Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
We are using Sophos Xg firewall. We are receiving emails from three of our customers and when we open it then found in a different format which is very strange. I attached a screenshot of that message kindly view it and if someone knows the solution then guide me.
We're also experiencing a similar problem. Emails sent to more than one recipient can have a corruption of one of them, but not the other. It seems to be happening with multiple senders, but on only a small number of emails.
Most of the corrupted emails have the line "Content-Type:text/plain; charset=UTF-8", but we've also had "Content-Type:text/plain; charset=WINDOWS-1252".
The problem appears to have started after we updated to SFOS v17.5
Our service provider (Symantec) have already investigated, and cannot find any evidence of corruption through their services, and the Sophos logs appear to show that the received emails were still intact before running through any Sophos email security policies.
I also have this issue with say 1-2 out of 10 emails coming through the MTA.
Have had this since the 17.5 GA release all the way to (SFOS 17.5.3 MR-3)
In reply to Nicholas Eagle:
We've rolled back to 17.1.4 MR-4 this morning as we know this was working OK prior to upgrading to 17.5 - so far, no more corruption of emails. Here's the response we received from our service providers after they finished testing of their services...
A rather thorough investigation has been completed by Symantec/MessageLabs and it does not appear to be an issue that is originating from their infrastructure.
Please see the below breakdown of investigation and findings:
Symantec injected the sample provided by you and then took a copy out of the queue before it could be delivered and loaded it locally.
The mail still displayed correctly so doesn't appear to be an issue caused by anything Symantec have done their end.
It was sent through the same server that the original email went though that, we were able to view to ensure all conditions were as close as possible.
The re-injected version was scanned etc. We believe the issue is caused either by the encoding set on the email server or by the software used for reading the emails.
It does appear to be a local issue with part of either the mail server, the software used for reading the emails, or the Sophos Firewall you are using. Please let me know if there is any more information I can provide to further assist with this matter. If you do an online search of encoding this does reinforce this idea.
Hopefully this may help someone who's up for doing a bit more research. For us, it was easier (and less painful) to rollback for the moment and get emails coming through again without corruption.
In reply to it@hcd:
I was told that this will be resolved in 17.5.4 MR4 and the issue is resides in the malware scanning via my technical case today. The technician I spoke too was unclear if an exception to malware scanning, disabling malware globally, or changing from dual scanning to single scanning would resolve it.
Sophos has this noted as an Internal Bug: NC-40131
Hi Sparta, it@hcd, Nicholas Eagle,
I have reached you through private message for further investigation of this issue. So please look into it.
I am also having this issue, although not as bad as it was a couple of weeks ago when 1/3-1/4 of our emails were like this. Only 1 or 2 a day now.
Was anything found? Dont really want to roll back firmware if I dont have to at this time.
In reply to RichardPhillips:
Big warning guys, this patch does not fix this issue! We switched our MX records back and users are already getting these corrupted emails. We are continuing our shopping for a new spam alliance now.