Introduction
This document describes how to manually update the anti-virus process for the Cisco Email Security Appliance (ESA).
Cisco ASA Firewall is rated 8.0, while Sophos XG is rated 8.0. The top reviewer of Cisco ASA Firewall writes 'Gives us visibility into potential outbreaks as well as malicious users trying to access the site'. On the other hand, the top reviewer of Sophos XG writes 'Light and stable with excellent real-time control '. Known to apply to the following Sophos product(s) and version(s) Sophos UTM Software Appliance Operating systems V7, V8, V9 What To Do Please use the following guide to configure the Cisco VPN Client for the UTM Gateway: CiscoVPN-ClientHowto.pdf Previous article ID: 116056. Get in touch with a leading IT service provider in Australia to unlock a world of benefits for your business. Exigo Tech introduces the latest technologies in your business setup to help you achieve better outcomes. On the Sophos XG Firewall, disable these options: Go to VPN IPsec Connections and edit the configured IPsec profile. Under Gateway Settings, select Select Local ID for the Local ID Type field and select Select Remote ID for the Remote ID Type field. This will disable these options. Dec 04, 2019 Cisco/Generic code transceivers are compatible with Sophos products with limitations shown above. The 1G=10G combination on 4x10G FlexiPort modules is only supported with Intel-coded transceivers. Other third-party transceivers and Active or Passive DAC cables with similar coding might work as well but have not been tested by Sophos.
How do I force a download of Sophos or McAfee Anti-Virus updates immediately?
Although anti-virus updates happen at regular intervals as configured from the appliance service updates, if you are waiting for an update you can initiate an anti-virus update yourself. By default, the updater service will check for updates every five minutes. Cisco recommends to leave this set to the default update interval.
You can review the appliance service updates from GUI, Security Services > Service Updates. From the CLI run updateconfig. This will be listed as the Update Interval.
To update the anti-virus process directly, please choose one of the following methods:
GUI
From the GUI, you can initiate an update from the Security Services > Anti-Virus, and choose either Sophos or McAfee. From the Current Anti-Virus Files table, click the Update Now button.
Example, using Sophos Anti-Virus:
CLI
From the CLI, you can initiate an immediate virus update with the CLI command antivirusupdate, and choose the anti-virus process you have licensed, sophos or mcafee.
On the CLI you can also force a complete update via the command antivirusupdate force. A complete update is when the ESA will reach out to the Cisco update servers and pull the complete and most recent IDE, and also will pull the complete and most recent anti-virus engine, and reapply this in the background on your appliance.
Verification
You can view the process of the anti-virus updates my running tail updater_logs from the CLI on the ESA. This assure you of the appliance's communication with the Cisco update servers and manifest, and allow you to see the update complete.
You will want to assure that you see the highlighted lines above, which will indicate the successful request and update of the requested anti-virus updates.
Cisco encourages customers who enable Sophos Anti-Virus scanning to subscribe to Sophos alerts on the Sophos site at http://www.sophos.com/virusinfo/notifications/. Subscribing to receive alerts directly from Sophos will ensure you are apprised of the latest virus outbreaks and their available solutions.
Related Information
Cisco Vs Sophos
Introduction
This document describes why a Cisco Email Security Appliance (ESA) administrator receives a warning message from an appliance after an upgrade that states that the Sophos Anti-Virus database is expired.
Contributed by Dominic Yip and Stephan Bayer, Cisco TAC Engineers. Refind osx.
Post-AsyncOS Upgrade, 'sophos antivirus - The Anti-Virus database on this system is expired' Warning Message
On an ESA, after you upgrade to a new version of AsyncOS and complete the required reboot, an administrator might receive a warning message similar to this:
This warning message indicates that the Anti-Virus engine's associated database and rules package are not current for the upgraded version of AsyncOS at the time of appliance startup. The ESA will check for Anti-Virus engine updates after it comes online and will update to the current version.
Verify Current Sophos Version
In order to verify the engine version of Sophos, enter antivirusstatus sophos (or, avstatus sophos) in the CLI in order to view the current Anti-Virus engine version.
Cisco Sophos Login
Compare the version from the warning message received earlier to the engine version output of the status command. After you validate that the appliance has reached out and updated, you can safely ignore this warning message.
Force Update Sophos
Cisco Sophos App
You can also enter the command avupdate force in order to request an immediate update to the Anti-Virus engine and rules. After you enter the force command, enter tail updater_logs in order to view the update in progress. This might take a few minutes to reach out to the updater, get the proper packages, and then download and install as needed. An example of this is:
Cisco Sophos
The key in the updater_logs to look for is the 'update completed' and 'waiting for new updates' log lines. Once those are displayed, you can enter the avstatus sophos command again in order to verify that the version and dates are updated.