Hello
it looks to me that Up2date for Virus Patterns and IPS / IDS Pattern is out of function since something the 29.04.2020. Can someone please check the situation.
It is set up that both Firmware Up2date and Pattern Up2Date should be executed every 15 minutes. The firmware version on the UTM is: 9.711-5.
I
in the logs since 29.04.2022 there are only the following entries:
2022:05:03-09:45:01 home audld[885]: no HA system or cluster node
2022:05:03-09:45:02 home audld[885]: patch up2date possible
2022:05:03-09:45:02 home audld[885]: Starting Secured Up2Date Package Downloader
2022:05:03-09:45:04 home audld[885]: Secured Up2date Authentication
2022:05:03-09:45:07 home audld[885]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2022:05:03-10:00:02 home audld[2491]: no HA system or cluster node
2022:05:03-10:00:05 home audld[2491]: patch up2date possible
2022:05:03-10:00:05 home audld[2491]: Starting Secured Up2Date Package Downloader
2022:05:03-10:00:08 home audld[2491]: Secured Up2date Authentication
2022:05:03-10:00:10 home audld[2491]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
Before 29.04.2022 it always looked like this:
2022:04:28-00:07:02 home audld[3041]: Starting Secured Up2Date Package Downloader 2022:04:28-00:07:03 home audld[3041]: Secured Up2date Authentication 2022:04:28-00:07:05 home audld[3041]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful" 2022:04:28-00:07:06 home audld[3041]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="avira4" 2022:04:28-00:07:06 home auisys[3100]: no HA system or cluster node 2022:04:28-00:07:06 home auisys[3100]: waiting for db_verify to return (30 seconds max) 2022:04:28-00:07:08 home auisys[3100]: not cleaning /var/up2date/sys-install in --nosys mode 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/appctrl43-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/aptp-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/avira4-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/aws-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/cadata-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/clvbrowser-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/geoip-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/geoipxtipv6-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/ipsbundle2-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/man9-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/ohelp9-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/sasi-install' 2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/savi-install' 2022:04:28-00:07:08 home auisys[3100]: Starting Up2Date Package Installer 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <man9> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <aws> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <clvbrowser> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <appctrl43> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <ohelp9> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <geoipxtipv6> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <aptp> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <cadata> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <geoip> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <ipsbundle2> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <sasi> found, skipping 2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <savi> found, skipping 2022:04:28-00:07:08 home auisys[3100]: Install u2d packages <avira4> 2022:04:28-00:07:08 home auisys[3100]: Starting installing up2date packages for type 'avira4' 2022:04:28-00:07:08 home auisys[3100]: Installing up2date package: /var/up2date/avira4/u2d-avira4-9.19805-19825.patch.tgz.gpg 2022:04:28-00:07:08 home auisys[3100]: Verifying up2date package signature 2022:04:28-00:07:08 home auisys[3100]: Unpacking installation instructions 2022:04:28-00:07:08 home auisys[3100]: parsing installation instructions 2022:04:28-00:07:08 home auisys[3100]: This is a patch. Setting required_version to 9.19805 2022:04:28-00:07:08 home auisys[3100]: Unpacking up2date package container 2022:04:28-00:07:08 home auisys[3100]: Running pre-installation checks 2022:04:28-00:07:09 home auisys[3100]: Starting up2date package installation 2022:04:28-00:07:53 home auisys[3100]: Still waiting for process 'sync' (pid=3191, timeout 8388607 seconds, 8388577 remaining) 2022:04:28-00:08:20 home auisys[3100]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.19825" package="avira4" 2022:04:28-00:08:20 home auisys[3100]: [INFO-306] New Pattern Up2Dates installed 2022:04:28-00:08:21 home auisys[3100]: Up2Date Package Installer finished, exiting 2022:04:28-00:08:21 home auisys[3100]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished,
The output of the Up2date debug log:
>>> Modules::Audld::SystemAttributes::get::35()
Start fetching system attributes ...
>>> Modules::Audld::Cfg::U2d::_valid_u2d_types::141()
Selected update types: man9 aws avira4 clvbrowser appctrl43 owaspcrs ohelp9 geoipxtipv6 ipsexception aptp cadata sys geoip ipsbundle2 sasi savi
>>> Modules::Audld::Cfg::U2d::_u2d_patch_possible::209()
patch up2date possible
>>> Modules::Audld::Cfg::Proxy::_get_config::133()
>> proxy configuration: $VAR1 = {
'status' => 0
};
>>> Modules::Audld::Cfg::_read_proxy_cfg::119()
Secured up2date dumping out read_proxy_cfg...
$VAR1 = {
'status' => 0
};
....
Starting Secured Up2Date Package Downloader
>>> Modules::Audld::DNSQuery::_resolve_list::124()
DNSQuery: _resolve_list ...
$VAR1 = [
'eu1.utmu2d.sophos.com:443',
'eu2.utmu2d.sophos.com:443',
'us2.utmu2d.sophos.com:443',
'us1.utmu2d.sophos.com:443',
'sg1.utmu2d.sophos.com:443'
];
....
>>> Modules::Audld::LocalRestriction::_seek_own_country::93()
Secured Up2date Verifying Authorized Country
>>> Modules::Audld::LocalRestriction::_seek_own_country::97()
Secured up2date dumping out _seek_own_country user_agent...
$VAR1 = bless( {
'max_redirect' => 7,
'ssl_opts' => {
'verify_hostname' => 0
},
'protocols_forbidden' => undef,
'show_progress' => undef,
'handlers' => {
'response_header' => bless( [
{
'owner' => 'LWP::UserAgent::parse_head',
'callback' => sub { "DUMMY" },
'm_media_type' => 'html',
'line' => '/usr/local/ap510/site/lib/LWP/UserAgent.pm:684'
}
], 'HTTP::Config' )
},
'no_proxy' => [],
'protocols_allowed' => undef,
'local_address' => undef,
'use_eval' => 1,
'requests_redirectable' => [
'GET',
'HEAD'
],
'timeout' => 30,
'def_headers' => bless( {
'user-agent' => 'libwww-perl/6.05'
}, 'HTTP::Headers' ),
'proxy' => {},
'max_size' => undef
}, 'LWP::UserAgent' );
....
>>> Modules::Audld::LocalRestriction::_seek_own_country::146()
My official IP address: xxx.xxx.xxx.xxx (DE)
>>> Modules::Audld::LocalRestriction::get_unrestricted::76()
using the following servers: $VAR1 = [
'eu1.utmu2d.sophos.com:443',
'eu2.utmu2d.sophos.com:443',
'us2.utmu2d.sophos.com:443',
'us1.utmu2d.sophos.com:443',
'sg1.utmu2d.sophos.com:443'
];
>>> Modules::Audld::Authentication::start::63()
>>>>>> START up2date authentication
>>> Modules::Audld::Authentication::_build_request_str::115()
Auth attribs:
{
'asg' => '',
'build' => 'asg-9.603-1.1.iso',
'ccc' => '249',
'feature_accd' => 0,
'feature_afc' => 1,
'feature_agent' => 0,
'feature_av' => 1,
'feature_encrypt' => 1,
'feature_epp' => 0,
'feature_ftp' => 0,
'feature_fw' => '1',
'feature_ha' => 0,
'feature_http' => 1,
'feature_im_p2p_iptv' => '1',
'feature_ips' => 1,
'feature_mobile_control' => 0,
'feature_pop3' => 0,
'feature_ra' => 1,
'feature_red' => 1,
'feature_s2s' => 1,
'feature_smtp' => 1,
'feature_spam' => 1,
'feature_spy' => 1,
'feature_u2dcache' => 0,
'feature_waf' => 1,
'feature_wireless' => 1,
'hid' => 'xxxxxxxxxx',
'lid' => '1339007',
'luips' => '100',
'oem' => '',
'patchup2date' => 1,
'pkg_appctrl43' => '9-105',
'pkg_aptp' => '9-50687',
'pkg_avira4' => '9-19834',
'pkg_aws' => '9-333',
'pkg_cadata' => '9-758',
'pkg_clvbrowser' => '9-44',
'pkg_geoip' => '7-219',
'pkg_geoipxtipv6' => '9-210',
'pkg_ipsbundle2' => '9-639',
'pkg_ipsexception' => '9-6',
'pkg_man9' => '9-1103',
'pkg_ohelp9' => '9-1210',
'pkg_owaspcrs' => '9-18',
'pkg_sasi' => '9-213',
'pkg_savi' => '9-18255',
'pkg_sys' => '9-711005',
'product' => 'TM_GROMIT',
'uips' => 30,
'ver' => '9.711'
}
Authenticating ...
>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'eu1.utmu2d.sophos.com'
>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'eu1.utmu2d.sophos.com' (xxx.xxx.xxx.xxx) : eth1 (xxx.xxx.xxx.xxx)
>>> Modules::Audld::Authentication::_authenticate::160()
Authentication request: eu1.utmu2d.sophos.com:443/u2dauth.pl
>>> Modules::Audld::Authentication::_request::189()
Authentication _request self
$VAR1 = bless( {
'types' => {
'man9' => {
'status' => '1',
'description' => 'Manual Up2Date'
},
'aws' => {
'status' => '1',
'description' => 'Amazon Web Services information'
},
'avira4' => {
'status' => '1',
'description' => 'Virus Pattern Up2Date'
},
'clvbrowser' => {
'status' => '1',
'description' => 'HTML5 VPN Portal Software'
},
'appctrl43' => {
'status' => '1',
'description' => 'Application Control Pattern Up2Date'
},
'owaspcrs' => {
'status' => '1',
'description' => 'Web Application Firewall Core Ruleset'
},
'ohelp9' => {
'status' => '1',
'description' => 'Online Help Up2Date'
},
'geoipxtipv6' => {
'status' => '1',
'description' => 'GeoIP Database Up2Date for xtables'
},
'ipsexception' => {
'status' => '1',
'description' => 'Intrusion Protection Exceptions Up2Date'
},
'aptp' => {
'status' => '1',
'description' => 'APTP Pattern Up2Date'
},
'cadata' => {
'status' => '1',
'description' => 'CA certificates'
},
'sys' => {
'status' => '1',
'description' => 'System Up2Date'
},
'geoip' => {
'status' => '1',
'description' => 'GeoIP Database Up2Date'
},
'ipsbundle2' => {
'status' => '1',
'channel' => 'standard',
'description' => 'Intrusion Protection Pattern Up2Date'
},
'sasi' => {
'status' => '1',
'description' => 'Sophos AntiSpam Interface update token'
},
'savi' => {
'status' => '1',
'description' => 'Virus Pattern Up2Date'
}
},
'workdir' => '/var/up2date/',
'ssl_opts' => {
'verify_hostname' => 0
},
'ipv6_used' => 0,
'default_port' => '443',
'versions' => {
'cadata' => {
'revision' => '758',
'major' => '9'
},
'sys' => {
'revision' => 711005,
'major' => 9
},
'man9' => {
'revision' => '1103',
'major' => '9'
},
'aws' => {
'revision' => '333',
'major' => '9'
},
'geoip' => {
'revision' => '219',
'major' => '7'
},
'ipsbundle2' => {
'revision' => '639',
'major' => '9'
},
'clvbrowser' => {
'revision' => '44',
'major' => '9'
},
'avira4' => {
'revision' => '19834',
'major' => '9'
},
'appctrl43' => {
'revision' => '105',
'major' => '9'
},
'owaspcrs' => {
'revision' => '18',
'major' => '9'
},
'ohelp9' => {
'revision' => '1210',
'major' => '9'
},
'sasi' => {
'revision' => '213',
'major' => '9'
},
'savi' => {
'revision' => '18255',
'major' => '9'
},
'geoipxtipv6' => {
'revision' => '210',
'major' => '9'
},
'ipsexception' => {
'revision' => '6',
'major' => '9'
},
'aptp' => {
'revision' => '50687',
'major' => '9'
}
},
'timeout' => 40,
'dryrun' => '',
'features' => {
'av' => 1,
'im_p2p_iptv' => '1',
'smtp' => 1,
'ha' => 0,
'accd' => 0,
'epp' => 0,
'ftp' => 0,
'spam' => 1,
'ips' => 1,
'http' => 1,
'ra' => 1,
'pop3' => 0,
'red' => 1,
'waf' => 1,
'encrypt' => 1,
'spy' => 1,
's2s' => 1,
'u2dcache' => 0,
'mobile_control' => 0,
'wireless' => 1,
'fw' => '1',
'afc' => 1,
'agent' => 0
},
'channels' => {},
'license' => {
'nosys' => 0,
'asg' => '',
'uips' => 30,
'lid' => '1339007',
'luips' => '100'
},
'patchup2date' => 1,
'fail_store' => {},
'authserver' => [
'eu1.utmu2d.sophos.com:443',
'eu2.utmu2d.sophos.com:443',
'us2.utmu2d.sophos.com:443',
'us1.utmu2d.sophos.com:443',
'sg1.utmu2d.sophos.com:443'
],
'uri_base' => 'u2dauth.pl',
'attrib' => {
'hid' => '1f650f23012834291b51fad6c47bfa75',
'oem' => '',
'ver' => '9.711',
'product' => 'TM_GROMIT',
'build' => 'asg-9.603-1.1.iso',
'ccc' => '249'
},
'proxy' => {
'env_url' => '',
'status' => 0,
'addr' => ''
},
'force_insecure_up2date' => 0,
'fail_flagfile' => '/tmp/up2date_auth_failure'
}, 'Modules::Audld::Authentication' );
......
>>> Modules::Audld::Authentication::_request::194()
Secured Up2date Authentication
>>> Modules::Audld::Authentication::_request::205()
Authentication User Agent
$VAR1 = bless( {
'max_redirect' => 7,
'ssl_opts' => {
'SSL_ca_path' => '/etc/ssl/certs/',
'verify_hostname' => 1
},
'protocols_forbidden' => undef,
'show_progress' => undef,
'handlers' => {
'response_header' => bless( [
{
'owner' => 'LWP::UserAgent::parse_head',
'callback' => sub { "DUMMY" },
'm_media_type' => 'html',
'line' => '/usr/local/ap510/site/lib/LWP/UserAgent.pm:684'
}
], 'HTTP::Config' )
},
'no_proxy' => [],
'protocols_allowed' => undef,
'local_address' => undef,
'use_eval' => 1,
'requests_redirectable' => [
'GET',
'HEAD'
],
'timeout' => 40,
'def_headers' => bless( {
'user-agent' => 'libwww-perl/6.05'
}, 'HTTP::Headers' ),
'proxy' => {},
'max_size' => undef
}, 'LWP::UserAgent' );
......
>>> Modules::Audld::Authentication::start::76()
Result of auth server contact:{
'Packagelist' => {
'revision' => '208275'
}
}
Authentication successful!
>>> Modules::Audld::DNSQuery::_resolve_list::124()
DNSQuery: _resolve_list ...
$VAR1 = [
'eu2.utmu2d.sophos.com:443',
'eu1.utmu2d.sophos.com:443',
'us2.utmu2d.sophos.com:443',
'us1.utmu2d.sophos.com:443',
'sg1.utmu2d.sophos.com:443'
];
....
>>> Modules::Audld::LocalRestriction::get_unrestricted::76()
using the following servers: $VAR1 = [
'eu2.utmu2d.sophos.com:443',
'eu1.utmu2d.sophos.com:443',
'us2.utmu2d.sophos.com:443',
'us1.utmu2d.sophos.com:443',
'sg1.utmu2d.sophos.com:443'
];
>>> Modules::Audld::Download::start::58()
>>>>>> START up2date download
Starting Up2Date Download
No new packages available, exiting.
Regads
This thread was automatically locked due to age.
