Behind the XG with MTA we are still running Puremessage. Puremessage is EOL and the virus and spam definitions are no longer updated. Still the XG with the latest definitions does not recognize an attachment that was identified by Puremessage as:
Virus infection detectedLocation: Consignment Document.gzReplaced with text: YesVirus name(s): Mal/Generic-S, CXmail/MalPE-BV
Thank you for contacting the Sophos Community.
Please, submit the sample using this link.
It was replaced with text by Puremessage. Puremessage spam and virus definitions ended 2020.
The XG is uptodate and checks at a 2 hourly interval. General setting malware scanning is set to Sophos. Mail policy is set to use dual scanning. It is ofcourse set to scan in and outgoing email. The e-mail rules also have Smtp and Smtps enabled. Stilll it was cleared by the XG and delivered to Puremessage that detetected as viral based on an outofdate definition database.
I have created case 03694098 for this.
I was able to find the .eml file. The .gz file within this .eml file containing the virus is not detected by Endpoint X either. It is only found by Puremessage scanning the mailbox.
Thank you for the Case ID.
The email you used to submit the sample in the Web Site is the same you use in the Portal?
How do you mean? This eml file submitted in the case is the same email received tru the XG.
The XG is set to drop on malware detection.
Sorry I meant to say, the email address you used to submit the sample, not the email itself.
i used the Sophos website to upload the sample as a file to this case.