"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
We'd love to hear about it! Click here to go to the product suggestion community
We are currently running SFOS v 16.05.1 MR-1
just want to kindly ask if has anyone experienced that even you have deleted quarantined mails, the status is still not updated:
and some of the emails in the quarantine is not available within specific dates, same with this guy:
Any thoughts on this would be helpful,
I see that you posted this question yesterday, any changes/updates till now?
In reply to sachingurung:
already raise a support ticket for this to Sophos, and did a remote session with one of the tech support but unfortunately the issue has not been resolved.
as per our conversation, he will escalate the issue to his seniors.
Still waiting for his feedback.
In reply to Aditya Patel:
we came from an SFOS v 16.01 and as suggested by support we did upgrade it to 16.05, unfortunately the issue has not been resolved.
and we conducted a remote session with Sophos tech, we fired several command including service awarrensmtp:restart -ds nosync, but still no luck
May you kindly explain also this " the quarantine mail does not remain longer than 7 days." ,
Got a weird experience again, our XG does not have quarantined mails again for today,
A support ticket has already been raised for this but unfortunately no resolution are provided and we are keep getting delayed feedback from the technical support personnel.
In reply to xlr8:
I suggest you to share your ticket number with sachingurung or Aditya Patel so they can investigate and find out if it is a bug or something broken inside the XG.
In reply to lferrara:
Already shared the ticket number to sachin, still waiting for feedback
I looked into the case# and left a task note for the engineer to give you a follow-up. Meanwhile, I need some particular information on this. What is the SMTP mode configured: MTA or legacy?
Check in the awarrensmtp.log to verify if any emails are recently quarantined and post the log file to me. You can also check the quarantine emails in the /var/quarantine/QBin .
Regarding Aditya's comment - Appliance reserves 5GB for Quarantine Area [AV + AS]. To maintain the total size of Quarantine Area, System purges 10% of Space once it gets full. The 7 days capability is now extended and the XG will reserve the quarantined Emails until they are manually purged. Edited after a recent update from the product team.
our smtp mode is configured as MTA.
how to perform this "Check in the awarrensmtp.log to verify if any mails are recently qurantined"?
cat awarrensmtp.log | grep quarantine
Alongside, what happens when you restart the tomcat services? Any changes in the total utilization bar?
service tomcat:restart -ds nosync
will try these steps you have given, I'll let you know the soonest
please see results of the command you have given:
after i entered service tomcat:restart -ds nosync , still no changes in the total utilization bar.
I am having the same issue in legacy mode I started a ticket but have yet to hear from support to resolve. I've tried the restart commands as well didn't help.
In reply to ChristineMeisinger:
does your mail quarantine stopped storing spam/probable spam in its storage? or your quarantine utilization is not updating as well? or you're experiencing both?
thanks for sharing,