This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question: is it possible that since 09.02.2022 8:00 no pattern / Antivir updates work anymore?

In my log of the UTM the following can be found

2022:02:09-01:00:08 home audld[10394]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="avira4"
2022:02:09-01:00:09 home auisys[10543]: no HA system or cluster node
2022:02:09-01:00:09 home auisys[10543]: waiting for db_verify to return (30 seconds max)
2022:02:09-01:00:11 home auisys[10543]: not cleaning /var/up2date/sys-install in --nosys mode
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/appctrl43-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/aptp-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/avira4-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/aws-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/cadata-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/clvbrowser-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/geoip-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/geoipxtipv6-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/ipsbundle2-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/man9-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/ohelp9-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/sasi-install'
2022:02:09-01:00:11 home auisys[10543]: removing '/var/up2date/savi-install'
2022:02:09-01:00:11 home auisys[10543]: Starting Up2Date Package Installer
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <man9> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <aws> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <clvbrowser> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <appctrl43> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <ohelp9> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <geoipxtipv6> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <aptp> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <cadata> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <geoip> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <ipsbundle2> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <sasi> found, skipping
2022:02:09-01:00:11 home auisys[10543]: No suitable packages of type <savi> found, skipping
2022:02:09-01:00:11 home auisys[10543]: Install u2d packages <avira4>
2022:02:09-01:00:11 home auisys[10543]: Starting installing up2date packages for type 'avira4'
2022:02:09-01:00:11 home auisys[10543]: Installing up2date package: /var/up2date/avira4/u2d-avira4-9.19140-19141.patch.tgz.gpg
2022:02:09-01:00:11 home auisys[10543]: Verifying up2date package signature
2022:02:09-01:00:11 home auisys[10543]: Unpacking installation instructions
2022:02:09-01:00:11 home auisys[10543]: parsing installation instructions
2022:02:09-01:00:11 home auisys[10543]: This is a patch. Setting required_version to 9.19140
2022:02:09-01:00:11 home auisys[10543]: Unpacking up2date package container
2022:02:09-01:00:11 home auisys[10543]: Running pre-installation checks
2022:02:09-01:00:12 home auisys[10543]: Starting up2date package installation
2022:02:09-01:00:55 home auisys[10543]: Still waiting for process 'sync' (pid=10663, timeout 8388607 seconds, 8388577 remaining)
2022:02:09-01:01:21 home auisys[10543]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.19141" package="avira4"
2022:02:09-01:01:21 home auisys[10543]: [INFO-306] New Pattern Up2Dates installed
2022:02:09-01:01:22 home auisys[10543]: Up2Date Package Installer finished, exiting
2022:02:09-01:01:22 home auisys[10543]: id="3716" severity="info" sys="system" sub="up2date" name="



Since 09.02.2022 approx. 8:00 o'clock there are no more new pattern updates or virus patterns. Is this a local problem for us or do others have the same proble
2022:02:09-08:30:02 home audld[21719]: no HA system or cluster node
2022:02:09-08:30:03 home audld[21719]: patch up2date possible
2022:02:09-08:30:03 home audld[21719]: Starting Secured Up2Date Package Downloader
2022:02:09-08:30:05 home audld[21719]: Secured Up2date Authentication
2022:02:09-08:30:07 home audld[21719]: id="3701" severity="info" sys="system" sub="up2date" name="Authenticationm?


Regards George


This thread was automatically locked due to age.
  • I can confirm the problem is not just with you.  My last successful up2date was 2022:02:09-02:20:01.  Since that time my logs look like yours.

  • What pattern are you showing on your UTM? Mine are showing still updating as normal.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Currently showing pattern version 206808

    UTM - 9.709

  • That's what I have, but I don't see the same errors in my log as what is above.  Might be some other issue, like a Master/Slave problem?  Do you both have this set up?  You might have to delete the Up2Date files (SSH in) and let it re-download the files.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Home user here with no Master/Slave.  I did a reboot of the FW but no change.  I'm not a Linux guy but if you can give me the path to the Up2Date files I could delete them and see what happens.

    It's interesting that we still have the same patter version.  I don't see errors in my log just a repeating series of entries like this with no updates processed.

    2022:02:10-12:45:01 pandorica audld[8396]: no HA system or cluster node
    2022:02:10-12:45:02 pandorica audld[8396]: patch up2date possible
    2022:02:10-12:45:02 pandorica audld[8396]: Starting Secured Up2Date Package Downloader
    2022:02:10-12:45:02 pandorica audld[8396]: Secured Up2date Authentication
    2022:02:10-12:45:02 pandorica audld[8396]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"

    Update:

    I just saw my logs indicate an update of "avira64" and "savi" was successful.  My pattern version did not change but it looks like Up2Date is functioning.

    UTM - 9.709

  • Yeah, that is a normal Up2Date notice when there are no pattern updates to apply.  The savi updates will have versions of their own and won't necessarily reflect any Up2Date pattern number change.

    Mine updated 10 minutes ago, so the services are updating as they should be.

    2022:02:10-12:39:05 amodin auisys[22761]: Starting installing up2date packages for type 'savi'
    2022:02:10-12:39:05 amodin auisys[22761]: Installing up2date package: /var/up2date/savi/u2d-savi-9.18013-18033.patch.tgz.gpg
    2022:02:10-12:39:27 amodin auisys[22761]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.18033" package="savi"

    EDIT:  As an FYI, I went back and looked at my Up2Date logs and found identical entries as the original post.  It appears to be a normal update pattern in the logs.  I don't use the Avira scan engine set in UTM, I use the Sophos one.  There might just be a delay in the pattern update.  I had one an hour before this post, and right before my savi update.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hello again. I should have been more precise about this.

