This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion
Parents Reply Children
  • Eicar test email did get blocked and quarantined, but that was bij AV engine.

    Alert for SFVH (SFOS 18.5.3 MR-3-Build408) 

     

    Device Information:
    Hostname: hostname
    Management Interface IP: x.x.x.x
    Date/Time: 2022-03-27 18:46:13
    Alert ID: 10001

     

    Message:
    Email content was unscannable

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • UTM did this movement towards SASI and we found an issue in UTM. 

    https://support.sophos.com/support/s/article/KB-000042345?language=en_US

    Could be potentially the same issue, could you please verify, if you see the same issue on your SFOS Appliance? 

    __________________________________________________________________________________________________________________

  • My XG115w rev 3 is letting spam through and it is running v19 eap2 which has the anti-spam update from the 24th March.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Only this in log:

    2022-03-29.17:30:35 MESSAGE [Main] [ precompile.cpp:687] [Precompile thread]: Signatures are out of sync. Fetching new signatures.
    2022-03-29.17:30:36 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.tmp is verified with checksum..
    2022-03-29.17:30:37 MESSAGE [Main] [ engine.cpp:790] Database loaded of version: 2022.3.29.150919
    2022-03-29.17:30:37 MESSAGE [Main] [ precompile.cpp:701] [Precompile thread]: New signatures are fetched and successfully loaded.
    2022-03-29.17:54:38 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.delta is verified with checksum..
    2022-03-29.17:54:39 MESSAGE [Main] [ engine.cpp:790] Database loaded of version: 2022.3.29.152718
    2022-03-29.17:54:39 MESSAGE [Main] [ precompile.cpp:758] [Precompile thread]: Signatures are reloaded with latest delta and verified with checksum of new signatures.
    2022-03-29.18:10:49 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
    2022-03-29.18:10:49 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
    2022-03-29.18:10:50 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315

    CPU Has at least SSSE3:

    SFVH_SO01_SFOS 18.5.3 MR-3-Build408# grep flags -m1 /proc/cpuinfo
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt ibpb ibrs stibp dtherm ida arat pln pts

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • Hi Toni, Spam is getting out of hand, a few mail are getting labeled as [SPAM] but a lot of 100% spam is getting through, I'm getting complains about this. Scrolling through the e-mail logs i see lots of spam mails that just getting approved.

    What's going on, this needs to be fixed. I already stopped the roll-out to our customers.

    Bart

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • Do you have a Support Case for this? 

    __________________________________________________________________________________________________________________

  • @

    No this is on a home XG (it's my home firewall, and also a LAB setting), we always install first on test devices before rolling out to customers.

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • The SASI brokenness will supposedly be fixed in 18.5.4 MR4 and 19.0.1 MR1. NC-90702 is the tracking reference for this problem.

  • Hi ,

    Support fixed the spam module problem for me, they uploaded a new binary that has the fix.

    It was related to IPv6 running on my device, and some other problem that broke spam detection.

    Support case: 05143473 / XG 18.5.3 MR3 Spam detection / ref:_00D301GN6a._5003Z1OUzhS:ref

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • Can confirm fix will be public in MR4

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl