This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAV for Linux Outbound Ports Required

Hi,

I would like to check which are the ports that the sophos AV is using for the update.

Been receiving error message as such:

SSL error.

Failed to replicate from all update sources

I have already open port TCP 443 and 80 , 8192 - 8194

Thanks :)



This thread was automatically locked due to age.
Parents
  • For more information. This is the error logs

    2020-10-05 22:43:53,342 DEBUG savupdate.util.Logger: This system is SAV10 capable
    2020-10-05 22:43:53,342 DEBUG savupdate.sdds.SddsUpdater: No update caches configured
    2020-10-05 22:43:53,342 DEBUG savupdate.sdds.SddsUpdater: Updating using HTTPS
    2020-10-05 22:43:53,409 DEBUG savupdate.sdds.SddsUpdater: Adding update source: direct [HTTPS]
    2020-10-05 22:43:53,775 INFO savupdate.sdds.SddsUpdater: Trying alternative proxies
    2020-10-05 22:43:53,786 INFO savupdate.sdds.SddsUpdater: Trying HTTP instead
    2020-10-05 22:43:53,797 DEBUG savupdate.sdds.SddsUpdater: Adding update source: direct [HTTP]
    2020-10-05 22:43:53,845 INFO savupdate.sdds.SddsUpdater: Trying HTTP over alternative proxies
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: read_remote_metadata failed: result=4
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: error_details: Out of sources
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E26245] SSL connection errors for dci.sophosupd.com/.../774de35825b1fcf0a9c28adf75a24333.dat: SSL certificate problem: self signed certificate in certificate chain (60) verifyResult=19
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [I20317] No proxy was used.
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E26245] SSL connection errors for dci.sophosupd.net/.../774de35825b1fcf0a9c28adf75a24333.dat: SSL certificate problem: self signed certificate in certificate chain (60) verifyResult=19
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [I20317] No proxy was used.
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E75373] Ran out of sophos aliases for this update source
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E35369] Out of update sources
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E26245] SSL connection errors for dci.sophosupd.com/.../774de35825b1fcf0a9c28adf75a24333.dat: SSL certificate problem: self signed certificate in certificate chain (60) verifyResult=19
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [I20317] No proxy was used.
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E26245] SSL connection errors for dci.sophosupd.net/.../774de35825b1fcf0a9c28adf75a24333.dat: SSL certificate problem: self signed certificate in certificate chain (60) verifyResult=19
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [I20317] No proxy was used.
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E75373] Ran out of sophos aliases for this update source
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: log_entry: [E35369] Out of update sources
    2020-10-05 22:43:53,856 DEBUG savupdate.util.Logger: error_details: Failed to authenticate
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/.../
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E75373] Ran out of sophos aliases for this update source
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.com/.../
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E19127] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [I31036] No proxy was used.
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E75373] Ran out of sophos aliases for this update source
    2020-10-05 22:43:53,857 DEBUG savupdate.util.Logger: log_entry: [E54187] Couldn't find DCI for user. URL was: dci.sophosupd.net/.../
    2020-10-05 22:43:53,858 ERROR savupdate.sdds.SDDSResult: Failed to download dci.sophosupd.com/.../774de35825b1fcf0a9c28adf75a24333.dat
    2020-10-05 22:43:53,858 ERROR savupdate.Updater: Error connecting to HTTPS source
    Traceback (most recent call last):
    File "Updater.py", line 179, in tryUpdate
    File "Updater.py", line 147, in update
    File "SddsUpdater.py", line 784, in update
    File "SddsUpdater.py", line 934, in __update
    File "SDDSResult.py", line 118, in throwOnError
    SDDSsslException: SDDSsslException for read_remote_metadata failed: SSL connection errors for dci.sophosupd.com/.../774de35825b1fcf0a9c28adf75a24333.dat: SSL certificate problem: self signed certificate in certificate chain (60) verifyResult=19
    2020-10-05 22:43:53,858 DEBUG savupdate.util.Logger: UPDATE_FAILURE_SSL_ERROR dci.sophosupd.com/.../774de35825b1fcf0a9c28adf75a24333.dat
    2020-10-05 22:43:53,858 DEBUG savupdate.util.Logger: ALL_UPDATE_SOURCES_FAILED
    2020-10-05 22:43:53,866 DEBUG savupdate.Updater: Successfully reported update to savd
    2020-10-06 04:43:52,602 DEBUG savupdate.util.Logger: Logging to /opt/sophos-av/log/savupdate-debug.log
    2020-10-06 04:43:53,270 DEBUG savupdate.Updater: Scheduled Update: Day=None, Time=None, supplementOnly=False

  • Hello Ng ZhiYun,

    this is indeed the Free version? Ports 8192-8194 are only required for the on-premise (SEC) managed install. As it tries to update over HTTPS I'd say this is the Intercept X (aka Central) version 10.

