This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Have IDE files changed since 1st Aug 2021?

Folks,

We run an old scanning kiosk on Ubuntu 14.04 using "Sophos Anti-Virus for Linux" (latest available from sophos.com)

    Product Version: 5.74.0

    Engine Version: 3.79.0

    Virus data version: 5.75

We feed it daily IDE updates, but since 1st Aug 2021 the command line scanner has reported "Not loaded" for new IDE files.  For example, the output from 'savscan -v' includes

Data file name        : /home/sophos/lib/sav/fare-lvu.ide

Data file type          : IDE

Data file date          : 31 July 2021, 05:44:32

Data file status       : Loaded

Data file name        : /home/sophos/lib/sav/form-arm.ide

Data file type          : IDE

Data file date          : 03 August 2021, 05:45:13

Data file status       : Not loaded

Note the times displayed appear to relate to the file creation time on our system rather than when Sophos release the file.

I have checked on our Windows systems which run completely up to date engines (5.86) and they can load 'form-arm.ide'.  I have checked-summed the IDE file on Linux and Windows and the value is the same, so I don't think it is a download issue.

Have IDEs changed in some way and my old Linux scanner can no longer load them?  Any insights appreciated.

Regards,

Gavin



This thread was automatically locked due to age.
Parents
  • Hello Gavin,

    an old scanning kiosk
    looks like, The engine is not the latest but this is likely not the problem. The virus data files (5.75) are from last year and there must be several hundred IDEs by now. Dunno if there's a limit on the number that will be loaded. Should be fairly easy to test whether it's this particular IDE, the number of IDEs, or all newer IDEs - shouldn't it?

    Christian

  • I get the error even if I just load the single IDE file 'form-arm.ide' or any of the the three new IDE files we downloaded today ('blad-ace', 'zbot-pmc' & 'tesla-oh.ide').  I can load any of the older IDE files successfully.  I would love to use a newer engine but Sophos don't provide one for Linux.

  • Hello Gavin,

    I see. I'm not aware that the IDEs have changed in a way that they won't get loaded by an older but not very old version. Wonder if it's related to the virus-data version, You could, BTW, instead of simply accumulating the IDEs "refresh" the SAV directory, copy the other files (.dat, .vdb, .xml) as well and remove obsolete IDEs.  

    As you mentioned a Windows installation - have you licensed the on-premise SESC or Central Intercept X?

    Christian

  • Christan,

    Thanks for replying.  We do indeed have a licensed SESC on-premise.  I think I'll try raising an incident with Sophos support to see what kind of response I get.

    I could consider the 'refresh' approach you outline above, the list of .vdb files on both systems (Linux/Windows) is comparable but the .dat files are very different (2 on Linux 13 on Windows).  However, to adopt this approach I would need to do some significant re-engineering on the auto-build system used to keep the kiosk up to date, and possibly on the kiosk itself.  I might try a one off to see if it works.

    So I'll wait to see if I get anything out of support before going down that route.

  • Hello Gavin,

    raising an incident with Sophos support
    well, they might tell you that a) this isn't savscan's intended use and b) the OS is no longer supported.

    the 'refresh' approach
    most SESC licenses include SAV for Linux, part of its CID is the /sav/ IDE and .vdb directory.

    Christian

Reply
  • Hello Gavin,

    raising an incident with Sophos support
    well, they might tell you that a) this isn't savscan's intended use and b) the OS is no longer supported.

    the 'refresh' approach
    most SESC licenses include SAV for Linux, part of its CID is the /sav/ IDE and .vdb directory.

    Christian

Children
No Data