Malware 'Unscannable' was detected and blocked / *ALERT* Sophos XG Firewall - HTTP virus detected

Hi everyone, 

We are getting thousands of alerts from our Sophos XG at the moment, and with the below error alert ID and message:

Any possible causes of this?


Alert ID: 8001

Message:
Malware 'Unscannable' was detected and blocked in a download from tbt.unifi-controller.prc.com



Added TAGs
[edited by: emmosophos at 4:58 PM (GMT -7) on 8 Oct 2022]
Parents Reply Children
  • I found some way. I send to here for discussion to fixit
    Reason: malware enabled on my FW rule to handle endpoints, using the sophos engine.  Sometimes the sophos AV pattern update fails.  When this happens, it breaks access to the web. if turn it off it fixes

    Some way I find on Internet, I send here to disscuss

    Note: I do nothing any of the methods below

    Inspect:

    tail -f -n200 /var/tslog/up2date_av.log

    # Solution 1
    Try to stop and restart AV service?

    # Solution 2
    1. "mv /content/u2d/pattern /content/u2d/pattern.org. This will rename the pattern file to pattern.org.
    2. Now update the pattern files with the GUI using System > Administration > Updates.

    # Solution 3
    1. change the malware engine from sophos to Avira - in the GUI under System Service --> Malware Protection
    That should temporarily fix the problem.
    2. Just run the command
    mv /content/u2d/pattern /content/u2d/pattern.old
    3. click update the patterns in the GUI again, that pattern file should be recreated.
    4. don't forget to change back to using the sophos malware engine.

    # Soution 4
    re-image the device and restore from backup

  • Pls check log file: tail -f -n200 /var/tslog/up2date_av.log, if Av update fail, the first way doest fixit