System Requirements:
- Sophos Enterprise Console 5.2.1
- Mac OS X 10.4+
The Problem:
If you have been deploying Sophos Enterprise Console 5 to update Mac OS X using a HTTP connection, end devices may start refusing to connect to the Primary server. The Sophos Anti-Virus 8 log will state that it was unable to connect to the server.
Windows clients can update successfully from the same server over HTTP.
More Info
In this particular case, the HTTP distribution point was backed from a public facing web server running IIS 7.5 under Windows Server 2008 R2. The server has an encrypted tunnel connection and read-only pass through authentication to a SMB share on an internal security server running Windows Server 2008 SP2 and Sophos Enterprise Console 5.2.1.
The SMB share is the same as the one exposed to the internal LAN for direct SMB updating and Windows clients using either HTTP or SMB will update successfully.
Mac OS X 10.7, 10.8 or 10.9 clients were however locked at Anti-Virus 8.0.5 and were only receiving definition updates from the secondary server at Sophos. The client will connect to the Primary HTTP share and begin to download, but terminate after a few kilobytes have been transferred.
The Fix
Somewhere between 8.0.5 and the current 9.0.5, there would appear to have been a change in the internal structure of the Sophos Anti-virus .mpkg.
Enable directory browsing and test that you can open the following file:
Note that CodeDirectory is a file and not a folder. This is the root of the problem.
Under the default metabase configuration in IIS, IIS will only serve files with known extensions and registered MIME types. So what happens with file with no file extension? By default a 404 error.
Under IIS 6
- Right click your servicing web site in IIS manager and choose Properties
- Go to the HTTP Headers tab and choose MIME Types
- Click New…
- In Extension type:
.* - In MIME type type:
application/octet-stream - Commit all changes
Under IIS 7
- Select the servicing web site in IIS manager
- Choose MIME Types under the IIS heading
- Click Add… in the top right
- In File name extension type:
.* - In MIME type type:
application/octet-stream
Under IIS 7.5 / 8
- Select the servicing web site in IIS manager
- Choose MIME Types under the IIS heading
- Click Add… in the top right
- In File name extension type:
. - In MIME type type:
application/octet-stream
Under IIS 7, 7.5, 8 you may also need to add the following to your root Web.config