cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

12087
Views
26
Helpful
43
Replies
keithsauer507
Contributor

Receiving e-mails about Anti-virus database expired

We are recieving e-mails (we I mean IT department) from our Ironport C160 that says Sophos Anti-Virus database on this system is expired.  I checked our feature key and our Sophos subscription doesn't run out until March of 2014 - in which I promptly e-mailed our vendor for a quote :-)

Any idea what this is about, is it an issue?

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired.  Although the system will continue to scan for existing viruses, new virus updates will no longer be available.  Please run avupdate to update to the latest engine immediately.  Contact your IronPort support provider if you have any questions.

Current Sophos Anti-Virus Information:

SAV Engine Version      4.84

IDE Serial              2013100502

Last Engine Update      Sat Oct  5 12:53:22 2013

Last IDE Update         Sat Oct  5 06:07:22 2013

Last message occurred 5 times between Sat Oct  5 12:54:46 2013 and Sat Oct  5 12:55:46 2013.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Thank you Keith. 

The final action for this one was a backend issue over the weekend w/ the keys server/DB and the communication out to the appliances.

This has been corrected - so, if there are any other customers that are seeing notifications similar, the fix would be to run a force update to have the appliance re-check the DB and communication through to the keys DB:

> antivirusupdate force

Tail the updater_logs, or re-verify the 'antispamstatus sophos' after five minutes, and assure that the serial/time stamps have updated to current time.

-Robert

View solution in original post

Ours picked up the new engine and all is well about 22:37 est yesterday.  Looks good.

Fri May 16 22:37:46 2014 Info: Server manifest specified an update for sophos

Fri May 16 22:37:46 2014 Info: sophos was signalled to start a new update

Fri May 16 22:37:46 2014 Info: sophos processing files from the server manifest

Fri May 16 22:37:46 2014 Info: sophos started downloading files

Fri May 16 22:37:46 2014 Info: sophos waiting on download lock

Fri May 16 22:37:46 2014 Info: sophos acquired download lock

Fri May 16 22:37:46 2014 Info: sophos beginning download of remote file "http://updates.ironport.com/sophos/libsavi/1400293724"

Fri May 16 22:37:53 2014 Info: sophos released download lock

Fri May 16 22:37:53 2014 Info: sophos successfully downloaded file "sophos/libsavi/1400293724"

Fri May 16 22:37:53 2014 Info: sophos started applying files

Fri May 16 22:37:54 2014 Info: sophos updating component libsavi

Fri May 16 22:37:54 2014 Info: sophos updated engine,ide links successfully

Fri May 16 22:37:54 2014 Info: sophos cleaning up base dir /data/third_party/sophos

Fri May 16 22:37:54 2014 Info: sophos sending version details {'sophos': {'version': '4.98', 'ide': '2014051700'}} to hermes

Fri May 16 22:37:54 2014 Info: sophos verifying applied files

Fri May 16 22:37:54 2014 Info: sophos updating the client manifest

Fri May 16 22:37:54 2014 Info: sophos update completed

Fri May 16 22:37:54 2014 Info: sophos waiting for new updates

antivirusstatus

Choose the operation you want to perform:

- MCAFEE - Display McAfee Anti-Virus version information

- SOPHOS - Display Sophos Anti-Virus version information

[]> sophos

SAV Engine Version 3.2.07.392_4.98

IDE Serial 2014051701

Last Engine Update 17 May 2014 02:37 (GMT +00:00)

Last IDE Update 17 May 2014 10:13 (GMT +00:00)

Tony

View solution in original post

43 REPLIES 43
Robert Sherwin
Cisco Employee

Keith -

Have you rebooted the appliance anytime lately?  Sometimes, there are false exipration notices that trigger - if the system starts up and before the appliance returns all services to fully operational after the start-up.

What is the AsyncOS revision running on the C160?  Depending on the revision - you are most likely seeing defect:

https://tools.cisco.com/bugsearch/bug/CSCzv15563

You can also log-in on the CLI and run 'antivirusupdate force', then 'tail updater_logs' --- assure that the appliance reaches out to the updater server and completes the update to the AV serivce.

After five minutes - when you run 'avstatus sophos' - you should be seeing recent time stamps acorss the board on the output.

Hope that helps!

-Robert

No we haven't rebooted it for awhile. 

Up Since:14 Jan 2013 18:39 (GMT -05:00)
(265d 11h 42m 7s)

Today is Monday and the IDE rules updated.  So it fixed itself I guess...

Sophos Anti-Virus Engine05 Oct 2013 16:56 (GMT +00:00)3.2.07.378_4.90

Not Available

Sophos IDE Rules07 Oct 2013 09:36 (GMT +00:00)2013100702

Thank you Keith. 

The final action for this one was a backend issue over the weekend w/ the keys server/DB and the communication out to the appliances.

This has been corrected - so, if there are any other customers that are seeing notifications similar, the fix would be to run a force update to have the appliance re-check the DB and communication through to the keys DB:

> antivirusupdate force

Tail the updater_logs, or re-verify the 'antispamstatus sophos' after five minutes, and assure that the serial/time stamps have updated to current time.

-Robert

Sorry to bump an old thread but i have this today. avupdate force wont fix, reboots done etc. 

When you said "resolved at backend" did you mean Cisco did something? 

 

I have contacted TAC but they are going through the slow process of verifying my contract (again).. Its quite bad really like checking a ER patients credit card before helping! 

Also local vendor are trying for me. 

anyway any help would be appreciated.

Ok Cisco said its a known issue and they will update! 

Hello,

We have the same issue, since today at 0h :

SAV Engine Version        3.2.07.350.1_4.97 (expired)

Product: Cisco IronPort C660 Messaging Gateway(tm) Appliance
Model: C660
Version: 7.6.1-022

Do I have to contact TAC to open a case ?

Thanks,

I'd suggest to do so. That's the only way for the management and other responsibile people to see that something went wrong or was not so well planned.

any update on this

As of 12:00 PM US EST - We are pending an update to the Sophos engine 4.97.  Once this is available, it will automatically download to your appliance(s).

This most likely will be delivered as engine 4.98 here as soon as Q&A is completed.

Until now, the issue persists here.

Today I have the same problem:

SAV Engine Version        3.2.07.363.1_5.22 (expired)
    IDE Serial                xxxxxx
    Last Engine Update        12 Jan 2016 18:28 (GMT +00:00)
    Last IDE Update           09 Mar 2016 00:33 (GMT +00:00)

featurekey, featurekeyconfig
(Machine mx1.xxxx.xx)> featurekey

Module Quantity Remaining Expiration Date
Centralized Management 3000 41 days Mon Jun 13 05:56:08 2016
IronPort Email Encryption 1 30 days Dormant
IronPort Anti-Spam 3000 41 days Mon Jun 13 05:56:08 2016
Sophos Anti-Virus 3000 41 days Mon Jun 13 05:56:08 2016
Bounce Verification 1 Perpetual N/A
Incoming Mail Handling 1 Perpetual N/A
Outbreak Filters 3000 41 days Mon Jun 13 05:56:08 2016
RSA Email Data Loss Prevention 1 30 days Dormant
McAfee 1 30 days Dormant

Mon May  2 10:18:30 2016 Info: case cleaning up base dir [bindir]
Mon May  2 10:18:30 2016 Info: case verifying applied files
Mon May  2 10:18:30 2016 Info: case updating the client manifest
Mon May  2 10:18:30 2016 Info: case update completed
Mon May  2 10:18:30 2016 Info: case waiting for new updates

manual upate doesn´t work...

Sorry for opening this old thread

Hey Burkhard, what AsyncOS version are you running? 

Model: C370
Version: 7.6.2-014
Build Date: 2012-11-02
Install Date: 2013-04-19 10:17:47
Serial #: xxxxxx
BIOS: 2.2.17C
RAID: 1.21.02-0528, 2.01.00, 1.02-014B
RAID Status: Optimal
RAID Type: 1
BMC: 1.85

It´s a cluster with 2 C370 the second one has explizit the same and works fine

Hi,

I've seen this behavior on more 7.6.x devices.

For some reason Sophos doesn't update anymore.

Moving to v8.0.1 will definitely solve the issue.

You might want to consider upgrading the end-of-life software....

Regards,

Create
Recognize Your Peers
Content for Community-Ad