"Malware 'Unscannable' was detected and blocked in a download" Every Minutes

Hi,  i've got this message every minute since yesterday.

Have you got a any idea ?



Edited Tags
[edited by: Erick Jan at 2:10 AM (GMT -7) on 1 Nov 2022]
  • I'm on virtual appliance SFOS 19.0.1 MR-1-Build365 XG

  • __________________________________________________________________________________________________________________

  • Thank you for your feedback but this solution does not work for me.

  • Check the pattern version of your appliance. 

    __________________________________________________________________________________________________________________

  • AP Firmware
    11.0.020
    -
    16:32:26, Sep 06 2022
    Success
    ATP
    1.0.0436
    -
    09:35:48, Oct 10 2022
    Success
    Avira AV
    1.0.420123
    -
    09:50:48, Oct 10 2022
    Success
    Authentication Clients
    1.0.0020
    -
    11:53:30, Mar 31 2022
    Success
    Geoip ip2country DB
    2.0.014
    -
    08:53:29, Oct 07 2022
    Success
    IPS and Application signatures
    18.19.72
    -
    16:56:54, Oct 07 2022
    Success
    Sophos Connect Clients
    2.2.000
    -
    17:05:30, Jun 27 2022
    Success
    RED Firmware
    3.0.008
    -
    08:54:18, Jul 15 2022
    Success
    Sophos AntiSpam Interface
    1.0.236
    -
    14:54:28, Oct 07 2022
    Success
    Sophos AV
    1.0.18170
    -
    09:51:44, Oct 10 2022
    Success
    SSLVPN Clients
    1.0.009
    -
    16:54:49, Dec 14 2021
    Success
  • Can you check the u2d.log and savi log? 

    docs.sophos.com/.../index.html

    __________________________________________________________________________________________________________________

  • SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 u2d.log | more
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_redfw_cv = 2.00
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_odt_version = 1.0.006
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_odt_cv = 1.00
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_sasi_version = 1.0.236
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_sasi_cv = 1.00
    DEBUG     2022-10-10 16:30:54Z [23636]: --oem = Sophos
    DEBUG     2022-10-10 16:30:54Z [23636]: --central_mgmt = 1.0
    DEBUG     2022-10-10 16:30:54Z [23636]: --server = u2d.sophos.com
    DEBUG     2022-10-10 16:30:54Z [23636]: --port = 443
    DEBUG     2022-10-10 16:30:54Z [23636]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     2022-10-10 16:30:54Z [23636]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:30:54Z [23636]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_ips_version=18.19.73&pkg_ips_type=ips_app&pkg_ips_cv=19.0&pkg_atp_version=1.0.0436&pkg_atp_cv=1.00&pkg_savi_version=1.0.18171&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.420126&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.014&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0020&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.020&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.008&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.2.000&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.006&pkg_odt_cv=1.00&pkg_sasi_version=1.0.236&pkg_sasi_cv=1.00&u2d_proto=2.00
    DEBUG     2022-10-10 16:30:55Z [23636]: Response code : 200
    DEBUG     2022-10-10 16:30:55Z [23636]: Response body :
    <Up2Date/>
    
    DEBUG     2022-10-10 16:30:55Z [23636]: Response length : 11
    DEBUG     2022-10-10 16:31:25Z [23872]: --serial = C01001B3783Q7BC
    DEBUG     2022-10-10 16:31:25Z [23872]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
    DEBUG     2022-10-10 16:31:25Z [23872]: --fwversion = 19.0.1.365
    DEBUG     2022-10-10 16:31:25Z [23872]: --productcode = CN
    DEBUG     2022-10-10 16:31:25Z [23872]: --model = SF01V
    DEBUG     2022-10-10 16:31:25Z [23872]: --vendor = VM01
    DEBUG     2022-10-10 16:31:25Z [23872]: --pkg_sysupdate_version = 4
    DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     2022-10-10 16:31:25Z [23872]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:31:25Z [23872]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=&pkg_sysupdate_version=4&u2d_proto=2.00
    DEBUG     2022-10-10 16:31:47Z [23872]: Response code : 200
    DEBUG     2022-10-10 16:31:47Z [23872]: Response body :
    <Up2Date/>
    
    DEBUG     2022-10-10 16:31:47Z [23872]: Response length : 11
    DEBUG     2022-10-10 16:41:32Z [26802]: --serial = C01001B3783Q7BC
    DEBUG     2022-10-10 16:41:32Z [26802]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
    DEBUG     2022-10-10 16:41:32Z [26802]: --fwversion = 19.0.1.365
    DEBUG     2022-10-10 16:41:32Z [26802]: --productcode = CN
    DEBUG     2022-10-10 16:41:32Z [26802]: --model = SF01V
    DEBUG     2022-10-10 16:41:32Z [26802]: --vendor = VM01
    DEBUG     2022-10-10 16:41:32Z [26802]: --pkg_sysupdate_version = 4
    DEBUG     2022-10-10 16:41:32Z [26802]: --oem = Sophos
    DEBUG     2022-10-10 16:41:32Z [26802]: --central_mgmt = 1.0
    DEBUG     2022-10-10 16:41:32Z [26802]: --server = u2d.sophos.com
    DEBUG     2022-10-10 16:41:32Z [26802]: --port = 443
    DEBUG     2022-10-10 16:41:32Z [26802]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     2022-10-10 16:41:32Z [26802]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:41:32Z [26802]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_sysupdate_version=4&central_mgmt=1.0&u2d_proto=2.00
    DEBUG     2022-10-10 16:41:33Z [26802]: Response code : 200
    DEBUG     2022-10-10 16:41:33Z [26802]: Response body :
    <Up2Date/>
    
    DEBUG     2022-10-10 16:41:33Z [26802]: Response length : 11
    DEBUG     2022-10-10 16:45:57Z [27992]: --serial = C01001B3783Q7BC
    DEBUG     2022-10-10 16:45:57Z [27992]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
    DEBUG     2022-10-10 16:45:57Z [27992]: --fwversion = 19.0.1.365
    DEBUG     2022-10-10 16:45:57Z [27992]: --productcode = CN
    DEBUG     2022-10-10 16:45:57Z [27992]: --model = SF01V
    DEBUG     2022-10-10 16:45:57Z [27992]: --vendor = VM01
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_version = 18.19.73
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_cv = 19.0
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_type = ips_app
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_atp_version = 1.0.0436
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_atp_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_savi_version = 1.0.18171
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_savi_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_avira_version = 1.0.420126
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_avira_cv = 4.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_apfw_version = 11.0.020
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_apfw_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sslvpn_version = 1.0.009
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sslvpn_cv = 1.02
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ipsec_version = 2.2.000
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ipsec_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_geoip_version = 2.0.014
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_geoip_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_clientauth_version = 1.0.0020
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_clientauth_cv = 2.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_redfw_version = 3.0.008
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_redfw_cv = 2.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_odt_version = 1.0.006
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_odt_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sasi_version = 1.0.236
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sasi_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --oem = Sophos
    DEBUG     2022-10-10 16:45:57Z [27992]: --central_mgmt = 1.0
    DEBUG     2022-10-10 16:45:57Z [27992]: --server = u2d.sophos.com
    DEBUG     2022-10-10 16:45:57Z [27992]: --port = 443
    DEBUG     2022-10-10 16:45:57Z [27992]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     2022-10-10 16:45:57Z [27992]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:45:57Z [27992]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_ips_version=18.19.73&pkg_ips_type=ips_app&pkg_ips_cv=19.0&pkg_atp_version=1.0.0436&pkg_atp_cv=1.00&pkg_savi_version=1.0.18171&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.420126&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.014&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0020&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.020&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.008&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.2.000&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.006&pkg_odt_cv=1.00&pkg_sasi_version=1.0.236&pkg_sasi_cv=1.00&u2d_proto=2.00
    DEBUG     2022-10-10 16:45:58Z [27992]: Response code : 200
    DEBUG     2022-10-10 16:45:58Z [27992]: Response body :
    <Up2Date/>
    
    

    I've got no log in live log > Malware

    Thanks a lot for your help LuCar Toni Slight smile

  • Looks fine. What about the other logs? av.log etc. 

    Can you create a support case? 

    __________________________________________________________________________________________________________________

  • The av.log log is empty as you can see below.
    I put you the avg.log logs in addition.
    
    Is it possible to create a support case with the use of the evaluating version of sophos xg ?

    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# vi av.log
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022
    
    2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022
    
    2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022
    
    2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning