Sophos-AV for Linux Failed to download 'https://d2.sophosupd.com/update-C/XXXXXXXXXXXX188fbfa2b98x000.xml': no such file. Please check PrimaryUpdateSourcePath.

Hello, Sophos Community members across the globe,

 

 

            I have been using Sophos-av for a year in all Linux servers but yesterday I got an error that it's failed to download.

 

Tue 17 Mar 2020 02:10:42 AM EDT: update.updated Updated to versions - SAV: 9.16.0, Engine: 3.77.1, Data: 5.73
Tue 17 Mar 2020 02:10:42 AM EDT: update.updated Successfully updated Sophos Anti-Virus from sdds:SOPHOS
Tue 17 Mar 2020 12:10:37 PM EDT: update.failed Failed to download 'd2.sophosupd.com/.../XXXXXXXXXXXXXXa188fbfa2b98x000.xml': no such file. Please check PrimaryUpdateSourcePath.

 

EmailDemandSummaryIfThreat: true
EmailLanguage: English
EmailNotifier: true
EmailServer: localhost:25
EnableOnStart: false
ExclusionEncodings: UTF-8
EUC-JP
ISO-8859-1

PrimaryUpdateSourcePath: sophos:

UploadSamples: false
SendErrorEmail: false
SendThreatEmail: false
UINotifier: false
UIpopupNotification: false
UIttyNotification: false
UpdatePeriodMinutes: 600
NamedScans: Weekly
LiveProtection: enabled
ScanArchives: mixed

I did manual update using /opt/sophos-av/bin/savupdate and it ran without any issue.

 

Please let me know where it went wrong or any configuration issue? Thanks inadvance

 

Thank you,

Mani

  • Hi  

    Would you please suggest whether you are using Sophos central managed Sophos Anti-Virus for Linux or a free version? 

  • In reply to Jasmin:

    Hi Jasmine,

     

    It's Sophos-antivirus free version installed in Linux server.

     

    Thank you,

    Mani

  • In reply to MANI KORASIKA:

    Hi  

    The credentials for free Sophos AV Linux are fetched automatically so the configuration should be fine. Is there any firewall that is blocking the update? 

  • Hello mani,

    manual update [...] ran without any issue
    but the scheduled updates still fail? And this is reproducible, i.e. automatic updates still fail (and on more than one server)? Would be strange. A glitch on the backend is thinkable, it might last for a short while but with an update interval of 10 hours you shouldn't have encountered more than a few incidents and not more than one per server.

    If I'm not mistaken the file was on the backend yesterday, can't remember what its contents were. Meanwhile it has been replaced by some other file. Likely the /opt/sophos-av/logs/savupdate-debug.log shows some (successful) activity preceding this error and not more information than no such file which is a reworded HTTP 404. The Warehouse (the backend storage) isn't just a bunch of files, it has an internal structure (the .XML files are a hierarchy of catalogues that refer to and describe the actual files that have a .dat extension, with a file's checksum as its name)  to assure integrity and consistency. It's impossible (or at least not feasible) to provide a "stable view" of a Warehouse at all times when it is updated. If you add, remove, or change a file you have to update the referring catalogue that is referred to by another catalogue and so on. Guess you can work out the rest.

    Thus no need to worry if it's a one-off event and a subsequent manual update and/or the next scheduled update succeed. Only if such an error more or less frequently recurs (consistently or randomly) you need to investigate.

    Christian     

  • In reply to QC:

    Thank You QC, JASMIN and SWETHA for your quick responses. It's only a one time issue so we couldn't figure what's the reason behind it. But your inputs helped me alot. 

     

    Have a safe, healthy and good day ahead.   Computer

    Thank you,

    Mani 

  • In reply to MANI KORASIKA:

    Hi  

    Glad to know that issue has not occurred after since.