Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Member

Update on WSA Sophos IDE Problems


This is  an update for Web Security Appliance customers running releases 7.0.x or 7.1.x & using Sophos virus scanning. 

A Sophos IDE patch is now available that resolves this problem.


Problem Summary:

The primary Cisco IronPort datacenter encountered a core switch failure at approximately 4:30am PDT yesterday, May 22, 2012.  Following this event we received customer reports of issues relating to   Sophos and performance.  It was determined that some customers had an outdated Sophos update that could potentially cause data corruption or impact   the performance of their appliances. 

Cisco Engineering was able to identify the cause of this problem and released a Sophos IDE patch at 07:20 PM PDT that fixes this problem.

   How To Upgrade

Prior to upgrading, please save a copy of the configuration file somewhere other than on your appliance. This Upgrade requires you to reboot your appliance if you are running an outdated Sophos IDE.

Note: If your WSA doesn't require this patch you will not be asked to reboot. You will just need to click "Clear Upgrade" in the WebUI or exit the session in the CLI.

From the CLI:
1. Log into the command line of your Cisco IronPort Appliance as the 'admin' user
2. Type 'upgrade'
3. When asked if you are sure you would like to reboot, press 'Yes'

From WebUI:
1. Go to 'System Upgrade' in the 'System Administration' tab
2. Select 'Sophos IDE Patch Update (Reboot May Be Required)' from the list of updates.
3. After upgrade completes, click on 'Reboot Now'

Once the the IDE patch upgrade and reboot is complete, it will bring your Sophos virus definitions back to factory default and they will be automatically updated  to the latest definitions at the next scheduled update. If you do not want to wait until the next scheduled update, you can choose to update now by using the following steps:
 
WebUI:
1. Security Services -> Anti-Malware page and click 'Update Now' button
 
CLI:
1. Run 'updatenow'


If you took the precautionary step of temporarily disabling Sophos virus scanning, you should re-enable it after loading the Sophos IDE patch by using the following instructions:
 
1) Login to the Web Security Appliance via HTTP to the GUI
2) Go to Security Services -> Anti-Malware
3) Click at “Edit Global Settings”
4) Check “Enable Sophos”
5) Press “Submit”
6) Commit the changes


   
We apologize for any inconvenience this has caused.
 



Everyone's tags (3)
1206
Views
0
Helpful
0
Replies
CreatePlease to create content