"Malware 'Unscannable' was detected and blocked in a download from ocsp.digicert.com"

Hello and have a nice day

we had a short power failure yesterday and since then I have this error message in the event log every second:

messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from ocsp.digicert.com" log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" fw_rule_id="16" user="" web_policy_id="0" policy_name="" virus="Unscannable" url="http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAxq6XzO1ZmDhpCgCp6lMhQ%3D" domain="ocsp.digicert.com" src_ip="192.168.100.35" src_country="R1" dst_ip="93.184.220.29" dst_country="GBR" protocol="TCP" src_port="50781" dst_port="80" bytes_sent="279" bytes_received="799" user_agent="Microsoft-CryptoAPI/10.0" status_code="500" 
messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from crl4.digicert.com" log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" fw_rule_id="16" user="" web_policy_id="0" policy_name="" virus="Unscannable" url="http://crl4.digicert.com/DigiCertGlobalRootG2.crl" domain="crl4.digicert.com" src_ip="192.168.100.35" src_country="R1" dst_ip="93.184.220.29" dst_country="GBR" protocol="TCP" src_port="50429" dst_port="80" bytes_sent="181" bytes_received="1147" user_agent="Microsoft-CryptoAPI/10.0" status_code="500" 
messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from crl3.digicert.com" log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" fw_rule_id="16" user="" web_policy_id="16" policy_name="" virus="Unscannable" url="http://crl3.digicert.com/DigiCertGlobalRootG2.crl" domain="crl3.digicert.com" src_ip="192.168.100.35" src_country="R1" dst_ip="93.184.220.29" dst_country="GBR" protocol="TCP" src_port="49770" dst_port="80" bytes_sent="181" bytes_received="1147" user_agent="Microsoft-CryptoAPI/10.0" status_code="500" 

Also, incoming mails are no longer scanned for viruses and spam protection does not work anymore.

For the time being I have set the protection on scan failure to 'Allow' and also had to deactivate the caching, so that I don't get any more error messages for the time being.

With best regards



Added TAGs
[edited by: emmosophos at 10:50 PM (GMT -8) on 22 Nov 2021]
Parents
  • Hello and thank you for your help!

    This is the u2d.log:

    XG106w_XN01_SFOS 18.5.1 MR-1-Build326# tail -f -n200 /var/tslog/u2d.log
    DEBUG     Nov 16 17:01:33 [12332]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:01:33 [12332]: --productcode = CN
    DEBUG     Nov 16 17:01:33 [12332]: --model = XG106w
    DEBUG     Nov 16 17:01:33 [12332]: --vendor = XN01
    DEBUG     Nov 16 17:01:33 [12332]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:01:33 [12332]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:01:33 [12332]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:01:33 [12332]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:01:33 [12332]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:01:33 [12332]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=&pkg_sysupdate_version=2&u2d_proto=2.00
    DEBUG     Nov 16 17:01:46 [12332]: Response code : 503
    DEBUG     Nov 16 17:01:46 [12332]: Response body :
    <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
     <head>
      <title>503 Service Unavailable</title>
     </head>
     <body>
      <h1>503 Service Unavailable</h1>
     </body>
    </html>
    
    DEBUG     Nov 16 17:01:46 [12332]: Response length : 361
    ERROR     Nov 16 17:01:46 [12332]: Received invalid top level tag html, expecting Up2Date
    ERROR     Nov 16 17:01:46 [12332]: FATAL : Error in parsing response, exiting.
    DEBUG     Nov 16 17:10:23 [15880]: --serial = SERIALKEY
    DEBUG     Nov 16 17:10:23 [15880]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:10:23 [15880]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:10:23 [15880]: --productcode = CN
    DEBUG     Nov 16 17:10:23 [15880]: --model = XG106w
    DEBUG     Nov 16 17:10:23 [15880]: --vendor = XN01
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ips_version = 18.18.70
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ips_cv = 18.0
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_atp_version = 1.0.0387
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_atp_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_savi_version = 1.0.17282
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_savi_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_avira_version = 1.0.417970
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_avira_cv = 4.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_apfw_version = 11.0.016
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_apfw_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_sslvpn_version = 1.0.009
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_sslvpn_cv = 1.02
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ipsec_version = 2.1.001
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_ipsec_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_geoip_version = 2.0.007
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_geoip_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_clientauth_version = 1.0.0019
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_clientauth_cv = 2.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_redfw_version = 3.0.007
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_redfw_cv = 2.00
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_odt_version = 1.0.001
    DEBUG     Nov 16 17:10:23 [15880]: --pkg_odt_cv = 1.00
    DEBUG     Nov 16 17:10:23 [15880]: --oem = Sophos
    DEBUG     Nov 16 17:10:23 [15880]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:10:23 [15880]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:10:23 [15880]: --port = 443
    DEBUG     Nov 16 17:10:23 [15880]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:10:23 [15880]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:10:23 [15880]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_ips_version=18.18.70&pkg_ips_cv=18.0&pkg_atp_version=1.0.0387&pkg_atp_cv=1.00&pkg_savi_version=1.0.17282&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.417970&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.007&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0019&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.016&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.007&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.1.001&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.001&pkg_odt_cv=1.00&u2d_proto=2.00
    DEBUG     Nov 16 17:10:24 [15880]: Response code : 200
    DEBUG     Nov 16 17:10:24 [15880]: Response body :
    <Up2Date>
      <Package u2dtype="pattern">
        <File name="avira_4.00_1.0.417973_fdiff20.tar.gz.gpg">
          <location>https://d30ncyzaneb4q0.cloudfront.net/avira_4.00_1.0.417973_fdiff20.tar.gz.gpg</location>
          <version>1.0.417973</version>
          <size>9477413</size>
          <md5sum>a89e8633bf992bb95325953696787edb</md5sum>
          <module>avira</module>
          <cv>4.00</cv>
          <type>fdiff20</type>
        </File>
      </Package>
    </Up2Date>
    
    DEBUG     Nov 16 17:10:24 [15880]: Response length : 436
    DEBUG     Nov 16 17:10:24 [15880]: Received name : avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    DEBUG     Nov 16 17:10:24 [15880]: Received location : https://d30ncyzaneb4q0.cloudfront.net/avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    DEBUG     Nov 16 17:10:24 [15880]: Received version : 1.0.417973
    DEBUG     Nov 16 17:10:24 [15880]: Received size : 9477413
    DEBUG     Nov 16 17:10:24 [15880]: Received md5sum : a89e8633bf992bb95325953696787edb
    DEBUG     Nov 16 17:10:24 [15880]: Received module : avira
    DEBUG     Nov 16 17:10:24 [15880]: Received cv : 4.00
    DEBUG     Nov 16 17:10:24 [15880]: Received type : fdiff20
    Tue Nov 16 17:10:28 2021 pt_dload_checker: Starting download for file avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    Tue Nov 16 17:11:28 2021 pt_dload_checker: Download completed for file avira_4.00_1.0.417973_fdiff20.tar.gz.gpg
    gpg: Signature made Tue Nov 16 15:09:25 2021 CET using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    Tue Nov 16 17:11:30 2021 pt_dload_checker: Download for file avira_4.00_1.0.417973_fdiff20.tar.gz.gpg passed integrity and gpg checks
    Tue Nov 16 17:11:31 2021 pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, avira_417953-417973.tar.gz,
    Tue Nov 16 17:11:31 2021 pt_dload_checker: Current avira patterns are at /content/avira_4.00/1.0.417970
    Tue Nov 16 17:11:31 2021 pt_dload_checker: New updated patterns are now at /content/avira_4.00/1.0.417973
    Tue Nov 16 17:12:05 2021 pt_dload_checker: Updated signature db for avira, version = 1.0.417973.
    Tue Nov 16 17:12:05 2021 pt_dload_checker: Deleted pattern for module avira, version = 1.0.417970 at /content/avira_4.00/1.0.417970.
    DEBUG     Nov 16 17:26:25 [22648]: --serial = SERIALKEY
    DEBUG     Nov 16 17:26:25 [22648]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:26:25 [22648]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:26:25 [22648]: --productcode = CN
    DEBUG     Nov 16 17:26:25 [22648]: --model = XG106w
    DEBUG     Nov 16 17:26:25 [22648]: --vendor = XN01
    DEBUG     Nov 16 17:26:25 [22648]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:26:25 [22648]: --oem = Sophos
    DEBUG     Nov 16 17:26:25 [22648]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:26:25 [22648]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:26:25 [22648]: --port = 443
    DEBUG     Nov 16 17:26:25 [22648]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:26:25 [22648]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:26:25 [22648]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_sysupdate_version=2&central_mgmt=1.0&u2d_proto=2.00
    DEBUG     Nov 16 17:26:25 [22648]: Response code : 200
    DEBUG     Nov 16 17:26:25 [22648]: Response body :
    <Up2Date/>
    
    DEBUG     Nov 16 17:26:25 [22648]: Response length : 11
    DEBUG     Nov 16 17:31:20 [24574]: --serial = SERIALKEY
    DEBUG     Nov 16 17:31:20 [24574]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:31:20 [24574]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:31:20 [24574]: --productcode = CN
    DEBUG     Nov 16 17:31:20 [24574]: --model = XG106w
    DEBUG     Nov 16 17:31:20 [24574]: --vendor = XN01
    DEBUG     Nov 16 17:31:20 [24574]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:31:20 [24574]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:31:20 [24574]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:31:20 [24574]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 17:31:20 [24574]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:31:20 [24574]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=&pkg_sysupdate_version=2&u2d_proto=2.00
    DEBUG     Nov 16 17:32:20 [24574]: Response code : 504
    DEBUG     Nov 16 17:32:20 [24574]: Response body :
    
    DEBUG     Nov 16 17:32:20 [24574]: Response length : 0
    ERROR     Nov 16 17:32:20 [24574]: Response not parsed successfully.
    ERROR     Nov 16 17:32:20 [24574]: FATAL : Error in parsing response, exiting.
    DEBUG     Nov 16 17:40:35 [29332]: --serial = SERIALKEY
    DEBUG     Nov 16 17:40:35 [29332]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:40:35 [29332]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:40:35 [29332]: --productcode = CN
    DEBUG     Nov 16 17:40:35 [29332]: --model = XG106w
    DEBUG     Nov 16 17:40:35 [29332]: --vendor = XN01
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ips_version = 18.18.70
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ips_cv = 18.0
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_atp_version = 1.0.0387
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_atp_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_savi_version = 1.0.17282
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_savi_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_avira_version = 1.0.417973
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_avira_cv = 4.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_apfw_version = 11.0.016
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_apfw_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_sslvpn_version = 1.0.009
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_sslvpn_cv = 1.02
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ipsec_version = 2.1.001
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_ipsec_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_geoip_version = 2.0.007
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_geoip_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_clientauth_version = 1.0.0019
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_clientauth_cv = 2.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_redfw_version = 3.0.007
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_redfw_cv = 2.00
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_odt_version = 1.0.001
    DEBUG     Nov 16 17:40:35 [29332]: --pkg_odt_cv = 1.00
    DEBUG     Nov 16 17:40:35 [29332]: --oem = Sophos
    DEBUG     Nov 16 17:40:35 [29332]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:40:35 [29332]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:40:35 [29332]: --port = 443
    DEBUG     Nov 16 17:40:35 [29332]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:40:35 [29332]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:40:35 [29332]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_ips_version=18.18.70&pkg_ips_cv=18.0&pkg_atp_version=1.0.0387&pkg_atp_cv=1.00&pkg_savi_version=1.0.17282&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.417973&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.007&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0019&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.016&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.007&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.1.001&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.001&pkg_odt_cv=1.00&u2d_proto=2.00
    DEBUG     Nov 16 17:40:36 [29332]: Response code : 200
    DEBUG     Nov 16 17:40:36 [29332]: Response body :
    <Up2Date/>
    
    DEBUG     Nov 16 17:40:36 [29332]: Response length : 11
    DEBUG     Nov 16 17:56:27 [3520]: --serial = SERIALKEY
    DEBUG     Nov 16 17:56:27 [3520]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 17:56:27 [3520]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 17:56:27 [3520]: --productcode = CN
    DEBUG     Nov 16 17:56:27 [3520]: --model = XG106w
    DEBUG     Nov 16 17:56:27 [3520]: --vendor = XN01
    DEBUG     Nov 16 17:56:27 [3520]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 17:56:27 [3520]: --oem = Sophos
    DEBUG     Nov 16 17:56:27 [3520]: --central_mgmt = 1.0
    DEBUG     Nov 16 17:56:27 [3520]: --server = u2d.sophos.com
    DEBUG     Nov 16 17:56:27 [3520]: --port = 443
    DEBUG     Nov 16 17:56:27 [3520]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     Nov 16 17:56:27 [3520]: --u2d_proto = 2.00
    DEBUG     Nov 16 17:56:27 [3520]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=Sophos&pkg_sysupdate_version=2&central_mgmt=1.0&u2d_proto=2.00
    DEBUG     Nov 16 17:56:28 [3520]: Response code : 200
    DEBUG     Nov 16 17:56:28 [3520]: Response body :
    <Up2Date/>
    
    DEBUG     Nov 16 17:56:28 [3520]: Response length : 11
    DEBUG     Nov 16 18:01:23 [5593]: --serial = SERIALKEY
    DEBUG     Nov 16 18:01:23 [5593]: --deviceid = DEVICEKEY
    DEBUG     Nov 16 18:01:23 [5593]: --fwversion = 18.5.1.326
    DEBUG     Nov 16 18:01:23 [5593]: --productcode = CN
    DEBUG     Nov 16 18:01:23 [5593]: --model = XG106w
    DEBUG     Nov 16 18:01:23 [5593]: --vendor = XN01
    DEBUG     Nov 16 18:01:23 [5593]: --pkg_sysupdate_version = 2
    DEBUG     Nov 16 18:01:23 [5593]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 18:01:23 [5593]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 18:01:23 [5593]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     Nov 16 18:01:23 [5593]: --u2d_proto = 2.00
    DEBUG     Nov 16 18:01:23 [5593]: Final query string is :
    ?&serialkey=SERIALKEY&deviceid=DEVICEKEY&fwversion=18.5.1.326&productcode=CN&appmodel=XG106w&appvendor=XN01&useragent=SF&oem=&pkg_sysupdate_version=2&u2d_proto=2.00
    DEBUG     Nov 16 18:01:23 [5593]: Response code : 503
    DEBUG     Nov 16 18:01:23 [5593]: Response body :
    <?xml version="1.0" encoding="iso-8859-1"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
     <head>
      <title>503 Service Unavailable</title>
     </head>
     <body>
      <h1>503 Service Unavailable</h1>
     </body>
    </html>
    
    DEBUG     Nov 16 18:01:23 [5593]: Response length : 361
    ERROR     Nov 16 18:01:23 [5593]: Received invalid top level tag html, expecting Up2Date
    ERROR     Nov 16 18:01:23 [5593]: FATAL : Error in parsing response, exiting.
    
    

    and the up2date_av.log:

    XG106w_XN01_SFOS 18.5.1 MR-1-Build326# tail -f -n200 /var/tslog/up2date_av.log
    2021-11-15 02:54:47 AM: New savi incremental update successfully done
    2021-11-15 06:54:29 AM: Got the lock for updating avira (avira_417958-417959.tar.gz)
    2021-11-15 06:54:29 AM:Applying incremental update for avira
    2021-11-15 06:54:32 AM: avd still loading signature
    2021-11-15 06:54:34 AM: avd still loading signature
    2021-11-15 06:54:36 AM: avd still loading signature
    2021-11-15 06:54:38 AM: avd still loading signature
    2021-11-15 06:54:40 AM: avd still loading signature
    2021-11-15 06:54:42 AM: avd still loading signature
    2021-11-15 06:54:44 AM: avd still loading signature
    2021-11-15 06:54:47 AM: avd still loading signature
    2021-11-15 06:54:49 AM: avd still loading signature
    2021-11-15 06:54:51 AM: avd still loading signature
    2021-11-15 06:54:53 AM: avd still loading signature
    2021-11-15 06:54:55 AM: avd still loading signature
    2021-11-15 06:54:57 AM: avd still loading signature
    2021-11-15 06:54:59 AM: avd still loading signature
    2021-11-15 06:55:01 AM: avd still loading signature
    2021-11-15 06:55:03 AM: avd still loading signature
    2021-11-15 06:55:06 AM: avd still loading signature
    2021-11-15 06:55:08 AM: New avira4 inc udate successfully done
    2021-11-15 10:57:02 AM: Got the lock for updating avira (avira_417942-417962.tar.gz)
    2021-11-15 10:57:02 AM:Applying incremental update for avira
    2021-11-15 10:57:06 AM: avd still loading signature
    2021-11-15 10:57:08 AM: avd still loading signature
    2021-11-15 10:57:10 AM: avd still loading signature
    2021-11-15 10:57:12 AM: avd still loading signature
    2021-11-15 10:57:15 AM: avd still loading signature
    2021-11-15 10:57:17 AM: avd still loading signature
    2021-11-15 10:57:19 AM: avd still loading signature
    2021-11-15 10:57:21 AM: avd still loading signature
    2021-11-15 10:57:23 AM: avd still loading signature
    2021-11-15 10:57:25 AM: avd still loading signature
    2021-11-15 10:57:27 AM: avd still loading signature
    2021-11-15 10:57:29 AM: avd still loading signature
    2021-11-15 10:57:31 AM: avd still loading signature
    2021-11-15 10:57:33 AM: avd still loading signature
    2021-11-15 10:57:35 AM: avd still loading signature
    2021-11-15 10:57:38 AM: avd still loading signature
    2021-11-15 10:57:40 AM: avd still loading signature
    2021-11-15 10:57:42 AM: New avira4 inc udate successfully done
    2021-11-15 02:14:34 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 02:14:36 PM:Applying incremental update for avira
    2021-11-15 02:14:39 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 02:14:55 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 02:14:55 PM: applying incremental update update
    2021-11-15 02:14:55 PM: updating /sdisk/savi/engine signatures
    2021-11-15 02:14:55 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 02:14:56 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 06:09:31 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 06:09:32 PM:Applying incremental update for avira
    2021-11-15 06:09:35 PM: avd still loading signature
    2021-11-15 06:09:37 PM: avd still loading signature
    2021-11-15 06:09:39 PM: avd still loading signature
    2021-11-15 06:09:41 PM: avd still loading signature
    2021-11-15 06:09:43 PM: avd still loading signature
    2021-11-15 06:09:45 PM: avd still loading signature
    2021-11-15 06:13:48 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 06:13:48 PM: applying incremental update update
    2021-11-15 06:13:48 PM: updating /sdisk/savi/engine signatures
    2021-11-15 06:13:48 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 06:13:49 PM: avd still loading signature
    2021-11-15 06:13:52 PM: avd still loading signature
    2021-11-15 06:13:55 PM: avd still loading signature
    2021-11-15 06:13:57 PM: avd still loading signature
    2021-11-15 06:13:59 PM: avd still loading signature
    2021-11-15 06:14:02 PM: avd still loading signature
    2021-11-15 06:14:04 PM: avd still loading signature
    2021-11-15 06:14:07 PM: avd still loading signature
    2021-11-15 06:14:09 PM: avd still loading signature
    2021-11-15 06:14:12 PM: avd still loading signature
    2021-11-15 06:14:14 PM: avd still loading signature
    2021-11-15 06:14:16 PM: avd still loading signature
    2021-11-15 06:14:18 PM: avd still loading signature
    2021-11-15 06:14:21 PM: avd still loading signature
    2021-11-15 06:14:23 PM: avd still loading signature
    2021-11-15 06:14:26 PM: avd still loading signature
    2021-11-15 06:14:28 PM: avd still loading signature
    2021-11-15 06:14:32 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 06:15:33 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 06:15:35 PM:Applying incremental update for avira
    2021-11-15 06:15:38 PM: avd got restarted due to some error, let's revert new update
    2021-11-15 06:19:34 PM: Got the lock for updating avira (avira_417945-417965.tar.gz)
    2021-11-15 06:19:36 PM:Applying incremental update for avira
    2021-11-15 06:19:40 PM: avd still loading signature
    2021-11-15 06:19:42 PM: avd still loading signature
    2021-11-15 06:19:44 PM: avd still loading signature
    2021-11-15 06:19:46 PM: avd still loading signature
    2021-11-15 06:19:49 PM: avd still loading signature
    2021-11-15 06:19:51 PM: avd still loading signature
    2021-11-15 06:19:53 PM: avd still loading signature
    2021-11-15 06:19:55 PM: avd still loading signature
    2021-11-15 06:19:57 PM: avd still loading signature
    2021-11-15 06:20:00 PM: avd still loading signature
    2021-11-15 06:20:02 PM: avd still loading signature
    2021-11-15 06:20:04 PM: avd still loading signature
    2021-11-15 06:20:07 PM: avd still loading signature
    2021-11-15 06:20:09 PM: avd still loading signature
    2021-11-15 06:20:11 PM: avd still loading signature
    2021-11-15 06:20:13 PM: avd still loading signature
    2021-11-15 06:20:15 PM: avd still loading signature
    2021-11-15 06:20:18 PM: avd still loading signature
    2021-11-15 06:20:20 PM: avd still loading signature
    2021-11-15 06:20:22 PM: avd still loading signature
    2021-11-15 06:20:24 PM: avd still loading signature
    2021-11-15 06:20:27 PM: avd still loading signature
    2021-11-15 06:20:29 PM: avd still loading signature
    2021-11-15 06:20:31 PM: avd still loading signature
    2021-11-15 06:20:34 PM: avd still loading signature
    2021-11-15 06:20:36 PM: avd still loading signature
    2021-11-15 06:20:38 PM: avd still loading signature
    2021-11-15 06:20:40 PM: avd still loading signature
    2021-11-15 06:20:42 PM: avd still loading signature
    2021-11-15 06:20:45 PM: New avira4 inc udate successfully done
    2021-11-15 06:20:49 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 06:20:49 PM: applying incremental update update
    2021-11-15 06:20:49 PM: updating /sdisk/savi/engine signatures
    2021-11-15 06:20:49 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 06:20:50 PM: avd still loading signature
    2021-11-15 06:20:52 PM: New savi incremental update Failed
    2021-11-15 08:32:31 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 08:32:31 PM: applying incremental update update
    2021-11-15 08:32:31 PM: updating /sdisk/savi/engine signatures
    2021-11-15 08:32:31 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 08:32:31 PM: avd still loading signature
    2021-11-15 08:32:34 PM: New savi incremental update Failed
    2021-11-15 09:16:34 PM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-15 09:16:34 PM: applying incremental update update
    2021-11-15 09:16:34 PM: updating /sdisk/savi/engine signatures
    2021-11-15 09:16:34 PM: updating /sdisk/savi/vdl signatures
    2021-11-15 09:16:34 PM: avd still loading signature
    2021-11-15 09:16:36 PM: New savi incremental update Failed
    2021-11-16 01:11:29 AM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-16 01:11:29 AM: applying incremental update update
    2021-11-16 01:11:29 AM: updating /sdisk/savi/engine signatures
    2021-11-16 01:11:29 AM: updating /sdisk/savi/vdl signatures
    2021-11-16 01:11:29 AM: avd still loading signature
    2021-11-16 01:11:31 AM: New savi incremental update Failed
    2021-11-16 05:11:29 AM: Got the lock for updating savi (savi_17279-17280.tar.gz)
    2021-11-16 05:11:29 AM: applying incremental update update
    2021-11-16 05:11:29 AM: updating /sdisk/savi/engine signatures
    2021-11-16 05:11:29 AM: updating /sdisk/savi/vdl signatures
    2021-11-16 05:11:29 AM: avd still loading signature
