Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SFOS 18.5MR3] Poor spam detection after update to Sophos Anti-Spam Interface

Hi everyone,
I am setting up a separate thread as I did not receive any specific reply in other threads.

The case concerns Sophos Anti-Spam Interface after upgrading from v18.5MR2 to v18.5MR3 and from v19EAP1 to v19EAP2.

Before updating, antispam works great in legacy mode, detects a lot of intrusive messages and tags with a prefix (near 99%). After updating, only some messages are detected as spam and tagged (I did not do any changes in configuration).

What it comes from? How can I edit my lists to achieve pre-update spam detection?

Greetings



This thread was automatically locked due to age.
Parents
  • Hello,

    Would it be possible to get the output of the /log/u2d.log and /log/sasi.log as well as a few samples .eml files via DM (especially interested in the X-SASI-* headers) so I can provide this info to the pertinent team to investigate.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 2022-04-04.18:20:31 ERROR [Main] [ precompile.cpp:647] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-04.18:21:22 ERROR [Main] [ laseserver.cpp:159] Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • SFVH_SO01_SFOS 18.5.3 MR-3-Build408# tail /log/sasi.log -F
    Failed to run server: Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..
    2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
    2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
    2022-04-04.18:26:38 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315
    2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
    2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
    2022-04-04.18:27:42 MESSAGE [Main] [ engine.cpp:306] Signatures don't exist, fetching new signatures..
    2022-04-04.18:27:44 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.antispam is verified with checksum..
    2022-04-04.18:27:44 MESSAGE [Main] [ engine.cpp:362] New signatures are downloaded and validated.
    2022-04-04.18:27:44 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315

    I deleted all files in the /sdisk/sasi dir and restarted the antispam service

    No he says the correct asdb.antispam is loaded

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • Hello Bart,

    Thank you for the info.

    Would it be possible for you to share some SPAM emails so I can submit them to our Labs team, and do let me know if after you did the restart of the service the SPAM issue got resolved or it only solved the asdb.antispam.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi  Emmanuel, the   deletion of the DB files did solve that error but spam is still not detected.  

    How can is send you the .eml files?

    Thanks.

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • Hi  Emmanuel,

    I sent you the .eml files.

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • DB errors are back too:

    2022-04-04.21:23:57 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta
    2022-04-04.23:24:07 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-05.05:32:44 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum
    2022-04-05.05:40:45 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum
    2022-04-05.05:48:38 ERROR [Main] [ precompile.cpp:724] Precompile exception: Failed to apply delta to signatures.
    2022-04-05.06:09:01 ERROR [ 3] [ DNS/Request.cpp:246] vector::_M_range_check
    2022-04-05.08:12:47 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-05.17:01:28 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta
    2022-04-05.18:21:36 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-05.19:25:38 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • Hello Bart,

    Thank you for the email Samples.

    I have submitted them to the pertinent team.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    I think I have the DB errors resolved.

    On this line 2022-04-05.05:32:44 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum

    It says cant fetch, so I checked sasi.sophosupd.com with nslookup, found out that it has only an ipv4 address. I have both ipv4 and ipv6 and I have ipv6 on priority in the dns page, changed that to ipv4 and, no errors anymore. Maybe you could check this on your end why the sasi update server has no ipv6 address, or at leased no dns pointing to it.

    So maybe ipv6 is the whole problem with sasi, i did not have any spam detection problems with previous firmware so it could be.

    Now I've got to wait for spam...

     

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • I folded, reverted to mr2, spam is detected normally now. 

    Bart van der Horst


    Sophos XG v18-v21 Certified Architect

  • Interesting to see. Did you test the new sophos spam engine with v19 EAP2 too?
    My SG-home is running with it but i have no mail server to test it.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • It is supposed to work on imap/s and as far as I can see does not.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data