This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Malware 'Unscannable' was detected and blocked in a download" Every Minutes

Hi,  i've got this message every minute since yesterday.

Have you got a any idea ?



This thread was automatically locked due to age.
Parents
  • __________________________________________________________________________________________________________________

  • Thank you for your feedback but this solution does not work for me.

  • Check the pattern version of your appliance. 

    __________________________________________________________________________________________________________________

  • AP Firmware
    11.0.020
    -
    16:32:26, Sep 06 2022
    Success
    ATP
    1.0.0436
    -
    09:35:48, Oct 10 2022
    Success
    Avira AV
    1.0.420123
    -
    09:50:48, Oct 10 2022
    Success
    Authentication Clients
    1.0.0020
    -
    11:53:30, Mar 31 2022
    Success
    Geoip ip2country DB
    2.0.014
    -
    08:53:29, Oct 07 2022
    Success
    IPS and Application signatures
    18.19.72
    -
    16:56:54, Oct 07 2022
    Success
    Sophos Connect Clients
    2.2.000
    -
    17:05:30, Jun 27 2022
    Success
    RED Firmware
    3.0.008
    -
    08:54:18, Jul 15 2022
    Success
    Sophos AntiSpam Interface
    1.0.236
    -
    14:54:28, Oct 07 2022
    Success
    Sophos AV
    1.0.18170
    -
    09:51:44, Oct 10 2022
    Success
    SSLVPN Clients
    1.0.009
    -
    16:54:49, Dec 14 2021
    Success
  • All patern are up to date. 

  • Can you check the u2d.log and savi log? 

    docs.sophos.com/.../index.html

    __________________________________________________________________________________________________________________

  • SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 u2d.log | more
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_redfw_cv = 2.00
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_odt_version = 1.0.006
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_odt_cv = 1.00
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_sasi_version = 1.0.236
    DEBUG     2022-10-10 16:30:54Z [23636]: --pkg_sasi_cv = 1.00
    DEBUG     2022-10-10 16:30:54Z [23636]: --oem = Sophos
    DEBUG     2022-10-10 16:30:54Z [23636]: --central_mgmt = 1.0
    DEBUG     2022-10-10 16:30:54Z [23636]: --server = u2d.sophos.com
    DEBUG     2022-10-10 16:30:54Z [23636]: --port = 443
    DEBUG     2022-10-10 16:30:54Z [23636]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     2022-10-10 16:30:54Z [23636]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:30:54Z [23636]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_ips_version=18.19.73&pkg_ips_type=ips_app&pkg_ips_cv=19.0&pkg_atp_version=1.0.0436&pkg_atp_cv=1.00&pkg_savi_version=1.0.18171&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.420126&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.014&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0020&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.020&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.008&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.2.000&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.006&pkg_odt_cv=1.00&pkg_sasi_version=1.0.236&pkg_sasi_cv=1.00&u2d_proto=2.00
    DEBUG     2022-10-10 16:30:55Z [23636]: Response code : 200
    DEBUG     2022-10-10 16:30:55Z [23636]: Response body :
    <Up2Date/>
    
    DEBUG     2022-10-10 16:30:55Z [23636]: Response length : 11
    DEBUG     2022-10-10 16:31:25Z [23872]: --serial = C01001B3783Q7BC
    DEBUG     2022-10-10 16:31:25Z [23872]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
    DEBUG     2022-10-10 16:31:25Z [23872]: --fwversion = 19.0.1.365
    DEBUG     2022-10-10 16:31:25Z [23872]: --productcode = CN
    DEBUG     2022-10-10 16:31:25Z [23872]: --model = SF01V
    DEBUG     2022-10-10 16:31:25Z [23872]: --vendor = VM01
    DEBUG     2022-10-10 16:31:25Z [23872]: --pkg_sysupdate_version = 4
    DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - eu-west-1.u2d.sophos.com., Port - 443
    DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - us-west-2.u2d.sophos.com., Port - 443
    DEBUG     2022-10-10 16:31:25Z [23872]: Added new server : Host - ap-northeast-1.u2d.sophos.com., Port - 443
    DEBUG     2022-10-10 16:31:25Z [23872]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:31:25Z [23872]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=&pkg_sysupdate_version=4&u2d_proto=2.00
    DEBUG     2022-10-10 16:31:47Z [23872]: Response code : 200
    DEBUG     2022-10-10 16:31:47Z [23872]: Response body :
    <Up2Date/>
    
    DEBUG     2022-10-10 16:31:47Z [23872]: Response length : 11
    DEBUG     2022-10-10 16:41:32Z [26802]: --serial = C01001B3783Q7BC
    DEBUG     2022-10-10 16:41:32Z [26802]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
    DEBUG     2022-10-10 16:41:32Z [26802]: --fwversion = 19.0.1.365
    DEBUG     2022-10-10 16:41:32Z [26802]: --productcode = CN
    DEBUG     2022-10-10 16:41:32Z [26802]: --model = SF01V
    DEBUG     2022-10-10 16:41:32Z [26802]: --vendor = VM01
    DEBUG     2022-10-10 16:41:32Z [26802]: --pkg_sysupdate_version = 4
    DEBUG     2022-10-10 16:41:32Z [26802]: --oem = Sophos
    DEBUG     2022-10-10 16:41:32Z [26802]: --central_mgmt = 1.0
    DEBUG     2022-10-10 16:41:32Z [26802]: --server = u2d.sophos.com
    DEBUG     2022-10-10 16:41:32Z [26802]: --port = 443
    DEBUG     2022-10-10 16:41:32Z [26802]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     2022-10-10 16:41:32Z [26802]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:41:32Z [26802]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_sysupdate_version=4&central_mgmt=1.0&u2d_proto=2.00
    DEBUG     2022-10-10 16:41:33Z [26802]: Response code : 200
    DEBUG     2022-10-10 16:41:33Z [26802]: Response body :
    <Up2Date/>
    
    DEBUG     2022-10-10 16:41:33Z [26802]: Response length : 11
    DEBUG     2022-10-10 16:45:57Z [27992]: --serial = C01001B3783Q7BC
    DEBUG     2022-10-10 16:45:57Z [27992]: --deviceid = 10cf0a3f-eebd-4979-92d7-25dad527c17d
    DEBUG     2022-10-10 16:45:57Z [27992]: --fwversion = 19.0.1.365
    DEBUG     2022-10-10 16:45:57Z [27992]: --productcode = CN
    DEBUG     2022-10-10 16:45:57Z [27992]: --model = SF01V
    DEBUG     2022-10-10 16:45:57Z [27992]: --vendor = VM01
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_version = 18.19.73
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_cv = 19.0
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ips_type = ips_app
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_atp_version = 1.0.0436
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_atp_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_savi_version = 1.0.18171
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_savi_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_avira_version = 1.0.420126
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_avira_cv = 4.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_apfw_version = 11.0.020
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_apfw_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sslvpn_version = 1.0.009
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sslvpn_cv = 1.02
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ipsec_version = 2.2.000
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_ipsec_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_geoip_version = 2.0.014
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_geoip_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_clientauth_version = 1.0.0020
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_clientauth_cv = 2.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_redfw_version = 3.0.008
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_redfw_cv = 2.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_odt_version = 1.0.006
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_odt_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sasi_version = 1.0.236
    DEBUG     2022-10-10 16:45:57Z [27992]: --pkg_sasi_cv = 1.00
    DEBUG     2022-10-10 16:45:57Z [27992]: --oem = Sophos
    DEBUG     2022-10-10 16:45:57Z [27992]: --central_mgmt = 1.0
    DEBUG     2022-10-10 16:45:57Z [27992]: --server = u2d.sophos.com
    DEBUG     2022-10-10 16:45:57Z [27992]: --port = 443
    DEBUG     2022-10-10 16:45:57Z [27992]: Added new server : Host - u2d.sophos.com, Port - 443
    DEBUG     2022-10-10 16:45:57Z [27992]: --u2d_proto = 2.00
    DEBUG     2022-10-10 16:45:57Z [27992]: Final query string is :
    ?&serialkey=C01001B3783Q7BC&deviceid=10cf0a3f-eebd-4979-92d7-25dad527c17d&fwversion=19.0.1.365&productcode=CN&appmodel=SF01V&appvendor=VM01&useragent=SF&oem=Sophos&pkg_ips_version=18.19.73&pkg_ips_type=ips_app&pkg_ips_cv=19.0&pkg_atp_version=1.0.0436&pkg_atp_cv=1.00&pkg_savi_version=1.0.18171&pkg_savi_patch=2&pkg_savi_cv=1.00&pkg_avira_version=1.0.420126&pkg_avira_patch=2&pkg_avira_cv=4.00&pkg_geoip_version=2.0.014&pkg_geoip_cv=1.00&pkg_clientauth_version=1.0.0020&pkg_clientauth_cv=2.00&pkg_apfw_version=11.0.020&pkg_apfw_cv=1.00&pkg_redfw_version=3.0.008&pkg_redfw_cv=2.00&pkg_sslvpn_version=1.0.009&pkg_sslvpn_cv=1.02&pkg_ipsec_version=2.2.000&pkg_ipsec_cv=1.00&central_mgmt=1.0&pkg_odt_version=1.0.006&pkg_odt_cv=1.00&pkg_sasi_version=1.0.236&pkg_sasi_cv=1.00&u2d_proto=2.00
    DEBUG     2022-10-10 16:45:58Z [27992]: Response code : 200
    DEBUG     2022-10-10 16:45:58Z [27992]: Response body :
    <Up2Date/>
    