    2021-11-16 05:11:31 AM: New savi incremental update Failed
    2021-11-16 09:11:32 AM: Got the lock for updating avira (avira_417950-417970.tar.gz)
    2021-11-16 09:11:33 AM:Applying incremental update for avira
    2021-11-16 09:11:37 AM: avd still loading signature
    2021-11-16 09:11:39 AM: avd still loading signature
    2021-11-16 09:11:41 AM: avd still loading signature
    2021-11-16 09:11:43 AM: avd still loading signature
    2021-11-16 09:11:45 AM: avd still loading signature
    2021-11-16 09:11:48 AM: avd still loading signature
    2021-11-16 09:11:50 AM: avd still loading signature
    2021-11-16 09:11:52 AM: avd still loading signature
    2021-11-16 09:11:54 AM: avd still loading signature
    2021-11-16 09:11:56 AM: avd still loading signature
    2021-11-16 09:11:58 AM: avd still loading signature
    2021-11-16 09:12:00 AM: avd still loading signature
    2021-11-16 09:12:02 AM: avd still loading signature
    2021-11-16 09:12:04 AM: avd still loading signature
    2021-11-16 09:12:06 AM: avd still loading signature
    2021-11-16 09:12:08 AM: avd still loading signature
    2021-11-16 09:12:11 AM: New avira4 inc udate successfully done
    2021-11-16 09:12:14 AM: Got the lock for updating savi (savi_17262-17282.tar.gz)
    2021-11-16 09:12:14 AM: applying incremental update update
    2021-11-16 09:12:14 AM: updating /sdisk/savi/engine signatures
    2021-11-16 09:12:14 AM: updating /sdisk/savi/vdl signatures
    2021-11-16 09:12:14 AM: avd still loading signature
    2021-11-16 09:12:16 AM: New savi incremental update Failed
    2021-11-16 01:15:38 PM: Got the lock for updating savi (savi_17282.tar.gz)
    2021-11-16 01:15:52 PM:Installing Full sophos update
    2021-11-16 01:15:52 PM: avd still loading signature
    2021-11-16 01:15:54 PM: avd still loading signature
    2021-11-16 01:15:56 PM: avd still loading signature
    2021-11-16 01:15:58 PM: avd still loading signature
    2021-11-16 01:16:00 PM: avd still loading signature
    2021-11-16 01:16:02 PM: avd still loading signature
    2021-11-16 01:16:04 PM: avd still loading signature
    2021-11-16 01:16:06 PM: avd still loading signature
    2021-11-16 01:16:09 PM: avd still loading signature
    2021-11-16 01:16:11 PM: avd still loading signature
    2021-11-16 01:16:13 PM: avd still loading signature
    2021-11-16 01:16:15 PM: New savi full update successfully done
    2021-11-16 05:11:32 PM: Got the lock for updating avira (avira_417953-417973.tar.gz)
    2021-11-16 05:11:33 PM:Applying incremental update for avira
    2021-11-16 05:11:36 PM: avd still loading signature
    2021-11-16 05:11:38 PM: avd still loading signature
    2021-11-16 05:11:40 PM: avd still loading signature
    2021-11-16 05:11:42 PM: avd still loading signature
    2021-11-16 05:11:44 PM: avd still loading signature
    2021-11-16 05:11:46 PM: avd still loading signature
    2021-11-16 05:11:48 PM: avd still loading signature
    2021-11-16 05:11:51 PM: avd still loading signature
    2021-11-16 05:11:53 PM: avd still loading signature
    2021-11-16 05:11:55 PM: avd still loading signature
    2021-11-16 05:11:57 PM: avd still loading signature
    2021-11-16 05:11:59 PM: avd still loading signature
    2021-11-16 05:12:01 PM: avd still loading signature
    2021-11-16 05:12:03 PM: avd still loading signature
    2021-11-16 05:12:05 PM: New avira4 inc udate successfully done
    
    

  • Hi, so is there still any problem? The av update logs were showing errors that seem to have been resolved. did you do something?

  • I followed the link and ran this:

    Sophos AV update failed - broken all web access when malware enabled - This keeps happening

    "mv /content/u2d/pattern /content/u2d/pattern.org
    This will rename the pattern file to pattern.org.
    Now update the pattern files with the GUI using System > Administration > Updates.
    Give the firewall some time to succeed the update process."

    From the thread.

    It worked for me last time without break XG.

    then I reactivated the virus protection and tested it. Emails and websites could be opened normally again.

  • thanks for the feedback. Good, you could solve it without Sophos Support!

  • Same issue just happened to me after a power failure.  Updating the pattern files then restarting the AV service resolved issue.

    André

Reply Children
No Data