    The Sophos installation is a virtual single server. The firmware version is 9.709-3 and the pattern is on 206806.

    Since 09.02.2020 8am no run no virus pattern for both the Avira Engie and the Sophos engine ran in.


    In the log it looks more normal when the update service is working correctly, even if there are no patterns available.

    up2date log

    2022:02:10-19:40:09 home auisys[30385]: Starting Up2Date Package Installer
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <man9> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <aws> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <clvbrowser> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <avira4> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <appctrl43> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <ohelp9> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <geoipxtipv6> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <aptp> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <cadata> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <geoip> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <ipsbundle2> found, skipping
    2022:02:10-19:40:09 home auisys[30385]: No suitable packages of type <sasi> found, skipping


    The situation was until about 18:00 in the evening:

    up2date log

    2022:02:10-16:10:02 home audld[2943]: Starting Secured Up2Date Package Downloader
    2022:02:10-16:10:04 home audld[2943]: Secured Up2date Authentication
    2022:02:10-16:10:06 home audld[2943]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:02:10-16:25:01 home audld[4895]: no HA system or cluster node
    2022:02:10-16:25:02 home audld[4895]: patch up2date possible


    The situation was until about 18:00 in the evening: 

    Firewall send Mail:

    New Pattern Up2Dates have been installed. The current pattern version
    is now 9.544.
            
    --
    System Uptime      : 0 days 6 hours 32 minutes
    System Load        : 0.68
    System Version     : Sophos UTM 9.709-3

    Please refer to the manual for detailed instructions.

    up2date log
    2022:02:10-18:40:02 home audld[21863]: no HA system or cluster node
    2022:02:10-18:40:04 home audld[21863]: patch up2date possible
    2022:02:10-18:40:04 home audld[21863]: Starting Secured Up2Date Package Downloader
    2022:02:10-18:40:07 home audld[21863]: Secured Up2date Authentication
    2022:02:10-18:40:09 home audld[21863]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
    2022:02:10-18:40:11 home audld[21863]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="ipsbundle2"
    2022:02:10-18:40:12 home auisys[21966]: no HA system or cluster node
    2022:02:10-18:40:12 home auisys[21966]: waiting for db_verify to return (30 seconds max)
    2022:02:10-18:40:14 home auisys[21966]: not cleaning /var/up2date/sys-install in --nosys mode
    2022:02:10-18:40:14 home auisys[21966]: removing '/var/up2date/appctrl43-install'
    2022:02:10-18:40:14 home auisys[21966]: removing '/var/up2date/aptp-install'
    2022:02:10-18:40:14 home auisys[21966]: removing '/var/up2date/avira4-install'
    2022:02:10-18:40:14 home auisys[21966]: removing '/var/up2date/aws-install'
    2022:02:10-18:40:14 home auisys[21966]: removing '/var/up2date/cadata-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/clvbrowser-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/geoip-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/geoipxtipv6-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/ipsbundle2-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/man9-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/ohelp9-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/sasi-install'
    2022:02:10-18:40:15 home auisys[21966]: removing '/var/up2date/savi-install'
    2022:02:10-18:40:15 home auisys[21966]: Starting Up2Date Package Installer
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <man9> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <aws> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <clvbrowser> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <avira4> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <appctrl43> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <ohelp9> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <geoipxtipv6> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <aptp> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <cadata> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <geoip> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <sasi> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: No suitable packages of type <savi> found, skipping
    2022:02:10-18:40:15 home auisys[21966]: Install u2d packages <ipsbundle2>
    2022:02:10-18:40:15 home auisys[21966]: Starting installing up2date packages for type 'ipsbundle2'
    2022:02:10-18:40:15 home auisys[21966]: Installing up2date package: /var/up2date/ipsbundle2/u2d-ipsbundle2-9.544.tgz.gpg
    2022:02:10-18:40:15 home auisys[21966]: Verifying up2date package signature
    2022:02:10-18:40:16 home auisys[21966]: Unpacking installation instructions
    2022:02:10-18:40:16 home auisys[21966]: parsing installation instructions
    2022:02:10-18:40:16 home auisys[21966]: Unpacking up2date package container
    2022:02:10-18:40:16 home auisys[21966]: Running pre-installation checks
    2022:02:10-18:40:17 home auisys[21966]: Starting up2date package installation
    2022:02:10-18:40:41 home auisys[21966]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.544" package="ipsbundle2"
    2022:02:10-18:40:41 home auisys[21966]: [INFO-306] New Pattern Up2Dates installed

    I will continue to keep an eye on the Up2date and report if there is a change

    Best regards

    George


  • So as I edited my post, I indicated this appeared normal and have seen this in Up2Date.

    You should check the logs specific for 'savi' and see when that was last updated in your Up2Date log for today.  The number won't necessarily change when there is an AV update.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • the pattern version displayed on the admin page does not tell you if the pattern is up to date. If e.g. IPS is switched off in a UTM, there is no update for exactly these functions. The pattern version will have a different status than that of a firewall with IPS enabled.  The question about the pattern version is therefore irrelevant if there is no information about which mechanisms are used in the firewall. By the way, the pattern version is also independent of the firmware, unless the update RPM check shows that there is a firmware version that has no RPM support for the corresponding firmware.

    Again to my question from the beginning: Is there a problem with the pattern download, Sophos provides pattern for virus, IPS /IDS still. - Yes, there was a problem with Sophos not delivering patterns at a certain point in time.

    At customers of ours and in our Sophos were from a certain point this week no patterns loaded and but yesterday around 8.00 in the evening were provided by Sophos again patterns.

  • Hello - Just curious if anybody found any additional information on this issue.  I'm still showing pattern version 206808 on all UTM even though the logs show successful package installs.  The pattern version remains the same running versions 9.707 and 9.709.