This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage for UNIX erroring with "SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA" - Update shows OUT OF DATE

Over the weekend we had an issue where our gateways (PMX6.3 on RHEL7) started rejected all emails with the "SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA" when executing against the "Check for Viruses" and "Check for suspicious attachments" policy items.  The logging in the PMX_LOG reveals something like this:

 

2017-08-05T00:50:33 [32729,Sophos-SAVI,SAVI.pm:46] sophos: loading DATs from /opt/pmx6/etc/data/sophos/4: data v2017.8.1.5380001, engine v3.68, SAV v5.38, released 2017/04/04: OUT OF DATE

Virus definitions appear to be of the latest version, but out of date.  Insert confused face here......

This issue occurred back in March and ended up being an issue with the Sophos released update.  It was identified (thank you browser history) under https://community.sophos.com/kb/en-us/126168 but has since been removed.



This thread was automatically locked due to age.
Parents
  • Quick update - Latest definition has been applied (2017.8.6.5400002) which shows the following in the logs:

     

    2017-08-07T12:17:09 [28601,Sophos-SAVI,SAVI.pm:46] sophos: loading DATs from /opt/pmx6/etc/data/sophos/2 (was 4): data v2017.8.6.5400002, engine v3.68, SAV v5.40, released 2017/05/30

    So it looks like Sophos have updated the "released" date in the latest definitions, but have only increased it by 8 weeks.  Why??  Essentially, if this series of events repeats itself without Sophos updating the package again, this issue will re-occur on the 30th September.

Reply
  • Quick update - Latest definition has been applied (2017.8.6.5400002) which shows the following in the logs:

     

    2017-08-07T12:17:09 [28601,Sophos-SAVI,SAVI.pm:46] sophos: loading DATs from /opt/pmx6/etc/data/sophos/2 (was 4): data v2017.8.6.5400002, engine v3.68, SAV v5.40, released 2017/05/30

    So it looks like Sophos have updated the "released" date in the latest definitions, but have only increased it by 8 weeks.  Why??  Essentially, if this series of events repeats itself without Sophos updating the package again, this issue will re-occur on the 30th September.

Children
No Data