This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Up2date for virus and IPS/IDS since 29.04 updates more

Hello


it looks to me that Up2date for Virus Patterns and IPS / IDS Pattern is out of function since something the 29.04.2020. Can someone please check the situation.  
It is set up that both Firmware Up2date and Pattern Up2Date should be executed every 15 minutes. The firmware version on the UTM is: 9.711-5.

I


in the logs since 29.04.2022 there are only the following entries:

2022:05:03-09:45:01 home audld[885]: no HA system or cluster node
2022:05:03-09:45:02 home audld[885]: patch up2date possible
2022:05:03-09:45:02 home audld[885]: Starting Secured Up2Date Package Downloader
2022:05:03-09:45:04 home audld[885]: Secured Up2date Authentication
2022:05:03-09:45:07 home audld[885]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2022:05:03-10:00:02 home audld[2491]: no HA system or cluster node
2022:05:03-10:00:05 home audld[2491]: patch up2date possible
2022:05:03-10:00:05 home audld[2491]: Starting Secured Up2Date Package Downloader
2022:05:03-10:00:08 home audld[2491]: Secured Up2date Authentication
2022:05:03-10:00:10 home audld[2491]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"

Before 29.04.2022 it always looked like this:

2022:04:28-00:07:02 home audld[3041]: Starting Secured Up2Date Package Downloader
2022:04:28-00:07:03 home audld[3041]: Secured Up2date Authentication
2022:04:28-00:07:05 home audld[3041]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"
2022:04:28-00:07:06 home audld[3041]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="avira4"
2022:04:28-00:07:06 home auisys[3100]: no HA system or cluster node
2022:04:28-00:07:06 home auisys[3100]: waiting for db_verify to return (30 seconds max)
2022:04:28-00:07:08 home auisys[3100]: not cleaning /var/up2date/sys-install in --nosys mode
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/appctrl43-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/aptp-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/avira4-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/aws-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/cadata-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/clvbrowser-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/geoip-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/geoipxtipv6-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/ipsbundle2-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/man9-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/ohelp9-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/sasi-install'
2022:04:28-00:07:08 home auisys[3100]: removing '/var/up2date/savi-install'
2022:04:28-00:07:08 home auisys[3100]: Starting Up2Date Package Installer
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <man9> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <aws> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <clvbrowser> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <appctrl43> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <ohelp9> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <geoipxtipv6> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <aptp> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <cadata> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <geoip> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <ipsbundle2> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <sasi> found, skipping
2022:04:28-00:07:08 home auisys[3100]: No suitable packages of type <savi> found, skipping
2022:04:28-00:07:08 home auisys[3100]: Install u2d packages <avira4>
2022:04:28-00:07:08 home auisys[3100]: Starting installing up2date packages for type 'avira4'
2022:04:28-00:07:08 home auisys[3100]: Installing up2date package: /var/up2date/avira4/u2d-avira4-9.19805-19825.patch.tgz.gpg
2022:04:28-00:07:08 home auisys[3100]: Verifying up2date package signature
2022:04:28-00:07:08 home auisys[3100]: Unpacking installation instructions
2022:04:28-00:07:08 home auisys[3100]: parsing installation instructions
2022:04:28-00:07:08 home auisys[3100]: This is a patch. Setting required_version to 9.19805
2022:04:28-00:07:08 home auisys[3100]: Unpacking up2date package container
2022:04:28-00:07:08 home auisys[3100]: Running pre-installation checks
2022:04:28-00:07:09 home auisys[3100]: Starting up2date package installation
2022:04:28-00:07:53 home auisys[3100]: Still waiting for process 'sync' (pid=3191, timeout 8388607 seconds, 8388577 remaining)
2022:04:28-00:08:20 home auisys[3100]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.19825" package="avira4"
2022:04:28-00:08:20 home auisys[3100]: [INFO-306] New Pattern Up2Dates installed
2022:04:28-00:08:21 home auisys[3100]: Up2Date Package Installer finished, exiting
2022:04:28-00:08:21 home auisys[3100]: id="3716" severity="info" sys="system" sub="up2date" name="Up2Date Package Installer finished, 

The output of the Up2date debug log:





>>> Modules::Audld::SystemAttributes::get::35()
Start fetching system attributes ...

>>> Modules::Audld::Cfg::U2d::_valid_u2d_types::141()
Selected update types: man9 aws avira4 clvbrowser appctrl43 owaspcrs ohelp9 geoipxtipv6 ipsexception aptp cadata sys geoip ipsbundle2 sasi savi

>>> Modules::Audld::Cfg::U2d::_u2d_patch_possible::209()
patch up2date possible

>>> Modules::Audld::Cfg::Proxy::_get_config::133()
>> proxy configuration: $VAR1 = {
          'status' => 0
        };

>>> Modules::Audld::Cfg::_read_proxy_cfg::119()
Secured up2date dumping out read_proxy_cfg...
$VAR1 = {
          'status' => 0
        };
....
Starting Secured Up2Date Package Downloader

>>> Modules::Audld::DNSQuery::_resolve_list::124()
DNSQuery: _resolve_list ...
$VAR1 = [
          'eu1.utmu2d.sophos.com:443',
          'eu2.utmu2d.sophos.com:443',
          'us2.utmu2d.sophos.com:443',
          'us1.utmu2d.sophos.com:443',
          'sg1.utmu2d.sophos.com:443'
        ];
....

>>> Modules::Audld::LocalRestriction::_seek_own_country::93()
Secured Up2date Verifying Authorized Country

>>> Modules::Audld::LocalRestriction::_seek_own_country::97()
Secured up2date dumping out _seek_own_country user_agent...
$VAR1 = bless( {
                 'max_redirect' => 7,
                 'ssl_opts' => {
                                 'verify_hostname' => 0
                               },
                 'protocols_forbidden' => undef,
                 'show_progress' => undef,
                 'handlers' => {
                                 'response_header' => bless( [
                                                               {
                                                                 'owner' => 'LWP::UserAgent::parse_head',
                                                                 'callback' => sub { "DUMMY" },
                                                                 'm_media_type' => 'html',
                                                                 'line' => '/usr/local/ap510/site/lib/LWP/UserAgent.pm:684'
                                                               }
                                                             ], 'HTTP::Config' )
                               },
                 'no_proxy' => [],
                 'protocols_allowed' => undef,
                 'local_address' => undef,
                 'use_eval' => 1,
                 'requests_redirectable' => [
                                              'GET',
                                              'HEAD'
                                            ],
                 'timeout' => 30,
                 'def_headers' => bless( {
                                           'user-agent' => 'libwww-perl/6.05'
                                         }, 'HTTP::Headers' ),
                 'proxy' => {},
                 'max_size' => undef
               }, 'LWP::UserAgent' );
....

>>> Modules::Audld::LocalRestriction::_seek_own_country::146()
My official IP address: xxx.xxx.xxx.xxx (DE)

>>> Modules::Audld::LocalRestriction::get_unrestricted::76()
using the following servers: $VAR1 = [
          'eu1.utmu2d.sophos.com:443',
          'eu2.utmu2d.sophos.com:443',
          'us2.utmu2d.sophos.com:443',
          'us1.utmu2d.sophos.com:443',
          'sg1.utmu2d.sophos.com:443'
        ];

>>> Modules::Audld::Authentication::start::63()
>>>>>> START up2date authentication

>>> Modules::Audld::Authentication::_build_request_str::115()
Auth attribs:
{
  'asg' => '',
  'build' => 'asg-9.603-1.1.iso',
  'ccc' => '249',
  'feature_accd' => 0,
  'feature_afc' => 1,
  'feature_agent' => 0,
  'feature_av' => 1,
  'feature_encrypt' => 1,
  'feature_epp' => 0,
  'feature_ftp' => 0,
  'feature_fw' => '1',
  'feature_ha' => 0,
  'feature_http' => 1,
  'feature_im_p2p_iptv' => '1',
  'feature_ips' => 1,
  'feature_mobile_control' => 0,
  'feature_pop3' => 0,
  'feature_ra' => 1,
  'feature_red' => 1,
  'feature_s2s' => 1,
  'feature_smtp' => 1,
  'feature_spam' => 1,
  'feature_spy' => 1,
  'feature_u2dcache' => 0,
  'feature_waf' => 1,
  'feature_wireless' => 1,
  'hid' => 'xxxxxxxxxx',
  'lid' => '1339007',
  'luips' => '100',
  'oem' => '',
  'patchup2date' => 1,
  'pkg_appctrl43' => '9-105',
  'pkg_aptp' => '9-50687',
  'pkg_avira4' => '9-19834',
  'pkg_aws' => '9-333',
  'pkg_cadata' => '9-758',
  'pkg_clvbrowser' => '9-44',
  'pkg_geoip' => '7-219',
  'pkg_geoipxtipv6' => '9-210',
  'pkg_ipsbundle2' => '9-639',
  'pkg_ipsexception' => '9-6',
  'pkg_man9' => '9-1103',
  'pkg_ohelp9' => '9-1210',
  'pkg_owaspcrs' => '9-18',
  'pkg_sasi' => '9-213',
  'pkg_savi' => '9-18255',
  'pkg_sys' => '9-711005',
  'product' => 'TM_GROMIT',
  'uips' => 30,
  'ver' => '9.711'
}
Authenticating ...

>>> Modules::Audld::Authentication::OutboundIface::_get_address::54()
using default gw to find outgoing interface for 'eu1.utmu2d.sophos.com'

>>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
outbound interface for 'eu1.utmu2d.sophos.com' (xxx.xxx.xxx.xxx) : eth1 (xxx.xxx.xxx.xxx)

>>> Modules::Audld::Authentication::_authenticate::160()
Authentication request: eu1.utmu2d.sophos.com:443/u2dauth.pl

>>> Modules::Audld::Authentication::_request::189()
Authentication _request self
$VAR1 = bless( {
                 'types' => {
                              'man9' => {
                                          'status' => '1',
                                          'description' => 'Manual Up2Date'
                                        },
                              'aws' => {
                                         'status' => '1',
                                         'description' => 'Amazon Web Services information'
                                       },
                              'avira4' => {
                                            'status' => '1',
                                            'description' => 'Virus Pattern Up2Date'
                                          },
                              'clvbrowser' => {
                                                'status' => '1',
                                                'description' => 'HTML5 VPN Portal Software'
                                              },
                              'appctrl43' => {
                                               'status' => '1',
                                               'description' => 'Application Control Pattern Up2Date'
                                             },
                              'owaspcrs' => {
                                              'status' => '1',
                                              'description' => 'Web Application Firewall Core Ruleset'
                                            },
                              'ohelp9' => {
                                            'status' => '1',
                                            'description' => 'Online Help Up2Date'
                                          },
                              'geoipxtipv6' => {
                                                 'status' => '1',
                                                 'description' => 'GeoIP Database Up2Date for xtables'
                                               },
                              'ipsexception' => {
                                                  'status' => '1',
                                                  'description' => 'Intrusion Protection Exceptions Up2Date'
                                                },
                              'aptp' => {
                                          'status' => '1',
                                          'description' => 'APTP Pattern Up2Date'
                                        },
                              'cadata' => {
                                            'status' => '1',
                                            'description' => 'CA certificates'
                                          },
                              'sys' => {
                                         'status' => '1',
                                         'description' => 'System Up2Date'
                                       },
                              'geoip' => {
                                           'status' => '1',
                                           'description' => 'GeoIP Database Up2Date'
                                         },
                              'ipsbundle2' => {
                                                'status' => '1',
                                                'channel' => 'standard',
                                                'description' => 'Intrusion Protection Pattern Up2Date'
                                              },
                              'sasi' => {
                                          'status' => '1',
                                          'description' => 'Sophos AntiSpam Interface update token'
                                        },
                              'savi' => {
                                          'status' => '1',
                                          'description' => 'Virus Pattern Up2Date'
                                        }
                            },
                 'workdir' => '/var/up2date/',
                 'ssl_opts' => {
                                 'verify_hostname' => 0
                               },
                 'ipv6_used' => 0,
                 'default_port' => '443',
                 'versions' => {
                                 'cadata' => {
                                               'revision' => '758',
                                               'major' => '9'
                                             },
                                 'sys' => {
                                            'revision' => 711005,
                                            'major' => 9
                                          },
                                 'man9' => {
                                             'revision' => '1103',
                                             'major' => '9'
                                           },
                                 'aws' => {
                                            'revision' => '333',
                                            'major' => '9'
                                          },
                                 'geoip' => {
                                              'revision' => '219',
                                              'major' => '7'
                                            },
                                 'ipsbundle2' => {
                                                   'revision' => '639',
                                                   'major' => '9'
                                                 },
                                 'clvbrowser' => {
                                                   'revision' => '44',
                                                   'major' => '9'
                                                 },
                                 'avira4' => {
                                               'revision' => '19834',
                                               'major' => '9'
                                             },
                                 'appctrl43' => {
                                                  'revision' => '105',
                                                  'major' => '9'
                                                },
                                 'owaspcrs' => {
                                                 'revision' => '18',
                                                 'major' => '9'
                                               },
                                 'ohelp9' => {
                                               'revision' => '1210',
                                               'major' => '9'
                                             },
                                 'sasi' => {
                                             'revision' => '213',
                                             'major' => '9'
                                           },
                                 'savi' => {
                                             'revision' => '18255',
                                             'major' => '9'
                                           },
                                 'geoipxtipv6' => {
                                                    'revision' => '210',
                                                    'major' => '9'
                                                  },
                                 'ipsexception' => {
                                                     'revision' => '6',
                                                     'major' => '9'
                                                   },
                                 'aptp' => {
                                             'revision' => '50687',
                                             'major' => '9'
                                           }
                               },
                 'timeout' => 40,
                 'dryrun' => '',
                 'features' => {
                                 'av' => 1,
                                 'im_p2p_iptv' => '1',
                                 'smtp' => 1,
                                 'ha' => 0,
                                 'accd' => 0,
                                 'epp' => 0,
                                 'ftp' => 0,
                                 'spam' => 1,
                                 'ips' => 1,
                                 'http' => 1,
                                 'ra' => 1,
                                 'pop3' => 0,
                                 'red' => 1,
                                 'waf' => 1,
                                 'encrypt' => 1,
                                 'spy' => 1,
                                 's2s' => 1,
                                 'u2dcache' => 0,
                                 'mobile_control' => 0,
                                 'wireless' => 1,
                                 'fw' => '1',
                                 'afc' => 1,
                                 'agent' => 0
                               },
                 'channels' => {},
                 'license' => {
                                'nosys' => 0,
                                'asg' => '',
                                'uips' => 30,
                                'lid' => '1339007',
                                'luips' => '100'
                              },
                 'patchup2date' => 1,
                 'fail_store' => {},
                 'authserver' => [
                                   'eu1.utmu2d.sophos.com:443',
                                   'eu2.utmu2d.sophos.com:443',
                                   'us2.utmu2d.sophos.com:443',
                                   'us1.utmu2d.sophos.com:443',
                                   'sg1.utmu2d.sophos.com:443'
                                 ],
                 'uri_base' => 'u2dauth.pl',
                 'attrib' => {
                               'hid' => '1f650f23012834291b51fad6c47bfa75',
                               'oem' => '',
                               'ver' => '9.711',
                               'product' => 'TM_GROMIT',
                               'build' => 'asg-9.603-1.1.iso',
                               'ccc' => '249'
                             },
                 'proxy' => {
                              'env_url' => '',
                              'status' => 0,
                              'addr' => ''
                            },
                 'force_insecure_up2date' => 0,
                 'fail_flagfile' => '/tmp/up2date_auth_failure'
               }, 'Modules::Audld::Authentication' );
......

>>> Modules::Audld::Authentication::_request::194()
Secured Up2date Authentication

>>> Modules::Audld::Authentication::_request::205()
Authentication User Agent
$VAR1 = bless( {
                 'max_redirect' => 7,
                 'ssl_opts' => {
                                 'SSL_ca_path' => '/etc/ssl/certs/',
                                 'verify_hostname' => 1
                               },
                 'protocols_forbidden' => undef,
                 'show_progress' => undef,
                 'handlers' => {
                                 'response_header' => bless( [
                                                               {
                                                                 'owner' => 'LWP::UserAgent::parse_head',
                                                                 'callback' => sub { "DUMMY" },
                                                                 'm_media_type' => 'html',
                                                                 'line' => '/usr/local/ap510/site/lib/LWP/UserAgent.pm:684'
                                                               }
                                                             ], 'HTTP::Config' )
                               },
                 'no_proxy' => [],
                 'protocols_allowed' => undef,
                 'local_address' => undef,
                 'use_eval' => 1,
                 'requests_redirectable' => [
                                              'GET',
                                              'HEAD'
                                            ],
                 'timeout' => 40,
                 'def_headers' => bless( {
                                           'user-agent' => 'libwww-perl/6.05'
                                         }, 'HTTP::Headers' ),
                 'proxy' => {},
                 'max_size' => undef
               }, 'LWP::UserAgent' );
......

>>> Modules::Audld::Authentication::start::76()
Result of auth server contact:{
  'Packagelist' => {
    'revision' => '208275'
  }
}
Authentication successful!

>>> Modules::Audld::DNSQuery::_resolve_list::124()
DNSQuery: _resolve_list ...
$VAR1 = [
          'eu2.utmu2d.sophos.com:443',
          'eu1.utmu2d.sophos.com:443',
          'us2.utmu2d.sophos.com:443',
          'us1.utmu2d.sophos.com:443',
          'sg1.utmu2d.sophos.com:443'
        ];
....

>>> Modules::Audld::LocalRestriction::get_unrestricted::76()
using the following servers: $VAR1 = [
          'eu2.utmu2d.sophos.com:443',
          'eu1.utmu2d.sophos.com:443',
          'us2.utmu2d.sophos.com:443',
          'us1.utmu2d.sophos.com:443',
          'sg1.utmu2d.sophos.com:443'
        ];

>>> Modules::Audld::Download::start::58()
>>>>>> START up2date download
Starting Up2Date Download
No new packages available, exiting.

Regads



This thread was automatically locked due to age.
Parents
  • Hallo Max,

    What does Sophos Support say about this?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob

    Support is investigating the matter. They have asked for the Sophos ID of the box to connect. Since yesterday patterns for savi, avira and apt are running in sporadically again.

    Sophos is considered one of the Big ones for firewall, MRT and other security things. My personal opinion is different, but it does not matter here in this case. A stupid saying of mine now would be that I have many years of experience with the UTM blablabla. That is meaningless.

    Regards George

  • Are you using IPv6 by chance?  If so, disable it and try with IPv4.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • >>> Modules::Audld::Authentication::OutboundIface::_get_interface::102()
    outbound interface for 'eu1.utmu2d.sophos.com' (xxx.xxx.xxx.xxx) : eth1 (xxx.xxx.xxx.xxx)

    here we go --> IP V4

  • Yeah, I saw that, I thought it would show your DNS like that regardless of setup but I am probably wrong.  I don't mess with IPv6 yet in my configuration until this summer when I finally get an IPv6 address, lol.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • Yeah, I saw that, I thought it would show your DNS like that regardless of setup but I am probably wrong.  I don't mess with IPv6 yet in my configuration until this summer when I finally get an IPv6 address, lol.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data