After Update to 9.410-6 I get core dumps of cssd

Hi Bob, I didn't have any problems with updates while running avira AV either. I use avira at parameter due to better detection rates and I had just converted my lab back to UTM9 from XG, so I wasn't brave enough to try sophos AV. However this brings up a bigger problem with UTM9 in general and Sophos in particular. The last few updates have been pretty bad consistently. I always try to stay a version or two behind and let other people be the guinea pigs but when they have CVE vulnerability patches, I usually update pretty quickly.

9.409 update was botched and they had to issue an update and now 9.410 is not only broken, but is effectively rendering their sandstorm protection useless. Similar thing happened to XG over the holidays and an IPS pattern update broke ALL categorization for everyone https://community.sophos.com/kb/en-us/125754 and took almost 3 days to issue an update. 

I remember back in astaro days, we had ONE bad rollout and everyone including top management came and apologized in open astaro forum and promised that was not going to happen again. However, sophos seems to be taking their resellers and users base for granted and keep dropping updates without any QA. You would think that as a leader in magic quadrant they would be more worried about the image and reputation of their flagship products, but their track record is seriously indicating otherwise.

Hello,

the problem is not while the update and it deosn't matter which av runs while the update. The Problem is, that after the update cssd crashes all the time while scanning emails and then avira av fills up tmp if avira is used in any policy.

ep-cssd-9.40-27.gf72484e.rb3.i686.rpm is buggy and crashes all time !!!!!

Sorry for my bad english, if you didn't understand.

Regards, Manfred

Hi, Manfred, and welcome to the UTM Community!

Thanks for your clear explanation of the problem.

Cheers - Bob

Hello Bob,

more clear: not all emails are affected, some special emails let the cssd crash. In my case for example, alert emails from customer Veeam Backup systems (HTTP Format without attachments) let my Sophos UTM cssd crash. And because the customer Sophos UTM tries to send these emails again and again, my cssd crashes every 3 minutes. And, all other areas using cssd too (Web Protection, Web Server Protection), stop working and reset user sessions while cssd is crashing.

I can't understand, why Sophos do not withdraw this update. And i hope, a cssd fix is coming soon. I can not imagine, that Sophos do not have a lot of support cases about this problem. 5 days now and no solution from Sophos :-(

Regards, Manfred

Sophos, please revoke the current firmware update, several of our customers are experiencing this issue. We have to emtpy the temp folders from time to time at their environments, it is unacceptable.

BR,

Hello Ferenc,

thank you for your support to challenge Sophos.

There is a beta bugfix now (cssd and smtpd will be updated manuelly by ssh), you can get it from Sophos Support. But, as I can see, you have to dispense with sandstorm, because Sophos engine has to be disabled (single scan with avira).

> several of our customers are experiencing this issue

Me too, all updated customer systems have this problem. And I always tell my customers first to ask us, if they should install the update, but not all do. :( Updating by webui is to easy, had a nice last week :(

Regards, Manfred

Hello,

NUTM-6747 inside of Up2Date 9.411003 package fixed the problem on our systems.

Regards, Manfred

PS: You should check /tmp or you should reboot the UTM before installing the update, if Up2Date 9.410006 package was installed before.

This was happening to me as well, went in through putty and cleared out that /tmp folder and was able to run the update with auisys.plx and now on 9.411-3. Sounds like this latest version cures the issue