Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

Sophos corrupted signature problem - any updates?

We were hit by this issue with the corrupt Sophos AV signature, causing performance on the S appliances to tank.  Cisco said it would be corrected by this afternoon, but it's evening now and still nothing.  Anyone hearing anything new about this?

Dear Cisco Web Security Customer,


This message is for Web Security Appliance customers running releases 7.0.x or 7.1.x & using Sophos virus scanning.
 
The primary Cisco IronPort datacenter encountered a power event at approximately 6:30am PDT today, May 22, 2012 that caused a failover to one of our backup datacenters.  We have recently received customer reports of issues relating to Sophos and performance.  It has been determined that after the power event your appliance(s) may have received an outdated Sophos update that could potentially cause a data corruption that may impact the performance of your appliance.  Cisco engineering teams are actively working on an update that will correct this issue and we are anticipating it being made available by early afternoon PDT tomorrow, May 23, 2012.
 
As a precaution Cisco IronPort recommends that until the update is available that you temporarily disable Sophos virus scanning using the following instructions:
 
1) Login to the Web Security Appliance via HTTP to the GUI
2) Go to Security Services -> Anti-Malware
3) Click at “Edit Global Settings”
4) Uncheck “Enable Sophos”
5) Press “Submit”
6) Commit the changes
 
Cisco IronPort will notify you when the update is available.
 
We apologize for any inconvenience.
 


Best Regards,
Cisco Content Security Customer Support
Support Portal: http://cisco.com/web/ironport
Toll-Free Customer Support
United States: 1-877-641-IRON (4766)
International: http://www.cisco.com/web/ironport/contacts.html#~tab-3

Everyone's tags (4)
6 REPLIES
New Member

Sophos corrupted signature problem - any updates?

Wow - that was quick. 

This is an update for Web Security Appliance customers running releases 7.0.x or 7.1.x & using Sophos virus scanning. 

A Sophos IDE patch is now available that resolves this problem.

Problem Summary:

The primary Cisco IronPort datacenter encountered a core switch failure at approximately 4:30am PDT yesterday, May 22, 2012.  Following this event we received customer reports of issues relating to Sophos and performance.  It was determined that some customers had an outdated Sophos update that could potentially cause data corruption or impact the performance of their appliances. 

Cisco Engineering was able to identify the cause of this problem and released a Sophos IDE patch at 07:20 PM PDT that fixes this problem.

How To Upgrade

   Prior to upgrading, please save a copy of the configuration file somewhere other than on your appliance. This Upgrade requires you to reboot your appliance if you are running an outdated Sophos IDE.

Note: If your WSA doesn't require this patch you will not be asked to reboot. You will just need to click "Clear Upgrade" in the WebUI or exit the session in the CLI.

From the CLI:

1. Log into the command line of your Cisco IronPort Appliance as the 'admin' user

2. Type 'upgrade'

3. When asked if you are sure you would like to reboot, press 'Yes'

From WebUI:

1. Go to 'System Upgrade' in the 'System Administration' tab

2. Select 'Sophos IDE Patch Update (Reboot May Be Required)' from the list of updates.

3. After upgrade completes, click on 'Reboot Now'

Once the the IDE patch upgrade and reboot is complete, it will bring your Sophos virus definitions to factory default and will be automatically updated to latest definitions at the next scheduled update. If you do not want to wait until the next scheduled update,  you can choose to update now by using the following steps:

WebUI:

1. Security Services -> Anti-Malware page and click 'Update Now' button

CLI:

1. Run 'updatenow'

If you took the precautionary step of temporarily disabling Sophos virus scanning, you should re-enable it after loading the Sophos IDE patch by using the following instructions:

1) Login to the Web Security Appliance via HTTP to the GUI

2) Go to Security Services -> Anti-Malware

3) Click at “Edit Global Settings”

4) Check “Enable Sophos”

5) Press “Submit”

6) Commit the changes

We apologize for any inconvenience this has caused.

Best Regards,

Cisco Content Security Customer Support

Support Portal:

http://cisco.com/web/ironport

Toll-Free Customer Support

United States: 1-877-641-IRON (4766)

International:

http://www.cisco.com/web/ironport/contacts.html#~tab-3

New Member

Sophos corrupted signature problem - any updates?

... and the appliance bricked with the update. 

Sophos corrupted signature problem - any updates?

Eric Smith wrote:

... and the appliance bricked with the update. 

Sorry to hear that:( We just upgraded two appliances, no problems both times.

New Member

Sophos corrupted signature problem - any updates?

Please contact Ironport support at the number below.

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport: 1-877-641-IRON (4766)

New Member

Sophos corrupted signature problem - any updates?

Thanks for the responses.  We crossed our fingers and did a power cycle on it this morning, and it has come back to life. Looks like we're OK now.  Couldn't do that remotely last night.

New Member

Sophos corrupted signature problem - any updates?

Ok, that is good news.

Christian Rahl

990
Views
0
Helpful
6
Replies
CreatePlease login to create content