Sophos AV engine broken?

We have 6 firewalls that I know of that will not allow web browsing since maybe 8 hours ago. The error reported is "The requested content could not be scanned for malware. It may be corrupted or encrypted."

/log/avd.log says:

Scanning file /tmp/0x1YOB0Ee (context=HTTP) ...
File /tmp/0x1YOB0Ee scan result : 0x0004021E
unable to sweep file [0x0004021e]

Switching scan engine to Avira gets around the problem.

Is anyone else seeing this?

Thanks

James

  • I have seen it on two units so far.  Swapping the AV engine to Avira Under the Services > Malware Protection menu got around the issue for me.

     

    Cheers,

    Lachlan

  • Yep, same here.

     

    Just finished band-aiding the issue for all our clients with XGs. Updated ~ 20 firewalls.

     

    Ended up killing HTTP malware filtering on HTTP. Seems like HTTPS / FTP filtering was fine. Specific symptom we saw was any HTTP traffic blocked with the "The requested content could not be scanned for malware. It may be corrupted or encrypted." error returned for users. As mentioned, HTTPS was fine.

     

    That's one way to encourage the adoption of HTTPS...

  • In reply to Lachlan Tailby1:

    Thanks

     

    That fixed it for me too.

     

  • In reply to Lachlan Tailby1:

    Hello Guys,

     

    same issue here, switching over to Avira helped for an temporarily solution.

    As i encountered the issue the machine was running not the latest firmware.

    Update to latest firmware does not make any difference for this issue.

    So in conclusion i think it has something to do with an signature update last 24h.

     

    Best Regards

    Markus

  • In reply to Markus Heilgemeier:

    Fixed mine too with switching from SOPHOS to Avira scanner (System services-> Malware protection->Primary antivirus engine) SW Version SFOS 17.5.7 MR-7

  • In reply to Lachlan Tailby1:

    40+ firewalls updated with these settings now working - very annoying for a Saturday....

  • In reply to Andrew Hurl:

    Could you please check the u2d.log and the Webadmin - Pattern Update.

    Is Sophos failed there? 

  • In reply to LuCar Toni:

    Sophos have just responded to my ticket (#9075149). From what I can tell, the problem is known and fixed, and will be rolled out soon.

  • In reply to LuCar Toni:

    Sophos AV
    1.0.14437
    -
    09:36:36, Aug 10 2019
    Success

     After the first few calls this morning where we validated the issue was HTTP filtering, we rolled the change with SFM in bulk.

  • In reply to Lachlan Tailby1:

    Same here. 

     

    Have switched to Avira to solve the problem on all 5 of my sites.

     

    I think this is the last straw with this Sophos crap. I've had non stop issues since buying them a few weeks ago.

  • Same here...

    Solved the issue switching to Avira 

     

    Did Sophos tells you when this will be fixed?

  • Same issue here. All AV scanning depended features were not working e.g. scaning http/https, email scanning, sandstorm, etc.

     

    1. Restarted AV service. service antivirus:restart -ds nosync (Issue not resolved)
    2. Reboot the appliance. (Issue not resolved)
    3. Change the Malware Protection engine from Sophos to Avira. (Issue resolved.)

    Sophos AV engine is broken and I've opened a support case. Lets see when the Sophos AV engine restores to normal operation.

     

    A lot of business critical traffic were blocked. Bad weekend :(

  • Same Problem on 2 Sites with XG 85 and without 2. AV Engine (Avira).

    Temporary Workaround:
    Set to Allow at: Protect -> Web -> Malware and content scanning -> Action on malware scan failure + restart Proxy

    (Tested Proxy with https://www.etes.de/downloads/eicar-testvirus/ and seems to work fine)

     

  • In reply to jamesharper:

    It is incredibly unbelievable and scandalous that the problem is known and fixed, and yet the update still hasn't rolled out, 15 hours later. From the looks of it, every single Sophos firewall using the Sophos engine is affected. Every single XG customer. Yet, a fix still has not been rolled out. 

    In all seriousness: What the actual $§&**(bleep), Sophos? You guys are incredibly unprofessional. Get your act together. 

  • In reply to cryptochrome:

    For any customers experiencing this issue please https://community.sophos.com/kb/en-us/134507 for updates.