Solved: Same Issue here as well.... - Page 3

keithsauer507 · ‎10-05-2013

We are recieving e-mails (we I mean IT department) from our Ironport C160 that says Sophos Anti-Virus database on this system is expired. I checked our feature key and our Sophos subscription doesn't run out until March of 2014 - in which I promptly e-mailed our vendor for a quote :-)

Any idea what this is about, is it an issue?

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired. Although the system will continue to scan for existing viruses, new virus updates will no longer be available. Please run avupdate to update to the latest engine immediately. Contact your IronPort support provider if you have any questions.

Current Sophos Anti-Virus Information:

SAV Engine Version 4.84

IDE Serial 2013100502

Last Engine Update Sat Oct 5 12:53:22 2013

Last IDE Update Sat Oct 5 06:07:22 2013

Last message occurred 5 times between Sat Oct 5 12:54:46 2013 and Sat Oct 5 12:55:46 2013.

Robert Sherwin · ‎05-16-2014

This issue has been escalated as of yesterday, and Cisco and Sophos have been working direct to address. We hope to have the new engine pushed here shortly this morning.

I apologize for any inconveniences.

-Robert

Cheers,
Robert Sherwin

megan00b1 · ‎05-16-2014

Manual update does work it seems;

Open a ssh to the box; type in:

avupdate force

Then do the tail of the updater_logs ; & you see that the box is updating. However; we noticed that sophos did not update from 28th of februari (around that date anyway); & we are recieving mails starting today mentioning that this has been the 3XX'th time it reports the issue? There were a LOT of updates the box just did...

We have 1 box manually updated; & 1 box not updated yet so cisco can have a look; but they just quoted this forumpage with the statement that they are looking into it.

Mega

Stelektro · ‎05-16-2014

if you do the antivirusupdate force, it says it's downloading and updating, but the problem seems, that there are no new sophos signatures in their repository. If you check the IDS version vumber before and after the manual update, it will not increase or change but the timestamp of the last update will change. This is somehow confusing.

We've also the statement from support:

Cisco is currently aware of a problem with customers receiving an alert(s) that their Email Security Appliance (ESA) Sophos Anti-Virus Database has expired. Customers who have appliances running Sophos SAV Engine Version 3.2.07.350.1_4.97 may receive these alerts starting on May 16,2014.

Cisco will be providing an update on this issue as we gather more facts and details.

And I wonder why there is almost no other statement than this little post in forums. This morning I tried to google for information if there was a problem with ironport an sophos signatures but I only found old stuff. The first thing one would expect is probaby firewall problems in your own systems.

Come on, get this working quickly please, without up2date AV there's a lot of bad things coming in with mails you do not want in your organization...!

Robert Sherwin · ‎05-16-2014

This is being addressed. I do apologize for the issue. We are pending an updated engine and pushing that to the updater servers. Once that has cleared Q&A, we'll have it ready and pushed. It will automatically update via your 'updateconfig' settings, usually this is checked each 5 minutes.

Again - keep in mind - the engine itself shows 'expired' but this is still operating/scanning, and downloading new IDEs to the appliance(s).

If you do see an example of scanning NOT working, or scanning NOT catching something - please let us know immediately. We will be happy to address.

-Robert

Cheers,
Robert Sherwin

Stelektro · ‎05-16-2014

Robert, you were right. IDE is getting updated.

4 hours ago, we've had a lower version number (2014051602). So AV patterns are hopefully up2date and AV scanning is working. Nice, I can just ignore the warning mails and enjoy my weekend.

(Machine mail)> antivirusstatus sophos

    SAV Engine Version        3.2.07.350.1_4.97 (expired)
    IDE Serial                2014051603
    Last Engine Update        16 May 2014 06:51 (GMT +00:00)
    Last IDE Update           16 May 2014 11:38 (GMT +00:00)

juanma_pequin · ‎05-16-2014

Yes, manually update does work but the error still appears

> antivirusstatus sophos

    SAV Engine Version        3.2.07.350.1_4.97 (expired)
    IDE Serial                2014051602
    Last Engine Update        16 May 2014 11:15 (GMT +00:00)
    Last IDE Update           16 May 2014 11:15 (GMT +00:00)

Wait for a cisco resolution

Robert Sherwin · ‎05-16-2014

Yes - the manual update will work/complete --- just assure yourself that the IDE serial incremented --- for you, you see the 2014051602 timestamp --- the IDEs are working as expected.

On my VESA - it's currently on 03:

myesa.local> avstatus sophos

SAV Engine Version 3.2.07.350.1_4.97 (expired)
IDE Serial 2014051603
Last Engine Update 16 May 2014 11:17 (GMT +00:00)
Last IDE Update 16 May 2014 11:32 (GMT +00:00)

The engine version will update/change once the new engine is ready and pushed. And, will also remove the (expired) tagging.

-Robert

Cheers,
Robert Sherwin

dmshanahan · ‎05-16-2014

We are experiencing this issue also.

SAV Engine Version 3.2.07.350.1_4.97 (expired)
IDE Serial 2014051603
Last Engine Update 16 May 2014 11:10 (GMT +02:10)
Last IDE Update 16 May 2014 11:14 (GMT +02:10)

dpinchukov · ‎05-16-2014

Same issue:

avstatus sophos

    SAV Engine Version        3.2.07.350.1_4.97 (expired)
    IDE Serial                2014051603
    Last Engine Update        16 May 2014 11:10 (GMT +00:00)
    Last IDE Update           16 May 2014 11:14 (GMT +00:00)

jtrepanier1 · ‎05-16-2014

Same issue

Current Sophos Anti-Virus Information:

SAV Engine Version 4.97

IDE Serial 2014051603

Last Engine Update Mon Feb 17 20:20:49 2014

Last IDE Update Fri May 16 07:29:52 2014

Last message occurred 384 times between Fri May 16 09:15:23 2014

and Fri May 16 10:14:08 2014.

David Draper · ‎05-16-2014

Same Issue here as well....

avstatus sophos

SAV Engine Version 4.97 (expired)

greg.counts · ‎05-16-2014

Same issue still here.

miltek5945 · ‎05-16-2014

Same issue:

avstatus sophos

    SAV Engine Version        3.2.07.350.1_4.97 (expired)
    IDE Serial                2014051604
    Last Engine Update        16 May 2014 17:39 (GMT +00:00)
    Last IDE Update           16 May 2014 17:39 (GMT +00:00)

WabashCenterIT · ‎05-16-2014

Any updates to this? Still receiving message from our Ironport complaining about this.

Receiving e-mails about Anti-virus database expired