Tue 06-Apr-2010 10:27 - edited Tue 06-Apr-2010 10:43
I just installed PureMessage version 3.02 on a Windows 2003 server running Exchange 2003. It looks like PureMessage also installed the Sophos antivirus endpoint on that same server. That server is also running Enterprise Console 22.214.171.1242.
After a brand new, fresh install of PureMessage, the PureMessage dashboard shows "Failed" in red letters under "Latest updates". Looking some more, I see a system tray icon for Sophos Antivirus. I can right-click that icon and go to "configure updates", The primary server shows login info for my server - not the Sophos update site - but the name of the server is "Sophos". I have a hunch I need to upate this with the Sophos login info provided in the Sophos license key. I would love to do this, but everything on this page is greyed out. The secondary server is blank and also greyed out. I can look at the log file, and sure enough, it tells me the download failed from http://es-web-2.sophos.com. Well duh, that's because I mistakenly put in login info for my own server during the PureMessage install instead of Sophos login info.
OK, so how do I fix it? Looking in the registry, I see some references to login info but the passwords appear to be encrypted. I am so far not seeing any interface in the PureMessage dashboard app or in the Enterprise Console app.
So how do I fix that password in the Sophos Update Manager?
But this leads to an architectural question -
I want my Enterprise Console server to download all updates and then all the antivirus gateway and endpoint products to get their updates from my Enterprise Console server. Shouldn't my Enterprise Console be grabbing all the updates from Sophos and then Sophos Antivirus updating from my server? And why does PureMessage depend on updates from Sophos Antivirus? Or am I missing something?
One other clue - I just noticed in my Enterprise Console a warning that the Sophos Antivirus is not following some sort of policy. I wonder if this is because PureMessage installed it? Should I have rolled out Sophos Antivirus to the Enterprise Console server first?
(Edit a few minutes after initial posting)
From the Enterprise Console, I noticed I can tell the Sophos Antivirus to comply with the existing default policy. Trying this and checking the results with Sophos Antivirus on the same server, now the greyed out update server is in fact the Enterprise Console server and not Sophos anymore. It also looks like it's not trying to update every 5 minutes and failing any more. Ok, wonderful - but now I'm not sure if I made a bigger mess or fixed the problem. My PureMessage dashboard still shows a failed update. Am I giving PureMessage what it needs on this server and does PureMessage depend on Sophos Antivirus to get its updates?
- Greg Scott
Wed 07-Apr-2010 14:11
1 1/2 days later....
My Sophos AV installed on the Enterise Console server is still not updating itself. The logfile shows failures every 10 minutes with an error that it can't find its update server. This would be funny - because it's trying to update from itself - but I need current AV signatures. And the PureMessage console - all on the same server - also still says its updates are failing.
So now I'm afraid to roll out the endpoint AV protection to my workstations until I can get my server to update itself.
Where do I go to fix this?
- Greg Scott
Sun 11-Apr-2010 17:02
Not sure what the current state is there, but you need to ensure:
1) The machine is in a group in the Enterprise Console
2) You have protected the server itself from the console
3) The updating policy applied to the group has the correct info.
For a machine running PureMessage and SEC the primary server should be the default (itself), e.g. \\server\sophosupdate\cids\s***\SAVSCFXP\
The secondary server should be "sophos" and have your EM credentials and any proxy information.