This announcement is for Web Security Appliance customers running releases 7.0.x or 7.1.x & using Sophos virus scanning.
The primary Cisco IronPort datacenter encountered a power event at approximately 6:30am PDT today, May 22, 2012 that caused a failover to one of our backup datacenters. Cisco Ironport recently received customer reports of issues relating to Sophos and performance. It has been determined that after the power event your appliance(s) may have received an outdated Sophos update that could potentially cause a data corruption that may impact the performance of your appliance.
Cisco engineering teams are actively working on an update that will correct this issue and we are anticipating it being made available by early afternoon on May 23, 2012.
As a precaution Cisco IronPort recommends that until the update is available that you temporarily disable Sophos virus scanning using the following instructions:
1) Login to the Web Security Appliance via HTTP to the GUI
2) Go to Security Services -> Anti-Malware
3) Click at “Edit Global Settings”
4) Uncheck “Enable Sophos”
5) Press “Submit”
6) Commit the changes
SecureLink or Cisco Ironport will notify you when the update is available.
We apologize for any inconvenience.