This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Have IDE files changed since 1st Aug 2021?

Folks,

We run an old scanning kiosk on Ubuntu 14.04 using "Sophos Anti-Virus for Linux" (latest available from sophos.com)

    Product Version: 5.74.0

    Engine Version: 3.79.0

    Virus data version: 5.75

We feed it daily IDE updates, but since 1st Aug 2021 the command line scanner has reported "Not loaded" for new IDE files.  For example, the output from 'savscan -v' includes

Data file name        : /home/sophos/lib/sav/fare-lvu.ide

Data file type          : IDE

Data file date          : 31 July 2021, 05:44:32

Data file status       : Loaded

Data file name        : /home/sophos/lib/sav/form-arm.ide

Data file type          : IDE

Data file date          : 03 August 2021, 05:45:13

Data file status       : Not loaded

Note the times displayed appear to relate to the file creation time on our system rather than when Sophos release the file.

I have checked on our Windows systems which run completely up to date engines (5.86) and they can load 'form-arm.ide'.  I have checked-summed the IDE file on Linux and Windows and the value is the same, so I don't think it is a download issue.

Have IDEs changed in some way and my old Linux scanner can no longer load them?  Any insights appreciated.

Regards,

Gavin



This thread was automatically locked due to age.
Parents
  • Hello Gavin,

    an old scanning kiosk
    looks like, The engine is not the latest but this is likely not the problem. The virus data files (5.75) are from last year and there must be several hundred IDEs by now. Dunno if there's a limit on the number that will be loaded. Should be fairly easy to test whether it's this particular IDE, the number of IDEs, or all newer IDEs - shouldn't it?

    Christian

  • I get the error even if I just load the single IDE file 'form-arm.ide' or any of the the three new IDE files we downloaded today ('blad-ace', 'zbot-pmc' & 'tesla-oh.ide').  I can load any of the older IDE files successfully.  I would love to use a newer engine but Sophos don't provide one for Linux.

  • Hello Gavin,

    I see. I'm not aware that the IDEs have changed in a way that they won't get loaded by an older but not very old version. Wonder if it's related to the virus-data version, You could, BTW, instead of simply accumulating the IDEs "refresh" the SAV directory, copy the other files (.dat, .vdb, .xml) as well and remove obsolete IDEs.  

    As you mentioned a Windows installation - have you licensed the on-premise SESC or Central Intercept X?

    Christian

  • Christan,

    Thanks for replying.  We do indeed have a licensed SESC on-premise.  I think I'll try raising an incident with Sophos support to see what kind of response I get.

    I could consider the 'refresh' approach you outline above, the list of .vdb files on both systems (Linux/Windows) is comparable but the .dat files are very different (2 on Linux 13 on Windows).  However, to adopt this approach I would need to do some significant re-engineering on the auto-build system used to keep the kiosk up to date, and possibly on the kiosk itself.  I might try a one off to see if it works.

    So I'll wait to see if I get anything out of support before going down that route.

Reply
  • Christan,

    Thanks for replying.  We do indeed have a licensed SESC on-premise.  I think I'll try raising an incident with Sophos support to see what kind of response I get.

    I could consider the 'refresh' approach you outline above, the list of .vdb files on both systems (Linux/Windows) is comparable but the .dat files are very different (2 on Linux 13 on Windows).  However, to adopt this approach I would need to do some significant re-engineering on the auto-build system used to keep the kiosk up to date, and possibly on the kiosk itself.  I might try a one off to see if it works.

    So I'll wait to see if I get anything out of support before going down that route.

Children
  • Hello Gavin,

    raising an incident with Sophos support
    well, they might tell you that a) this isn't savscan's intended use and b) the OS is no longer supported.

    the 'refresh' approach
    most SESC licenses include SAV for Linux, part of its CID is the /sav/ IDE and .vdb directory.

    Christian

  • Hi

    It seems that the product version you're using is quite old (and most likely retired), as the latest Linux endpoint available for Enterprise Console is version 9.17 with threat detection engine 3.82.1. However, I'd like to take a look at the support ticket. Could you please provide me the ticket number?

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Yashraj,
    I have not been able to raise a ticket.  When I log on to the support portal with my credentials I get the following message:
    ==============
    Registration Request - Action Required
    Thank you for your registration request. Unfortunately, we are not able to process your request at this time without further information. Please contact the team to help get this resolved. In the meantime you can still access many of our self-service resources like the Sophos Community, product documentation, knowledge base, and Sophos Techvids.
    =============
    I have asked our commercial team to resolve this.
     
    I can use my credentials to log in to https://www.sophos.com/en-us/support/downloads.aspx and this is where I have been downloading the Linux product from.
    On the download page I have two entries for "Endpoint Protection Advanced".  If I expand 'Standalone installers' there is a link for "Endpoint and Server fir Linux".  If I click on either of these links it takes me to https://www.sophos.com/en-us/support/downloads/standalone-installers/anti-virus-for-linux.aspx.  On this page are the details for "Installer for Sophos Anti-Virus for Linux v9.16 (Live Protection, on-access scanning and management)" and a link to download the file 'sav-linux-9-i386.tgz'.
    If I install this on a Linux box I end up with
        Product version:              5.74.0
        Engine version:               3.79.0
        Virus data version:          5.75
        User interface version:    2.03.079
        Platform:                          Linux/AMD64
        Released:                        12 May 2020
    I have never seen 9.17.  Where do I get that from?
  • Hi ,

    In that case, you'll need to get this issue sorted out first. So, I'd suggest you call us on our support hotline and speak with our customer care representative to fix the support portal issue. Later on, you can create a support ticket.

    However, I'd like to inform you that the following are the supported distributions (latest minor point or LTS version) - 

    • Ubuntu 18 LTS
    • Ubuntu 20.04 LTS (with the release of version 9.17)

    You can find more information here.

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids