https://community.sophos.com/puremessage/f/discussions/94755/puremessage-for-unix-erroring-with-sophos_savi_error_old_virus_data---update-shows-out-of-dateOver the weekend we had an issue where our gateways (PMX6.3 on RHEL7) started rejected all emails with the &quot;SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA&quot; when executing against the &quot;Check for Viruses&quot; and &quot;Check for suspicious attachments&quot; policy items. The loggingen-USTelligent Community 12https://community.sophos.com/thread/343602?ContentTypeID=1Tue, 08 Aug 2017 18:40:26 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:8052c640-1342-4b48-8edd-2f44eef990c8Brian Gahan<p>Thanks for the response.&nbsp; I ended up logging a case through Sophos Support.</p> <p>Updating to the newer definition file did correct the error (even through the previous definitions were only a couple of days old), but it appears that your coders/developers are writing another date into the definition file which is what the program is looking at to determine definition validity within 120 days.</p> <p>&nbsp;</p> <p>For example - The virus definitions that we were running,&nbsp; dated 1st August 2017 (v2017.8.1.5380001) have a &quot;released date&quot; of 2017/04/04.&nbsp; The updated definitions we obtained on Monday, dated 6th August 2017 (v2017.8.6.5400002) have a &quot;released date&quot; of 2017/05/30.</p> <p>&nbsp;</p> <p>What i&#39;m saying is that even though the version date is being incremented, if your programmers forget to update the &quot;released date&quot; this problem is going to reoccur 120 days after the 30th May 2017, specifically around the 30th September 2017.</p> <p>The issue is resolved now, but it looks like there is an underlying coding/configuration issue at Sophos that has caused this, which should be investigated and corrected.</p><div style="clear:both;"></div>https://community.sophos.com/thread/343473?ContentTypeID=1Tue, 08 Aug 2017 05:10:28 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:f9d46f35-b173-46a8-a996-07d2cbc3b385LEFBE<p>Hello Brian,&nbsp;</p> <p>SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA indicate that your virus Engine is out of date.</p> <p>Could you please provide output of the following command:</p> <ul> <li>su - pmx6</li> <li>wget -c <a href="http://pmx-dynamic.sophos.com/pmx/v6/mainline/linux/IQ.en">pmx-dynamic.sophos.com/.../IQ.en</a></li> <li>ppm set</li> <li>ppm verify --upgrade PureMessage-Sophos-Engine --force</li> <li>ppm verify --upgrade PureMessage-Sophos-Data --force</li> </ul> <p>Explanation:&nbsp;</p> <ol> <li>change to pmx user (do not forget the sign <span style="color:#ff0000;">- </span>)</li> <li>try to download IQ.en from repository</li> <li>Display PMX repository set into the product</li> <li>Force upgrade for both package, Engine, Data</li> </ol><div style="clear:both;"></div>https://community.sophos.com/thread/343232?ContentTypeID=1Sun, 06 Aug 2017 21:39:43 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:db409dad-70d8-4a56-a9af-7e399569a5ffBrian Gahan<p>Quick update - Latest definition has been applied (2017.8.6.5400002) which shows the following in the logs:</p> <p>&nbsp;</p> <p>2017-08-07T12:17:09 [28601,Sophos-SAVI,SAVI.pm:46] sophos: loading DATs from /opt/pmx6/etc/data/sophos/2 (was 4): data v2017.8.6.5400002, engine v3.68, SAV v5.40, released 2017/05/30</p> <p>So it looks like Sophos have updated the &quot;<strong>released</strong>&quot; date in the latest definitions, but have only increased it by 8 weeks.&nbsp; Why??&nbsp; Essentially, if this series of events repeats itself without Sophos updating the package again, this issue will re-occur on the 30th September.</p><div style="clear:both;"></div>