This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Malware 'Unscannable' was detected and blocked in a download" Every Minutes

Hi,  i've got this message every minute since yesterday.

Have you got a any idea ?



This thread was automatically locked due to age.
  • Hi Xitey,

    Based on the log snippets you have attached, the latest AV signatures are installed on your device and are being used by the AV scanning service. Can you please verify that HTTP requests are still being blocked as unscannable? It's possible that your firewall had queued up those email alerts and you were still receiving the notifications after the issue had been resolved. The date/time of the event is included in the body of the email alert so you can use that to determine if the alerts are outdated.

    If you are still having issues with traffic being blocked as unscannable, please attach the output of this command: grep -w ERROR /log/avd.log  | grep sophos__scanfile | tail -n 100

    Thanks,
    Peter Gale | Director, Software Development, NSG

    Peter Gale | Director, Software Development, NSG
    peter.gale@sophos.com

  • Thanks a lot for your help Peter Gale Slight smile

    Here are the logs below

     

    Sophos Firmware Version SFOS 19.0.1 MR-1-Build365
    
    Device Management
    
        1.  Reset to Factory Defaults
        2.  Show Firmware(s)
        3.  Advanced Shell
        4.  Flush Device Reports
        0.  Exit
    
        Select Menu Number [0-4]: 3
    
    
    Sophos Firewall
    ===============
    (C) Copyright 2000-2022 Sophos Limited and others. All rights reserved.
    Sophos is a registered trademark of Sophos Limited and Sophos Group.
    All other product and company names mentioned are trademarks or registered
    trademarks of their respective owners.
    
    For Sophos End User Terms of Use - https://www.sophos.com/en-us/legal/sophos-end                                                                                                             -user-terms-of-use.aspx
    
    NOTE: If not explicitly approved by Sophos support, any modifications
          done through this option will void your support.
    
    
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365# grep -w ERROR /log/avd.log  | grep sophos__
    scanfile | tail -n 100
    2022-10-08 04:53:06Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:06Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:07Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:08Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:08Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:11Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:14Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:16Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:17Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:18Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:19Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:19Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:20Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:21Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:21Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:23Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:23Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:23Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:26Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:29Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:32Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:34Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:34Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:35Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:36Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:36Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:38Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:38Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:38Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:41Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:44Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:47Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:49Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:49Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:50Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:51Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:51Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:53Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:53Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:53Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:56Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:53:59Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:00Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:02Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:04Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:04Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:05Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:07Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:07Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:08Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:08Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:09Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:11Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:14Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:17Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:20Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:20Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:20Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:22Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:22Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:23Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:24Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:24Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:26Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:29Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:44Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:45Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:48Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:51Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:54Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:54:57Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:00Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:03Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:06Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:08Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:09Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:09Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:09Z :[ERROR] 4 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:12Z :[ERROR] 5 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:15Z :[ERROR] 6 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:18Z :[ERROR] 7 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:21Z :[ERROR] 8 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 9 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 10 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 11 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:23Z :[ERROR] 12 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:24Z :[ERROR] 13 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:25Z :[ERROR] 14 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:25Z :[ERROR] 15 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:27Z :[ERROR] 0 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:30Z :[ERROR] 1 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:30Z :[ERROR] 2 sophos__scanfile: unable to sweep file [0x0004021e]
    2022-10-08 04:55:33Z :[ERROR] 3 sophos__scanfile: unable to sweep file [0x0004021e]
    SFVH_VM01_SFOS 19.0.1 MR-1-Build365#
    

  • Hi Xitey,

    According to those logs, the issue stopped occurring on October 8th which coincides with when the pattern update was released. Please confirm if you are still experiencing blocked requests.

    Thanks,
    Peter Gale | Director, Software Development, NSG

    Peter Gale | Director, Software Development, NSG
    peter.gale@sophos.com

  • Hello, It is since October 8 that I receive the email "*ALERT* Sophos XG Firewall "XG" - HTTP virus detected". It is since this date that I receive about twenty emails per minute.

    Do you think the problem comes from the October 8th model update?
    I have to wait for the next upgrade and ignore these hundreds of emails?
  • Hi Xitey,

    I suspect that the alerts were generated on October 8th and are queued for delivery in your mail spool. They will continue to be delivered until the queue is empty. Can you verify this by browsing to Email > Mail spool, then filter using the following parameters: Start Date = 2022-10-07, End Date = 2022-10-09, Recipient domain = All, Sender/recipient/subject = HTTP virus detected. Tick only the "Queued" tickbox, then click Filter.

    If that search returns some number of entries, you can tick the "Select All" checkbox and click Delete to remove them from the outbound queue.

    Hope that helps,
    Peter Gale | Director, Software Development, NSG

    Peter Gale | Director, Software Development, NSG
    peter.gale@sophos.com

  • I think you were right, in Email > Mail spool I have no email and I haven't received any email since 6 p.m. last night.
    
    I must have received around 10,000 emails anyway, but the problem seems to have solved itself.
    
    Thanks everyone for your help.
    
    Have a nice day everyone.