Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 3769 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Got flooded by e-mail alerts - Linux

FormerMember
FormerMember

Hi all,

My customer is getting hundreds of the following e-mail alerts:

An event happened on the computer <Hostname>
Main configuration is not available, using backup configuration Successfully updated Sophos Anti-Virus from sgvwgsaacsopho/.../savlinux

I found a post in regards to this issue:

https://community.sophos.com/products/endpoint-security-control/f/3/t/4652

Here is the output of savconfig get & savupdate -V5:

> /opt/sophos-av/bin/savconfig get

Email: root@localhost
EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: localhost:25
EnableOnStart: false
ExclusionEncodings: UTF-8
EUC-JP
ISO-8859-1
LogMaxSizeMB: 100
NotifyOnUpdate: false
UploadSamples: false
SendErrorEmail: true
SendThreatEmail: true
UINotifier: true
UIpopupNotification: true
UIttyNotification: true
LiveProtection: enabled
ScanArchives: mixed


> /opt/sophos-av/bin/savupdate -v5

Main configuration is not available, using backup configuration

Updating from sgvwgsaacsopho/.../savlinux
Reading sgvwgsaacsopho/.../cidsync.upd
Downloading sgvwgsaacsopho/.../cidsync.upd
388824 bytes downloaded in 1.034779 secs (366.948883 KiB/s)
Reading /opt/sophos-av/update/cache/Primary/cidsync.upd
Reading /opt/sophos-av/update/cache/Primary/savi/sav/vdlmnfst.dat
Reading /opt/sophos-av/update/cache/Primary/savi/engine/32/enginemnfst.dat
Reading /opt/sophos-av/update/cache/Primary/savi/engine/64/enginemnfst.dat
Reading /opt/sophos-av/update/cache/Primary/sav.dat
Reading /opt/sophos-av/update/cache/Primary/talpa.dat
No update from sgvwgsaacsopho/.../savlinux
Reading sgvwgsaacsopho/.../index.spec
Downloading sgvwgsaacsopho/.../index.spec
Reading sgvwgsaacsopho/.../index.spec
Downloading sgvwgsaacsopho/.../index.spec
Reading sgvwgsaacsopho/.../cac.pem
Downloading sgvwgsaacsopho/.../cac.pem
1131 bytes downloaded in 0.223159 secs (4.949354 KiB/s)
Reading /opt/sophos-av/update/cache/Primary/cac.pem
Reading sgvwgsaacsopho/.../mrinit.custom
Downloading sgvwgsaacsopho/.../mrinit.custom
Reading sgvwgsaacsopho/.../MRInit.custom
Downloading sgvwgsaacsopho/.../MRInit.custom
Reading sgvwgsaacsopho/.../mrinit.conf
Downloading sgvwgsaacsopho/.../mrinit.conf
521 bytes downloaded in 0.222961 secs (2.281965 KiB/s)
Reading /opt/sophos-av/update/cache/Primary/MRInit.conf
No update from sgvwgsaacsopho/.../savlinux
Successfully updated Sophos Anti-Virus from
http://sgvwgsaacsopho/CIDs/S000/savlinux

From the savconfig output, looks like there is no "PrimaryUpdateSourcePath" set ?

Any idea what may have caused that? and please suggest how to add this back into the configuration.

You help is much appreciated.

Cheers,

SF.



This thread was automatically locked due to age.
  • 0

    Hello SF,

    at least this endpoint seems to be managed - what's its status in the console (tabs Status and Update Details are probably the most interesting ones)? If the endpoints are reporting (oh, that's the Last message time on the Computer Details tab) requesting policy compliance might help.

    Christian

Unfiltered HTML