Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 23983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PureMessage Threat Detection Data out of date messages

bg80

Hi there,

Running Sophos PureMessage for Exchange and every night past few weeks I get a mail alert telling me:

The following detection data is out of date on server MAIL01:

Threat detection data

Please ensure Sophos AutoUpdate is configured and working correctly on the server.

I'm unsure whether that is accurate or if it is a false alarm so to speak as the updates seem to be working.

Can someone also please clarify that by running the auto-update on the Endpoint it updates the PureMessage definitions also. I have this set to update via local server first and second the Sophos server. Runs every 10 mins. From the product info page on the endpoint just now:

[Updating]
-[ Software]
Sophos AutoUpdate 2.9.0.344
Last checked for updates 18/09/2014 09:25:34
Update status Success

From PureMessage:

Spam detection engine version:2.7.2
           Spam detection data version:

2014.9.18.81819

So I suppose my question is why am I getting the alerts and how can I check if everything seems to be working properly?

Appreciate the feedbackl!

Thanks

:53385


This thread was automatically locked due to age.
  • 0

    Hello bg80,

    auto-update on the Endpoint it updates the PureMessage definitions also[?]

    yes, but the SpamRules are updated directly from Sophos (that's why you need to set it as Secondary)

    Threat detection data

    are for the Anti-Virus (as opposed to Anti-Spam) component. Please check the Anti-virus and HIPS/Software section on the product info page. 

    Sophos AutoUpdate 2.9.0.344

    suggests that you use the Previous Extended subscription of the Endpoint component (which is 10.2.9, this is AFAIK the only version still using AutoUpdate 2.9.0) - why?

    Guess it is working and the issue might actually be with the supplied detection data but I won't venture an answer without the Software information :smileyhappy:.

    Christian

    :53389
  • 0

    Ok thanks Christian,

    Have checked the AV and HIPS as requested and it is:

    [Anti-virus and HIPS]
    -[ Software]
    Sophos Anti-Virus 10.3.1
    Release status Full
    On-access status Enabled
    Detection engine 3.50.1
    Detection data 4.98G
    Virus data date 12/02/2014
    Items detected 6475209
    Detection identities 1639
    HIPS rules version 10.3.33.1
    HIPS configuration version 1.0.65.1
    Last updated 18/09/2014 12:02:13

    So the virus data date is old. Cocerning. Why so?

    Not sure what exactly is mean by 'suggests that you use the Previous Extended subscription of the Endpoint component' but I assume it is related to the fact I initially started with Sophos PM as a trial and then purchased and applied a full licence. Am I incorrect in thinking this was sufficient to keep it upto date?

    Thank you

    :53407
  • 0

    Hello bg80,

    Sophos Anti-Virus 10.3.1, Detection data 4.98G

    quite old, detection data 4.98 was issued around the start of March, and 10.3.1 is not a regular version - not even one of the fixed packages (as can be seen in End of life for Sophos Anti-Virus fixed version packages) though surprisingly the Detection identities 1639 number looks like it is still maintained. BTW - don't worry if you only understand half of this, just thinking aloud.

    Anyway, the detection data should be updated regularly with a licensed install. Thus - when did you start the trial and what did you do after you purchased the full license (e.g. entered the new license credentials either locally or in the updating policy)? incidentally, what exactly is update via local server? I assume this means you have the Endpoint product and SEC installed?

    If you open View updating log where does it say it downlaods the various components from? It should download everything except the PureMessage package from the local server. If it downloads the SAVXP package from Sophos and you have configured the correct credentials then there could be an error with your license details in which case you should contact customercare@sophos.com.

    Christian

    :53437
  • 0

    Christian I have this resolved thanks to some clues in your initial reply which got me looking more at the Console settings and specifically update manager. in there I noticed there was an old username and password in use to connect to sophos for the updates, when I changed this to the current one it downloaded the updates and 10 mins later my clients have them.

    One thing I am curious about is the new virus Data date is now 16/09/14. I would have imagined this would say the 19th, ie today?

    Many thanks for your help in ponting me in the right direction

    :53441
  • 0
    Hello bg80,

    the Virus Data date is a timestamp for the Virus Data, the stuff with labels like 4.98 or 5.05. Virus Data are updated roughly monthly - something like a condensed and consolidated rollup of (more or less recently issued) IDEs. So you won't see this date changing for the next weeks.

    Christian
    :53451
Unfiltered HTML