Hey everyone! please feel free to share your experience and insights in the new release firmware of Sophos, base on your testing/s, deployment, etc
Appreciate it a lot.
Regards,
Rap
This thread was automatically locked due to age.
Sophos did some changes on the MIME-Type recognition Module in 9.5 without mentioning this in the release notes or somewhere else.
We notified this in the Email Protection where there can certain MIME Types be blocked or allowed. We are using this option to block all macro-containing MIME Types from Office. Since Upgrade, this doesn't work anymore because Sophos did change the way how to determine MIME Types of Files... They said id should be an improvement, but so far UTM is no longer able to differ between Office Documents containing Macros and Office Documents not containing macros.
I did not try so far whether this change impacts also the Webfilter or Sandbox, where MIME Type Recognition is used as well...
Please send me Spam gueselkuebel@sg-utm.also-solutions.ch
Sophos did some changes on the MIME-Type recognition Module in 9.5 without mentioning this in the release notes or somewhere else.
We notified this in the Email Protection where there can certain MIME Types be blocked or allowed. We are using this option to block all macro-containing MIME Types from Office. Since Upgrade, this doesn't work anymore because Sophos did change the way how to determine MIME Types of Files... They said id should be an improvement, but so far UTM is no longer able to differ between Office Documents containing Macros and Office Documents not containing macros.
I did not try so far whether this change impacts also the Webfilter or Sandbox, where MIME Type Recognition is used as well...
Please send me Spam gueselkuebel@sg-utm.also-solutions.ch
One of my customers has the same problem with the MIME-Types. He is blocking all MIME-Types by default (*) and then whitelists a select few (pdf, documents). This worked like a charm up until he updated to 9.414-2. Now normal E-Mails get classified as all types of random scripting languages, such as "text/x-php" or "text/x-python". We then updated to 9.502 but still the same problem.
I have opened a ticket but am still waiting for a way to fix this.
Unknown said:One of my customers has the same problem with the MIME-Types. He is blocking all MIME-Types by default (*) and then whitelists a select few (pdf, documents). This worked like a charm up until he updated to 9.414-2. Now normal E-Mails get classified as all types of random scripting languages, such as "text/x-php" or "text/x-python". We then updated to 9.502 but still the same problem.
I have opened a ticket but am still waiting for a way to fix this.
The only solution is to temporary allow all MIME Types. Even Sophos Firstlevel Support wasn't informed about this change. Sophos Development says this is not a Bug, it's an Improvement... Whatever...
I am still waiting for a response from Sophos on how the behaviour of UTM changed and how I have to change my configuration for getting this work again.
So far, they only said that the File under /var/storage/chroot-smtp/etc/tft.ini is somehow releated to this Issue... I couldn't find out in which relation...
Please send me Spam gueselkuebel@sg-utm.also-solutions.ch
at home i have updated to latest 9.5x release.. no problem at all. (but no exchange server or ad-membership at home)...
at work the sg330 cluster is still at 9.413-4 and will stay there until current problems are fixed...
greets
zaphod
___________________________________________
Home: Zotac CI321 (8GB RAM / 120GB SSD) with latest Sophos UTM
Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...