How's UTM 9.5 so far?

Sophos did some changes on the MIME-Type recognition Module in 9.5 without mentioning this in the release notes or somewhere else.

We notified this in the Email Protection where there can certain MIME Types be blocked or allowed. We are using this option to block all macro-containing MIME Types from Office. Since Upgrade, this doesn't work anymore because Sophos did change the way how to determine MIME Types of Files... They said id should be an improvement, but so far UTM is no longer able to differ between Office Documents containing Macros and Office Documents not containing macros.

I did not try so far whether this change impacts also the Webfilter or Sandbox, where MIME Type Recognition is used as well...

Sophos did some changes on the MIME-Type recognition Module in 9.5 without mentioning this in the release notes or somewhere else.

We notified this in the Email Protection where there can certain MIME Types be blocked or allowed. We are using this option to block all macro-containing MIME Types from Office. Since Upgrade, this doesn't work anymore because Sophos did change the way how to determine MIME Types of Files... They said id should be an improvement, but so far UTM is no longer able to differ between Office Documents containing Macros and Office Documents not containing macros.

I did not try so far whether this change impacts also the Webfilter or Sandbox, where MIME Type Recognition is used as well...

One of my customers has the same problem with the MIME-Types.  He is blocking all MIME-Types by default (*) and then whitelists a select few (pdf, documents). This worked like a charm up until he updated to 9.414-2. Now normal E-Mails get classified as all types of random scripting languages, such as "text/x-php" or "text/x-python". We then updated to 9.502 but still the same problem.

I have opened a ticket but am still waiting for a way to fix this.

Unknown said:

One of my customers has the same problem with the MIME-Types.  He is blocking all MIME-Types by default (*) and then whitelists a select few (pdf, documents). This worked like a charm up until he updated to 9.414-2. Now normal E-Mails get classified as all types of random scripting languages, such as "text/x-php" or "text/x-python". We then updated to 9.502 but still the same problem.

I have opened a ticket but am still waiting for a way to fix this.

The only solution is to temporary allow all MIME Types. Even Sophos Firstlevel Support wasn't informed about this change. Sophos Development says this is not a Bug, it's an Improvement... Whatever...

I am still waiting for a response from Sophos on how the behaviour of UTM changed and how I have to change my configuration for getting this work again.

So far, they only said that the File under /var/storage/chroot-smtp/etc/tft.ini is somehow releated to this Issue... I couldn't find out in which relation...

at home i have updated to latest 9.5x release.. no problem at all. (but no exchange server or ad-membership at home)...

at work the sg330 cluster is still at 9.413-4 and will stay there until current problems are fixed...