We are getting thousands of alerts from our Sophos XG at the moment, and with the below error alert ID and message:
Any possible causes of this?
Alert ID: 8001
Message:Malware 'Unscannable' was detected and blocked in a download from tbt.unifi-controller.prc.com
Same Problem, today. Maybe Antivirus Database Update are corrupted.
Thanks for sharing! Any resolutions or fixes you guys had so far?
There was an issue with a XG AV pattern update.
A new AV pattern was been released to resolve this. Your device should update to the new pattern automatically, but you can also force it from the UI.
Thank you! Can you share some source link Sophos informing an AV Pattern has been released to resolve this issue?
I found some way. I send to here for discussion to fixitReason: malware enabled on my FW rule to handle endpoints, using the sophos engine. Sometimes the sophos AV pattern update fails. When this happens, it breaks access to the web. if turn it off it fixes
Some way I find on Internet, I send here to disscuss
Note: I do nothing any of the methods below
tail -f -n200 /var/tslog/up2date_av.log
# Solution 1Try to stop and restart AV service?
# Solution 21. "mv /content/u2d/pattern /content/u2d/pattern.org. This will rename the pattern file to pattern.org.2. Now update the pattern files with the GUI using System > Administration > Updates.
# Solution 31. change the malware engine from sophos to Avira - in the GUI under System Service --> Malware ProtectionThat should temporarily fix the problem.2. Just run the command mv /content/u2d/pattern /content/u2d/pattern.old3. click update the patterns in the GUI again, that pattern file should be recreated.4. don't forget to change back to using the sophos malware engine.
# Soution 4re-image the device and restore from backup
Thanks Long Nguyen3 - so you only stop and start the AV Service?
Pls check log file: tail -f -n200 /var/tslog/up2date_av.log, if Av update fail, the first way doest fixit
Sophos XGS 2100 @ Home | Sophos v19 Architect
Thank you so much!!