This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Malware 'Unscannable' was detected and blocked in a download" Every Minutes

Xitey 11 months ago

Hi, i've got this message every minute since yesterday.

Have you got a any idea ?

This thread was automatically locked due to age.

Top Replies

LuCar Toni 11 months ago +1

There was an issue, should be fixed. See: https://community.sophos.com/sophos-xg-firewall/f/discussions/136817/malware-unscannable-was-detected-and-blocked-alert-sophos-xg-firewall---http-virus-detect…

0 Xitey 11 months ago

I'm on virtual appliance SFOS 19.0.1 MR-1-Build365 XG
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni 11 months ago

There was an issue, should be fixed. See: https://community.sophos.com/sophos-xg-firewall/f/discussions/136817/malware-unscannable-was-detected-and-blocked-alert-sophos-xg-firewall---http-virus-detected

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 Xitey 11 months ago in reply to LuCar Toni

Thank you for your feedback but this solution does not work for me.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni 11 months ago in reply to Xitey

Check the pattern version of your appliance.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

0 Xitey 11 months ago in reply to LuCar Toni

AP Firmware	11.0.020	-	16:32:26, Sep 06 2022	Success
ATP	1.0.0436	-	09:35:48, Oct 10 2022	Success
Avira AV	1.0.420123	-	09:50:48, Oct 10 2022	Success
Authentication Clients	1.0.0020	-	11:53:30, Mar 31 2022	Success
Geoip ip2country DB	2.0.014	-	08:53:29, Oct 07 2022	Success
IPS and Application signatures	18.19.72	-	16:56:54, Oct 07 2022	Success
Sophos Connect Clients	2.2.000	-	17:05:30, Jun 27 2022	Success
RED Firmware	3.0.008	-	08:54:18, Jul 15 2022	Success
Sophos AntiSpam Interface	1.0.236	-	14:54:28, Oct 07 2022	Success
Sophos AV	1.0.18170	-	09:51:44, Oct 10 2022	Success
SSLVPN Clients	1.0.009	-	16:54:49, Dec 14 2021	Success

0 Xitey 11 months ago in reply to Xitey

All patern are up to date.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni 11 months ago in reply to Xitey

Can you check the u2d.log and savi log?

docs.sophos.com/.../index.html

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

0 Xitey 11 months ago in reply to LuCar Toni

SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 u2d.log | more
DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_redfw_cv = 2.00
DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_odt_version = 1.0.006
DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_odt_cv = 1.00
DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_sasi_version = 1.0.236
DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_sasi_cv = 1.00
DEBUG     2022-10-10 16:30:54Z [23636]: --oem = Sophos
DEBUG     2022-10-10 16:30:54Z [23636]: --central_mgmt = 1.0
DEBUG     2022-10-10 16:30:54Z [23636]: --server = u2d.sophos.com
DEBUG     2022-10-10 16:30:54Z [23636]: --port = 443
DEBUG     2022-10-10 16:30:54Z [23636]: Added new server : Host - u2d.sophos.com, Port - 443
DEBUG     2022-10-10 16:30:54Z [23636]: --u2d_proto = 2.00
DEBUG     2022-10-10 16:30:54Z [23636]: Final query string is :
?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_ips_version=18.19.73&pkg_ips_type=ips_app&pkg_ips_cv=19.0&pkg_atp_version=1.0.0436&pkg_atp_cv=1.00&pkg_savi_version=1.0.18171&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.420126&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.014&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0020&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.020&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.008&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.2.000&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.006&pkg_odt_cv=1.00&pkg_sasi_version=1.0.236&pkg_sasi_cv=1.00&u2d_proto=2.00
DEBUG     2022-10-10 16:30:55Z [23636]: Response code : 200
DEBUG     2022-10-10 16:30:55Z [23636]: Response body :
<Up2Date/>

DEBUG     2022-10-10 16:30:55Z [23636]: Response length : 11
DEBUG     2022-10-10 16:31:25Z [23872]: --serial = C01001B3783Q7BC
DEBUG     2022-10-10 16:31:25Z [23872]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
DEBUG     2022-10-10 16:31:25Z [23872]: --fwversion = 19.0.1.365
DEBUG     2022-10-10 16:31:25Z [23872]: --productcode = CN
DEBUG     2022-10-10 16:31:25Z [23872]: --model = SF01V
DEBUG     2022-10-10 16:31:25Z [23872]: --vendor = VM01
DEBUG     2022-10-10 16:31:25Z [23872]: --pkg_sysupdate_version = 4
DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
DEBUG     2022-10-10 16:31:25Z [23872]: --u2d_proto = 2.00
DEBUG     2022-10-10 16:31:25Z [23872]: Final query string is :
?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=&pkg_sysupdate_version=4&u2d_proto=2.00
DEBUG     2022-10-10 16:31:47Z [23872]: Response code : 200
DEBUG     2022-10-10 16:31:47Z [23872]: Response body :
<Up2Date/>

