01-31-2011 04:54 AM
I am also having the same problem, began after the Jan 3/2011 complete Sophos software update. While waiting for the fix, I have uninstalled Sophos, am using ClamXav which is also free, they just "nag" every few uses for a donation. When Sophos supplies the fix, I will uninstall ClamXav, re-install Sophos. From the info on various anti-virus sites, it is unwise to have 2 antivirus programs running at the same time.
09-02-2011 06:43 AM
I have resigned myself to the fact that Sophos has no plans of investigating and addressing this that they are willing to say. If this issue effects you, you will only get an update when an updated installer package is released as the product will fail the same way every time. A reinstall does not help.
I am now on Version 7.3.2C; Threat data: 4.68; Release date: August 1, 2011.
I suspect that common firewall settings are involved here. My firewall has recorded several events that it thinks are outgoing attacks to hosts like a24-24-52-115.deploy.akamaitechnologies.com and a24-24-52-64.deploy.akamaitechnologies.com
I also suspect that the firewall rule that is getting tripped is "WEB-CLIENT Apple Mac OS X installer package filename format string vulnerability"
Maybe Sophos can recommend an IP range to whitelist or something? Perhaps Sophos can look into potential problems with firewalls?
09-02-2011 08:57 AM
Which firewall are you using? You definitely need access to Akamai servers to get the updates.
We have been continually investigating failed updates, but the truth is that each case tends to be different, based on network topography. In the end, it generally comes down to a firewall somewhere blocking access to akamai servers. Since IPs at akamai are dynamically pooled, and the specific domain/IP used changes based on locale and load, a small static IP whitelist will only apply to a single user for a limited amount of time.
You could always set a rule that allowed outgoing connections to *.akamaitechnologies.com -- it's generally only established businesses that use Akamai, and you're dealing with outbound activity.
09-02-2011 10:58 AM
Thanks for the response. The firewall I'm behind is an Astaro (hardware/software). Any changes I make to settings will effect more users than simply me, so I need to be very very sure what I'm doing is safe, necessary or worth it.
09-02-2011 11:21 AM
Well, you're in luck, as the Astaro firewall is one of our enterprise products The issue you're experiencing is due to the firewall being configured to block downloads of installer packages (this is enabled by default), and the file you're downloading is in fact an installer package. You can contact your listed customer support for your Astaro product if you need help reconfiguring the firewall settings. They can also provide feedback to the SAV Mac dev team, so if you treat this as a firewall issue instead of an AV issue, you'll actually get access to our support department instead of just this community forum.
I presume this is for using a personal laptop behind a corporate firewall, but I should mention that SAV Mac HE is a home-use product, and we have an enterprise version with support for non-home-use such as business, educational, non-profit, etc. (you might even get a deal on it should you need it, since you're already a firewall customer).
09-12-2011 02:54 AM
hm, hope this is the right place to post.
anyway, i haven't been able to update my antivirus for a while now (since 9/6/2011). the console log simply tells me that "failed to count the number of files in 'system/library/startupitems: no such file or directory".
do i need to reinstall sophos? and is there any way to fix the problem w/o reinstalling? i'd rather not uninstall as a.) i'm a (fairly) new mac user and b.) i've heard that uninstalling programs on macs is a pain in the bootay.
(btw, i first installed sophos because it was the antivirus provided to me by my university. as it turns out, my university has since ended their formal contract with sophos -- could this be the reason why my antivirus isn't updating?)
09-13-2011 09:18 AM
Let's answer your last question first:
You are using our Enterprise product, and all updates are provided by your university. As such, you are supposed to use your university's technical support for help.
However, since they no longer have a support contract, your best option is to uninstall the Enterprise product and install the Home Edition (which is what these forums support).
Generally, uninstalling programs on a Mac involves navigating to the Applications folder, and dragging the application you want to remove to the trash icon on the dock.
However, because of its function, Sophos Anti-Virus installs things all over the place, and is most easily uninstalled with an uninstall program. See the uninstall instructions for SAV 7 Enterprise for more details. That thread works through the confusion between the two products as well.
Once you've uninstalled your current AV software, you can download and install the Home Edition -- for your purposes there is very little difference, other than that updates come from Sophos instead of your university, and you control the software instead of the university administrators via SEC.