Avira AV / Sophos AV no Update since April 12

Hi,

does anyone have the same problem that both engines do not update since April 12, 12.32h (Avira), 13.42h (Sophos)?

I changed to SFOS 17.5.4 MR-4-1 yesterday... Maybe it is coincidence but you never know.

 

Thank you

Wolf

  • Hi,

    thank you for pointing that out. I updated some 5 days ago, so I don't think issue is related to your upgrade. I have been investigating issues with the reporting and GUI updates that started sometime early yesterday. The daily reports are almost empty, well the web access report is empty.The GUI  is missing all the application and web details.

    Ian

     

    Extra - add IPS updates also.

    Deeper investigation, no log viewer updates after 0157 14/4/2019 my time.

  • In reply to rfcat_vk:

    A new version of ATP downloaded and installed but nothing else.

    Ian

  • Same here, 

    upgrades from SFOS 17.5.3 MR-3 to SFOS 17.5.4 MR-4-1 on April 12. no AV Updates since then. only one ATP update. 

     

  • Now Sophos and Avira AV  gets the updates

     

  • In reply to Stef_An:

    All is OK here again, too. ATP, Avira and Sophos are updated.

    Thank you guys!

  • In reply to Canis68:

    Not quite, IPS has not updated.

    Ian

  • In reply to rfcat_vk:

    I agree Ian, same here. My IPS data is from April 11 but I thought this does not update that often.

  • In reply to Canis68:

    So what you are implying is that there haven't been any new IPS/DDOS attacks in the last 3 or 4 days that require new signatures?

    Ian

  • In reply to rfcat_vk:

    For sure not. Maybe I should have written first "irony mode on"... Last DoS attack I have seen here was two hours ago. I am just used to "some" delays!

  • In reply to Canis68:

    Things are improving. My last IPS pattern is 9.15.80, from April 16 6pm.

  • In reply to Canis68:

    Actually an "Improving" of the situation is exaggerating reality again. Last IPS pattern is the same 9.15.80 since April 16 6pm and therefore 2 days old again. Manual update does not help. Anybody from Sophos out there who can have a look at it? Would be much appreciated. 

  • In reply to Canis68:

    I am here as a XG User and personally speaking, The IPS Team collect the latest changes in Talos etc. to bundle them into one IPS update. 

    More likely this is the reason for the "slower" publishing of IPS rules. 

    You could check the latest talos / snort rule set. There are most likely publish only each week.

    https://www.snort.org/talos

  • In reply to LuCar Toni:

    IPS update dated 19/4/2019.

    Ian

  • In reply to LuCar Toni:

    Thank you for sharing that information. Although the idea behind seems reasonable, changes once a week would be a bit scary. Today I have IPS pattern # 9.15.81, it changed yesterday @ 5pm.

  • In reply to Canis68:

    In fact it is not "weeks". 

    But you cannot publish something, which is not "tested" and you cannot publish something, which does not exist. 

    So basically you can take a look at the talos changelog.