DEBUG     2022-10-10 16:31:47Z [23872]: Response length : 11
DEBUG     2022-10-10 16:41:32Z [26802]: --serial = C01001B3783Q7BC
DEBUG     2022-10-10 16:41:32Z [26802]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
DEBUG     2022-10-10 16:41:32Z [26802]: --fwversion = 19.0.1.365
DEBUG     2022-10-10 16:41:32Z [26802]: --productcode = CN
DEBUG     2022-10-10 16:41:32Z [26802]: --model = SF01V
DEBUG     2022-10-10 16:41:32Z [26802]: --vendor = VM01
DEBUG     2022-10-10 16:41:32Z [26802]: --pkg_sysupdate_version = 4
DEBUG     2022-10-10 16:41:32Z [26802]: --oem = Sophos
DEBUG     2022-10-10 16:41:32Z [26802]: --central_mgmt = 1.0
DEBUG     2022-10-10 16:41:32Z [26802]: --server = u2d.sophos.com
DEBUG     2022-10-10 16:41:32Z [26802]: --port = 443
DEBUG     2022-10-10 16:41:32Z [26802]: Added new server : Host - u2d.sophos.com, Port - 443
DEBUG     2022-10-10 16:41:32Z [26802]: --u2d_proto = 2.00
DEBUG     2022-10-10 16:41:32Z [26802]: Final query string is :
?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_sysupdate_version=4&central_mgmt=1.0&u2d_proto=2.00
DEBUG     2022-10-10 16:41:33Z [26802]: Response code : 200
DEBUG     2022-10-10 16:41:33Z [26802]: Response body :
<Up2Date/>

DEBUG     2022-10-10 16:41:33Z [26802]: Response length : 11
DEBUG     2022-10-10 16:45:57Z [27992]: --serial = C01001B3783Q7BC
DEBUG     2022-10-10 16:45:57Z [27992]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
DEBUG     2022-10-10 16:45:57Z [27992]: --fwversion = 19.0.1.365
DEBUG     2022-10-10 16:45:57Z [27992]: --productcode = CN
DEBUG     2022-10-10 16:45:57Z [27992]: --model = SF01V
DEBUG     2022-10-10 16:45:57Z [27992]: --vendor = VM01
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_version = 18.19.73
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_cv = 19.0
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_type = ips_app
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_atp_version = 1.0.0436
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_atp_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_savi_version = 1.0.18171
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_savi_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_avira_version = 1.0.420126
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_avira_cv = 4.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_apfw_version = 11.0.020
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_apfw_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sslvpn_version = 1.0.009
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sslvpn_cv = 1.02
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ipsec_version = 2.2.000
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ipsec_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_geoip_version = 2.0.014
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_geoip_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_clientauth_version = 1.0.0020
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_clientauth_cv = 2.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_redfw_version = 3.0.008
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_redfw_cv = 2.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_odt_version = 1.0.006
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_odt_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sasi_version = 1.0.236
DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sasi_cv = 1.00
DEBUG     2022-10-10 16:45:57Z [27992]: --oem = Sophos
DEBUG     2022-10-10 16:45:57Z [27992]: --central_mgmt = 1.0
DEBUG     2022-10-10 16:45:57Z [27992]: --server = u2d.sophos.com
DEBUG     2022-10-10 16:45:57Z [27992]: --port = 443
DEBUG     2022-10-10 16:45:57Z [27992]: Added new server : Host - u2d.sophos.com, Port - 443
DEBUG     2022-10-10 16:45:57Z [27992]: --u2d_proto = 2.00
DEBUG     2022-10-10 16:45:57Z [27992]: Final query string is :
?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_ips_version=18.19.73&pkg_ips_type=ips_app&pkg_ips_cv=19.0&pkg_atp_version=1.0.0436&pkg_atp_cv=1.00&pkg_savi_version=1.0.18171&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.420126&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.014&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0020&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.020&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.008&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.2.000&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.006&pkg_odt_cv=1.00&pkg_sasi_version=1.0.236&pkg_sasi_cv=1.00&u2d_proto=2.00
DEBUG     2022-10-10 16:45:58Z [27992]: Response code : 200
DEBUG     2022-10-10 16:45:58Z [27992]: Response body :
<Up2Date/>

I've got no log in live log > Malware

Thanks a lot for your help LuCar Toni

0 LuCar Toni 11 months ago in reply to Xitey

Looks fine. What about the other logs? av.log etc.

Can you create a support case?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

+1 Xitey 11 months ago in reply to LuCar Toni

The av.log log is empty as you can see below.
I put you the avg.log logs in addition.

Is it possible to create a support case with the use of the evaluating version of sophos xg ?

SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
SFVH_VM01_SFOS 19.0.1 MR-1-Build365# vi av.log
SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022

2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022

2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022

2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning