Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AntiSpam Service died-v19

Hi

After Upgrade Sophos SW-19MR-1, the AntiSpam Service died and I Can't Start Service.

ApplianceCertificate was also regenerated, but it didn't work.

Please, guide me

Tanks



This thread was automatically locked due to age.
Parents
  • My Antispam service won't start since upgrading to version 19, I'm still currently using pfSense and was test driving the virtual Sophos XG 8 months ago but couldn't get its SSL decrypt to work with a Microsoft Windows CA, I recently powered up the XG again and managed to get CA/Decrypt stuff working and also upgraded to v19, but now the antispam service won't start, I wanted test this feature as pfSense's IP blocking (pfBlockerNG) isn't successfully blocking spam email (Local Microsoft Exchange... I'm old skool) as well as I'd like, as I get between 5 to 50 spam messages a day, this might have been the Sophos XG Firewall's time to shine, anyway I'm running the XG on Hyper-V and "grep flags -m1 /proc/cpuinfo" shows ssse3 as available so I have no Idea why services won't start, does anyone have any ideas or is this (still) a known bug? 

      

  • My recent experience with the anti spam engine indicates on my machine at least it is a memory issue. Anti spam uses about 15% or more at startup and my machine runs with a lot of memory used at startup until all the various functions have settled down then the anti spam will start automatically. The delay is about 5 minutes when the memory use has dropped to 70% then goes over 80% when anti spam starts.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  •  I changed the memory from 4GB to the max of 6GB of the home lab version, and no joy the service still won't start. The Control Center says memory usage is only at 46%. Thanks for the suggestion none the less.

  • Lloyd, can you please enable support access and provide an access ID?

  • If you can open a support access tunnel, our engineering team would like to look at your device to see how we can help. 

Reply Children
  • After identifying the root cause of this issue we're working on a fix for it.

    Here are the steps to start the antispam service when there are "... database length < sizeof( ..." entries in the SASI log:

    • stop the SASI sevice:

    service antispam:stop -ds nosync
    • delete the anti-spam DB files:

    rm /sdisk/sasi/*
    • start SASI from the CLI:

    /bin/sasi -c /cfs/sasi/sasidaemon.conf
    • wait until you see this in the console output:
      • "... Signatures don't exist, fetching new signatures.."
      • "... Lased started on port : 25315"
    • stop the SASI process by pressing CTRL+C
    • start the SASI service:

    service antispam:start -ds nosync

    • check the SASI log to see if SASI started, again look for this entry: "... Lased started on port : 25315":

    tail /log/sasi.log

    • you shouldn't see "... database length < sizeof( ..."log entries anymore.

  • Hi Janos, can you help me out on resolving?

    All was fine until I upgraded from 19.0.0 GA-Build317 to 19.0.1 MR-1-Build365.

    I am on proxmox 7.2-7 and tried to figure out whether it has to do with the upgrade, the configuration or the latest firmware.

    1. created a new vm
    2. installed 19.0.1 MR-1-Build365
    3. used a new XG Home license
    4. all is well with anti spam
    5. restored latest backup from my other non-functioning install
    6. anti spam does not start
    7. Your commands to resolve result in same as for the upgraded system. Eg not able to fetch the signature.

    So it looks like the backup is not upwards compatible with the latest firmware AND the configuration is not adapted to support the new firmware during upgrade.

    Hope you can help me out.

  • Hi Paul,

    apparently, SASI cannot reach sasi.sophosupd.com to check/fetch database updates.

    Can that domain name be resolved from the command line of the SFOS system?

    What do you get when running:

    curl sasi.sophosupd.com/.../asdb.antispam

  • Hi Janos, thank you for this fast response. The result is:

    The same I receive when opening it in a browser.

  • Paul, can you please send me a private message with the values of the ENABLE_PRECOMPILED_SIGS and HMAC_TOKEN options in the SASI config file (/cfs/sasi/sasidaemon.conf)?

  • Hi Janos, you should have received the requested info per private message.

  • I ended up by adding a line to the config file of the Proxmox VM in /etc/pve/qemu-server/. Just add next line and reboot  Sophos XG

    args: -cpu qemu64,+ssse3