Home›Alerts & Bugs›Advisory: Sophos XG Firewall – Antivirus service stopped due to failed pattern update

Advisory: Sophos XG Firewall – Antivirus service stopped due to failed pattern update

06/04/2020

2197

Overview

Sophos has received customer reports of the SFOS Antivirus service being stopped due to a failed AV pattern update.

This issue only affects SFOS devices that have been recently rebooted or have had their antivirus service restarted by a configuration change.

This will affect email delivery and cause web traffic to be dropped.

Applies to the following Sophos product(s) and version(s)
Sophos Firewall XG

How to identify if you are affected

This issue only affects SFOS devices that have been recently rebooted or have had their antivirus service restarted by a configuration change.

Affected devices will have the following in the /log/avd.log:

/bin/avd: error while loading shared libraries: libssp.so.0: cannot open shared object file: No such file or directory

The antivirus service will be stopped and the Avira and Sophos AV pattern update will be shown as failed. Users can confirm this via the Pattern Updates section in the SFOS GUI and from the Advanced Shell.

Advanced Shell:

service -S | grep antivirusantivirus STOPPED

Impact

A stopped SFOS antivirus service will affect email delivery and cause web traffic to be dropped.

Current status

4/4/2020 – 9pm GMT

Updated AV pattern with fix has been released to prevent this issue
Manual fix for devices that are already affected is available from Support

4/4/2020 – 6pm GMT

Sophos is actively working to resolve this issue
We expect this issue to be resolved by 9pm GMT

What to do

An updated AV pattern with the fix has been automatically released to all SFOS devices.

Users with devices that are already affected should refer to the instructions below:

For affected devices running SFOS v18 EAP2 or above: