CSSD crashes
We have a SG135 with SW-Version 9.405-5Since yesterday the Astaro Virus Scanner Daemon (cssd) is crashing 2-3 times a day. And leaving a 4GB core dump which fills the data partition.I'm not sure, but inspecting /var/log/*.log, crashes seem to appear after Pattern update.
2016:08:18-08:01:01 gate audld[4014]: Starting Up2Date Package Downloader2016:08:18-08:01:02 gate audld[4014]: patch up2date possible2016:08:18-08:01:03 gate audld[4014]: Using static update server list in HA mode2016:08:18-08:01:15 gate audld[4014]: Could not connect to Authentication Server us1.utmu2d.sophos.com (code=500 500 Internal Server Error).2016:08:18-08:01:20 gate audld[4014]: id="3701" severity="info" sys="system" sub="up2date" name="Authentication successful"2016:08:18-08:01:20 gate audld[4014]: Using static download server list in HA mode2016:08:18-08:01:21 gate audld[4014]: id="3707" severity="info" sys="system" sub="up2date" name="Successfully synchronized fileset" status="success" action="download" package="avira-xvdf"2016:08:18-08:01:22 gate auisys[4073]: no HA system or cluster node2016:08:18-08:01:22 gate auisys[4073]: waiting for db_verify to return (30 seconds max)2016:08:18-08:01:23 gate auisys[4073]: not cleaning /var/up2date/sys-install in --nosys mode2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/avira-xvdf-install'2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/cadata-install'2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/clvbrowser-install'2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/geoip-install'2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/man9-install'2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/ohelp9-install'2016:08:18-08:01:23 gate auisys[4073]: removing '/var/up2date/savi-install'2016:08:18-08:01:23 gate auisys[4073]: Starting Up2Date Package Installer2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <man9> found, skipping2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <clvbrowser> found, skipping2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <ohelp9> found, skipping2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <cadata> found, skipping2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <geoip> found, skipping2016:08:18-08:01:23 gate auisys[4073]: No suitable packages of type <savi> found, skipping2016:08:18-08:01:23 gate auisys[4073]: Install u2d packages <avira-xvdf>2016:08:18-08:01:23 gate auisys[4073]: Starting installing up2date packages for type 'avira-xvdf'2016:08:18-08:01:23 gate auisys[4073]: Installing up2date package: /var/up2date/avira-xvdf/u2d-avira-xvdf-9.2690-2691.patch.tgz.gpg2016:08:18-08:01:23 gate auisys[4073]: Verifying up2date package signature2016:08:18-08:01:23 gate auisys[4073]: Unpacking installation instructions2016:08:18-08:01:23 gate auisys[4073]: parsing installation instructions2016:08:18-08:01:24 gate auisys[4073]: This is a patch. Setting required_version to 9.26902016:08:18-08:01:24 gate auisys[4073]: Unpacking up2date package container2016:08:18-08:01:24 gate auisys[4073]: Running pre-installation checks2016:08:18-08:01:24 gate auisys[4073]: Starting up2date package installation2016:08:18-08:01:41 gate auisys[4073]: id="371Z" severity="info" sys="system" sub="up2date" name="Successfully installed Up2Date package" status="success" action="install" package_version="9.2691" package="avira-xvdf"2016:08:18-08:01:41 gate auisys[4073]: [INFO-306] New Pattern Up2Dates installed2016:08:18-08:01:42 gate auisys[4073]: Up2Date Package Installer finished, exiting
That's ok. But now Systems dumps the cssd process. Takes some time.
2016:08:18-08:03:02 gate exim-in[4225]: 2016-08-18 08:03:02 1baGOy-000169-0h malware acl condition: cssd: unable to read from socket (Success)2016:08:18-08:03:02 gate exim-in[4321]: 2016-08-18 08:03:02 1baGPm-00017h-2f malware acl condition: cssd: unable to read from socket (Connection reset by peer)
System recognizes missing process and restarts cssd...
2016:08:18-08:03:06 gate selfmonng[4004]: I check Failed increment cssd_running counter 1 - 32016:08:18-08:03:11 gate selfmonng[4004]: I check Failed increment cssd_running counter 2 - 32016:08:18-08:03:16 gate selfmonng[4004]: W check Failed increment cssd_running counter 3 - 32016:08:18-08:03:16 gate selfmonng[4004]: W triggerAction: 'cmd'2016:08:18-08:03:16 gate selfmonng[4004]: W actionCmd(+): '/var/mdw/scripts/cssd restart'2016:08:18-08:03:16 gate selfmonng[4004]: W child returned status: exit='0' signal='0'
... but /var/storage/cores/cssd.[PID] remains (4GB)
Any suggestions?Thanks, Björn
Hi and Welcome to Sophos Community,
The issue is caused due to an improper update of the SAVI patterns, you can execute the below command to force an update.
audld.plx --nosys --types=savi --nopatchup2date
Finally, CSSD requires empty space in /tmp directory at the start up time. Verify if the directory has the required space.
Thanks
Sachin Gurung Team Lead | Sophos Technical Support Knowledge Base | @SophosSupport | Video tutorials Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.