Hello
After recent update Sophos Free Linux don't accept more the configuration when I put in " UpdatePeriodMinutes " (#/opt/sophos-av/bin/savconfig UpdatePeriodMinutes 1440 ) 1440 minutes ( 24 hours ).
Now it update every 4 hours.
Any solution ?
Thanks
Hi Henrique,
Please allow me to check on this and update you.
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Hello Henrique RJ,
don't accept means you can set it but it is ignored? DouglasLeeder could tell whether the behaviour has indeed been changed.
BTW, just curious - what's your reason for choosing 24 hours?
Christian
QC said:Hello Henrique RJ,
don't accept means you can set it but it is ignored? DouglasLeeder could tell whether the behaviour has indeed been changed.
BTW, just curious - what's your reason for choosing 24 hours?Christian
Look
root@henrique-desktop:/home/henrique# /opt/sophos-av/bin/savconfig -v --all
Email: root@localhost
EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: localhost:25
EnableOnStart: true
ExclusionEncodings: UTF-8
EUC-JP
ISO-8859-1
LogMaxSizeMB: 100
NotifyOnUpdate: false
PrimaryUpdateSourcePath: sophos:
PrimaryUpdateUsername: FAVLeSED5Q5MM
PrimaryUpdatePassword: ********
UploadSamples: false
SendErrorEmail: true
SendThreatEmail: true
UINotifier: true
UIpopupNotification: true
UIttyNotification: true
UpdatePeriodMinutes: 1440
NamedScans Not configured
LiveProtection: enabled
ScanArchives: mixed
root@henrique-desktop:/home/henrique#
I prefere 24h because I have 2GB memory and the frequent update cause system slowlli ( it cause problem with preload ).
If I adjust for 60 minutes the Sophos accept but for 1440 minutes didn't accept.
OK ?
Hi,
As far as I know, we haven't changed anything related to update period recently.
Please could you add the recent savlog output, to show the updates happening more frequently?
Thanks,
Douglas.
DouglasLeeder said:Hi,
As far as I know, we haven't changed anything related to update period recently.
Please could you add the recent savlog output, to show the updates happening more frequently?
Thanks,
Douglas.
Look syslog ( /var/log/syslog ):
Jun 21 19:03:22 henrique-desktop savd: update.updated: Updating from versions - SAV: 9.14.2, Engine: 3.70.2, Data: 5.52
Jun 21 19:03:22 henrique-desktop savd: update.updated: Updating Sophos Anti-Virus....#012Updating Command-line programs#012Updating Talpa Binary Packs#012Updating SAVScan on-demand scanner#012Updating sav-protect startup script#012Updating sav-rms startup script#012Updating Sophos Anti-Virus Daemon#012Updating Remote Management Daemon#012Updating Manifest#012Selecting appropriate kernel support...#012Update completed.
Jun 21 19:03:22 henrique-desktop savd: update.updated: Updated to versions - SAV: 9.15.0, Engine: 3.72.1, Data: 5.52
Jun 21 19:03:22 henrique-desktop savd: update.updated: Successfully updated Sophos Anti-Virus from sdds:SOPHOS
That's from syslog, not savlog, and only shows one update.
After an upgrade like that I'd expect one update after 5-10 minutes, then it should wait the UpdatePeriod before doing another update check.
DouglasLeeder said:That's from syslog, not savlog, and only shows one update.
After an upgrade like that I'd expect one update after 5-10 minutes, then it should wait the UpdatePeriod before doing another update check.
savlogd ( /opt/sophos-av/bin/log )
DouglasLeeder said:That's from syslog, not savlog, and only shows one update.
After an upgrade like that I'd expect one update after 5-10 minutes, then it should wait the UpdatePeriod before doing another update check.
savlogd ( /opt/sophos-av/bin/log )
Sorry, I thought you would know how to view savlog:
/opt/sophos-av/bin/savlog --category=update -100
DouglasLeeder said:Sorry, I thought you would know how to view savlog:
/opt/sophos-av/bin/savlog --category=update -100
Looking at the other log I see that savd is being restarted very frequently, so this may be related to your issues.
In SAV: UpdatePeriodMinutes is relative to the start of savd.
In 9.14:
In 9.15:
This was a deliberate change to support temporary machines and new installs, which weren't getting updates quickly enough.
I suspect this might explain some of what you are seeing, since I was in the other log you gave me that savd is being restarted very frequently.
DouglasLeeder said:Looking at the other log I see that savd is being restarted very frequently, so this may be related to your issues.
In SAV: UpdatePeriodMinutes is relative to the start of savd.
In 9.14:
- The first update (check) happened UpdatePeriodMinutes after savd starts.
- savupdate restricts Sophos updates to no more than once per hour.
In 9.15:
- The first update (check) happens 5-10 minutes after savd starts.
- Subsequent update (checks) happen UpdatePeriodMinutes after the previous update.
- savupdate doesn't restrict Sophos updates.
This was a deliberate change to support temporary machines and new installs, which weren't getting updates quickly enough.
I suspect this might explain some of what you are seeing, since I was in the other log you gave me that savd is being restarted very frequently.
confuse ...
This problem begining after version update ( 9.14 to 9.15 in 21th the current month ).
This the fact !!!
I has solved it.
I adjusted for 60 minutes and reboot da system.
Then I aguard the Sophos update normaly including 60 minutes after.
Right after adjust for 1440 minutes ( 24h ) and now it work perfectely.
It was probably some bug
Thank you all !!!
The problem return after reboot !!!
Hello
I am not satisfied with this every hour update, so I changed also
/opt/sophos-av/bin/savconfig query UpdatePeriodMinutes
1440
Here is how I managed
Modify the script /opt/sophos-av/engine/.sav-update.systemd.start.sh
Last line is now
exec "$SAVUPDATE" >>"$SAV_UPDATE_LOG" 2>&1 </dev/null || true
Modify the /lib/systemd/system/sav-update.service
# Copyright 2004-2017 Sophos Limited.
# All rights reserved.[Service]
Type=oneshot
ExecStartPre=/opt/sophos-av/engine/.sav-update.systemd.prestart.sh
ExecStart=/opt/sophos-av/engine/.sav-update.systemd.start.sh
ExecStartPost=-/opt/sophos-av/engine/.sav-update.systemd.poststart.sh
ExecStop=/opt/sophos-av/engine/.sav-update.systemd.stop.sh
TimeoutStartSec=0
TimeoutStopSec=60
Restart=no[Install]
WantedBy=multi-user.target[Unit]
Description="Sophos Anti-Virus update"
# author "Sophos Limited, Oxford, England, http://www.sophos.com"
RequiresMountsFor="/opt/sophos-av"
Documentation=man:sav-update
# Attendre le démarrge de protect-service
After=sav-protect.service# SfL-Upstart-Job-Class: boot
```
Enable it
systemctl enable sav-update.service
That way I have only one update after boot
systemctl status sav-update
● sav-update.service - "Sophos Anti-Virus update"
Loaded: loaded (/lib/systemd/system/sav-update.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2018-06-27 16:16:26 CEST; 1h 8min ago
Docs: man:sav-update
Process: 3885 ExecStop=/opt/sophos-av/engine/.sav-update.systemd.stop.sh (code=exited, status=0/SUCCESS)
Process: 3884 ExecStartPost=/opt/sophos-av/engine/.sav-update.systemd.poststart.sh (code=exited, status=0/SUCCESS)
Process: 3788 ExecStart=/opt/sophos-av/engine/.sav-update.systemd.start.sh (code=exited, status=0/SUCCESS)
Process: 3786 ExecStartPre=/opt/sophos-av/engine/.sav-update.systemd.prestart.sh (code=exited, status=0/SUCCESS)
Main PID: 3788 (code=exited, status=0/SUCCESS)juin 27 16:15:13 debian systemd[1]: Starting "Sophos Anti-Virus update"...
juin 27 16:16:26 debian systemd[1]: Started "Sophos Anti-Virus update".
systemctl status sav-protect
● sav-protect.service - "Sophos Anti-Virus daemon"
Loaded: loaded (/lib/systemd/system/sav-protect.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-06-27 16:10:40 CEST; 1h 14min ago
Docs: man:sav-protect
Process: 3036 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.sh (code=exited, status=0/SUCCESS)
Process: 2954 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
Main PID: 3035 (savd)
Tasks: 23 (limit: 4299)
Memory: 787.2M
CGroup: /system.slice/sav-protect.service
├─3035 savd etc/savd.cfg
├─3880 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.1 --ondemandcontrol
└─3893 savscand --incident=unix://tmp/incident socketpair://49/56 --threads=2juin 27 16:09:57 debian systemd[1]: Starting "Sophos Anti-Virus daemon"...
juin 27 16:10:11 debian savd[3035]: savd.daemon: SAVD-STARTED
juin 27 16:10:37 debian savd[3035]: savd.daemon: ONACCESS-ENABLED talpa
juin 27 16:10:40 debian systemd[1]: Started "Sophos Anti-Virus daemon".
juin 27 16:12:18 debian savd[3035]: savscand.control.log: EXTRA-SCANNER-STARTED
juin 27 16:12:24 debian savd[3035]: savscand.control.log: EXTRA-SCANNER-STOPPED
juin 27 16:16:26 debian savd[3035]: update.updated: UPDATING_FROM_VERSION 9.15.0 3.72.1 5.52
juin 27 16:16:26 debian savd[3035]: update.updated: Updating Sophos Anti-Virus....
Updating SAVScan on-demand scanner
Updating Virus Engine and Data
Updating Manifest
Update completed.
juin 27 16:16:26 debian savd[3035]: update.updated: UPDATED_TO_VERSION 9.15.0 3.72.1 5.52
juin 27 16:16:26 debian savd[3035]: update.updated: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS
Hi grand toubab
Exists some solution that I configure for not update after boot ?
Now it update every boot and respect configuration of 1440 minutes ( 24h ).
Terefore, the proccess loaded at boot for preload are afected.
Thanks very much.
savupdate will run during sav-protect start up script if:
savupdate will run 5-10 minutes after savd starts up, unless updating is disabled.
DouglasLeeder said:savupdate will run during sav-protect start up script if:
- On-Access is enabled
- Talpa is an enabled on-access method
- SAV doesn't have a Talpa Binary Pack available
savupdate will run 5-10 minutes after savd starts up, unless updating is disabled.
But how disable update after 5-10 minutes boot system without deactivat on-access ?
