Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Local Mirror Update Servers Not Updating Since August 1 (Linux)

CB Defense: Local Mirror Update Servers Not Updating Since August 1 (Linux)

Environment

  • CB Defense PSC Console: All versions
  • CB Defense Local Mirror Server: Version 2.2 and Lower
    • Linux: All Supported Versions
  • CB Defense PSC Sensor: 2.0.x.x and Higher
    • Microsoft Windows: All Supported Versions

Symptoms

  • The Local Mirror server has not been able to update Signature pack versions since August 1, 2019
  • Tests to reach CB Update Servers fail
  • The following error is reported in avupdate.log
    UPD: ERROR: No valid license was found

Cause

This is related to a known issue with Signature Pack updates

Resolution

  1. Ensure traffic to the new Signature Update Server URL is allowed through proxies and firewalls without packet inspection (TCP/80 or TCP/443)
    updates2.cdc.carbonblack.io
  2. Disable Local Mirror server
    1. Stop the automated scheduling of `update_defs.sh`. If using a crontab, it will be necessary to delete the associated crontab.
    2. Temporarily disable the hosting and serving of definition files (for example, disable the Apache web server used to provide updates to Sensors)
  3. Update Local Mirror server files
    1. Download the latest mirror server package for Linux from CB Defense: Local Mirror Server for Signature Updates
    2. Unpack the zip file. Locate the following files
      update_defs.sh
      update_defs_ssl.sh
      HBEDV.KEY
      avupdate_msg.avr
      avupdate.bin
    3. Update the current Local Mirror by replacing the matching Local Mirror files with the files noted above.
    4. If desired, SSL communications between the Local Mirror and CB update servers can be enabled by using update_defs_ssl.sh file in place of update_defs.sh
  4. Download the latest Signature pack (20180816 or higher) as described in CB Defense: How to Download the AV Signature Pack
  5. Deploy the new pack to all endpoints using your preferred systems management application: CB Defense: How to Silently Install the AV Signature Pack
NOTE: If doing an interactive installation of the Signature Pack, you may receive "Failed to notify signature pack ready, error 5" message, which is safe to ignore; No error will be displayed or logged in case of silent installation.
  1. Re-enable Local Mirror
    1. Re-enable the hosting of signature updates (for example, re-enable the Apache web server used to provide update to Sensors)
    2. Recreate the scheduled task to automate scheduling of "update_defs.sh" in order to maintain the Local Mirror signature file updates 
NOTE: Ensure the correct script is being called in the scheduled job (update_defs.sh or update_defs_ssl.sh)
  1. Confirm that the Local Mirror is now updating
    1. Locate and view the master.idx file within the Local Mirror directory (Full path will vary depending on how the Local Mirror was setup)
      /var/www/html/idx/master.idx
    2. Confirm the listed CRDATE value is current
  2. Verify that signatures are updating on Sensors: CB Defense: How to verify AV Signatures are updating
  3. If signature updates have not resumed 24 hours after applying the solution, please open a support case

Additional Notes


Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
717
Contributors