"Malware 'Unscannable' was detected and blocked in a download from ocsp.digicert.com"

Hello and have a nice day

we had a short power failure yesterday and since then I have this error message in the event log every second:

messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from ocsp.digicert.com" log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" fw_rule_id="16" user="" web_policy_id="0" policy_name="" virus="Unscannable" url="http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D" domain="ocsp.digicert.com" src_ip="192.168.100.35" src_country="R1" dst_ip="93.184.220.29" dst_country="GBR" protocol="TCP" src_port="50781" dst_port="80" bytes_sent="279" bytes_received="799" user_agent="Microsoft-CryptoAPI/10.0" status_code="500" 
messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from crl4.digicert.com" log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" fw_rule_id="16" user="" web_policy_id="0" policy_name="" virus="Unscannable" url="http://crl4.digicert.com/DigiCertGlobalRootG2.crl" domain="crl4.digicert.com" src_ip="192.168.100.35" src_country="R1" dst_ip="93.184.220.29" dst_country="GBR" protocol="TCP" src_port="50429" dst_port="80" bytes_sent="181" bytes_received="1147" user_agent="Microsoft-CryptoAPI/10.0" status_code="500" 
messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from crl3.digicert.com" log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" fw_rule_id="16" user="" web_policy_id="16" policy_name="" virus="Unscannable" url="http://crl3.digicert.com/DigiCertGlobalRootG2.crl" domain="crl3.digicert.com" src_ip="192.168.100.35" src_country="R1" dst_ip="93.184.220.29" dst_country="GBR" protocol="TCP" src_port="49770" dst_port="80" bytes_sent="181" bytes_received="1147" user_agent="Microsoft-CryptoAPI/10.0" status_code="500" 

Also, incoming mails are no longer scanned for viruses and spam protection does not work anymore.

For the time being I have set the protection on scan failure to 'Allow' and also had to deactivate the caching, so that I don't get any more error messages for the time being.

With best regards



Added TAGs
[edited by: emmosophos at 10:50 PM (GMT -8) on 22 Nov 2021]
  • Hi,

    please check your licence hasn't been corrupted?

    ian

     
    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
  • To me this reads like the AV definitions have been updated maybe at the time the outage happened and are now corrupted.

    Have you just tried to stop and restart AV service?

    I think it would be too easy to stop the Service, delete them and let it download the patterns again. Probably something for tech support but you coul dtry what's beeing discussed here: community.sophos.com/.../sophos-av-update-failed---broken-all-web-access-when-malware-enabled---this-keeps-happening

  • This sounds like a corruption issue. That said, this particular error message ("Malware 'Unscannable' was detected and blocked...") shows up once in a while for me and as far as I can tell nothing is corrupted on my system -- everything basically works except an "Unscanable" every couple of months.

  • Hello and thank you for your help!

    This is the u2d.log:

    XG106w_XN01_SFOS 18.5.1 MR-1-Build326# tail -f -n200 /var/tslog/u2d.log
    DEBUG     Nov 16 17:01:33 [12332]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:01:33 [12332]: --productcode = CN
    DEBUG     Nov 16 17:01:33 [12332]: --model = XG106w
    DEBUG     Nov 16 17:01:33 [12332]: --vendor = XN01
    DEBUG     Nov 16 17:01:33 [12332]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:01:33 [12332]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:01:33 [12332]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:01:33 [12332]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:01:33 [12332]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:01:33 [12332]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=&pkg_sysupdate_version=2&u2d_proto=2.00
    DEBUG     Nov 16 17:01:46 [12332]: Response code : 503
    DEBUG     Nov 16 17:01:46 [12332]: Response body :
    <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
     <head>
      <title>503 Service Unavailable</title>
     </head>
     <body>
      <h1>503 Service Unavailable</h1>
     </body>
    </html>
    
