This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAV Linux v 9 updates failing on all machines in multiple cloud sites

All of my Linux servers running Sophos AV for Linux version 9 suddenly stopped updating over memorial day weekend.

I have about 30 Linux VMs running in three different cloud environments; all were working fine until this issue.

I have uninstalled and reinstalled and they still will not update automatically. They fail and produce the alert:  Download of savupdate failed from server sdds:SOPHOS.

I ran /opt/sophos-av/bin/savupdate -v5 --debug and got the following output:

--------------------------------------------------------------------------------------------------------------------------------

2019-05-31 21:53:26,575 DEBUG savupdate.util.Logger: Logging to /opt/sophos-av/log/savupdate-debug.log
2019-05-31 21:53:27,402 INFO savupdate.util.Logger: Update to include '*' priority 10
Update to include '*' priority 10
2019-05-31 21:53:27,412 INFO savupdate.util.Logger: Update to exclude 'sav-*' priority 20
Update to exclude 'sav-*' priority 20
2019-05-31 21:53:27,421 INFO savupdate.util.Logger: Update to exclude 'sdf.xml' priority 20
Update to exclude 'sdf.xml' priority 20
2019-05-31 21:53:27,428 INFO savupdate.util.Logger: Update to include 'sav-linux/licence*' priority 30
Update to include 'sav-linux/licence*' priority 30
2019-05-31 21:53:27,428 INFO savupdate.util.Logger: Update to include 'sav-linux/manifest.dat' priority 30
Update to include 'sav-linux/manifest.dat' priority 30
2019-05-31 21:53:27,455 INFO savupdate.util.Logger: Update to include 'sav-linux/manifest.spec' priority 30
Update to include 'sav-linux/manifest.spec' priority 30
2019-05-31 21:53:27,470 INFO savupdate.util.Logger: Update to include 'sav-linux/cidsync.upd' priority 30
Update to include 'sav-linux/cidsync.upd' priority 30
2019-05-31 21:53:27,476 INFO savupdate.util.Logger: Update to include 'sav-linux/common/*' priority 30
Update to include 'sav-linux/common/*' priority 30
2019-05-31 21:53:27,476 INFO savupdate.util.Logger: Update to include 'sav-linux/x86/*' priority 30
Update to include 'sav-linux/x86/*' priority 30
2019-05-31 21:53:27,476 INFO savupdate.util.Logger: Update to include 'uncdownload/*' priority 20
Update to include 'uncdownload/*' priority 20
2019-05-31 21:53:27,515 INFO savupdate.util.Logger: Update to exclude 'talpa/*' priority 20
Update to exclude 'talpa/*' priority 20
2019-05-31 21:53:27,518 INFO savupdate.util.Logger: Update to include 'talpa/talpa-srcpack.tar.gz' priority 30
Update to include 'talpa/talpa-srcpack.tar.gz' priority 30
2019-05-31 21:53:27,518 INFO savupdate.util.Logger: Update to include 'talpa/manifest.dat' priority 30
Update to include 'talpa/manifest.dat' priority 30
2019-05-31 21:53:27,518 INFO savupdate.util.Logger: Update to include 'talpa/cidsync.upd' priority 30
Update to include 'talpa/cidsync.upd' priority 30
2019-05-31 21:53:27,551 INFO savupdate.util.Logger: Update to include 'talpa/copying' priority 30
Update to include 'talpa/copying' priority 30
2019-05-31 21:53:27,560 INFO savupdate.util.Logger: Update to include 'talpa/talpa-redhat/combined.tgz' priority 30
Update to include 'talpa/talpa-redhat/combined.tgz' priority 30
2019-05-31 21:53:27,573 INFO savupdate.util.Logger: Update to include 'talpa/talpa-redhat/talpa-binpack-redhat-x86_64-3.10.0-957.12.2.el7.x86_64-1smpfriapr19210907utc2019.tar.gz' priority 30
Update to include 'talpa/talpa-redhat/talpa-binpack-redhat-x86_64-3.10.0-957.12.2.el7.x86_64-1smpfriapr19210907utc2019.tar.gz' priority 30
2019-05-31 21:53:27,594 INFO savupdate.util.Logger: Update to include 'talpa/talpa-redhat/talpa-binpack-redhat-x86_64-3.10.0-957.12.2.el7.x86_64.tar.gz' priority 30
Update to include 'talpa/talpa-redhat/talpa-binpack-redhat-x86_64-3.10.0-957.12.2.el7.x86_64.tar.gz' priority 30
2019-05-31 21:53:27,613 INFO savupdate.util.Logger: Update to exclude 'sav-linux/x86/32/*' priority 40
Update to exclude 'sav-linux/x86/32/*' priority 40
2019-05-31 21:53:27,624 INFO savupdate.util.Logger: Update to exclude 'uncdownload/32/*' priority 40
Update to exclude 'uncdownload/32/*' priority 40
2019-05-31 21:53:27,636 DEBUG savupdate.Updater: Scheduled Update: Day=0, Time=21:00:00, supplementOnly=False
2019-05-31 21:53:27,642 DEBUG savupdate.sdds.SddsUpdater: Syncing both products and supplements because source changed: None vs. SOPHOS
2019-05-31 21:53:27,653 WARNING savupdate.util.Logger: SDDS_UPDATE_SOURCE_IS SOPHOS
SOPHOS source is either SOPHOS, or the warehouse update source address.
2019-05-31 21:53:27,666 INFO savupdate.sdds.SddsUpdater: Setting default Sophos Aliases
2019-05-31 21:53:27,678 DEBUG savupdate.util.Logger: This system is SAV10 capable
This system is SAV10 capable
2019-05-31 21:53:27,697 DEBUG savupdate.sdds.SddsUpdater: No update caches configured
2019-05-31 21:53:27,732 DEBUG savupdate.sdds.SddsUpdater: Updating using HTTPS
2019-05-31 21:53:27,868 DEBUG savupdate.util.Logger: settingsBaseVersion=10
settingsBaseVersion=10
2019-05-31 21:53:27,891 DEBUG savupdate.sdds.SddsUpdater: Adding update source: direct [HTTPS]
2019-05-31 21:53:28,756 INFO savupdate.sdds.SddsUpdater: Trying alternative proxies
2019-05-31 21:53:28,844 DEBUG savupdate.util.Logger: settingsBaseVersion=10
settingsBaseVersion=10
2019-05-31 21:53:28,853 DEBUG savupdate.util.Logger: read_remote_metadata failed: result=5
read_remote_metadata failed: result=5
2019-05-31 21:53:28,862 DEBUG savupdate.util.Logger: error_details: Failed to authenticate
error_details: Failed to authenticate
2019-05-31 21:53:28,871 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/.../
log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/.../
2019-05-31 21:53:28,882 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
log_entry: [I31036] No proxy was used.
2019-05-31 21:53:28,882 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
2019-05-31 21:53:28,882 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
log_entry: [I31036] No proxy was used.
2019-05-31 21:53:28,882 DEBUG savupdate.util.Logger: log_entry: [E75373] Ran out of sophos aliases for this update source
log_entry: [E75373] Ran out of sophos aliases for this update source
2019-05-31 21:53:28,926 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/.../
log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/.../
2019-05-31 21:53:28,942 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
log_entry: [I31036] No proxy was used.
2019-05-31 21:53:28,949 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
2019-05-31 21:53:28,962 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
log_entry: [I31036] No proxy was used.
2019-05-31 21:53:28,972 DEBUG savupdate.util.Logger: log_entry: [E75373] Ran out of sophos aliases for this update source
log_entry: [E75373] Ran out of sophos aliases for this update source
2019-05-31 21:53:28,985 DEBUG savupdate.util.Logger: log_entry: [E54187] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
log_entry: [E54187] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
2019-05-31 21:53:29,000 ERROR savupdate.Updater: BadAuthenticationError
Traceback (most recent call last):
File "Updater.py", line 179, in tryUpdate
File "Updater.py", line 147, in update
File "SddsUpdater.py", line 784, in update
File "SddsUpdater.py", line 934, in __update
File "SDDSResult.py", line 92, in throwOnError
BadHostCredentialsException: BadHostCredentialsException for sdds:SOPHOS
2019-05-31 21:53:29,013 DEBUG savupdate.util.Logger: BAD-PRIMARY-AUTHENTICATION sdds:SOPHOS
Failed to download 'sdds:SOPHOS': invalid authentication. Please check PrimaryUpdateUsername and PrimaryUpdatePassword.
2019-05-31 21:53:29,025 DEBUG savupdate.util.Logger: ALL_UPDATE_SOURCES_FAILED
Failed to replicate from all update sources
2019-05-31 21:53:29,037 DEBUG savupdate.Updater: Successfully reported update to savd

--------------------------------------------------------------------------------------------------------------------------------

I also found this on a Sophos web site which says: 

"The version of Sophos Anti-Virus for Linux you can use depends on your  management console.

Sophos Central managed computers  

For 64-bit Linux computers you use Sophos Anti-Virus for Linux version 10."

I can't find a version 10 download.

Any guidance would be appreciated!

Thanks



This thread was automatically locked due to age.
Parents
  • Hello Michael Wangerin,

    can't say if this is a special date. Failed to authenticate, BadAuthenticationError, and BadHostCredentialsException suggest an issue with the updating credentials. Did you explicitly configure them?

    Are your Linux machines indeed Sophos Central managed? For quite some time only v10 is available (with the exception of 32bit RHEL 6). And you'd find the installer under Server Protection. Where did you find the v9 and look for the v10 installer?

    Christian

Reply
  • Hello Michael Wangerin,

    can't say if this is a special date. Failed to authenticate, BadAuthenticationError, and BadHostCredentialsException suggest an issue with the updating credentials. Did you explicitly configure them?

    Are your Linux machines indeed Sophos Central managed? For quite some time only v10 is available (with the exception of 32bit RHEL 6). And you'd find the installer under Server Protection. Where did you find the v9 and look for the v10 installer?

    Christian

Children
  • Hello Christian and thanks for the response!

    Here is where I found the version 9 download using a Google search: https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx

    From there I clicked the Get Started link and filled out the form and then downloaded from the follwing page.

    I did not specify credentials and yes all of the machines were registered and managed from Sophos Central.

    I am using the free license for SAV Linux, and when I installed the product, I specified the free and not supported license when asked by the installer.

    I went to this link that you provided but don't find any download links there: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/DownloadsWorkstations.html?hl=linux ?

    Please let me know if I can use V10 as a free license and or what I can do to resolve my issue?

    Thanks

    MPW

  • Hello MPW,

    all of the machines were registered and managed from Sophos Central [...] don't find any download links there
    I referred to the Central Help that shows where on the Central Admin console you'd find the download links. Could you provide a screenshot where you see that the machines registered and from where you can manage them?
    Can't imagine that this is the case. The free version has AFAIK no management component, if you select free during install a set of credentials is fetched automatically and there's no way to link individual installations with a common account. Central-managed installations should upgrade to v10.
    Nevertheless, if you uninstall and again select free during a subsequent install it should fetch a new set of credentials that are supposed to work. /opt/sophos-av/bin/savsetup shows the configuration and the username in effect.

    Christian

  • Hello Christian

    Thanks for the assistance!

    Here is a screen shot of my Sophos Central:

    I uninstalled and reinstalled Sophos on every machine and still get update failures.

    Here is config from one of them:

    [root@dev ~]# /opt/sophos-av/bin/savsetup
    Welcome to Sophos Anti-Virus interactive configuration


    [1] Display update configuration

    Configure primary update source:
    [2] From Sophos
    [3] From own server

    Configure secondary update source:
    [4] From Sophos
    [5] From own server

    [q] Quit
    What do you want to do? [1]
    > 1

    Primary update source address = sophos:
    Primary update cache path = /opt/sophos-av/update/cache/Primary
    Primary update source username = VTZ3KTMDYH
    Primary update source password = ********
    Update period minute = 60

    Here is a screen shot of the same machine from Sophos Central:

     

    Thanks !

  • Hello MPW,

    this is ... weird. The free version isn't managed and Central isn't free. Can't say how they made it into Central - or what happens if you run the free installer if the Central version is already installed.

    I'm not using Central so I have no experience with the GUI but I'd expect the appropriate installers to be under Protect Devices.

    BTW - which
    ?

    Christian

  • Christian

    All of the trial licenses expired at the same time, but this did not coincide with the update failures beginning to occur.

  • Hello MPW,

    hm, three weeks grace period would be quite generous for a 30-day trial but who knows. Anyway I see neither an active license or one in use. Naturally updating fails if there's no license. And the Help says The installers you can see may depend on the license or licenses you have so it's no wonder you can't see any (even though it says may).

    Christian