Free Shipping On Many Orders Over $350 (Exclusion Apply)

Chat To Us - 7am-10pm - 7 Days A Week

Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update

The Tech Geeks |

Overview

Sophos has received customer reports of the SFOS Antivirus service being stopped due to a failed AV pattern update.

This issue only affects SFOS devices that have been recently rebooted or have had their antivirus service restarted by a configuration change.

This will affect email delivery and cause web traffic to be dropped. 

Applies to the following Sophos product(s) and version(s)
Sophos Firewall XG

How to identify if you are affected

This issue only affects SFOS devices that have been recently rebooted or have had their antivirus service restarted by a configuration change.

Affected devices will have the following in the /log/avd.log:

  • /bin/avd: error while loading shared libraries: libssp.so.0: cannot open shared object file: No such file or directory 

The antivirus service will be stopped and the Avira and Sophos AV pattern update will be shown as failed. Users can confirm this via the Pattern Updates section in the SFOS GUI and from the Advanced Shell.

Advanced Shell:

  • service -S | grep antivirus
    antivirus STOPPED

Impact

A stopped SFOS antivirus service will affect email delivery and cause web traffic to be dropped.

Current status

4/4/2020 - 9pm GMT

  • Updated AV pattern with fix has been released to prevent this issue
  • Manual fix for devices that are already affected is available from Support

4/4/2020 - 6pm GMT

  • Sophos is actively working to resolve this issue
  • We expect this issue to be resolved by 9pm GMT

What to do

An updated AV pattern with the fix has been automatically released to all SFOS devices.

Users with devices that are already affected should refer to the instructions below:

For affected devices running SFOS v18 EAP2 or above:

  1. From the advanced shell:
    • /scripts/av_version_change.sh savi
    • /scripts/av_version_change.sh avira
  2. Then initiate a pattern update from the GUI

For affected devices running SFOS v17.5.x, please raise a support case and include the information below:

  1. Enable the Support Access Tunnel and provide the Access ID
  2. Provide consent for Sophos Support to add a RSA/SSH key for the fix to be applied