 Sophos database updated & active, how often per day? [message #135561] |
Thu, 25 May 2017 14:28  |
 |
havinabubble
Messages: 14
Registered: July 2014
|
|
|
|
following on from my other thread http://forums.kerio.com/t/32593//
I've noticed a pattern in the failed attempts on my server.
in my SECURITY LOG I see the following line before EVERY block of attempts:
Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251743/3.66.2.0) is now active.
is it possible they have figured a weakness, that involves the Sophos engine?
why does that message appear so often?
Quote:[24/May/2017 17:52:43] Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251743/3.66.2.0) is now active.
[24/May/2017 18:54:37] SMTP: Authentication attempt from host 47.91.140.237 denied, insecure authentication not allowed.
[24/May/2017 18:54:42] SMTP: Authentication attempt from host 47.91.140.237 denied, insecure authentication not allowed.
[25/May/2017 05:52:47] Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251790/3.66.2.0) is now active.
[25/May/2017 08:53:36] IMAP: User user1ATmydomain.com doesn't exist. Attempt from IP address 81.30.195.154.
[25/May/2017 08:54:05] IMAP: User user1ATmydomain.com doesn't exist. Attempt from IP address 220.191.249.7.
[07/Apr/2017 16:40:50] Sophos database has been successfully updated. Sophos Scanning Engine (5.35.12601123/3.66.2.0) is now active.
[07/Apr/2017 17:22:40] SMTP: Authentication attempt from host 177.23.177.146 denied, insecure authentication not allowed.
[07/Apr/2017 17:22:41] SMTP: Authentication attempt from host 177.23.177.146 denied, insecure authentication not allowed.
[17/Mar/2017 09:32:23] Sophos database has been successfully updated. Sophos Scanning Engine (5.35.12598872/3.66.2.0) is now active.
[17/Mar/2017 09:33:02] HTTP/CalDav: User user2ATmydomain.com doesn't exist. Attempt from IP address 192.168.1.104.
[17/Mar/2017 09:33:05] HTTP/CalDav: User user2ATmydomain.com doesn't exist. Attempt from IP address 192.168.1.104.
[23/May/2017 23:37:03] Sophos database has been successfully updated. Sophos Scanning Engine (5.39.13251592/3.66.2.0) is now active.
[23/May/2017 23:46:39] IMAP: Invalid password for user user3ATmydomain.com. Attempt from IP address 219.93.121.6.
[23/May/2017 23:47:19] IMAP: Invalid password for user user3ATmydomain.com. Attempt from IP address 106.158.109.238.
|
|
|
|
|
|
| Re: Sophos database updated & active, how often per day? [message #135578 is a reply to message #135574] |
Tue, 30 May 2017 10:18  |
|
havinabubble
Messages: 14
Registered: July 2014
|
|
|
|
Pavel Dobry (Kerio) wrote on Mon, 29 May 2017 12:15Because Sophos is frequently updating the antivirus definitions to keep you protected. You can notice that the version of definitions file is constantly updated (eg. 13251592).
cheers, I had noticed the number change... but my paranoia is questioning EVERYTHING it reads at the moment
if thats normal, I'll cross it off my worry list 
|
|
|
|
Members
Search
Help
Register
Login
Home
