Update Sohos-AV freetool for Linux

Hi,

I am using the free tool Sophos-AV for Linux. When I update using sudo /opt/sophos-av/bin/savupdate , it gives as last version Do 29 Mär 2018 21:06:59 CEST . As this date is quite some time ago, I worry that this is not correct.

Copyright 1989-2018 Sophos Limited. All rights reserved.
Sophos Anti-Virus       = 9.14.2
Build Revision          = 2747081
Threat detection engine = 3.70.2
Threat data             = 5.49
Threat count            = 17941600
Threat data release     = Di 13 Mär 2018 00:00:00
Last update             = Do 29 Mär 2018 21:06:59 CEST

Is this correct? Could you tell what is the latest version? Thank you very much in advance!

Danke

Rudiger

  • Hello Rudiger,

    definitely not the latest version. There's no error issued by savupdate, could you perhaps show the output?

    Christian

  • In reply to QC:

    Hello Christian,

    Thank you for your prompt reply. Please find below some output:

    sudo /opt/sophos-av/bin/savdstatus --version

        Copyright 1989-2018 Sophos Limited. All rights reserved.
        Sophos Anti-Virus       = 9.14.2
        Build Revision          = 2747081
        Threat detection engine = 3.70.2
        Threat data             = 5.49
        Threat count            = 17941600
        Threat data release     = Di 13 Mär 2018 00:00:00
        Last update             = Do 29 Mär 2018 21:06:59 CEST

    sudo /opt/sophos-av/bin/savupdate

      Successfully updated Sophos Anti-Virus from sdds:SOPHOS

    However, even though it mentions here that it successfully updated, nothing changed regarding the --version

    sudo savscan -f *

      SAVScan virus detection utility
      Version 5.43.0 [Linux/AMD64]
      Virus data version 5.49, March 2018
      Includes detection for 17941600 viruses, Trojans and worms
      Copyright (c) 1989-2018 Sophos Limited. All rights reserved.

      System time 09:33:37 PM, System date 13 September 2018
      Command line qualifiers are: -f

      Useful life of Scan has been exceeded

      IDE directory is: /opt/sophos-av/lib/sav

      File fare-efh.ide is older than 6 months
      File msil-kxg.ide is older than 6 months
      File inje-dat.ide is older than 6 months
      File zbot-lwx.ide is older than 6 months

    And it gives for many other files that are older than 6 months.

      Full Scanning

      Could not open dev/stderr


      39484 files scanned in 9 minutes and 1 second.
      1 error was encountered.
      No viruses were discovered.
      End of Scan.

    Any idea what could be the reason?

    Thank you very much for your help in advance!

    Schöne Abend,

    Rudiger

     

     

     

     

  • In reply to Rudiger:

    Hello Rudiger,

    please run sudo /opt/sophos-av/bin/savupdate -v 5 to get verbose output. To view past actual updates use /opt/sophos-av/bin/savlog --category=update.updated|more (or whatever you prefer to more).

    Christian

  • In reply to QC:

    Hello Christian,

    See below. Strangely, it indicates "There is another installation of Sophos Anti-Virus on this computer". I cannot remember that I installed Sophos another time.

     

    sudo /opt/sophos-av/bin/savupdate -v 5

    SOPHOS source is either SOPHOS, or the warehouse update source address.

    Updating from versions - SAV: 9.14.2, Engine: 3.70.2, Data: 5.49

    Validating contents of cache directory '/opt/sophos-av/update/cache/Primary'...

    Path to signed-file = [/opt/sophos-av/update/cache/Primary/savi/sav/vdlmnfst.dat]

    Path to certificates-file = [/opt/sophos-av/update/certificates/rootca.crt]

    Path to crl-file = [/opt/sophos-av/update/certificates/root.crl]

    Path to data directory = [/opt/sophos-av/update/cache/Primary/savi/sav]

     

    data files verified ok

     

    File signed OK

    Path to signed-file = [/opt/sophos-av/update/cache/Primary/savi/engine/32/enginemnfst.dat]

    Path to certificates-file = [/opt/sophos-av/update/certificates/rootca.crt]

    Path to crl-file = [/opt/sophos-av/update/certificates/root.crl]

    Path to data directory = [/opt/sophos-av/update/cache/Primary/savi/engine/32]

     

    data files verified ok

     

    File signed OK

    Path to signed-file = [/opt/sophos-av/update/cache/Primary/savi/engine/64/enginemnfst.dat]

    Path to certificates-file = [/opt/sophos-av/update/certificates/rootca.crt]

    Path to crl-file = [/opt/sophos-av/update/certificates/root.crl]

    Path to data directory = [/opt/sophos-av/update/cache/Primary/savi/engine/64]

     

    data files verified ok

     

    File signed OK

    Path to signed-file = [/opt/sophos-av/update/cache/Primary/sav.dat]

    Path to certificates-file = [/opt/sophos-av/update/certificates/rootca.crt]

    Path to crl-file = [/opt/sophos-av/update/certificates/root.crl]

    Path to data directory = [/opt/sophos-av/update/cache/Primary]

     

    data files verified ok

     

    File signed OK

    Path to signed-file = [/opt/sophos-av/update/cache/Primary/talpa.dat]

    Path to certificates-file = [/opt/sophos-av/update/certificates/rootca.crt]

    Path to crl-file = [/opt/sophos-av/update/certificates/root.crl]

    Path to data directory = [/opt/sophos-av/update/cache/Primary]

     

    data files verified ok

     

    File signed OK

    Validated contents of cache directory '/opt/sophos-av/update/cache/Primary'

    Updating Sophos Anti-Virus from /opt/sophos-av/update/cache/Primary

    Warning: There is another installation of Sophos Anti-Virus on this computer.

    Aborting the installation. If you want to ignore the existing installation, use the option --ignore-existing-installation

     

    /opt/sophos-av/bin/savlog --category=update.updated|more

    Gives an extensive list with actually always the same data under SAV, Engine and Data, until March 29.

     

    Do 29 Mär 2018 11:32:52 CEST: update.updated Updated to versions - SAV: 9.14.2,

    Engine: 3.70.2, Data: 5.49

    Do 29 Mär 2018 11:32:52 CEST: update.updated Successfully updated Sophos Anti-Vi

    rus from sdds:SOPHOS

    Do 29 Mär 2018 14:30:53 CEST: update.updated Updating from versions - SAV: 9.14.

    2, Engine: 3.70.2, Data: 5.49

    Do 29 Mär 2018 14:30:53 CEST: update.updated Updating Sophos Anti-Virus....

    Updating SAVScan on-demand scanner

    Updating Virus Engine and Data

    Updating Manifest

    Update completed.

    Do 29 Mär 2018 14:30:53 CEST: update.updated Updated to versions - SAV: 9.14.2,

    Engine: 3.70.2, Data: 5.49

    Do 29 Mär 2018 14:30:53 CEST: update.updated Successfully updated Sophos Anti-Vi

    rus from sdds:SOPHOS

     

    Best,

    Rudiger

  • In reply to Rudiger:

    Hello Rudiger,

    whatever happened must have happened near the end of March. Can't say how it determines that there is another installation - maybe can tell. Of course you could simply download the current installer and if necessary use --ignore-existing-installation. Personally I prefer to assess the situation first.

    Christian

  • In reply to QC:

    We report that error if the installer thinks the installation is a clean install, and sav-protect init script or savscan symlink exists.

     

    This means that the installation has got broken at some point (presumably in March).

     

    The easiest way to fix is to uninstall and reinstall.

  • In reply to QC:

    Hello Christian,

    As suggested by DouglasLeeder, I decided to re-install. This works.

    After savupdate it gives the following:

    Copyright 1989-2018 Sophos Limited. All rights reserved.
    Sophos Anti-Virus       = 9.15.0
    Build Revision          = 2767612
    Threat detection engine = 3.72.1
    Threat data             = 5.54
    Threat count            = 24412225
    Threat data release     = Di 21 Aug 2018 00:00:00
    Last update             = Fr 14 Sep 2018 15:52:04 CEST

    Thank you very much for your help, very much appreciated!

    Rudiger