Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 9401 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux servers complain "Main configuration is not available"

horihel

So far my two Linux VMs have been running without a hint of trouble. But today Sophos seems to have pushed an update and now those servers are complaining every 5 minutes:

An event happened on the computer example.com.

Main configuration is not available, using backup configuration
Successfully updated Sophos Anti-Virus from http://sophos.intern/CIDs/S000/savlinux

Please contact your IT department.

The logs look good so far, updates happen and the http-URL is actually the primary update source. I'm clueless what "Configuration" is not available - profiles are applied correctly and everything is working. I just get spammed with those emails...

:40729


This thread was automatically locked due to age.
  • 0

    The main configuration is the one accessed by savconfig, and where the SEC policies end up. For some reason the PrimaryUpdateSourcePath is not available to savupdate from there. savupdate is falling back to using the backup configuration.

    I'd suggest checking with savconfig to see what the configuration says.

    :40737
  • 0

    savconfig loogs good to me:

    plato:~ # /opt/sophos-av/bin/savconfig get
    AllowIfBootSectorThreat: false
    AutomaticAction: disinfect
    Email: hel@intern
    EmailDemandSummaryIfThreat: true
    EmailLanguage: english
    EmailNotifier: true
    EmailServer: grisu.intern
    EnableOnStart: false
    ExclusionEncodings: UTF-8
                        EUC-JP
                        ISO-8859-1
    HttpPort: 8081
    HttpUsername: admin
    LogMaxSizeMB: 100
    NotifyOnUpdate (Locked): true
    PrimaryUpdateSourcePath (Locked): http://sophos.intern/CIDs/S000/savlinux
    PrimaryUpdateUsername (Locked): HAWKING\SophosUpdateMgr
    PrimaryUpdatePassword (Locked): ********
    SendErrorEmail: false
    SendThreatEmail: true
    UINotifier: true
    UIpopupNotification: true
    UIttyNotification: true
    UpdatePeriodMinutes (Locked): 60
    NamedScans: SEC:FullSystemScan [Not scheduled]
    LiveProtection: disabled
    ScanArchives: disabled

    ---

    and the http server is very much available - the only peculiar thing would be that savupdate seems to be looking for certain files that don't exist on the CID: server.inf, config, talpa-custom, mrinit.custom and MRInit.custom.

    SEC didn't copy those there but it doesnt complain about missing files either. I'll re-check the docs, but until then I consider this a bug - especially because everything was working yesterday and it broke without warning.

    :40745
  • 0

    Ok, that configuration looks fine. 

    I guess the next thing to do is check what an interactive savupdate reports:

    # /opt/sophos-av/bin/savupdate -v5

    :40757
Unfiltered HTML