    How did you initially install? Has it worked and then suddenly stopped throwing these errors or did the updates fail from the beginning? I might be wrong but  it looks like  there's some gateway device (firewall) between this machine and Sophos that attempts SSL inspection.

    Christian 

  • Yes this is the free version that we install on a linux VM.

    I tried opening the TCP ports for 8192-8194 too but is still receiving the same error.

    Yup it is working previously when i allow all outbound traffic however i would like to restrict the traffic and only allow specific ports if able.

    The traffic is control using a security list as the VM is hosted on cloud

  • Hello Ng ZhiYun,

    as said,, ports 8192-8194 are strictly for management and have nothing to do with updating.

    Taking a second ans closer look at the log - the SSL error is perhaps a red herring. The HTTPS connection fails because of the certificate error but it seems the HTTP connection succeeds but throws a Failed to authenticate error. This suggests a problem with the updating credentials not the ports opened..
    Might be worth checking whether updating again works if you allow all traffic.

    Christian 

  • Hi,

    Thanks for helping.

    Yup. I tried and tested allowing all traffic and it is able to update again with no error.

    I have also verify that the server is able to reach the internet with 200 response.

  • Hello Ng ZhiYun,

    hm, could you show the debug log (like the one above) from the successful update?

    Christian

  • Hi,

    Yup sure.

    This is the successful logs:

