PureMessage for UNIX is replacing message part with SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA

  • Article ID: 51154
  • Updated: 22 Oct 2015


PMX is not properly scanning messages for viral content and replacing message part with SOPHOS_SAVI_ERROR_OLD_VIRUS_DATA

First seen in 
PureMessage for Unix 5.4.0


The AV engine will return the following SAVI string:


...when the AV engine is older than 3 months. This also means that the virus definitions will likely not have updated for 3 months as well because the sophos-data-update scheduled job also downloads the monthly AV engine update too if one is available. This is done as a fail-safe measure to stop potential viruses from being let through the AV engine which would otherwise be detected with up to date AV data, but poses a large in-convenience to customers as all of their email will get quarantined as virus or rejected depending on the test set inside the pmx_virus test in policy.siv.

What To Do

Check the following.

1. Make sure the web repository path has been set to the correct web repository path location. Run as PMX user:

$ ppm set

If the PPD repository path for PureMessage is set incorrectly or to a local path, update it as per:

$ ppm set repository PureMessage

where it is either:

  • http://pmx-dynamic.sophos.com/pmx/v6/mainline/linux/
  • http://pmx-dynamic.sophos.com/pmx/v6/mainline/solaris

2. Make sure the 'pmx-sophos-data-update' scheduled job is enabled. If it isn't please enable it via the Manager interface or CLI by running as PMX user:

$ pmx-scheduler enable pmx-sophos-data-update
$ pmx-scheduler restart

After checking the above points, issue a manual upgrade of the PureMessage-Sophos-Data package by running:

$ ppm verify --upgrade PureMessage-Sophos-Data --force

or to perform a un-signed manual update:

$ ppm verify --upgrade --novalidate PureMessage-Sophos-Data --force

This will download the latest virus definition data set, and also install the latest AV engine.

Afterwards, normal mail flow should be restored and PureMessage will correctly AV scan messages.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent