Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 3750 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Centos 7 - High CPU - Savscand - FAILED-TO-UPDATE-FROM

tim furner

Hi Community,

I am experiencing intermittent problems with savscand consuming all the CPU on my Centos 7 server.  The version of sophos that is installed is

./savdstatus --version
Copyright 1989-2020 Sophos Limited. All rights reserved.
Sophos Anti-Virus       = 9.16.2
Build Revision          = 2840711
Threat detection engine = 3.79.0
Threat data             = 5.77
Threat count            = 53271068
Threat data release     = Tue 04 Aug 2020 12:00:00 AM
Last update             = Wed 26 Aug 2020 09:38:55 AM BST

The error log show this repeating message when the cpu is being consumed

<log><category>update.failed</category><level>ERROR</level><domain>savupdate</domain><msg>ALL_UPDATE_SOURCES_FAILED</msg><time>1598343066</time></log>

<log><category>update.failed</category><level>ERROR</level><domain>savupdate</domain><msg>FAILED-TO-UPDATE-FROM %s</msg><time>1598343413</time><arg>sdds:SOPHOS</arg></log>

The connection of the server to the internet is ok. Can anyone help me understand what this msg is caused by and how to fix pls?


Many Thanks

Big Dog



This thread was automatically locked due to age.
  • 0

    Hello Big Dog,

    BTW: To get a nicer display of the log use /opt/sophos.av/bin/savlog.
    I think these errors are just a consequence of the CPU consumption and not the other way round. Apparently updating succeeds at least sometimes. Is there any pattern in the CPU spikes, how long do they last? Other than the updating errors is the server unresponsive?

    Christian 

  • 0

    Apologies for my late reply. 

    This was the output of the savlog during the incident. There was no issue with the local internet connection at the time. Hope this helps in some way

    Tue 25 Aug 2020 09:03:20 AM BST: savd.daemon Sophos Anti-Virus daemon started.
    Tue 25 Aug 2020 09:03:24 AM BST: savd.daemon On-access scanning enabled using talpa.
    Tue 25 Aug 2020 09:11:06 AM BST: update.failed Failed to replicate from sdds:SOPHOS
    Tue 25 Aug 2020 09:11:06 AM BST: update.failed Failed to replicate from all update sources
    Tue 25 Aug 2020 09:16:53 AM BST: update.failed Failed to replicate from sdds:SOPHOS
    Tue 25 Aug 2020 09:16:53 AM BST: update.failed Failed to replicate from all update sources
    Tue 25 Aug 2020 09:34:15 AM BST: update.failed Failed to replicate from sdds:SOPHOS
    Tue 25 Aug 2020 09:34:15 AM BST: update.failed Failed to replicate from all update sources
    Tue 25 Aug 2020 10:06:34 AM BST: update.failed Failed to replicate from sdds:SOPHOS
    Tue 25 Aug 2020 10:06:34 AM BST: update.failed Failed to replicate from all update sources
    Tue 25 Aug 2020 10:11:53 AM BST: update.failed Failed to replicate from sdds:SOPHOS
    Tue 25 Aug 2020 10:11:53 AM BST: update.failed Failed to replicate from all update sources
    Tue 25 Aug 2020 10:12:11 AM BST: update.updated Updating from versions - SAV: 9.16.2, Engine: 3.79.0, Data: 5.77
    Tue 25 Aug 2020 10:12:11 AM BST: update.updated Updating Sophos Anti-Virus....
    Updating SAVScan on-demand scanner
    Updating Virus Engine and Data
    Updating Manifest
    Update completed.

  • 0 in reply to tim furner

    Hello Big Dog,

    my late reply - no problem.
    are you still getting these messages and do you still see the CPU consumption? There should be a savupdate-debug.log in the log directory. This should contain a little bit more information. 

    Christian 

Unfiltered HTML