    DEBUG     Nov 16 17:01:46 [12332]: Response length : 361
    ERROR     Nov 16 17:01:46 [12332]: Received invalid top level tag html, expecting Up2Date
    ERROR     Nov 16 17:01:46 [12332]: FATAL : Error in parsing response, exiting.
    DEBUG     Nov 16 17:10:23 [15880]: --serial = SERIALKEY
    DEBUG     Nov 16 17:10:23 [15880]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:10:23 [15880]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:10:23 [15880]: --productcode = CN
    DEBUG     Nov 16 17:10:23 [15880]: --model = XG106w
    DEBUG     Nov 16 17:10:23 [15880]: --vendor = XN01
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ips_version = 18.18.70
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ips_cv = 18.0
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_atp_version = 1.0.0387
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_atp_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_savi_version = 1.0.17282
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_savi_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_avira_version = 1.0.417970
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_avira_cv = 4.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_apfw_version = 11.0.016
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_apfw_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_sslvpn_version = 1.0.009
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_sslvpn_cv = 1.02
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ipsec_version = 2.1.001
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ipsec_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_geoip_version = 2.0.007
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_geoip_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_clientauth_version = 1.0.0019
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_clientauth_cv = 2.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_redfw_version = 3.0.007
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_redfw_cv = 2.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_odt_version = 1.0.001
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_odt_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --oem = Sophos
    DEBUG     Nov 16 17:10:23 [15880]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:10:23 [15880]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:10:23 [15880]: --port = 443
    DEBUG     Nov 16 17:10:23 [15880]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:10:23 [15880]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:10:23 [15880]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_ips_version=18.18.70&pkg_ips_cv=18.0&pkg_atp_version=1.0.0387&pkg_atp_cv=1.00&pkg_savi_version=1.0.17282&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.417970&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.007&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0019&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.016&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.007&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.1.001&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.001&pkg_odt_cv=1.00&u2d_proto=2.00
    DEBUG     Nov 16 17:10:24 [15880]: Response code : 200
    DEBUG     Nov 16 17:10:24 [15880]: Response body :
    <Up2Date>
      <Package u2dtype="pattern">
        <File name="avira_4.00_1.0.417973_fdiff20.tar.gz.gpg">
          <location>https://d30ncyzaneb4q0.cloudfront.net/avira_4.00_1.0.417973_fdiff20.tar.gz.gpg</location>
          <version>1.0.417973</version>
          <size>9477413</size>
          <md5sum>a89e8633bf992bb95325953696787edb</md5sum>
          <module>avira</module>
          <cv>4.00</cv>
          <type>fdiff20</type>
        </File>
      </Package>
    </Up2Date>
    
    DEBUG     Nov 16 17:10:24 [15880]: Response length : 436
    DEBUG     Nov 16 17:10:24 [15880]: Received name : avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    DEBUG     Nov 16 17:10:24 [15880]: Received location : https://d30ncyzaneb4q0.cloudfront.net/avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    DEBUG     Nov 16 17:10:24 [15880]: Received version : 1.0.417973
    DEBUG     Nov 16 17:10:24 [15880]: Received size : 9477413
    DEBUG     Nov 16 17:10:24 [15880]: Received md5sum : a89e8633bf992bb95325953696787edb
    DEBUG     Nov 16 17:10:24 [15880]: Received module : avira
    DEBUG     Nov 16 17:10:24 [15880]: Received cv : 4.00
    DEBUG     Nov 16 17:10:24 [15880]: Received type : fdiff20
    Tue Nov 16 17:10:28 2021 pt_dload_checker: Starting download for file avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    Tue Nov 16 17:11:28 2021 pt_dload_checker: Download completed for file avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    gpg: Signature made Tue Nov 16 15:09:25 2021 CET using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    Tue Nov 16 17:11:30 2021 pt_dload_checker: Download for file avira_4.00_1.0.417973_fdiff20.tar.gz.gpg passed integrity and gpg checks
    Tue Nov 16 17:11:31 2021 pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, avira_417953-417973.tar.gz,
    Tue Nov 16 17:11:31 2021 pt_dload_checker: Current avira patterns are at /content/avira_4.00/1.0.417970
    Tue Nov 16 17:11:31 2021 pt_dload_checker: New updated patterns are now at /content/avira_4.00/1.0.417973
    Tue Nov 16 17:12:05 2021 pt_dload_checker: Updated signature db for avira, version = 1.0.417973.
    Tue Nov 16 17:12:05 2021 pt_dload_checker: Deleted pattern for module avira, version = 1.0.417970 at /content/avira_4.00/1.0.417970.
    DEBUG     Nov 16 17:26:25 [22648]: --serial = SERIALKEY
    DEBUG     Nov 16 17:26:25 [22648]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:26:25 [22648]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:26:25 [22648]: --productcode = CN
    DEBUG     Nov 16 17:26:25 [22648]: --model = XG106w
    DEBUG     Nov 16 17:26:25 [22648]: --vendor = XN01
    DEBUG     Nov 16 17:26:25 [22648]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:26:25 [22648]: --oem = Sophos
    DEBUG     Nov 16 17:26:25 [22648]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:26:25 [22648]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:26:25 [22648]: --port = 443
    DEBUG     Nov 16 17:26:25 [22648]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:26:25 [22648]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:26:25 [22648]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_sysupdate_version=2&central_mgmt=1.0&u2d_proto=2.00
    DEBUG     Nov 16 17:26:25 [22648]: Response code : 200
    DEBUG     Nov 16 17:26:25 [22648]: Response body :
    <Up2Date/>
    
    DEBUG     Nov 16 17:26:25 [22648]: Response length : 11
    DEBUG     Nov 16 17:31:20 [24574]: --serial = SERIALKEY
    DEBUG     Nov 16 17:31:20 [24574]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:31:20 [24574]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:31:20 [24574]: --productcode = CN
    DEBUG     Nov 16 17:31:20 [24574]: --model = XG106w
    DEBUG     Nov 16 17:31:20 [24574]: --vendor = XN01
    DEBUG     Nov 16 17:31:20 [24574]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:31:20 [24574]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:31:20 [24574]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:31:20 [24574]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:31:20 [24574]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:31:20 [24574]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=&pkg_sysupdate_version=2&u2d_proto=2.00
    DEBUG     Nov 16 17:32:20 [24574]: Response code : 504
    DEBUG     Nov 16 17:32:20 [24574]: Response body :
    
    DEBUG     Nov 16 17:32:20 [24574]: Response length : 0
    ERROR     Nov 16 17:32:20 [24574]: Response not parsed successfully.
    ERROR     Nov 16 17:32:20 [24574]: FATAL : Error in parsing response, exiting.
    DEBUG     Nov 16 17:40:35 [29332]: --serial = SERIALKEY
    DEBUG     Nov 16 17:40:35 [29332]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:40:35 [29332]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:40:35 [29332]: --productcode = CN
    DEBUG     Nov 16 17:40:35 [29332]: --model = XG106w
    DEBUG     Nov 16 17:40:35 [29332]: --vendor = XN01
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ips_version = 18.18.70
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ips_cv = 18.0
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_atp_version = 1.0.0387
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_atp_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_savi_version = 1.0.17282
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_savi_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_avira_version = 1.0.417973
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_avira_cv = 4.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_apfw_version = 11.0.016
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_apfw_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_sslvpn_version = 1.0.009
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_sslvpn_cv = 1.02
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ipsec_version = 2.1.001
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ipsec_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_geoip_version = 2.0.007
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_geoip_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_clientauth_version = 1.0.0019
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_clientauth_cv = 2.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_redfw_version = 3.0.007
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_redfw_cv = 2.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_odt_version = 1.0.001
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_odt_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --oem = Sophos
    DEBUG     Nov 16 17:40:35 [29332]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:40:35 [29332]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:40:35 [29332]: --port = 443
    DEBUG     Nov 16 17:40:35 [29332]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:40:35 [29332]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:40:35 [29332]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_ips_version=18.18.70&pkg_ips_cv=18.0&pkg_atp_version=1.0.0387&pkg_atp_cv=1.00&pkg_savi_version=1.0.17282&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.417973&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.007&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0019&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.016&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.007&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.1.001&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.001&pkg_odt_cv=1.00&u2d_proto=2.00
    DEBUG     Nov 16 17:40:36 [29332]: Response code : 200
    DEBUG     Nov 16 17:40:36 [29332]: Response body :
    <Up2Date/>
    
    DEBUG     Nov 16 17:40:36 [29332]: Response length : 11
    DEBUG     Nov 16 17:56:27 [3520]: --serial = SERIALKEY
    DEBUG     Nov 16 17:56:27 [3520]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:56:27 [3520]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:56:27 [3520]: --productcode = CN
    DEBUG     Nov 16 17:56:27 [3520]: --model = XG106w
    DEBUG     Nov 16 17:56:27 [3520]: --vendor = XN01
    DEBUG     Nov 16 17:56:27 [3520]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:56:27 [3520]: --oem = Sophos
    DEBUG     Nov 16 17:56:27 [3520]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:56:27 [3520]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:56:27 [3520]: --port = 443
    DEBUG     Nov 16 17:56:27 [3520]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:56:27 [3520]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:56:27 [3520]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_sysupdate_version=2&central_mgmt=1.0&u2d_proto=2.00
    DEBUG     Nov 16 17:56:28 [3520]: Response code : 200
    DEBUG     Nov 16 17:56:28 [3520]: Response body :
    <Up2Date/>
    
    DEBUG     Nov 16 17:56:28 [3520]: Response length : 11
    DEBUG     Nov 16 18:01:23 [5593]: --serial = SERIALKEY
    DEBUG     Nov 16 18:01:23 [5593]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 18:01:23 [5593]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 18:01:23 [5593]: --productcode = CN
    DEBUG     Nov 16 18:01:23 [5593]: --model = XG106w
    DEBUG     Nov 16 18:01:23 [5593]: --vendor = XN01
    DEBUG     Nov 16 18:01:23 [5593]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 18:01:23 [5593]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 18:01:23 [5593]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 18:01:23 [5593]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 18:01:23 [5593]: --u2d_proto = 2.00
    DEBUG     Nov 16 18:01:23 [5593]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=&pkg_sysupdate_version=2&u2d_proto=2.00
    DEBUG     Nov 16 18:01:23 [5593]: Response code : 503
    DEBUG     Nov 16 18:01:23 [5593]: Response body :
    <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
     <head>
      <title>503 Service Unavailable</title>
     </head>
     <body>
      <h1>503 Service Unavailable</h1>
     </body>
    </html>
    
    DEBUG     Nov 16 18:01:23 [5593]: Response length : 361
    ERROR     Nov 16 18:01:23 [5593]: Received invalid top level tag html, expecting Up2Date
    ERROR     Nov 16 18:01:23 [5593]: FATAL : Error in parsing response, exiting.
    
    

    and the up2date_av.log:

    XG106w_XN01_SFOS 18.5.1 MR-1-Build326# tail -f -n200 /var/tslog/up2date_av.log
    2021-11-15 02:54:47 AM: New savi incremental update successfully done
    2021-11-15 06:54:29 AM: Got the lock for updating avira (avira_417958-417959.tar.gz)
    2021-11-15 06:54:29 AM:Applying incremental update for avira
    2021-11-15 06:54:32 AM: avd still loading signature
    2021-11-15 06:54:34 AM: avd still loading signature
    2021-11-15 06:54:36 AM: avd still loading signature
    2021-11-15 06:54:38 AM: avd still loading signature
    2021-11-15 06:54:40 AM: avd still loading signature
    2021-11-15 06:54:42 AM: avd still loading signature
    2021-11-15 06:54:44 AM: avd still loading signature
    2021-11-15 06:54:47 AM: avd still loading signature
    2021-11-15 06:54:49 AM: avd still loading signature
    2021-11-15 06:54:51 AM: avd still loading signature
    2021-11-15 06:54:53 AM: avd still loading signature
    2021-11-15 06:54:55 AM: avd still loading signature
    2021-11-15 06:54:57 AM: avd still loading signature
    2021-11-15 06:54:59 AM: avd still loading signature
    2021-11-15 06:55:01 AM: avd still loading signature
    2021-11-15 06:55:03 AM: avd still loading signature
    2021-11-15 06:55:06 AM: avd still loading signature
    2021-11-15 06:55:08 AM: New avira4 inc udate successfully done
    2021-11-15 10:57:02 AM: Got the lock for updating avira (avira_417942-417962.tar.gz)
    2021-11-15 10:57:02 AM:Applying incremental update for avira
    2021-11-15 10:57:06 AM: avd still loading signature
    2021-11-15 10:57:08 AM: avd still loading signature
    2021-11-15 10:57:10 AM: avd still loading signature
    2021-11-15 10:57:12 AM: avd still loading signature
    2021-11-15 10:57:15 AM: avd still loading signature
    2021-11-15 10:57:17 AM: avd still loading signature
    2021-11-15 10:57:19 AM: avd still loading signature
    2021-11-15 10:57:21 AM: avd still loading signature
    2021-11-15 10:57:23 AM: avd still loading signature
    2021-11-15 10:57:25 AM: avd still loading signature
    2021-11-15 10:57:27 AM: avd still loading signature
    2021-11-15 10:57:29 AM: avd still loading signature
    2021-11-15 10:57:31 AM: avd still loading signature
    2021-11-15 10:57:33 AM: avd still loading signature
    2021-11-15 10:57:35 AM: avd still loading signature
    2021-11-15 10:57:38 AM: avd still loading signature
    2021-11-15 10:57:40 AM: avd still loading signature
    2021-11-15 10:57:42 AM: New avira4 inc udate successfully done
    2021-11-15 02:14:34 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 02:14:36 PM:Applying incremental update for avira
    2021-11-15 02:14:39 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 02:14:55 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 02:14:55 PM: applying incremental update update
    2021-11-15 02:14:55 PM: updating /sdisk/savi/engine signatures
    2021-11-15 02:14:55 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 02:14:56 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 06:09:31 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 06:09:32 PM:Applying incremental update for avira
    2021-11-15 06:09:35 PM: avd still loading signature
    2021-11-15 06:09:37 PM: avd still loading signature
    2021-11-15 06:09:39 PM: avd still loading signature
    2021-11-15 06:09:41 PM: avd still loading signature
    2021-11-15 06:09:43 PM: avd still loading signature
    2021-11-15 06:09:45 PM: avd still loading signature
    2021-11-15 06:13:48 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 06:13:48 PM: applying incremental update update
    2021-11-15 06:13:48 PM: updating /sdisk/savi/engine signatures
    2021-11-15 06:13:48 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 06:13:49 PM: avd still loading signature
    2021-11-15 06:13:52 PM: avd still loading signature
    2021-11-15 06:13:55 PM: avd still loading signature
    2021-11-15 06:13:57 PM: avd still loading signature
    2021-11-15 06:13:59 PM: avd still loading signature
    2021-11-15 06:14:02 PM: avd still loading signature
    2021-11-15 06:14:04 PM: avd still loading signature
    2021-11-15 06:14:07 PM: avd still loading signature
    2021-11-15 06:14:09 PM: avd still loading signature
    2021-11-15 06:14:12 PM: avd still loading signature
    2021-11-15 06:14:14 PM: avd still loading signature
    2021-11-15 06:14:16 PM: avd still loading signature
    2021-11-15 06:14:18 PM: avd still loading signature
    2021-11-15 06:14:21 PM: avd still loading signature
    2021-11-15 06:14:23 PM: avd still loading signature
    2021-11-15 06:14:26 PM: avd still loading signature
    2021-11-15 06:14:28 PM: avd still loading signature
    2021-11-15 06:14:32 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 06:15:33 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 06:15:35 PM:Applying incremental update for avira
    2021-11-15 06:15:38 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 06:19:34 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 06:19:36 PM:Applying incremental update for avira
    2021-11-15 06:19:40 PM: avd still loading signature
    2021-11-15 06:19:42 PM: avd still loading signature
    2021-11-15 06:19:44 PM: avd still loading signature
    2021-11-15 06:19:46 PM: avd still loading signature
    2021-11-15 06:19:49 PM: avd still loading signature
    2021-11-15 06:19:51 PM: avd still loading signature
    2021-11-15 06:19:53 PM: avd still loading signature
    2021-11-15 06:19:55 PM: avd still loading signature
    2021-11-15 06:19:57 PM: avd still loading signature
    2021-11-15 06:20:00 PM: avd still loading signature
    2021-11-15 06:20:02 PM: avd still loading signature
    2021-11-15 06:20:04 PM: avd still loading signature
    2021-11-15 06:20:07 PM: avd still loading signature
    2021-11-15 06:20:09 PM: avd still loading signature
    2021-11-15 06:20:11 PM: avd still loading signature
    2021-11-15 06:20:13 PM: avd still loading signature
    2021-11-15 06:20:15 PM: avd still loading signature
    2021-11-15 06:20:18 PM: avd still loading signature
    2021-11-15 06:20:20 PM: avd still loading signature
    2021-11-15 06:20:22 PM: avd still loading signature
    2021-11-15 06:20:24 PM: avd still loading signature
    2021-11-15 06:20:27 PM: avd still loading signature
    2021-11-15 06:20:29 PM: avd still loading signature
    2021-11-15 06:20:31 PM: avd still loading signature
    2021-11-15 06:20:34 PM: avd still loading signature
    2021-11-15 06:20:36 PM: avd still loading signature
    2021-11-15 06:20:38 PM: avd still loading signature
    2021-11-15 06:20:40 PM: avd still loading signature
    2021-11-15 06:20:42 PM: avd still loading signature
    2021-11-15 06:20:45 PM: New avira4 inc udate successfully done
    2021-11-15 06:20:49 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 06:20:49 PM: applying incremental update update
    2021-11-15 06:20:49 PM: updating /sdisk/savi/engine signatures
    2021-11-15 06:20:49 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 06:20:50 PM: avd still loading signature
    2021-11-15 06:20:52 PM: New savi incremental update Failed
    2021-11-15 08:32:31 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 08:32:31 PM: applying incremental update update
    2021-11-15 08:32:31 PM: updating /sdisk/savi/engine signatures
    2021-11-15 08:32:31 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 08:32:31 PM: avd still loading signature
    2021-11-15 08:32:34 PM: New savi incremental update Failed
    2021-11-15 09:16:34 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 09:16:34 PM: applying incremental update update
    2021-11-15 09:16:34 PM: updating /sdisk/savi/engine signatures
    2021-11-15 09:16:34 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 09:16:34 PM: avd still loading signature
    2021-11-15 09:16:36 PM: New savi incremental update Failed
    2021-11-16 01:11:29 AM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-16 01:11:29 AM: applying incremental update update
    2021-11-16 01:11:29 AM: updating /sdisk/savi/engine signatures
    2021-11-16 01:11:29 AM: updating /sdisk/savi/vdl signatures
    2021-11-16 01:11:29 AM: avd still loading signature
    2021-11-16 01:11:31 AM: New savi incremental update Failed
    2021-11-16 05:11:29 AM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-16 05:11:29 AM: applying incremental update update
    2021-11-16 05:11:29 AM: updating /sdisk/savi/engine signatures
    2021-11-16 05:11:29 AM: updating /sdisk/savi/vdl signatures
    2021-11-16 05:11:29 AM: avd still loading signature
    2021-11-16 05:11:31 AM: New savi incremental update Failed
