This document describes how to manually update the anti-virus process for the Cisco Email Security Appliance (ESA).
How do I force a download of Sophos or McAfee Anti-Virus updates immediately?
Although anti-virus updates happen at regular intervals as configured from the appliance service updates, if you are waiting for an update you can initiate an anti-virus update yourself. By default, the updater service will check for updates every five minutes. Cisco recommends to leave this set to the default update interval.
You can review the appliance service updates from GUI, Security Services > Service Updates. From the CLI run updateconfig. This will be listed as the Update Interval.
To update the anti-virus process directly, please choose one of the following methods:
From the GUI, you can initiate an update from the Security Services > Anti-Virus, and choose either Sophos or McAfee. From the Current Anti-Virus Files table, click the Update Now button.
Example, using Sophos Anti-Virus:
From the CLI, you can initiate an immediate virus update with the CLI command antivirusupdate, and choose the anti-virus process you have licensed, sophos or mcafee.
Choose the operation you want to perform: - MCAFEE - Request updates for McAfee Anti-Virus - SOPHOS - Request updates for Sophos Anti-Virus > sophos
Requesting check for new Sophos Anti-Virus updates.
On the CLI you can also force a complete update via the command antivirusupdate force. A complete update is when the ESA will reach out to the Cisco update servers and pull the complete and most recent IDE, and also will pull the complete and most recent anti-virus engine, and reapply this in the background on your appliance.
> antivirusupdate force
Sophos Anti-Virus updates: Requesting forced update of Sophos Anti-Virus. McAfee Anti-Virus updates: Requesting update of virus definitions
You can view the process of the anti-virus updates my running tail updater_logs from the CLI on the ESA. This assure you of the appliance's communication with the Cisco update servers and manifest, and allow you to see the update complete.
You will want to assure that you see the highlighted lines above, which will indicate the successful request and update of the requested anti-virus updates.
Cisco encourages customers who enable Sophos Anti-Virus scanning to subscribe to Sophos alerts on the Sophos site at http://www.sophos.com/virusinfo/notifications/. Subscribing to receive alerts directly from Sophos will ensure you are apprised of the latest virus outbreaks and their available solutions.