This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware 'Unscannable' was detected and blocked / *ALERT* Sophos XG Firewall - HTTP virus detected

Hi everyone, 

We are getting thousands of alerts from our Sophos XG at the moment, and with the below error alert ID and message:

Any possible causes of this?


Alert ID: 8001

Message:
Malware 'Unscannable' was detected and blocked in a download from tbt.unifi-controller.prc.com



This thread was automatically locked due to age.
Parents Reply Children
  • Thanks for sharing! Any resolutions or fixes you guys had so far? 

  • I found some way. I send to here for discussion to fixit
    Reason: malware enabled on my FW rule to handle endpoints, using the sophos engine.  Sometimes the sophos AV pattern update fails.  When this happens, it breaks access to the web. if turn it off it fixes

    Some way I find on Internet, I send here to disscuss

    Note: I do nothing any of the methods below

    Inspect:

    tail -f -n200 /var/tslog/up2date_av.log

    # Solution 1
    Try to stop and restart AV service?

    # Solution 2
    1. "mv /content/u2d/pattern /content/u2d/pattern.org. This will rename the pattern file to pattern.org.
    2. Now update the pattern files with the GUI using System > Administration > Updates.

    # Solution 3
    1. change the malware engine from sophos to Avira - in the GUI under System Service --> Malware Protection
    That should temporarily fix the problem.
    2. Just run the command
    mv /content/u2d/pattern /content/u2d/pattern.old
    3. click update the patterns in the GUI again, that pattern file should be recreated.
    4. don't forget to change back to using the sophos malware engine.

    # Soution 4
    re-image the device and restore from backup

  • Thanks - so you only stop and start the AV Service?

  • Pls check log file: tail -f -n200 /var/tslog/up2date_av.log, if Av update fail, the first way doest fixit