    2020-10-06 16:43:52,617 DEBUG savupdate.util.Logger: Logging to /opt/sophos-av/log/savupdate-debug.log
    2020-10-06 16:43:53,284 DEBUG savupdate.Updater: Scheduled Update: Day=None, Time=None, supplementOnly=False
    2020-10-06 16:43:53,285 WARNING savupdate.util.Logger: SDDS_UPDATE_SOURCE_IS SOPHOS
    2020-10-06 16:43:53,286 INFO savupdate.sdds.SddsUpdater: Setting default Sophos Aliases
    2020-10-06 16:43:53,294 DEBUG savupdate.util.Logger: This system is SAV10 capable
    2020-10-06 16:43:53,294 DEBUG savupdate.sdds.SddsUpdater: No update caches configured
    2020-10-06 16:43:53,294 DEBUG savupdate.sdds.SddsUpdater: Updating using HTTPS
    2020-10-06 16:43:53,318 DEBUG savupdate.sdds.SddsUpdater: Adding update source: direct [HTTPS]
    2020-10-06 16:43:53,744 DEBUG savupdate.util.Logger: Other Product line=D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD (we want 5CF594B0-9FED-4212-BA91-A4077CB1D1F3), version (3, 79, 0, 137)
    2020-10-06 16:43:53,744 DEBUG savupdate.util.Logger: Other Product line=16847572-641A-4310-94FB-7530471C2A25 (we want 5CF594B0-9FED-4212-BA91-A4077CB1D1F3), version (3, 79, 0, 137)
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Other Product line=1CD8A803-6047-47BC-8CBE-2D4AEB37BEE2 (we want 5CF594B0-9FED-4212-BA91-A4077CB1D1F3), version (9, 16, 2, 0, 41)
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Our product line=5CF594B0-9FED-4212-BA91-A4077CB1D1F3, version (9, 16, 2, 3790, 219)
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Selecting package using recommended policy
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Following SddsConfigTagPolicy baseversion=9
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Warehouse contains 4 products
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Warehouse contains 1 products matching our uuid
    2020-10-06 16:43:53,745 DEBUG savupdate.util.Logger: Warehouse contains 1 products matching tag=RECOMMENDED
    2020-10-06 16:43:53,745 DEBUG savupdate.sdds.SddsUpdater: Only one product matching tag, so using version (9, 'RECOMMENDED', '822CDC34-081F-4D57-9106-D124C0DC2D46', '9')
    2020-10-06 16:43:53,746 DEBUG savupdate.util.Logger: SDDS synchronise products and supplements
    2020-10-06 16:43:55,925 DEBUG savupdate.util.Logger: SDDS synchronise result=0
    2020-10-06 16:43:56,071 DEBUG savupdate.util.Logger: SDDS distribute result=0
    2020-10-06 16:43:56,071 DEBUG savupdate.util.Logger: SDDS get_distribution_status=0
    2020-10-06 16:44:02,751 DEBUG savupdate.util.Logger: log_entry: [I40394] Successfully downloaded customer file
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I96736] Looking for package 5CF594B0-9FED-4212-BA91-A4077CB1D1F3 9.16.2.3790.219
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I49502] Found supplement VDL LATEST
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I45378] Found included product 1CD8A803-6047-47BC-8CBE-2D4AEB37BEE2 9.16.2.0.41
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I45378] Found included product D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD 3.79.0.137
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I45378] Found included product 16847572-641A-4310-94FB-7530471C2A25 3.79.0.137
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I49502] Found supplement IDE579 LATEST
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I49502] Found supplement TBPS1.25 LATEST 1
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I49502] Found supplement IDE580 LATEST
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I49502] Found supplement IDE581 LATEST
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product 5CF594B0-9FED-4212-BA91-A4077CB1D1F3 328
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product VDL 107
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product 1CD8A803-6047-47BC-8CBE-2D4AEB37BEE2 90
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product D9BB257D-ADE6-47C9-B09E-1ACB33A88EDD 34
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product 16847572-641A-4310-94FB-7530471C2A25 27
    2020-10-06 16:44:02,752 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product IDE579 154
    2020-10-06 16:44:02,753 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product TBPS1.25 68
    2020-10-06 16:44:02,753 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product IDE580 52
    2020-10-06 16:44:02,753 DEBUG savupdate.util.Logger: log_entry: [I19463] Syncing product IDE581 1
    2020-10-06 16:44:02,755 DEBUG savupdate.util.Logger: UPDATING_FROM_VERSION 9.16.2 3.79.0 5.78
    2020-10-06 16:44:02,755 INFO savupdate.util.Logger: MSG_COMPOUNDSINK_VALIDATE_START /opt/sophos-av/update/cache/Primary
    2020-10-06 16:44:03,331 INFO savupdate.util.Logger: MSG_COMPOUNDSINK_VALIDATE_OK /opt/sophos-av/update/cache/Primary
    2020-10-06 16:44:03,331 INFO savupdate.util.Logger: RUNNING_INSTALLER /opt/sophos-av/update/cache/Primary
    2020-10-06 16:44:11,898 DEBUG savupdate.util.Logger: UPDATED_TO_VERSION 9.16.2 3.79.0 5.78
    2020-10-06 16:44:11,898 DEBUG savupdate.util.Logger: SUCCESSFULLY_UPDATED_FROM sdds:SOPHOS
    2020-10-06 16:44:11,916 DEBUG savupdate.Updater: Successfully reported update to savd

  • Also, this is a successful notification when completed

    Updating from versions - SAV: 9.16.2, Engine: 3.79.0, Data: 5.78 Updating Sophos Anti-Virus....

    Updating SAVScan on-demand scanner

    Updating Virus Engine and Data

    Updating Manifest

    Update completed.

    Updated to versions - SAV: 9.16.2, Engine: 3.79.0, Data: 5.78 Successfully updated Sophos Anti-Virus from sdds:SOPHOS

    This is the notification when there is error:

    SSL error.

    Failed to replicate from all update sources

Reply
  • Also, this is a successful notification when completed

    Updating from versions - SAV: 9.16.2, Engine: 3.79.0, Data: 5.78 Updating Sophos Anti-Virus....

    Updating SAVScan on-demand scanner

    Updating Virus Engine and Data

    Updating Manifest

    Update completed.

    Updated to versions - SAV: 9.16.2, Engine: 3.79.0, Data: 5.78 Successfully updated Sophos Anti-Virus from sdds:SOPHOS

    This is the notification when there is error:

    SSL error.

    Failed to replicate from all update sources

Children
No Data