Problem with download virus definitions from F-Secure servers PMS 13.10

After update linux PMS (SLES 11) from 12.40 to 13.10, have problems with downloading virus definition do PMS server. I have Client Security 12.32 and 12.30 on workstations (no 13 clients yet) but PMC shows: "There are currently no version 12 or older clients in your managed network" what is't true. How to change this. In such situaltion should old fsaua agent be uninstalled from PMS server after upgrade? Maybe some changes to \opt\f-secure\fspms\config\channels.json are nessesary?

any help would be appreciated,

Thanks

Find more posts tagged with

Comments

etomcat

Dear Alexander,

Thanks for the expert insight on the mentioned case!

Yours Sincerely: Tamas Feher, Hungary.

A_Grinkevitch

Tamas,

I’ve checked fsdiag from the mentioned case and see that even though PM 13.10 was installed from scratch, old H2 DB from PM 12.30 was placed to it. Maintenance tool was not ever run on the PM 13.10 host and I’m almost sure Maintenance tool was not run before moving DB to the target host.

Most probably corruption has happened before, but got noticed only with latest PM when it accessed problematic entry in the status table.

Alexander

etomcat

Dear Alexander,

> Thanks to our efforts in optimizing DB handling, I did not hear about any H2 corruptions happened with PM 13.

Please check F-Secure support case no. xxxxx for one example.

I think the main difference between H2 and MySQL is that the first one is kind of an enthusiasts' project, while the latter is professionally developed, even though its free. Thus mention the MySQL evokes trust similar to MS-SQL or Oracle, while mostly nobody has heard of H2 DB.

Yours Sincerely: Tamas Feher, Hungary.

EDIT: Removed case number

A_Grinkevitch

Hello Tamas,

> The F-Secure Policy Manager storage requirements are excessive in my opinion and the vendor should really optimize usage.

That is one of the reasons why we are moving from AUS to GUTS2. With new solution, no need to keep all diffs from previous 35 versions, PM host cashes only ones that were requested by end-points.

> The H2 corrupts way too often in rea-world use

Thanks to our efforts in optimizing DB handling, I did not hear about any H2 corruptions happened with PM 13.

H2 as default DB engine allows most of our customers to use the product without extensive MySQL knowledge and that is the reason why it is still default.

Alexander

etomcat

Hello,

> One folder in that directory afer update grew over 16GB.

The F-Secure Policy Manager storage requirements are excessive in my opinion and the vendor should really optimize usage.

I also think H2 Java database needs to go and MySQL should be the default, not a tricky, half-supported hack. The H2 corrupts way too often in rea-world use, it cannot be considered a stable corporate / enterprise item.

Thanks for your kind attention, Yours Sincerely:

Tamas Feher, Hungary.

A_Grinkevitch

Great that you identified the problem!

AUS has the logic of cleaning old content. It generates diffs for previous 35 (by default) update versions and stores all that stuff inside /var/opt/f-secure/fsaus/data/db directory. Once new update is pushed to AUS, diffs to the latest version from all previous 35 ones are generated. In some time oldest version is dropped – that explains why directory size has decreased…

If AUS gets all updates in a row and does not miss any in the middle, dir size is about 5GB (after cleanup). If host was restored from backup, diffs might be really huge and occupy several GB each.

Alexander

coyote

Thank you for answer,

after diging more deeply in fspms-download-updates.log found:

08.02.2018 15:18:38,575 ERROR [c.f.c.g.u.Guts2UpdatesStorage] - Cannot build content for "aquawin32" version "1518095513" from diff archive "/var/opt/f-secure/fspms/data/guts2/updates/aquawin32/1518095513/diffs/1518095513_from_1518023324_archive"
java.nio.file.FileSystemException: /var/opt/f-secure/fspms/data/guts2/updates/_guts2_aquawin32_1518097706165/content: No space left on device

There wasn't enougt space on disk. Before update have some additional backup, but real reason was /var/opt/f-secure/fsaus/data/db. One folder in that directory afer update grew over 16GB. Now, after adding disk space and updates working normally /var/opt/f-secure/fsaus/data/ has over 7GB. Is it normal?

Thank you.

A_Grinkevitch

Hello,

AUA is not needed for Policy Manager any more, but if you are running Linux Security, it should be still there.

If you wish to skip downloading some of 12-series updates, indeed you can modify channels.json and drop entries that are not needed in your environment, but there is no way to force PM to download old series. PM detects that itself by checking hosts status if old AUA is there or not.

There might be two reasons: Policy Manager does not detect that old clients are still there, or PMC is unable to load content details from BackWeb.

Please check the fspms-download-updates.log, last sequence of actions for 'aquawin32' update. If PM detects old clients, that log will contain something like following:

07.02.2018 20:57:16,427 INFO [c.f.f.s.g.d.DownloadUpdatesService] - New "aquawin32" version available: "1518023324"
07.02.2018 20:57:16,521 INFO [c.f.f.s.g.d.DownloadUpdatesService] - Downloaded header.json for "aquawin32" version "1518023324"
07.02.2018 20:57:16,536 INFO [c.f.c.g.d.Guts2DownloaderImpl] - Downloading "aquawin32" diff from version "1518018670" to "1518023324" ...
07.02.2018 20:57:16,661 INFO [c.f.c.g.d.Guts2DownloaderImpl] - Connected to url="http://guts2.sp.f-secure.com/f/<some_id>_archive" successfully using a proxy="http://<proxy>:<port>"
07.02.2018 20:57:16,692 INFO [c.f.f.s.g.d.DownloadUpdatesService] - Downloaded "aquawin32" diff from version "1518018670" to "1518023324", 119498 bytes
07.02.2018 20:57:16,692 INFO [c.f.c.g.u.Guts2UpdatesStorage] - Generating content for "aquawin32" version "1518023324" ...
07.02.2018 20:57:24,336 INFO [c.f.c.g.u.Guts2UpdatesStorage] - Content for "aquawin32" version "1518023324" is successfully generated
07.02.2018 21:07:16,513 INFO [c.f.f.s.g.r.BackwebPublisher] - Installing update "aquawin32" version "1518023324" ...
07.02.2018 21:08:18,633 INFO [c.f.f.s.g.r.BackwebPublisher] - Installation of "aquawin32" version "1518023324" ("F-Secure Aquarius Update 2018-02-07_06"): Success

Last entry means that update was pushed to AUS and everything is ok.