3CX DLL-Sideloading attack: What you need to know
Release Notes: https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_185_rn.html
"Old" V18.5 MR2 Thread: https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr3-is-now-available
Lots of spam coming through since update, did not change anything. Any clue?
Pills, drugs and sex al getting past the spam checks.
Quarantine is empty, for a few days now, used to have 20~25 mails a day going to quarantine.
Bart van der Horst
Sophos XG v18(.5) / v19 Certified Architecthttps://www.bpaz.nl
Eicar test email did get blocked and quarantined, but that was bij AV engine.
Alert for SFVH (SFOS 18.5.3 MR-3-Build408)
Device Information: Hostname: hostname Management Interface IP: x.x.x.x Date/Time: 2022-03-27 18:46:13 Alert ID: 10001
Message: Email content was unscannable
UTM did this movement towards SASI and we found an issue in UTM.
Could be potentially the same issue, could you please verify, if you see the same issue on your SFOS Appliance?
My XG115w rev 3 is letting spam through and it is running v19 eap2 which has the anti-spam update from the 24th March.
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
Only this in log:
2022-03-29.17:30:35 MESSAGE [Main] [ precompile.cpp:687] [Precompile thread]: Signatures are out of sync. Fetching new signatures.2022-03-29.17:30:36 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.tmp is verified with checksum..2022-03-29.17:30:37 MESSAGE [Main] [ engine.cpp:790] Database loaded of version: 2022.3.29.1509192022-03-29.17:30:37 MESSAGE [Main] [ precompile.cpp:701] [Precompile thread]: New signatures are fetched and successfully loaded.2022-03-29.17:54:38 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.delta is verified with checksum..2022-03-29.17:54:39 MESSAGE [Main] [ engine.cpp:790] Database loaded of version: 2022.3.29.1527182022-03-29.17:54:39 MESSAGE [Main] [ precompile.cpp:758] [Precompile thread]: Signatures are reloaded with latest delta and verified with checksum of new signatures.2022-03-29.18:10:49 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED 2022-03-29.18:10:49 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.42022-03-29.18:10:50 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315
CPU Has at least SSSE3:
SFVH_SO01_SFOS 18.5.3 MR-3-Build408# grep flags -m1 /proc/cpuinfoflags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm cpuid_fault epb invpcid_single pti tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt ibpb ibrs stibp dtherm ida arat pln pts
LuCar Toni Hi Toni, Spam is getting out of hand, a few mail are getting labeled as [SPAM] but a lot of 100% spam is getting through, I'm getting complains about this. Scrolling through the e-mail logs i see lots of spam mails that just getting approved.
What's going on, this needs to be fixed. I already stopped the roll-out to our customers.
Do you have a Support Case for this?
No this is on a home XG (it's my home firewall, and also a LAB setting), we always install first on test devices before rolling out to customers.
The SASI brokenness will supposedly be fixed in 18.5.4 MR4 and 19.0.1 MR1. NC-90702 is the tracking reference for this problem.
Hi LuCar Toni,
Support fixed the spam module problem for me, they uploaded a new binary that has the fix.
It was related to IPv6 running on my device, and some other problem that broke spam detection.
Support case: 05143473 / XG 18.5.3 MR3 Spam detection / ref:_00D301GN6a._5003Z1OUzhS:ref
Can confirm fix will be public in MR4