[SFOS 18.5MR3] Poor spam detection after update to Sophos Anti-Spam Interface

Hi everyone,
I am setting up a separate thread as I did not receive any specific reply in other threads.

The case concerns Sophos Anti-Spam Interface after upgrading from v18.5MR2 to v18.5MR3 and from v19EAP1 to v19EAP2.

Before updating, antispam works great in legacy mode, detects a lot of intrusive messages and tags with a prefix (near 99%). After updating, only some messages are detected as spam and tagged (I did not do any changes in configuration).

What it comes from? How can I edit my lists to achieve pre-update spam detection?

Greetings



Edited TAGs
[edited by: emmosophos at 6:02 PM (GMT -7) on 28 Mar 2022]
Parents
  • I am curious.

    Are only Home Users seeing this issue? Because it looks like, only Home Appliance are affected by this potential issue. Or does somebody with a Appliance (SG/XG/XGS) have the same issue? 

    __________________________________________________________________________________________________________________

  • Hi ,

    I've got a few customers upgraded to MR3, one off them has this problem and so am I with my LAB/Home version. Customer is xg210 with paid license. The thing that's the same is we both do IPv6 on the in and outside.

    Opened case Nr: 05143473

    Bart.

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • Hello Karlos, 

    the thread is a bit cluttered. So its confirmed that spam engine has problems on a XG210 with 18.5.3? 

    I had the problems in the sasi log: 

    vector::_M_range_check
    Rebootet and its a bit better but the error still persists.
    Major problem on smtpd.log is:

    spam scanning failed, unable to connect local antispam

     

    But sometimes it does work. Found mails this night with:

    spam scanning result: 'NonSpam'

    and

    spam scanning result: 'Confirmed'

    We use IPv4 for all clients etc, but for compatibility our Sophos has an IPv6 too. For instance, Gmail Mails are delivered via IPv6 to the MTA. 

    More information in my ticket: 05194806 

    Is it possible to get the fix as hotfix? MR-4 will take some time I guess, and we getting all sort of porn spam etc. now.. this is a little sad for an expensive mail solution

    PS: your telephone indian support is bad, he tried to mess up with my exceptions and allow malware and drop all spam (even probable spam) 

    I actually think he doesn't know what exception means because he said something like, okay RBL is on.. 
    no its skipping RBL (but in our case only for / from internal systems, like ticket systems, phone systems etc) 


    Thanks that this community is here, otherwise we would drop Sophos.

  • When can we expect SFOS 18.5 MR4 or a hotfix? I don't get any anwser on my ticket since a week. Your paid support is a joke.

  • Antispam engine also to not work on brand new XGS136 which we buy...

    In log there are a lot of lines like that:

    MSG   May 17 05:03:44Z [1nqpN1-000549-BY]: spam scanning failed, unable to connect local antispam

    Will update fix this issue? Why patch is not released automaticly? Because this is paid subscription and do not work will we receive refund for time of not working?

  • Please try stopping and restarting the anti-spam in services.

    ian

    XG115W - v19.0.1 mr-1 - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • Restarting was not possible via GUI System Services - Services. I had to go to the advanced shell and:

    service antispam:restart -ds nosync

  • Restart is possible via the GUI.

    Ian

    XG115W - v19.0.1 mr-1 - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • Maybe on your v19, but on my v18.5MR3 it was not possible via GUI, I got an error message.

  • That was the first thing I tried via advanced shell, via gui its not working. There is no simple solution for this problem like a reboot / restart of a service. Have you tried turning it off and on again is my IT philosophy :P. I'm in contact with sophos support (finally) and provided debug logs. They keep me updated every 48 hours, but yet no solution. Switching back to MR2 was the first thing they suggested which I don't want. 

  • Appliances has been restarted few times same as anti-spam &smtpd service.

    XG just forward spam and phishing emails to local email server... Most of that spam emails are blocked by mailscanner on email server so simple free scanner detect them...

    All spam emails have header:

    X-Sophos-IBS: fail

    X-SASI-RCODE: none

    X-Sophos-Firewall: smtpd v1.0

    and in log apear:

    MSG   May 18 14:16:53Z [1nrKTs-0004lD-81]: spam scanning failed, unable to connect local antispam

    I have opened case with Sophos support and get response that it is known issue and they escelate issue to higher level to provide patch for issue...
    Will see if they will patch units before next MR1 release...

  • Just to give you guys an update (not sure why Karlos not doing it) I've got a binary fix (smtp service) from the Sophos Devs, looks good so far, the spam detection seems to work fine again and the error message in the log is also gone. I'm still looking if anything else is not working anymore. I think that after a positive feedback to Sophos, this can be distributed to all of you. 
    3rd Level Support is awesome :) 

Reply
  • Just to give you guys an update (not sure why Karlos not doing it) I've got a binary fix (smtp service) from the Sophos Devs, looks good so far, the spam detection seems to work fine again and the error message in the log is also gone. I'm still looking if anything else is not working anymore. I think that after a positive feedback to Sophos, this can be distributed to all of you. 
    3rd Level Support is awesome :) 

Children