Thursday, April 21, 2011

Sophos Anti-virus

Currently trialling Sophos Endpoint Protection and I've come across a (slightly) random issue relating to OSX and updates. It seems that occasionally a Mac will stop being able to download Sophos updates either by http or smb:

Tailing the Sophos Anti-Virus.log I see

mymac:~ admin$ tail -f /Library/Logs/Sophos\ Anti-Virus.log
com.sophos.autoupdate:
com.sophos.autoupdate: Error: Could not contact secondary file server smb://VH-SEC1/SophosUpdate/CIDs/S000/ESCOSX at 10:52 on 21 April 2011
com.sophos.autoupdate: Server could not be found

This isn't very helpful and the server-side IIS logs don't reveal much else other than:

2011-04-21 13:21:30 172.16.100.202 GET / - 80 sophosupdatemgr@[REMOVED]
192.168.2.220 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10_6_7;+en- S)+AppleWebKit/534.16+(KHTML,+like+Gecko)+Chrome/10.0.648.205+Safari/534.16 403 14 0 31

and

2011-04-21 13:21:30 172.16.100.202 GET /favicon.ico - 80 sophosupdatemgr@[REMOVED] 192.168.2.220 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10_6_7;+en-US)+AppleWebKit/534.16+(KHTML,+like+Gecko)+Chrome/10.0.648.205+Safari/534.16 404 0 2 0

If I enable Directory Browsing on my SEC server, then after logging in I can view the files, so I know everything is ok. So what could it be..? My Windows machines are ok. I could resolve the hostname from the Macs in question and I can ping it, plus I can even mount the share. As a last gasp, I decided to add a new share to the existing one on the SEC server:

Next, I..er..updated the Update policy to use the new location:


Finally, I ran an update from the SEC console for the troublesome Mac and BOOM:

com.sophos.intercheck: Sophos Anti-Virus
com.sophos.intercheck: Version 4.64, 04 April 2011
com.sophos.intercheck: Includes detection for 2466461 viruses, trojans and worms
com.sophos.intercheck: Copyright © 1989-2010 Sophos Group. All rights reserved.
com.sophos.intercheck:
com.sophos.intercheck: Using IDE files:
com.sophos.intercheck:
com.sophos.intercheck: expiro-h.ide
com.sophos.intercheck: ifram-gl.ide
com.sophos.intercheck: javabz-p.ide
com.sophos.intercheck: dwnl-ivv.ide
com.sophos.intercheck: pws-bqb.ide
com.sophos.intercheck: looke-eq.ide
com.sophos.intercheck: wiper-b.ide
com.sophos.intercheck: auto-bol.ide
com.sophos.intercheck: regin-a.ide
com.sophos.intercheck: agen-qqs.ide
com.sophos.intercheck: agen-qqu.ide



Posted by at No comments:

Ok, so it's new leaf for me..

Blimey.

The last post I wrote here was in, like, 2006. That was a long time ago. Before Peter Andre and Katie Price has their fumble in the jungle; before Apple released the iPhone; and before I..er.. had a blog, which I never updated. So, here we go. I'm changing this track. We're going Pro (TM) 2000 ULTRA-MAXXX.

or something.
Posted by at No comments:
Subscribe to: Posts (Atom)