This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Linux don't accept the configuration " UpdatePeriodMinutes "

Hello


After recent update Sophos Free Linux don't accept more the configuration when I put in " UpdatePeriodMinutes " (#/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 1440 ) 1440 minutes ( 24 hours ).

Now it update every 4 hours.


Any solution ?


Thanks



This thread was automatically locked due to age.
Parents
  • Hi Henrique,

    Please allow me to check on this and update you.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hello Henrique RJ,

    don't accept means you can set it but it is ignored? could tell whether the behaviour has indeed been changed.
    BTW, just curious - what's your reason for choosing 24 hours?

    Christian

  • QC said:

    Hello Henrique RJ,

    don't accept means you can set it but it is ignored? could tell whether the behaviour has indeed been changed.
    BTW, just curious - what's your reason for choosing 24 hours?

    Christian

     

     

    Look

    root@henrique-desktop:/home/henrique# /opt/sophos-av/bin/savconfig -v --all
    Email: root@localhost
    EmailDemandSummaryIfThreat: true
    EmailLanguage: English
    EmailNotifier: true
    EmailServer: localhost:25
    EnableOnStart: true
    ExclusionEncodings: UTF-8
    EUC-JP
    ISO-8859-1
    LogMaxSizeMB: 100
    NotifyOnUpdate: false
    PrimaryUpdateSourcePath: sophos:
    PrimaryUpdateUsername: FAVLeSED5Q5MM
    PrimaryUpdatePassword: ********
    UploadSamples: false
    SendErrorEmail: true
    SendThreatEmail: true
    UINotifier: true
    UIpopupNotification: true
    UIttyNotification: true
    UpdatePeriodMinutes: 1440
    NamedScans Not configured
    LiveProtection: enabled
    ScanArchives: mixed
    root@henrique-desktop:/home/henrique#

     

    I prefere 24h because I have 2GB memory and the frequent update cause system slowlli ( it cause problem with preload ).

     

    If I adjust for 60 minutes the Sophos accept but for 1440 minutes didn't accept.

     

    OK ?

  • Hi,

     

    As far as I know, we haven't changed anything related to update period recently.

    Please could you add the recent savlog output, to show the updates happening more frequently?

    Thanks,

    Douglas.

  • DouglasLeeder said:

    Hi,

     

    As far as I know, we haven't changed anything related to update period recently.

    Please could you add the recent savlog output, to show the updates happening more frequently?

    Thanks,

    Douglas.

     

     

    Look syslog ( /var/log/syslog ):

    Jun 21 19:03:22 henrique-desktop savd: update.updated: Updating from versions - SAV: 9.14.2, Engine: 3.70.2, Data: 5.52
    Jun 21 19:03:22 henrique-desktop savd: update.updated: Updating Sophos Anti-Virus....#012Updating Command-line programs#012Updating Talpa Binary Packs#012Updating SAVScan on-demand scanner#012Updating sav-protect startup script#012Updating sav-rms startup script#012Updating Sophos Anti-Virus Daemon#012Updating Remote Management Daemon#012Updating Manifest#012Selecting appropriate kernel support...#012Update completed.
    Jun 21 19:03:22 henrique-desktop savd: update.updated: Updated to versions - SAV: 9.15.0, Engine: 3.72.1, Data: 5.52
    Jun 21 19:03:22 henrique-desktop savd: update.updated: Successfully updated Sophos Anti-Virus from sdds:SOPHOS

  • That's from syslog, not savlog, and only shows one update.

    After an upgrade like that I'd expect one update after 5-10 minutes, then it should wait the UpdatePeriod before doing another update check.

  • DouglasLeeder said:

    That's from syslog, not savlog, and only shows one update.

    After an upgrade like that I'd expect one update after 5-10 minutes, then it should wait the UpdatePeriod before doing another update check.

     

     

    savlogd ( /opt/sophos-av/bin/log )

    nofile.io/.../savlogd

Reply Children
  • Sorry, I thought you would know how to view savlog:

     

    /opt/sophos-av/bin/savlog --category=update -100 

  • DouglasLeeder said:

    Sorry, I thought you would know how to view savlog:

     

    /opt/sophos-av/bin/savlog --category=update -100 

     

     

    nofile.io/.../savlog

  • Looking at the other log I see that savd is being restarted very frequently, so this may be related to your issues.

    In SAV: UpdatePeriodMinutes is relative to the start of savd.

    In 9.14:

    • The first update (check) happened UpdatePeriodMinutes after savd starts.
    • savupdate restricts Sophos updates to no more than once per hour.

    In 9.15:

    • The first update (check) happens 5-10 minutes after savd starts.
    • Subsequent update (checks) happen UpdatePeriodMinutes after the previous update.
    • savupdate doesn't restrict Sophos updates.

     

    This was a deliberate change to support temporary machines and new installs, which weren't getting updates quickly enough.

     

    I suspect this might explain some of what you are seeing, since I was in the other log you gave me that savd is being restarted very frequently.

     

  • DouglasLeeder said:

    Looking at the other log I see that savd is being restarted very frequently, so this may be related to your issues.

    In SAV: UpdatePeriodMinutes is relative to the start of savd.

    In 9.14:

    • The first update (check) happened UpdatePeriodMinutes after savd starts.
    • savupdate restricts Sophos updates to no more than once per hour.

    In 9.15:

    • The first update (check) happens 5-10 minutes after savd starts.
    • Subsequent update (checks) happen UpdatePeriodMinutes after the previous update.
    • savupdate doesn't restrict Sophos updates.

     

    This was a deliberate change to support temporary machines and new installs, which weren't getting updates quickly enough.

     

    I suspect this might explain some of what you are seeing, since I was in the other log you gave me that savd is being restarted very frequently.

     

     

     

    confuse ...

     

    This problem begining after version update ( 9.14 to 9.15 in 21th the current month ).

     

    This the fact !!!

  • I has solved it.

    I adjusted for 60 minutes and reboot da system.

    Then I aguard the Sophos update normaly including 60 minutes after.

    Right after adjust for 1440 minutes ( 24h ) and now it work perfectely.

    It was probably some bug

     

    Thank you all !!!

  • The problem return after reboot !!!

     

  • Hello

    I am not satisfied with this every hour update,  so I changed also

     

    /opt/sophos-av/bin/savconfig query UpdatePeriodMinutes
    1440

     

    Here is how I managed

    Modify the script /opt/sophos-av/engine/.sav-update.systemd.start.sh

    Last line is now

     

    exec "$SAVUPDATE" >>"$SAV_UPDATE_LOG" 2>&1 </dev/null || true

     

    Modify the /lib/systemd/system/sav-update.service

     

    # Copyright 2004-2017 Sophos Limited.
    # All rights reserved.

    [Service]
    Type=oneshot
    ExecStartPre=/opt/sophos-av/engine/.sav-update.systemd.prestart.sh
    ExecStart=/opt/sophos-av/engine/.sav-update.systemd.start.sh
    ExecStartPost=-/opt/sophos-av/engine/.sav-update.systemd.poststart.sh
    ExecStop=/opt/sophos-av/engine/.sav-update.systemd.stop.sh
    TimeoutStartSec=0
    TimeoutStopSec=60
    Restart=no

    [Install]
    WantedBy=multi-user.target

    [Unit]
    Description="Sophos Anti-Virus update"
    # author "Sophos Limited, Oxford, England, http://www.sophos.com"
    RequiresMountsFor="/opt/sophos-av"
    Documentation=man:sav-update
    # Attendre le démarrge de protect-service
    After=sav-protect.service

    # SfL-Upstart-Job-Class: boot

    ```

    Enable it

     

    systemctl enable sav-update.service

     

    That way I have only one update after boot

     

    systemctl status sav-update
    ● sav-update.service - "Sophos Anti-Virus update"
    Loaded: loaded (/lib/systemd/system/sav-update.service; enabled; vendor preset: enabled)
    Active: inactive (dead) since Wed 2018-06-27 16:16:26 CEST; 1h 8min ago
    Docs: man:sav-update
    Process: 3885 ExecStop=/opt/sophos-av/engine/.sav-update.systemd.stop.sh (code=exited, status=0/SUCCESS)
    Process: 3884 ExecStartPost=/opt/sophos-av/engine/.sav-update.systemd.poststart.sh (code=exited, status=0/SUCCESS)
    Process: 3788 ExecStart=/opt/sophos-av/engine/.sav-update.systemd.start.sh (code=exited, status=0/SUCCESS)
    Process: 3786 ExecStartPre=/opt/sophos-av/engine/.sav-update.systemd.prestart.sh (code=exited, status=0/SUCCESS)
    Main PID: 3788 (code=exited, status=0/SUCCESS)

    juin 27 16:15:13 debian systemd[1]: Starting "Sophos Anti-Virus update"...
    juin 27 16:16:26 debian systemd[1]: Started "Sophos Anti-Virus update".

     

    systemctl status sav-protect
    ● sav-protect.service - "Sophos Anti-Virus daemon"
    Loaded: loaded (/lib/systemd/system/sav-protect.service; enabled; vendor preset: enabled)
    Active: active (running) since Wed 2018-06-27 16:10:40 CEST; 1h 14min ago
    Docs: man:sav-protect
    Process: 3036 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.sh (code=exited, status=0/SUCCESS)
    Process: 2954 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
    Main PID: 3035 (savd)
    Tasks: 23 (limit: 4299)
    Memory: 787.2M
    CGroup: /system.slice/sav-protect.service
    ├─3035 savd etc/savd.cfg
    ├─3880 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.1 --ondemandcontrol
    └─3893 savscand --incident=unix://tmp/incident socketpair://49/56 --threads=2

    juin 27 16:09:57 debian systemd[1]: Starting "Sophos Anti-Virus daemon"...
    juin 27 16:10:11 debian savd[3035]: savd.daemon: SAVD-STARTED
    juin 27 16:10:37 debian savd[3035]: savd.daemon: ONACCESS-ENABLED talpa
    juin 27 16:10:40 debian systemd[1]: Started "Sophos Anti-Virus daemon".
    juin 27 16:12:18 debian savd[3035]: savscand.control.log: EXTRA-SCANNER-STARTED
    juin 27 16:12:24 debian savd[3035]: savscand.control.log: EXTRA-SCANNER-STOPPED
    juin 27 16:16:26 debian savd[3035]: update.updated: UPDATING_FROM_VERSION 9.15.0 3.72.1 5.52
    juin 27 16:16:26 debian savd[3035]: update.updated: Updating Sophos Anti-Virus....
    Updating SAVScan on-demand scanner
    Updating Virus Engine and Data
    Updating Manifest
    Update completed.
    juin 27 16:16:26 debian savd[3035]: update.updated: UPDATED_TO_VERSION 9.15.0 3.72.1 5.52
    juin 27 16:16:26 debian savd[3035]: update.updated: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS

     

     

  • Hi  

     

    Exists some solution that I configure for not update after boot ?

    Now it update every boot and respect configuration of 1440 minutes ( 24h ).

    Terefore, the proccess loaded at boot for preload are afected.

     

    Thanks very much.

  • savupdate will run during sav-protect start up script if:

    1. On-Access is enabled
    2. Talpa is an enabled on-access method
    3. SAV doesn't have a Talpa Binary Pack available

    savupdate will run 5-10 minutes after savd starts up, unless updating is disabled.

     

  • DouglasLeeder said:

    savupdate will run during sav-protect start up script if:

    1. On-Access is enabled
    2. Talpa is an enabled on-access method
    3. SAV doesn't have a Talpa Binary Pack available

    savupdate will run 5-10 minutes after savd starts up, unless updating is disabled.

     

     

    But how disable update after 5-10 minutes boot system without deactivat on-access ?