Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I am using the free tool Sophos-AV for Linux. When I update using sudo /opt/sophos-av/bin/savupdate , it gives as last version Do 29 Mär 2018 21:06:59 CEST . As this date is quite some time ago, I worry that this is not correct.
Copyright 1989-2018 Sophos Limited. All rights reserved.Sophos Anti-Virus = 9.14.2Build Revision = 2747081Threat detection engine = 3.70.2Threat data = 5.49Threat count = 17941600Threat data release = Di 13 Mär 2018 00:00:00 Last update = Do 29 Mär 2018 21:06:59 CEST
Is this correct? Could you tell what is the latest version? Thank you very much in advance!
definitely not the latest version. There's no error issued by savupdate, could you perhaps show the output?
In reply to QC:
Thank you for your prompt reply. Please find below some output:
sudo /opt/sophos-av/bin/savdstatus --version
Copyright 1989-2018 Sophos Limited. All rights reserved. Sophos Anti-Virus = 9.14.2 Build Revision = 2747081 Threat detection engine = 3.70.2 Threat data = 5.49 Threat count = 17941600 Threat data release = Di 13 Mär 2018 00:00:00 Last update = Do 29 Mär 2018 21:06:59 CEST
Successfully updated Sophos Anti-Virus from sdds:SOPHOS
However, even though it mentions here that it successfully updated, nothing changed regarding the --version
sudo savscan -f *
SAVScan virus detection utility Version 5.43.0 [Linux/AMD64] Virus data version 5.49, March 2018 Includes detection for 17941600 viruses, Trojans and worms Copyright (c) 1989-2018 Sophos Limited. All rights reserved. System time 09:33:37 PM, System date 13 September 2018 Command line qualifiers are: -f Useful life of Scan has been exceeded IDE directory is: /opt/sophos-av/lib/sav
File fare-efh.ide is older than 6 months File msil-kxg.ide is older than 6 months File inje-dat.ide is older than 6 months File zbot-lwx.ide is older than 6 months
And it gives for many other files that are older than 6 months.
Full Scanning Could not open dev/stderr 39484 files scanned in 9 minutes and 1 second. 1 error was encountered. No viruses were discovered. End of Scan.
Any idea what could be the reason?
Thank you very much for your help in advance!
In reply to Rudiger:
please run sudo /opt/sophos-av/bin/savupdate -v 5 to get verbose output. To view past actual updates use /opt/sophos-av/bin/savlog --category=update.updated|more (or whatever you prefer to more).
/opt/sophos-av/bin/savupdate -v 5
See below. Strangely, it indicates "There is another installation of Sophos Anti-Virus on this computer". I cannot remember that I installed Sophos another time.
See below. Strangely, it indicates "
There is another installation of Sophos Anti-Virus on this computer".
I cannot remember that I installed Sophos another time.
sudo /opt/sophos-av/bin/savupdate -v 5
SOPHOS source is either SOPHOS, or the warehouse update source address.
Updating from versions - SAV: 9.14.2, Engine: 3.70.2, Data: 5.49
Validating contents of cache directory '/opt/sophos-av/update/cache/Primary'...
Path to signed-file = [/opt/sophos-av/update/cache/Primary/savi/sav/vdlmnfst.dat]
Path to certificates-file = [/opt/sophos-av/update/certificates/rootca.crt]
Path to crl-file = [/opt/sophos-av/update/certificates/root.crl]
Path to data directory = [/opt/sophos-av/update/cache/Primary/savi/sav]
data files verified ok
File signed OK
Path to signed-file = [/opt/sophos-av/update/cache/Primary/savi/engine/32/enginemnfst.dat]
Path to data directory = [/opt/sophos-av/update/cache/Primary/savi/engine/32]
Path to signed-file = [/opt/sophos-av/update/cache/Primary/savi/engine/64/enginemnfst.dat]
Path to data directory = [/opt/sophos-av/update/cache/Primary/savi/engine/64]
Path to signed-file = [/opt/sophos-av/update/cache/Primary/sav.dat]
Path to data directory = [/opt/sophos-av/update/cache/Primary]
Path to signed-file = [/opt/sophos-av/update/cache/Primary/talpa.dat]
Validated contents of cache directory '/opt/sophos-av/update/cache/Primary'
Updating Sophos Anti-Virus from /opt/sophos-av/update/cache/Primary
Warning: There is another installation of Sophos Anti-Virus on this computer.
Aborting the installation. If you want to ignore the existing installation, use the option --ignore-existing-installation
Gives an extensive list with actually always the same data under SAV, Engine and Data, until March 29.
Do 29 Mär 2018 11:32:52 CEST: update.updated Updated to versions - SAV: 9.14.2,
Engine: 3.70.2, Data: 5.49
Do 29 Mär 2018 11:32:52 CEST: update.updated Successfully updated Sophos Anti-Vi
rus from sdds:SOPHOS
Do 29 Mär 2018 14:30:53 CEST: update.updated Updating from versions - SAV: 9.14.
2, Engine: 3.70.2, Data: 5.49
Do 29 Mär 2018 14:30:53 CEST: update.updated Updating Sophos Anti-Virus....
Updating SAVScan on-demand scanner
Updating Virus Engine and Data
Do 29 Mär 2018 14:30:53 CEST: update.updated Updated to versions - SAV: 9.14.2,
Do 29 Mär 2018 14:30:53 CEST: update.updated Successfully updated Sophos Anti-Vi
whatever happened must have happened near the end of March. Can't say how it determines that there is another installation - maybe DouglasLeeder can tell. Of course you could simply download the current installer and if necessary use --ignore-existing-installation. Personally I prefer to assess the situation first.
We report that error if the installer thinks the installation is a clean install, and sav-protect init script or savscan symlink exists.
This means that the installation has got broken at some point (presumably in March).
The easiest way to fix is to uninstall and reinstall.
As suggested by DouglasLeeder, I decided to re-install. This works.
After savupdate it gives the following:
Copyright 1989-2018 Sophos Limited. All rights reserved.Sophos Anti-Virus = 9.15.0Build Revision = 2767612Threat detection engine = 3.72.1Threat data = 5.54Threat count = 24412225Threat data release = Di 21 Aug 2018 00:00:00 Last update = Fr 14 Sep 2018 15:52:04 CEST
Thank you very much for your help, very much appreciated!