Gzip compressed JSON data HTTP delivery and decompression issue

One of our client is using Sophos Security software. They are experiencing a peculiar issue with our web applications. Our static web application is deployed on a server but a few JSON format data file arrives from an external AWS S3 bucket. The JSON files are GZIP encoded.

The Metadata properties of these gzipped json files are set the following way:
- Content-Encoding  : gzip
- Content-Type : application/json

The bucket's CORS policy is set properly.

Interestingly, the json.gzip arrives and don't get rejected (HTTP 200). The problem is definitely with the decompression of the gzip. As I tested (without Sophos) every standard browser decompress the json.gzip correctly and the applications are working.

Is there any additional heading I can add to the S3 bucket files so Sophos will decompress correctly or it is something needs to be configured on Sophos?

Their Sophos versions:
Core Agent : 2.19.7
Endpoint Advanced 10.8.11.1
Sophos Intercept X 2.0.21

  • Hi Boti,

    There isn't enough information to properly answer this - I would need to see the settings on the Endpoint. However, the mostly likely issue is with the Download Protection policy element. This is what tells the scanner to scan items downloaded through a browser. 

    They can test this by disabling the policy element and seeing if the extraction works - if it does, there can be exclusions they can add to allow the download. 

    Sincerely, 

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.