Applies to the following Sophos product(s) and version(s)
The issue is observed when the Sophos AV is unable to scan websites/E-Mails and the default action is DROP. This also Impacts Email, Web and WAF including Sandstorm.
This issue has been resolved in a new VDB update. Please follow the steps mentioned below to update to the latest VDB.
The pattern search is performed automatically every 2 hours. However, this can also be triggered manually via the web interface (which is recommended in this case). A manual update can be done here: System | Backup & firmware | Pattern updates -> Update pattern now After the update, make sure that version 1.0.14460 or higher is displayed under Sophos AV. Version 1.0.14460 should fix the issue in most cases as this is an incremental update. If not please perform an update to the full version 1.0.14460. A successful update in u2d.log: Sat Aug 10 22:33:02 2019 New updated patterns are now at /content/savi_1.00/1.0.14460 Sat Aug 10 22:33:15 2019 Updated signature db for savi, version = 1.0.14460. Sat Aug 10 22:33:15 2019 Deleted pattern for module savi, version = 1.0.0 at . Afterwards the error entries in avd.log are gone: 2019-08-10 22:52:06 :[INFO] 10 sophos__scanfile: Scanning file /tmp/0x1g7ODpv (context=HTTP) ... 2019-08-10 22:52:06 :[INFO] 10 sophos__scanfile: File /tmp/0x1g7ODpv scanned okay
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.