    2021-11-16 09:11:32 AM: Got the lock for updating avira (avira_417950-417970.tar.gz)
    2021-11-16 09:11:33 AM:Applying incremental update for avira
    2021-11-16 09:11:37 AM: avd still loading signature
    2021-11-16 09:11:39 AM: avd still loading signature
    2021-11-16 09:11:41 AM: avd still loading signature
    2021-11-16 09:11:43 AM: avd still loading signature
    2021-11-16 09:11:45 AM: avd still loading signature
    2021-11-16 09:11:48 AM: avd still loading signature
    2021-11-16 09:11:50 AM: avd still loading signature
    2021-11-16 09:11:52 AM: avd still loading signature
    2021-11-16 09:11:54 AM: avd still loading signature
    2021-11-16 09:11:56 AM: avd still loading signature
    2021-11-16 09:11:58 AM: avd still loading signature
    2021-11-16 09:12:00 AM: avd still loading signature
    2021-11-16 09:12:02 AM: avd still loading signature
    2021-11-16 09:12:04 AM: avd still loading signature
    2021-11-16 09:12:06 AM: avd still loading signature
    2021-11-16 09:12:08 AM: avd still loading signature
    2021-11-16 09:12:11 AM: New avira4 inc udate successfully done
    2021-11-16 09:12:14 AM: Got the lock for updating savi (savi_17262-17282.tar.gz)
    2021-11-16 09:12:14 AM: applying incremental update update
    2021-11-16 09:12:14 AM: updating /sdisk/savi/engine signatures
    2021-11-16 09:12:14 AM: updating /sdisk/savi/vdl signatures
    2021-11-16 09:12:14 AM: avd still loading signature
    2021-11-16 09:12:16 AM: New savi incremental update Failed
    2021-11-16 01:15:38 PM: Got the lock for updating savi (savi_17282.tar.gz)
    2021-11-16 01:15:52 PM:Installing Full sophos update
    2021-11-16 01:15:52 PM: avd still loading signature
    2021-11-16 01:15:54 PM: avd still loading signature
    2021-11-16 01:15:56 PM: avd still loading signature
    2021-11-16 01:15:58 PM: avd still loading signature
    2021-11-16 01:16:00 PM: avd still loading signature
    2021-11-16 01:16:02 PM: avd still loading signature
    2021-11-16 01:16:04 PM: avd still loading signature
    2021-11-16 01:16:06 PM: avd still loading signature
    2021-11-16 01:16:09 PM: avd still loading signature
    2021-11-16 01:16:11 PM: avd still loading signature
    2021-11-16 01:16:13 PM: avd still loading signature
    2021-11-16 01:16:15 PM: New savi full update successfully done
    2021-11-16 05:11:32 PM: Got the lock for updating avira (avira_417953-417973.tar.gz)
    2021-11-16 05:11:33 PM:Applying incremental update for avira
    2021-11-16 05:11:36 PM: avd still loading signature
    2021-11-16 05:11:38 PM: avd still loading signature
    2021-11-16 05:11:40 PM: avd still loading signature
    2021-11-16 05:11:42 PM: avd still loading signature
    2021-11-16 05:11:44 PM: avd still loading signature
    2021-11-16 05:11:46 PM: avd still loading signature
    2021-11-16 05:11:48 PM: avd still loading signature
    2021-11-16 05:11:51 PM: avd still loading signature
    2021-11-16 05:11:53 PM: avd still loading signature
    2021-11-16 05:11:55 PM: avd still loading signature
    2021-11-16 05:11:57 PM: avd still loading signature
    2021-11-16 05:11:59 PM: avd still loading signature
    2021-11-16 05:12:01 PM: avd still loading signature
    2021-11-16 05:12:03 PM: avd still loading signature
    2021-11-16 05:12:05 PM: New avira4 inc udate successfully done
    
    

  • Hi, so is there still any problem? The av update logs were showing errors that seem to have been resolved. did you do something?

  • I followed the link and ran this:

    Sophos AV update failed - broken all web access when malware enabled - This keeps happening

    "mv /content/u2d/pattern /content/u2d/pattern.org
    This will rename the pattern file to pattern.org.
    Now update the pattern files with the GUI using System > Administration > Updates.
    Give the firewall some time to succeed the update process."

    From the thread.

    It worked for me last time without break XG.

    then I reactivated the virus protection and tested it. Emails and websites could be opened normally again.

  • thanks for the feedback. Good, you could solve it without Sophos Support!

  • Same issue just happened to me after a power failure.  Updating the pattern files then restarting the AV service resolved issue.

    André