    

    I've got no log in live log > Malware

    Thanks a lot for your help LuCar Toni Slight smile

  • Looks fine. What about the other logs? av.log etc. 

    Can you create a support case? 

    __________________________________________________________________________________________________________________

Reply Children
  • The av.log log is empty as you can see below.
    I put you the avg.log logs in addition.
    
    Is it possible to create a support case with the use of the evaluating version of sophos xg ?

    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# vi av.log
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022
    
    2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022
    
    2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 av.log | more
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# tail -n 100 avd.log | more
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanPng                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMp3                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanMpeg                  1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CleanWmf                   1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Xml                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlOdoc                    1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Hfs                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Guid                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dmg                        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Swf                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AS3                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Dex                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AXml                       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Plist                      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ISO9660                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: JSEmul                     1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LimitJSEmulation           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullMacroSweep             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullPdf                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrictPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StrongPdf                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PDFUnifiedTextExtract      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: FullSweep                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MarkTampered               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReport              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAll           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageReportAddtolist     0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: StorageDetOnly             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetection      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: UnixArchive                1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Rpm                        1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: Saveset                    0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ExtensiveScan              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SampleSubmit               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: CloudSandbox               1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLEnabled                  0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLVeexReporting            0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VeexMiscPeTreeCbkEnabled   0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DecomprSizeCb              0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLimit             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MimeEmbedLines             500
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: TrueFileTypeDetectionLevel 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxRecursionDepth          16
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxIntRecDepth             25
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BuffCacheSize              4
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MaxSampleSubmitSize        10240
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSuper                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpArchiveUnpack           2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpSelfExtract             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpExecutable              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpInternet                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMSOffice                2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpMisc                    2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpDisinfect               2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpClean                   2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebArchive              2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: GrpWebEncoding             2
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: HtmlMaxExtStrmSize         104857600
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: XmlMaxExtStrCnt            1000000
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: NamespaceSupport           0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAutoStop             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnablePdfAutoStop          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourMalware           1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: BehaviourSuspicious        0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: PuaDetection               0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ThreatAccumulation         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: DetectSecondaries          0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ApplicationControl         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataDir               /sdisk/savi/vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataName              vdl
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: IdeDir                     /sdisk/savi/ide
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: AllowPartialVirusData      0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductMobile              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductGateway             1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductCLI                 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductWeb                 1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductDesktop             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: ProductUnspecified         1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableAllowedLists         0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: EnableOSSpecificLoad       0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: VirusDataIntegrityChecking 0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLLiveProtection          1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLEvaluation              1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchDelay             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLTimeout                 250
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchThreadCount       1
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLAsynchQueueSize         200
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheEnable             0
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheSize               20
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: SXLCacheFileStub
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLDLL
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: MLData
    2022-10-11 05:52:43Z :[INFO]  4 describe_config: LRLib
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Engine version number              : 3.85
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Extended version                   : 1
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Threat data version string(IDE)    : 5.94
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Number of detectable threats       : 75386748
    2022-10-11 05:52:43Z :[INFO]  4 display_sophos_version: Date of threat data (D/M/Y)        : 12/7/2022
    
    2022-10-11 05:52:44Z :[INFO]  99 sophos_reload_sig: Every thread reloaded new savi object, safe to start scanning
    

  • Hi Xitey,

    Based on the log snippets you have attached, the latest AV signatures are installed on your device and are being used by the AV scanning service. Can you please verify that HTTP requests are still being blocked as unscannable? It's possible that your firewall had queued up those email alerts and you were still receiving the notifications after the issue had been resolved. The date/time of the event is included in the body of the email alert so you can use that to determine if the alerts are outdated.

    If you are still having issues with traffic being blocked as unscannable, please attach the output of this command: grep -w ERROR /log/avd.log  | grep sophos__scanfile | tail -n 100

    Thanks,
    Peter Gale | Director, Software Development, NSG

    Peter Gale | Director, Software Development, NSG
    peter.gale@sophos.com

  • Thanks a lot for your help Peter Gale Slight smile

    Here are the logs below

     

    Sophos Firmware Version SFOS 19.0.1 MR-1-Build365
    
    Device Management
    
        1.  Reset to Factory Defaults
        2.  Show Firmware(s)
        3.  Advanced Shell
        4.  Flush Device Reports
        0.  Exit
    
        Select Menu Number [0-4]: 3
    
    
    Sophos Firewall
    ===============
    (C) Copyright 2000-2022 Sophos Limited and others. All rights reserved.
    Sophos is a registered trademark of Sophos Limited and Sophos Group.
    All other product and company names mentioned are trademarks or registered
    trademarks of their respective owners.
    
    For Sophos End User Terms of Use - https://www.sophos.com/en-us/legal/sophos-end                                                                                                             -user-terms-of-use.aspx
    
    NOTE: If not explicitly approved by Sophos support, any modifications
          done through this option will void your support.
    
    
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# grep -w ERROR /log/avd.log  | grep sophos__
    scanfile | tail -n 100
    2022-10-08 04:53:06Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:06Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:07Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:08Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:08Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:11Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:14Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:16Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:17Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:18Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:19Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:19Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:20Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:21Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:21Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:23Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:23Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:23Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:26Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:29Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:32Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:34Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:34Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:35Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:36Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:36Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:38Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:38Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:38Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:41Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:44Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:47Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:49Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:49Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:50Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:51Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:51Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:53Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:53Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:53Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:56Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:59Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:00Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:02Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:04Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:04Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:05Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:07Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:07Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:08Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:08Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:09Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:11Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:14Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:17Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:20Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:20Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:20Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:22Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:22Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:23Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:24Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:24Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:26Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:29Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:45Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:48Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:51Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:54Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:57Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:00Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:03Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:06Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:09Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:09Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:09Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:12Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:15Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:18Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:21Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:24Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:25Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:25Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:27Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:30Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:30Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:33Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365#
    

  • Hi Xitey,

    According to those logs, the issue stopped occurring on October 8th which coincides with when the pattern update was released. Please confirm if you are still experiencing blocked requests.

    Thanks,
    Peter Gale | Director, Software Development, NSG

    Peter Gale | Director, Software Development, NSG
    peter.gale@sophos.com

  • Hello, It is since October 8 that I receive the email "*ALERT* Sophos XG Firewall "XG" - HTTP virus detected". It is since this date that I receive about twenty emails per minute.

    Do you think the problem comes from the October 8th model update?
    I have to wait for the next upgrade and ignore these hundreds of emails?
  • Hi Xitey,

    I suspect that the alerts were generated on October 8th and are queued for delivery in your mail spool. They will continue to be delivered until the queue is empty. Can you verify this by browsing to Email > Mail spool, then filter using the following parameters: Start Date = 2022-10-07, End Date = 2022-10-09, Recipient domain = All, Sender/recipient/subject = HTTP virus detected. Tick only the "Queued" tickbox, then click Filter.

    If that search returns some number of entries, you can tick the "Select All" checkbox and click Delete to remove them from the outbound queue.

    Hope that helps,
    Peter Gale | Director, Software Development, NSG

    Peter Gale | Director, Software Development, NSG
    peter.gale@sophos.com

  • I think you were right, in Email > Mail spool I have no email and I haven't received any email since 6 p.m. last night.
    
    I must have received around 10,000 emails anyway, but the problem seems to have solved itself.
    
    Thanks everyone for your help.
    
    Have a nice day everyone.