Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13942
Views
26
Helpful
43
Replies

Receiving e-mails about Anti-virus database expired

Go to solution
keithsauer507
Level 5
Level 5

‎10-05-2013 10:06 AM

We are recieving e-mails (we I mean IT department) from our Ironport C160 that says Sophos Anti-Virus database on this system is expired.  I checked our feature key and our Sophos subscription doesn't run out until March of 2014 - in which I promptly e-mailed our vendor for a quote :-)

Any idea what this is about, is it an issue?

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired.  Although the system will continue to scan for existing viruses, new virus updates will no longer be available.  Please run avupdate to update to the latest engine immediately.  Contact your IronPort support provider if you have any questions.

Current Sophos Anti-Virus Information:

SAV Engine Version      4.84

IDE Serial              2013100502

Last Engine Update      Sat Oct  5 12:53:22 2013

Last IDE Update         Sat Oct  5 06:07:22 2013

Last message occurred 5 times between Sat Oct  5 12:54:46 2013 and Sat Oct  5 12:55:46 2013.

11 people had this problem
Labels:
0 Helpful
43 Replies 43

Go to solution
Raed Boshmaf
Cisco Employee
Cisco Employee
In response to BURKHARD LANDWEHR

‎05-02-2016 05:26 AM

Hey Burkhard, the reason for this is the fact that you are running an end of life "EOL" AsyncOS version.

Check the following link:

http://www.cisco.com/c/en/us/products/collateral/security/email-security-appliance/eos-eol-notice-c51-732594.html

What i would suggest is to follow this upgrade path

7.6.2-014  > 8.0.1-023 >  8.5.6-074

AsyncOS version 8.0.1 release notes:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-0/release_notes/ESA_8-0-1_Release_Notes.pdf

AsyncOS version 8.5.6 release notes:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_Release_Notes.pdf

Regards,

Raed

0 Helpful

Go to solution
Alexis Bechetoille
Level 1
Level 1
In response to BURKHARD LANDWEHR

‎05-02-2016 02:22 AM

Here is my output :
antivirusstatus
    SAV Engine Version        3.2.07.364.0_5.24
    IDE Serial                2016050201
    Last Engine Update        09 Mar 2016 03:54 (GMT +00:00)
    Last IDE Update           02 May 2016 06:20 (GMT +00:00)
Version
Product: Cisco IronPort X1070 Messaging Gateway(tm) Appliance
Model: X1070
Version: 9.7.0-125

I had the same issue twice in the past, running 'antivirusupdate force' fixed it the first time.

The 2nd time it happened to me, it was because VM ESAppliance are using a different update servers than the HW ESAppliance, and this breaks when you have a cluster of mixed Virtual and Hardware appliances. If it's your case, 

virtual ESA uses : update-manifests.sco.cisco.com:443 

hardware ESA uses : update-manifests.cisco.com:443 

In my case, it broke everything for a couple of days, until i realized they needed different dynamichost config ...

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118065-maintainandoperate-esa-00.html#anc5

0 Helpful

Go to solution
noraarellano
Level 1
Level 1
In response to Robert Sherwin

‎05-16-2014 12:57 PM

Hi!

 

Any update? I'm still have the problem here 

0 Helpful

Go to solution
Tony Kilbarger
Level 1
Level 1
In response to Robert Sherwin

‎05-17-2014 06:25 AM

Ours picked up the new engine and all is well about 22:37 est yesterday.  Looks good.

Fri May 16 22:37:46 2014 Info: Server manifest specified an update for sophos

Fri May 16 22:37:46 2014 Info: sophos was signalled to start a new update

Fri May 16 22:37:46 2014 Info: sophos processing files from the server manifest

Fri May 16 22:37:46 2014 Info: sophos started downloading files

Fri May 16 22:37:46 2014 Info: sophos waiting on download lock

Fri May 16 22:37:46 2014 Info: sophos acquired download lock

Fri May 16 22:37:46 2014 Info: sophos beginning download of remote file "http://updates.ironport.com/sophos/libsavi/1400293724"

Fri May 16 22:37:53 2014 Info: sophos released download lock

Fri May 16 22:37:53 2014 Info: sophos successfully downloaded file "sophos/libsavi/1400293724"

Fri May 16 22:37:53 2014 Info: sophos started applying files

Fri May 16 22:37:54 2014 Info: sophos updating component libsavi

Fri May 16 22:37:54 2014 Info: sophos updated engine,ide links successfully

Fri May 16 22:37:54 2014 Info: sophos cleaning up base dir /data/third_party/sophos

Fri May 16 22:37:54 2014 Info: sophos sending version details {'sophos': {'version': '4.98', 'ide': '2014051700'}} to hermes

Fri May 16 22:37:54 2014 Info: sophos verifying applied files

Fri May 16 22:37:54 2014 Info: sophos updating the client manifest

Fri May 16 22:37:54 2014 Info: sophos update completed

Fri May 16 22:37:54 2014 Info: sophos waiting for new updates

antivirusstatus

Choose the operation you want to perform:

- MCAFEE - Display McAfee Anti-Virus version information

- SOPHOS - Display Sophos Anti-Virus version information

[]> sophos

SAV Engine Version 3.2.07.392_4.98

IDE Serial 2014051701

Last Engine Update 17 May 2014 02:37 (GMT +00:00)

Last IDE Update 17 May 2014 10:13 (GMT +00:00)

Tony

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to jennifer.bertrand

‎05-16-2014 05:06 AM

No TAC case needed - we are aware and fully working the issue.  Currently pending Sophos update and release of the new engine, and then this will be pushed.  Keep an eye on the main forums posting - I will update there as soon as I can, and we can get this resolved.

-Robert

Cheers,
Robert Sherwin
0 Helpful

Go to solution
jennifer.bertrand
Level 1
Level 1
In response to Robert Sherwin

‎05-16-2014 05:08 AM

Thanks for your answer, Robert !

0 Helpful

Go to solution
jimcoons72
Level 1
Level 1
In response to jennifer.bertrand

‎05-16-2014 12:42 PM

Thanks Robert.  Any update?

 

0 Helpful

Go to solution
fabiomodenese
Level 1
Level 1
In response to Robert Sherwin

‎05-16-2014 08:34 AM

My server C370: This same problem...

    SAV Engine Version        3.2.07.350.1_4.97 (expired)
    IDE Serial                2014051603
    Last Engine Update        16 May 2014 12:18 (GMT +00:00)
    Last IDE Update           16 May 2014 12:18 (GMT +00:00)

0 Helpful

Go to solution
Steve Arel
Level 1
Level 1
In response to fabiomodenese

‎05-16-2014 09:20 AM

Same issue for us as well.

    SAV Engine Version        3.2.07.350.1_4.97 (expired)
    IDE Serial                2014051603
    Last Engine Update        16 May 2014 12:18 (GMT +00:00)
    Last IDE Update           16 May 2014 12:18 (GMT +00:00)

0 Helpful

Go to solution
johan.nkabuwakabili
Level 1
Level 1
In response to Robert Sherwin

‎02-26-2015 08:11 AM

Hi Robert,

Is this issue still present?

Our Ironport seems to be experiencing the same issues

"antivirusupdate force" does not seem to resolve it:

 

    SAV Engine Version        5.04 (expired)
    IDE Serial                2014110404
    Last Engine Update        26 Feb 2015 15:51 (GMT)
    Last IDE Update           26 Feb 2015 15:53 (GMT)
    Last Update Attempt       26 Feb 2015 15:54 (GMT)
    Last Update Success       26 Feb 2015 15:51 (GMT)

 

Also, updater_logs does not seem to display any force/extra attempts at updating:

 

Thu Feb 26 15:46:21 2015 Info: Starting scheduled update
Thu Feb 26 15:46:21 2015 Info: Scheduled next update to occur at Thu Feb 26 15:51:21 2015
Thu Feb 26 15:51:21 2015 Info: Starting scheduled update
Thu Feb 26 15:51:21 2015 Info: Scheduled next update to occur at Thu Feb 26 15:56:21 2015
Thu Feb 26 15:56:21 2015 Info: Starting scheduled update
Thu Feb 26 15:56:21 2015 Info: Scheduled next update to occur at Thu Feb 26 16:01:21 2015
Thu Feb 26 16:01:21 2015 Info: Starting scheduled update
Thu Feb 26 16:01:21 2015 Info: Scheduled next update to occur at Thu Feb 26 16:06:21 2015
Thu Feb 26 16:06:21 2015 Info: Starting scheduled update
Thu Feb 26 16:06:21 2015 Info: Scheduled next update to occur at Thu Feb 26 16:11:21 2015

 

 

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to johan.nkabuwakabili

‎02-26-2015 11:39 AM

What version of AsyncOS is running on your appliance?  Check from CLI with version or on the GUI Monitor > System Status.  

From the output you show - you are still getting updated library, but more than likely the engine is not updating based on the AsyncOS version.  You'll need to be running 7.6.3 or newer.

Should be seeing similar to:

> avstatus

    SAV Engine Version        3.2.07.358.1_5.09

    IDE Serial                2015022605

    Last Engine Update        26 Feb 2015 18:21 (GMT +00:00)

    Last IDE Update           26 Feb 2015 18:21 (GMT +00:00)

 

https://supportforums.cisco.com/blog/12247391/end-life-reminder-asyncos-71-75-and-related-sophos-500-expiration

Cheers,
Robert Sherwin
0 Helpful

Go to solution
johan.nkabuwakabili
Level 1
Level 1
In response to Robert Sherwin

‎02-26-2015 11:48 PM

That must be it, we didn't include the Ironport in our maintenance upgrades.

 

Current Version
===============
Product: IronPort C160 Messaging Gateway(tm) Appliance
Model: C160
Version: 7.1.5-017

 

0 Helpful

Go to solution
sasikumarnaren84
Level 1
Level 1

‎05-15-2014 08:34 PM

thanks..

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to sasikumarnaren84

‎05-15-2014 08:38 PM

We are still pending a fix on the issue from Sophos.  We'll have something posted to the forums here as it is rolled out.  I have updated the front page of forums, since this is a similar issue to this thread.

-Robert

Cheers,
Robert Sherwin

Go to solution
zz-erw-csa-resosecu
Level 1
Level 1
In response to Robert Sherwin

‎05-16-2014 02:15 AM

We also have the same issue, here are some details about our Sophos revision

Sophos Anti-Virus

Sophos Anti-Virus Overview
    Anti-Virus Scanning by Sophos Anti-Virus:     Enabled
    Virus Scanning Timeout (seconds):     60

Current Sophos Anti-Virus files
    File Type     Last Update     Current Version     New Update
    Sophos Anti-Virus Engine     16 May 2014 09:08 (GMT +00:00)     3.2.07.350.1_4.97     
    Not Available
    Sophos IDE Rules     16 May 2014 09:08 (GMT +00:00)     2014051602     
    Not Available

 

Could you please escalate this issue ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents