CSSD crashes

CSSD crashes

We have a SG135 with SW-Version 9.405-5
Since yesterday the Astaro Virus Scanner Daemon (cssd) is crashing 2-3 times a day.
And leaving a 4GB core dump which fills the data partition.
I'm not sure, but inspecting /var/log/*.log, crashes seem to appear after Pattern update.

2016:08:18-08:01:01 gate audld[4014]: Starting Up2Date Package Downloader
2016:08:18-08:01:02 gate audld[4014]: patch up2date possible
2016:08:18-08:01:03 gate audld[4014]: Using static update server list in HA mode
2016:08:18-08:01:15 gate audld[4014]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).
2016:08:18-08:01:20 gate audld[4014]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2016:08:18-08:01:20 gate audld[4014]: Using static download server list in HA mode
2016:08:18-08:01:21 gate audld[4014]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="
download" package="avira-xvdf"
2016:08:18-08:01:22 gate auisys[4073]: no HA system or cluster node
2016:08:18-08:01:22 gate auisys[4073]: waiting for db_verify to return (30 seconds max)
2016:08:18-08:01:23 gate auisys[4073]: not cleaning /var/up2date/sys-install in --nosys mode
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/avira-xvdf-install'
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/cadata-install'
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/clvbrowser-install'
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/geoip-install'
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/man9-install'
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/ohelp9-install'
2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/savi-install'
2016:08:18-08:01:23 gate auisys[4073]: Starting Up2Date Package Installer
2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <man9> found, skipping
2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <clvbrowser> found, skipping
2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <ohelp9> found, skipping
2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <cadata> found, skipping
2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <geoip> found, skipping
2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <savi> found, skipping
2016:08:18-08:01:23 gate auisys[4073]: Install u2d packages <avira-xvdf>
2016:08:18-08:01:23 gate auisys[4073]: Starting installing up2date packages for type 'avira-xvdf'
2016:08:18-08:01:23 gate auisys[4073]: Installing up2date package: /var/up2date/avira-xvdf/u2d-avira-xvdf-9.2690-2691.patch.tgz.gpg
2016:08:18-08:01:23 gate auisys[4073]: Verifying up2date package signature
2016:08:18-08:01:23 gate auisys[4073]: Unpacking installation instructions
2016:08:18-08:01:23 gate auisys[4073]: parsing installation instructions
2016:08:18-08:01:24 gate auisys[4073]: This is a patch. Setting required_version to 9.2690
2016:08:18-08:01:24 gate auisys[4073]: Unpacking up2date package container
2016:08:18-08:01:24 gate auisys[4073]: Running pre-installation checks
2016:08:18-08:01:24 gate auisys[4073]: Starting up2date package installation
2016:08:18-08:01:41 gate auisys[4073]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" ac
tion="install" package_version="9.2691" package="avira-xvdf"
2016:08:18-08:01:41 gate auisys[4073]: [INFO-306] New Pattern Up2Dates installed
2016:08:18-08:01:42 gate auisys[4073]: Up2Date Package Installer finished, exiting

That's ok. But now Systems dumps the cssd process. Takes some time.

2016:08:18-08:03:02 gate exim-in[4225]: 2016-08-18 08:03:02 1baGOy-000169-0h malware acl condition: cssd: unable to read from socket (Success)
2016:08:18-08:03:02 gate exim-in[4321]: 2016-08-18 08:03:02 1baGPm-00017h-2f malware acl condition: cssd: unable to read from socket (Connection reset by pee
r)

System recognizes missing process and restarts cssd...

2016:08:18-08:03:06 gate selfmonng[4004]: I check Failed increment cssd_running counter 1 - 3
2016:08:18-08:03:11 gate selfmonng[4004]: I check Failed increment cssd_running counter 2 - 3
2016:08:18-08:03:16 gate selfmonng[4004]: W check Failed increment cssd_running counter 3 - 3
2016:08:18-08:03:16 gate selfmonng[4004]: W triggerAction: 'cmd'
2016:08:18-08:03:16 gate selfmonng[4004]: W actionCmd(+):  '/var/mdw/scripts/cssd restart'
2016:08:18-08:03:16 gate selfmonng[4004]: W child returned status: exit='0' signal='0'

... but /var/storage/cores/cssd.[PID] remains (4GB)

Any suggestions?
Thanks, Björn

  • Hi and Welcome to Sophos Community,

    The issue is caused due to an improper update of the SAVI patterns, you can execute the below command to force an update.

    audld.plx --nosys --types=savi --nopatchup2date

    Finally, CSSD requires empty space in /tmp directory at the start up time. Verify if the directory has the required space.

    Thanks