Sophos Anti-Virus Database Expired on Cisco IronPort ESA

Update: Looks like the problem has been resolved on May 16th at around 11:00pm EST.

So I got a new alert from our Cisco IronPort Email Security Appliances (ESAs) after midnight last night stating that the Anti-Virus database has expired. Here’s what the alert says:

The Warning message is:

sophos antivirus – The Anti-Virus database on this system is expired.  Although the system will continue to scan for existing viruses, new virus updates will no longer be available.  Please run avupdate to update to the latest engine immediately.  Contact Cisco IronPort Customer Support if you have any questions.

Current Sophos Anti-Virus Information:

SAV Engine Version      4.97

IDE Serial              2014051602

Last Engine Update      Thu May 15 15:23:44 2014

Last IDE Update         Fri May 16 05:10:47 2014

Last message occurred 261 times between Fri May 16 07:10:43 2014 and Fri May 16 07:30:56 2014.

Now, I know that the feature key for Sophos Anti-Virus is valid for another couple of years (you can actually check that by logging in to your ESA’s GUI -> System Administration -> Feature Keys and verifying Feature Keys for your appliance), so the alert was completely misleading. After contacting Cisco TAC about the issue, we had a confirmation that the problem is on their end and that it will be resolved automatically once the Sophos engine is updated to verison 4.97 (via regular download to the appliance). No customer action is required. Cisco has actually released an advisory on their Support Community page about this issue, which you can read here: https://supportforums.cisco.com/community/5756/email-security.

Things happen. We’ll be patient.

Leave a Reply

Your email address will not be published. Required fields are marked *