Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MIME issues

Hello

 

I had a virus attachment in this file below however savscan was simply returning a (corrupt) error

Could not check /spam/11857--99734.eml/AW'20 NEW ORDER.doc (corrupt)

The doc was not corrupted and luckly my desktop computer (Kaspersky) blocked it .
After investigation savscan failed due to MIME attachment extraction error

in the email body I found this

Content-Disposition: attachment; filename="AW'20 NEW ORDER.doc"

as it seems savscan was not able to extract the attachment because there were a single quote ' , in the filename

I have seen this problem often in other similar situations, if the filename is not well formatted or if there are special chars inside.

 

Do you have in plan to fix this or is it better I use an external MIME attachment extractor to scan attachment in email received ?

Thank you

 

 

 



This thread was automatically locked due to age.
  • Hi  

    To scan the email attachment before receiving the emails to your exchange server there is Sophos Email Appliance and Sophos central Email gateway available who does email scanning and also provide spam protection and much more protections.

    If we talk about the above point, If there is an error while extracting the attachment from the email, it may fail to scan the attachment. I'd suggest you use Email gateway or a similar product to do the email scanning before it reaches your mailbox.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Thank you but I'm low in budget and I'm only interested to the free version of Sophos antivirus as an alternative to ClamAV.
    Currently you are providing the only and valid alternative to free clamAV . As it seems Sophos virus database is larger than ClamAV.
    BTW I have a Centos server with EXIM and ASSP antispam. I run Sophos as alternative to ClamAV. Sophos does a good work
    to block attachments however there are some attachment virus which are passing due to the MIME error reported above.
    If you are abandoning dev of your software I'll use an attachment extractor , I will rename the attachment , and I will scan the attachment
    with savscan and the result will go to ASSP .