Thu Feb 26 16:06:21 2015 Info: Starting scheduled update
Thu Feb 26 16:06:21 2015 Info: Scheduled next update to occur at Thu Feb 26 16:11:21 2015
02-26-2015 11:39 AM
What version of AsyncOS is running on your appliance? Check from CLI with version or on the GUI Monitor > System Status.
From the output you show - you are still getting updated library, but more than likely the engine is not updating based on the AsyncOS version. You'll need to be running 7.6.3 or newer.
Should be seeing similar to:
> avstatus
SAV Engine Version 3.2.07.358.1_5.09
IDE Serial 2015022605
Last Engine Update 26 Feb 2015 18:21 (GMT +00:00)
Last IDE Update 26 Feb 2015 18:21 (GMT +00:00)
02-26-2015 11:48 PM
That must be it, we didn't include the Ironport in our maintenance upgrades.
Current Version
===============
Product: IronPort C160 Messaging Gateway(tm) Appliance
Model: C160
Version: 7.1.5-017
05-15-2014 08:34 PM
thanks..
05-15-2014 08:38 PM
We are still pending a fix on the issue from Sophos. We'll have something posted to the forums here as it is rolled out. I have updated the front page of forums, since this is a similar issue to this thread.
-Robert
05-16-2014 02:15 AM
We also have the same issue, here are some details about our Sophos revision
Sophos Anti-Virus
Sophos Anti-Virus Overview
Anti-Virus Scanning by Sophos Anti-Virus: Enabled
Virus Scanning Timeout (seconds): 60
Current Sophos Anti-Virus files
File Type Last Update Current Version New Update
Sophos Anti-Virus Engine 16 May 2014 09:08 (GMT +00:00) 3.2.07.350.1_4.97
Not Available
Sophos IDE Rules 16 May 2014 09:08 (GMT +00:00) 2014051602
Not Available
Could you please escalate this issue ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide