Cisco Email Security Appliance

Unable to contact the update server to check for Sophos AntiVirus updates

Document ID: 117978

Updated: Jul 17, 2014

Contributed by Nasir Shakour and Enrico Werner, Cisco TAC Engineers.



What should I do when I get the alert: 'Unable to contact the upgrade server to check for Sophos AntiVirus updates'?

When an update to Sophos Anti-Virus fails, several different alert messages can be generated, for example:

Unable to contact the upgrade server to check for Sophos AntiVirus updates.
The last successful contact was Mon Nov 1 23:21:46 2013.
Please verify your network settings and anti-virus update settings.
Version: 8.0.1-023

All alerts are sent via email to the address configured in the alertconfig CLI command. See below for a more complete list of alerts.

Common causes for Sophos Anti-Virus update failures include, but are not limited to:

  • General lack of network connectivity
  • Firewall blocking access to update server
  • Failure to look up the IP for the update server

It is also possible that our download servers were experiencing heavy load. Like all automatic updates on the appliance, Sophos will try again. If the cause of the failure is intermittent, it is likely that subsequent updates succeeded.

To further troubleshoot why the update failed, you may want to review the anti-virus logs. To monitor the update attempt in real time:

  1. Log into the CLI.
  2. Issue the antivirusupdate command.
  3. Select sophos or mcafee as the update source.

You should now be back at the main command prompt.

Issue the tail command and select the anti-virus log from the list. The anti-virus log will give information about the most recent attempt and the reveal the cause of the failed update

Example Alerts:

md5 checksum mismatch for
expected 'e211edd7b68dc646015638f12705d16a', got '23099f7abb37dcd15e4ca46123e75297'
Last message occurred 3 times between Thu Jan 19 13:24:36 2006 and Thu Jan 19
13:34:36 2006.expected 'e211edd7b68dc646015638f12705d16a', got
01&sophos_ide=2006011902: I/O error opening URL
Error transferring sophos/sophos-4.01/sav-4.01.tgz: I/O error opening URL
Updated: Jul 17, 2014
Document ID: 117978