Yesterday, like many of you, we were getting alert e-mails that looked like this:
================================
Condition
~~~~~~~~~
Monitor "Data Installation" on host "<hostname> has generated an error condition.
Description
~~~~~~~~~~~
The appliance has repeatedly failed to install data updates for the last 30 minutes. The threat definitions on the appliance are out of date.
Remedy
~~~~~~
Sophos technical support has been notified.
================================
After getting several of these, we started to get reports from our users that they were not getting e-mails that they were expecting. When we attempted to login to the web interface, we got no response. We opened the VMWare Console for the virtual appliance and tried to enter option 2. Restart Network Interface. After pressing 2 and enter we got no response. We waited a resonable time, but got no response. The web interface was still not responding, but we could ping the appliance. We checked the VMWare performance monitor to see if the CPU was getting slammed and it showed no activity. We tried to issue a Guest Shutdown to no response, so we had to force the VM to power down.
After restarting we attempted to get in but had the same issues. We had to run to a company meeting, but after we got back we still couldn't get access. We tired all the above steps to bring it down gracefully, but had to power it off again.
Finally on this boot, it started to respond. E-mails started to flow and all was good.
We later found out that Sophos was having some issue with their updating servers that day.We opened a ticket due to the appliance lockup to see if there was something that could be done to prevent this in the future.
Sophos's Tech Support in a nutshell told us that the e-mail appliance was designed this way and that it's not a problem. They said that if the appliance can't reach the update servers it's desgined to stop operating so as to protect us from new threats. So in essence we know better than you, and we won't allow any e-mail to flow becuase you can't reach us for an up to the minute threat update.
Seriously????
That's like saying the Endpoint protection server will shut down your computer if it fails to reach the update server. Or the UTM will stop processing internet traffic if it can't reach the Up2Date server... all for your protection....
Has anyone else run into this?
Did anyone else get these emails but continue to process e-mail just fine?
I used to hold Sophos in high regard, but this interaction has severly dimished my faith in them.
This thread was automatically locked due to age.
