AsyncOS升級後，「sophos antivirus - The Anti-Virus database on this system is expired」警告消息

簡介

本文檔介紹為何思科郵件安全裝置(ESA)管理員在升級後收到來自裝置的警告消息，說明Sophos防病毒資料庫已過期。

作者：Dominic Yip和Stephan Bayer，思科TAC工程師。

AsyncOS升級後，「sophos antivirus - The Anti-Virus database on this system is expired」警告消息

在ESA上，升級到新版本的AsyncOS並完成所需的重新啟動後，管理員可能會收到類似以下內容的警告消息：

The Warning message is:

sophos antivirus - The Anti-Virus database on this system is expired. Although the system
will continue to scan for existing viruses, new virus updates will no
longer be available. Please run avupdate to update to the latest engine
immediately. Contact Cisco IronPort Customer Support if you have any
questions.

Current Sophos Anti-Virus Information:

SAV Engine Version 5.33
IDE Serial Unknown
Last Engine Update Tue Mar 7 01:19:08 2017
Last IDE Update Tue Mar 7 01:19:08 2017

Version: 11.0.0-028
Serial Number: 111A80C64EA901221AAA-1A11EB54A111
Timestamp: 13 Mar 2017 14:57:21 -0400

此警告消息表示在裝置啟動時，防病毒引擎的關聯資料庫和規則包對於升級的AsyncOS版本不是最新的。ESA將在上線後檢查防病毒引擎更新，並更新到當前版本。

驗證當前的Sophos版本

要驗證Sophos的引擎版本，請在CLI中輸入antivirusstatus sophos(或avstatus sophos)，以便檢視當前的防病毒引擎版本。 

myesa.local> avstatus sophos

 SAV Engine Version 3.2.07.366.3_5.36
 IDE Serial 2017032603
 Last Engine Update 26 Mar 2017 13:24 (GMT +00:00)
 Last IDE Update 26 Mar 2017 13:24 (GMT +00:00)

將之前收到的警告消息中的版本與status命令的引擎版本輸出進行比較。 在驗證裝置已伸出並更新後，您可以放心地忽略此警告消息。

強制更新Sophos

您也可以輸入命令avupdate force 請求立即更新防病毒引擎和規則。輸入force命令後，請輸入tail updater_logs以檢視正在執行的更新。可能需要幾分鐘才能聯絡到更新程式、獲取正確的軟體套件，然後根據需要下載並安裝。例如：

(myesa.local)> avupdate force

Sophos Anti-Virus updates:
Requesting forced update of Sophos Anti-Virus.
McAfee Anti-Virus updates:
Requesting update of virus definitions
(Machine 122.local)> tail updater_logs

Press Ctrl-C to stop.
Sun Mar 26 09:20:39 2017 Info: Server manifest specified an update for sophos
Sun Mar 26 09:20:39 2017 Info: sophos was signalled to start a new update
Sun Mar 26 09:20:39 2017 Info: sophos processing files from the server manifest
Sun Mar 26 09:20:39 2017 Info: sophos started downloading files
Sun Mar 26 09:20:39 2017 Info: sophos waiting on download lock
Sun Mar 26 09:20:39 2017 Info: sophos acquired download lock
Sun Mar 26 09:20:39 2017 Info: sophos beginning download of remote file
 "http://stage-updates.ironport.com/sophos/4.4/ide/default_esa/1490526336"
Sun Mar 26 09:20:41 2017 Info: sophos released download lock
Sun Mar 26 09:20:41 2017 Info: sophos successfully downloaded file
 "sophos/4.4/ide/default_esa/1490526336"
Sun Mar 26 09:20:41 2017 Info: sophos waiting on download lock
Sun Mar 26 09:20:41 2017 Info: sophos acquired download lock
Sun Mar 26 09:20:41 2017 Info: sophos beginning download of remote file
 "http://stage-updates.ironport.com/sophos/libsavi/1488816512"
Sun Mar 26 09:24:58 2017 Info: sophos released download lock
Sun Mar 26 09:24:58 2017 Info: sophos successfully downloaded file
 "sophos/libsavi/1488816512"
Sun Mar 26 09:24:58 2017 Info: sophos started applying files
Sun Mar 26 09:24:58 2017 Info: sophos updating component ide
Sun Mar 26 09:24:58 2017 Info: sophos updating component libsavi
Sun Mar 26 09:24:58 2017 Info: sophos updated engine,ide links successfully
Sun Mar 26 09:24:58 2017 Info: sophos cleaning up base dir /data/third_party/sophos
Sun Mar 26 09:24:58 2017 Info: sophos sending version details
 {'sophos': {'version': '5.36', 'ide': '2017032603'}} to hermes
Sun Mar 26 09:24:58 2017 Info: sophos verifying applied files
Sun Mar 26 09:24:58 2017 Info: sophos updating the client manifest
Sun Mar 26 09:24:58 2017 Info: sophos update completed
Sun Mar 26 09:24:58 2017 Info: sophos waiting for new updates

updater_logs中要查詢的鍵是「更新已完成」和「等待新更新」日誌行。一旦顯示以上命令，您可以再次輸入avstatus sophos命令以驗證版本和日期是否已更新。