简介
本文档介绍为什么思科邮件安全设备(ESA)管理员在升级后收到来自设备的警告消息,指示Sophos防病毒数据库已过期。
作者:Dominic Yip和Stephan Bayer,Cisco TAC工程师。
AsyncOS升级后,“sophos antivirus - The Anti-Virus database on this system is expired”警告消息
在ESA上,升级到新版本的AsyncOS并完成所需的重新启动后,管理员可能会收到类似以下内容的警告消息:
The Warning message is:
sophos antivirus - The Anti-Virus database on this system is expired. Although the system
will continue to scan for existing viruses, new virus updates will no
longer be available. Please run avupdate to update to the latest engine
immediately. Contact Cisco IronPort Customer Support if you have any
questions.
Current Sophos Anti-Virus Information:
SAV Engine Version 5.33
IDE Serial Unknown
Last Engine Update Tue Mar 7 01:19:08 2017
Last IDE Update Tue Mar 7 01:19:08 2017
Version: 11.0.0-028
Serial Number: 111A80C64EA901221AAA-1A11EB54A111
Timestamp: 13 Mar 2017 14:57:21 -0400
此警告消息表明在设备启动时,防病毒引擎的关联数据库和规则包对于AsyncOS的升级版本不是最新的。ESA将在联机后检查防病毒引擎更新,并将更新至当前版本。
验证当前Sophos版本
要验证Sophos的引擎版本,请在CLI中输入antivirusstatus sophos(或avstatus sophos),以便查看当前的防病毒引擎版本。
myesa.local> avstatus sophos
SAV Engine Version 3.2.07.366.3_5.36
IDE Serial 2017032603
Last Engine Update 26 Mar 2017 13:24 (GMT +00:00)
Last IDE Update 26 Mar 2017 13:24 (GMT +00:00)
将之前收到的警告消息中的版本与status命令的引擎版本输出进行比较。 在验证设备已连接并更新后,您可以放心地忽略此警告消息。
强制更新Sophos
也可以输入命令avupdate force 请求立即更新防病毒引擎和规则。输入force命令后,请输入tail updater_logs以查看正在进行的更新。联系更新程序、获取正确的软件包,然后根据需要下载和安装可能需要几分钟的时间。例如:
(myesa.local)> avupdate force
Sophos Anti-Virus updates:
Requesting forced update of Sophos Anti-Virus.
McAfee Anti-Virus updates:
Requesting update of virus definitions
(Machine 122.local)> tail updater_logs
Press Ctrl-C to stop.
Sun Mar 26 09:20:39 2017 Info: Server manifest specified an update for sophos
Sun Mar 26 09:20:39 2017 Info: sophos was signalled to start a new update
Sun Mar 26 09:20:39 2017 Info: sophos processing files from the server manifest
Sun Mar 26 09:20:39 2017 Info: sophos started downloading files
Sun Mar 26 09:20:39 2017 Info: sophos waiting on download lock
Sun Mar 26 09:20:39 2017 Info: sophos acquired download lock
Sun Mar 26 09:20:39 2017 Info: sophos beginning download of remote file
"http://stage-updates.ironport.com/sophos/4.4/ide/default_esa/1490526336"
Sun Mar 26 09:20:41 2017 Info: sophos released download lock
Sun Mar 26 09:20:41 2017 Info: sophos successfully downloaded file
"sophos/4.4/ide/default_esa/1490526336"
Sun Mar 26 09:20:41 2017 Info: sophos waiting on download lock
Sun Mar 26 09:20:41 2017 Info: sophos acquired download lock
Sun Mar 26 09:20:41 2017 Info: sophos beginning download of remote file
"http://stage-updates.ironport.com/sophos/libsavi/1488816512"
Sun Mar 26 09:24:58 2017 Info: sophos released download lock
Sun Mar 26 09:24:58 2017 Info: sophos successfully downloaded file
"sophos/libsavi/1488816512"
Sun Mar 26 09:24:58 2017 Info: sophos started applying files
Sun Mar 26 09:24:58 2017 Info: sophos updating component ide
Sun Mar 26 09:24:58 2017 Info: sophos updating component libsavi
Sun Mar 26 09:24:58 2017 Info: sophos updated engine,ide links successfully
Sun Mar 26 09:24:58 2017 Info: sophos cleaning up base dir /data/third_party/sophos
Sun Mar 26 09:24:58 2017 Info: sophos sending version details
{'sophos': {'version': '5.36', 'ide': '2017032603'}} to hermes
Sun Mar 26 09:24:58 2017 Info: sophos verifying applied files
Sun Mar 26 09:24:58 2017 Info: sophos updating the client manifest
Sun Mar 26 09:24:58 2017 Info: sophos update completed
Sun Mar 26 09:24:58 2017 Info: sophos waiting for new updates
updater_logs中要查找的关键点是“更新已完成”和“正在等待新更新”日志行。显示这些命令后,您可以再次输入avstatus sophos命令以验证版本和日期是否已更新。
反馈