Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 117 replies
  • Answers 2 answers
  • Subscribers 54 subscribers
  • Views 21846 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SFOS 18.5MR3] Poor spam detection after update to Sophos Anti-Spam Interface

darnoK

Hi everyone,
I am setting up a separate thread as I did not receive any specific reply in other threads.

The case concerns Sophos Anti-Spam Interface after upgrading from v18.5MR2 to v18.5MR3 and from v19EAP1 to v19EAP2.

Before updating, antispam works great in legacy mode, detects a lot of intrusive messages and tags with a prefix (near 99%). After updating, only some messages are detected as spam and tagged (I did not do any changes in configuration).

What it comes from? How can I edit my lists to achieve pre-update spam detection?

Greetings



This thread was automatically locked due to age.
  • 0 in reply to emmosophos

    2022-04-04.18:20:31 ERROR [Main] [ precompile.cpp:647] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-04.18:21:22 ERROR [Main] [ laseserver.cpp:159] Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to Bart van der Horst

    SFVH_SO01_SFOS 18.5.3 MR-3-Build408# tail /log/sasi.log -F
    Failed to run server: Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..
    2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
    2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
    2022-04-04.18:26:38 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315
    2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
    2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
    2022-04-04.18:27:42 MESSAGE [Main] [ engine.cpp:306] Signatures don't exist, fetching new signatures..
    2022-04-04.18:27:44 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.antispam is verified with checksum..
    2022-04-04.18:27:44 MESSAGE [Main] [ engine.cpp:362] New signatures are downloaded and validated.
    2022-04-04.18:27:44 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315

    I deleted all files in the /sdisk/sasi dir and restarted the antispam service

    No he says the correct asdb.antispam is loaded

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to Bart van der Horst

    Hello Bart,

    Thank you for the info.

    Would it be possible for you to share some SPAM emails so I can submit them to our Labs team, and do let me know if after you did the restart of the service the SPAM issue got resolved or it only solved the asdb.antispam.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi  Emmanuel, the   deletion of the DB files did solve that error but spam is still not detected.  

    How can is send you the .eml files?

    Thanks.

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to emmosophos

    Hi  Emmanuel,

    I sent you the .eml files.

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to emmosophos

    DB errors are back too:

    2022-04-04.21:23:57 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta
    2022-04-04.23:24:07 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-05.05:32:44 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum
    2022-04-05.05:40:45 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum
    2022-04-05.05:48:38 ERROR [Main] [ precompile.cpp:724] Precompile exception: Failed to apply delta to signatures.
    2022-04-05.06:09:01 ERROR [ 3] [ DNS/Request.cpp:246] vector::_M_range_check
    2022-04-05.08:12:47 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-05.17:01:28 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta
    2022-04-05.18:21:36 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
    2022-04-05.19:25:38 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to Bart van der Horst

    Hello Bart,

    Thank you for the email Samples.

    I have submitted them to the pertinent team.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel,

    I think I have the DB errors resolved.

    On this line 2022-04-05.05:32:44 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum

    It says cant fetch, so I checked sasi.sophosupd.com with nslookup, found out that it has only an ipv4 address. I have both ipv4 and ipv6 and I have ipv6 on priority in the dns page, changed that to ipv4 and, no errors anymore. Maybe you could check this on your end why the sasi update server has no ipv6 address, or at leased no dns pointing to it.

    So maybe ipv6 is the whole problem with sasi, i did not have any spam detection problems with previous firmware so it could be.

    Now I've got to wait for spam...

     

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to Bart van der Horst

    I folded, reverted to mr2, spam is detected normally now. 

    Bart van der Horst

    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • 0 in reply to Bart van der Horst

    Interesting to see. Did you test the new sophos spam engine with v19 EAP2 too?
    My SG-home is running with it but i have no mail server to test it.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 19.5 MR 2

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML