Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15311
Views
26
Helpful
43
Replies

Receiving e-mails about Anti-virus database expired

Go to solution
keithsauer507
Level 5
Level 5

‎10-05-2013 10:06 AM

We are recieving e-mails (we I mean IT department) from our Ironport C160 that says Sophos Anti-Virus database on this system is expired.  I checked our feature key and our Sophos subscription doesn't run out until March of 2014 - in which I promptly e-mailed our vendor for a quote :-)

Any idea what this is about, is it an issue?

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired.  Although the system will continue to scan for existing viruses, new virus updates will no longer be available.  Please run avupdate to update to the latest engine immediately.  Contact your IronPort support provider if you have any questions.

Current Sophos Anti-Virus Information:

SAV Engine Version      4.84

IDE Serial              2013100502

Last Engine Update      Sat Oct  5 12:53:22 2013

Last IDE Update         Sat Oct  5 06:07:22 2013

Last message occurred 5 times between Sat Oct  5 12:54:46 2013 and Sat Oct  5 12:55:46 2013.

11 people had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to keithsauer507

‎10-07-2013 12:23 PM

Thank you Keith. 

The final action for this one was a backend issue over the weekend w/ the keys server/DB and the communication out to the appliances.

This has been corrected - so, if there are any other customers that are seeing notifications similar, the fix would be to run a force update to have the appliance re-check the DB and communication through to the keys DB:

> antivirusupdate force

Tail the updater_logs, or re-verify the 'antispamstatus sophos' after five minutes, and assure that the serial/time stamps have updated to current time.

-Robert

Cheers,
Robert Sherwin

View solution in original post

Go to solution
Tony Kilbarger
Level 1
Level 1
In response to Robert Sherwin

‎05-17-2014 06:25 AM

Ours picked up the new engine and all is well about 22:37 est yesterday.  Looks good.

Fri May 16 22:37:46 2014 Info: Server manifest specified an update for sophos

Fri May 16 22:37:46 2014 Info: sophos was signalled to start a new update

Fri May 16 22:37:46 2014 Info: sophos processing files from the server manifest

Fri May 16 22:37:46 2014 Info: sophos started downloading files

Fri May 16 22:37:46 2014 Info: sophos waiting on download lock

Fri May 16 22:37:46 2014 Info: sophos acquired download lock

Fri May 16 22:37:46 2014 Info: sophos beginning download of remote file "http://updates.ironport.com/sophos/libsavi/1400293724"

Fri May 16 22:37:53 2014 Info: sophos released download lock

Fri May 16 22:37:53 2014 Info: sophos successfully downloaded file "sophos/libsavi/1400293724"

Fri May 16 22:37:53 2014 Info: sophos started applying files

Fri May 16 22:37:54 2014 Info: sophos updating component libsavi

Fri May 16 22:37:54 2014 Info: sophos updated engine,ide links successfully

Fri May 16 22:37:54 2014 Info: sophos cleaning up base dir /data/third_party/sophos

Fri May 16 22:37:54 2014 Info: sophos sending version details {'sophos': {'version': '4.98', 'ide': '2014051700'}} to hermes

Fri May 16 22:37:54 2014 Info: sophos verifying applied files

Fri May 16 22:37:54 2014 Info: sophos updating the client manifest

Fri May 16 22:37:54 2014 Info: sophos update completed

Fri May 16 22:37:54 2014 Info: sophos waiting for new updates

antivirusstatus

Choose the operation you want to perform:

- MCAFEE - Display McAfee Anti-Virus version information

- SOPHOS - Display Sophos Anti-Virus version information

[]> sophos

SAV Engine Version 3.2.07.392_4.98

IDE Serial 2014051701

Last Engine Update 17 May 2014 02:37 (GMT +00:00)

Last IDE Update 17 May 2014 10:13 (GMT +00:00)

Tony

View solution in original post

43 Replies 43

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee

‎10-05-2013 10:22 AM

Keith -

Have you rebooted the appliance anytime lately?  Sometimes, there are false exipration notices that trigger - if the system starts up and before the appliance returns all services to fully operational after the start-up.

What is the AsyncOS revision running on the C160?  Depending on the revision - you are most likely seeing defect:

https://tools.cisco.com/bugsearch/bug/CSCzv15563

You can also log-in on the CLI and run 'antivirusupdate force', then 'tail updater_logs' --- assure that the appliance reaches out to the updater server and completes the update to the AV serivce.

After five minutes - when you run 'avstatus sophos' - you should be seeing recent time stamps acorss the board on the output.

Hope that helps!

-Robert

Cheers,
Robert Sherwin
0 Helpful

Go to solution
keithsauer507
Level 5
Level 5
In response to Robert Sherwin

‎10-07-2013 04:23 AM

No we haven't rebooted it for awhile. 

Up Since:14 Jan 2013 18:39 (GMT -05:00)
(265d 11h 42m 7s)

Today is Monday and the IDE rules updated.  So it fixed itself I guess...

Sophos Anti-Virus Engine05 Oct 2013 16:56 (GMT +00:00)3.2.07.378_4.90

Not Available

Sophos IDE Rules07 Oct 2013 09:36 (GMT +00:00)2013100702
0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to keithsauer507

‎10-07-2013 12:23 PM

Thank you Keith. 

The final action for this one was a backend issue over the weekend w/ the keys server/DB and the communication out to the appliances.

This has been corrected - so, if there are any other customers that are seeing notifications similar, the fix would be to run a force update to have the appliance re-check the DB and communication through to the keys DB:

> antivirusupdate force

Tail the updater_logs, or re-verify the 'antispamstatus sophos' after five minutes, and assure that the serial/time stamps have updated to current time.

-Robert

Cheers,
Robert Sherwin

Go to solution
CSCO10793514
Level 1
Level 1
In response to Robert Sherwin

‎05-16-2014 01:18 AM

Sorry to bump an old thread but i have this today. avupdate force wont fix, reboots done etc. 

When you said "resolved at backend" did you mean Cisco did something? 

 

I have contacted TAC but they are going through the slow process of verifying my contract (again).. Its quite bad really like checking a ER patients credit card before helping! 

Also local vendor are trying for me. 

anyway any help would be appreciated.

0 Helpful

Go to solution
CSCO10793514
Level 1
Level 1
In response to CSCO10793514

‎05-16-2014 02:21 AM

Ok Cisco said its a known issue and they will update! 

0 Helpful

Go to solution
jennifer.bertrand
Level 1
Level 1
In response to CSCO10793514

‎05-16-2014 04:51 AM

Hello,

We have the same issue, since today at 0h :

SAV Engine Version        3.2.07.350.1_4.97 (expired)

Product: Cisco IronPort C660 Messaging Gateway(tm) Appliance
Model: C660
Version: 7.6.1-022

Do I have to contact TAC to open a case ?

Thanks,

0 Helpful

Go to solution
Stelektro
Level 1
Level 1
In response to jennifer.bertrand

‎05-16-2014 04:56 AM

I'd suggest to do so. That's the only way for the management and other responsibile people to see that something went wrong or was not so well planned.

0 Helpful

Go to solution
chris reilly
Level 1
Level 1
In response to Stelektro

‎05-16-2014 09:33 AM

any update on this

0 Helpful

Go to solution
Robert Sherwin
Cisco Employee
Cisco Employee
In response to chris reilly

‎05-16-2014 09:41 AM

As of 12:00 PM US EST - We are pending an update to the Sophos engine 4.97.  Once this is available, it will automatically download to your appliance(s).

This most likely will be delivered as engine 4.98 here as soon as Q&A is completed.

Cheers,
Robert Sherwin
0 Helpful

Go to solution
fabiomodenese
Level 1
Level 1
In response to Robert Sherwin

‎05-16-2014 12:17 PM

Until now, the issue persists here.

0 Helpful

Go to solution
BURKHARD LANDWEHR
Level 1
Level 1
In response to fabiomodenese

‎05-02-2016 02:00 AM

Today I have the same problem:

SAV Engine Version        3.2.07.363.1_5.22 (expired)
    IDE Serial                xxxxxx
    Last Engine Update        12 Jan 2016 18:28 (GMT +00:00)
    Last IDE Update           09 Mar 2016 00:33 (GMT +00:00)

featurekey, featurekeyconfig
(Machine mx1.xxxx.xx)> featurekey

Module Quantity Remaining Expiration Date
Centralized Management 3000 41 days Mon Jun 13 05:56:08 2016
IronPort Email Encryption 1 30 days Dormant
IronPort Anti-Spam 3000 41 days Mon Jun 13 05:56:08 2016
Sophos Anti-Virus 3000 41 days Mon Jun 13 05:56:08 2016
Bounce Verification 1 Perpetual N/A
Incoming Mail Handling 1 Perpetual N/A
Outbreak Filters 3000 41 days Mon Jun 13 05:56:08 2016
RSA Email Data Loss Prevention 1 30 days Dormant
McAfee 1 30 days Dormant

Mon May  2 10:18:30 2016 Info: case cleaning up base dir [bindir]
Mon May  2 10:18:30 2016 Info: case verifying applied files
Mon May  2 10:18:30 2016 Info: case updating the client manifest
Mon May  2 10:18:30 2016 Info: case update completed
Mon May  2 10:18:30 2016 Info: case waiting for new updates

manual upate doesn´t work...

Sorry for opening this old thread

0 Helpful

Go to solution
Raed Boshmaf
Cisco Employee
Cisco Employee
In response to BURKHARD LANDWEHR

‎05-02-2016 02:00 AM

Hey Burkhard, what AsyncOS version are you running? 

0 Helpful

Go to solution
BURKHARD LANDWEHR
Level 1
Level 1
In response to Raed Boshmaf

‎05-02-2016 05:23 AM

Model: C370
Version: 7.6.2-014
Build Date: 2012-11-02
Install Date: 2013-04-19 10:17:47
Serial #: xxxxxx
BIOS: 2.2.17C
RAID: 1.21.02-0528, 2.01.00, 1.02-014B
RAID Status: Optimal
RAID Type: 1
BMC: 1.85

It´s a cluster with 2 C370 the second one has explizit the same and works fine

0 Helpful

Go to solution
Philippe Boeij
Level 1
Level 1
In response to BURKHARD LANDWEHR

‎05-02-2016 05:23 AM

Hi,

I've seen this behavior on more 7.6.x devices.

For some reason Sophos doesn't update anymore.

Moving to v8.0.1 will definitely solve the issue.

You might want to consider upgrading the end-of-life software....

Regards,

0 Helpful
Customers Also Viewed These Support Documents