Version 9.508 is released:
Maybe we could collect some reports about problems or hopefully no problems. Maybe please tell us about the modules (Network, Web, WAF, Mail, WLAN..) you use if you successful updated to 9.508.
Best
Alex
P.S. With the production system, I'll wait a little bit ;-)
Hi Christian,
we do have the same error and this is quite a pain in the ass. We also use Comodo certificates as Thomas does.
As you have said that reaching the support didn't help you, do you have any idea how we can solve this?
Kind regards,
Max
Moin,
ich habe bei zwei Kunden folgendes Problem:
Ich habe im MIME Type Filter unter SMTP -> Malware eingestellt, dass
application/vnd.ms-word.document.macroEnabled.12
application/vnd.ms-excel.sheet.macroEnabled.12
application/vnd.ms-powerpoint.presentation.macroEnabled.12
-Anhänge in die Quarantäne verschoben werden sollen.
Jetzt landen E-Mails in der Quarantäne, die diese Bedingung nicht erfüllen (Dateien docx + xlsx mit definitiv keinem Macro).
Gruß
Maik
mapelo said:Moin,
ich habe bei zwei Kunden folgendes Problem:
Ich habe im MIME Type Filter unter SMTP -> Malware eingestellt, dass
application/vnd.ms-word.document.macroEnabled.12
application/vnd.ms-excel.sheet.macroEnabled.12
application/vnd.ms-powerpoint.presentation.macroEnabled.12
-Anhänge in die Quarantäne verschoben werden sollen.Jetzt landen E-Mails in der Quarantäne, die diese Bedingung nicht erfüllen (Dateien docx + xlsx mit definitiv keinem Macro).
Gruß
Maik
Yes, that! I've got the below implemented (Email protection -> SMTP -> Malware -> MIME Type Filter) and now all emails containing excel or word files are being pushed to quarantine.
application/vnd.ms-word.document.macroEnabled.12
application/vnd.ms-word.template.macroEnabled.12
application/vnd.ms-excel.sheet.macroEnabled.12
application/vnd.ms-excel.template.macroEnabled.12
application/vnd.ms-excel.addin.macroEnabled.12
application/vnd.ms-excel.sheet.binary.macroEnabled.12
application/vnd.ms-powerpoint.addin.macroEnabled.12
application/vnd.ms-powerpoint.presentation.macroEnabled.12
application/vnd.ms-powerpoint.template.macroEnabled.12
application/vnd.ms-powerpoint.slideshow.macroEnabled.12
application/vnd.ms-word.document.macroEnabled.main+xml
application/vnd.ms-word.template.macroEnabledTemplate.main+xml
Thanks!
Answer from Sophos Support: One solution would be to update the sender and recipient to version 9.508.
The only trouble is that not everyone has a UTM...
And that's it? So forget about S/MIME functionality from now on?
What I didn't understand is the message of https://community.sophos.com/kb/en-us/131727
As stated in 3, one should get certificates with the appropriate algorithm. Does anybody know how to check which algorithm was used in an existing certificate? So should I ask the CA to re-issue my certificate and everything is fine?
Best
Alex
P.S. I placed the question for the Algorithms for X.509 certs at a reseller for certificates. Will see what they say.
-
Alexander Busch said:So should I ask the CA to re-issue my certificate and everything is fine?
Best
Alex
That's not gonna work. I had revoked my certificates and set them up again without success.
Guys, it's not clear to me that you're attacking the right certificate. This is not the one in 'Certificate Management'. I think you have to delete your entry on the 'Internal Users' tab of 'Encryption', add it again and then send the new PEM to your recipient(s).
I can confirm that 9.508-to-9.508 works when this is done.
Please let us know if the non-UTM recipients can receive your email after adding your new cert as described.
Cheers - Bob
Hi all
Some strange things since update to 9.508-10
1. IPS
In the daily report last Sunday, IPS Graph shows no attacks, but in the detail the report say 2 attacks
2. UTM hung step by step today
- 17:39 external check report timeout to nated website
- 17:51 [CRIT-310] Up2Date prefetch failed
- 17:57 [WARN-129] Spam Filter cannot query ...
- 19:00 [WARN-129] Spam Filter cannot query ...
No connection to mgmt website of utm possible -> with all browsers: Hung in "Performing a TLS handshake..."
no conection to any destination over any IF possible, only connection via ssh to shell possible
roboot via ssh shell
After reboot UTM looks good (connections to the Inet)
But still can't connect to web-interface of utm : Hung in "Performing a TLS handshake to ....
Do i have to take new installation with older version (last good was 9.506-2) and restore backup
Cheers Peter
BAlfson said:...
I can confirm that 9.508-to-9.508 works when this is done.
Please let us know if the non-UTM recipients can receive your email after adding your new cert as described.
..
Hello Bob,
is the simple signing of an email working? Non UTM Device at the recipient side.
Best
Alex
-
Really strange...
I've also problems with email encryption.
I'm using official S/MIME certificates since the 9.5MR8 I'm affected of KB131727
But now the interesting thing...
According 2 KB131727 I've opened a support call @ my RootCA and the answer was really unsatisfied...
Das Sophos Gateway hat uns da ausgeschlossen und ist aktuell mit den S/MIME Zertifikaten nicht mehr kompatibel. Wir als CA werden im Moment unsere Infrastruktur nicht derart umwerfen, da die Nutzung des Sophos Gateways zu gering auftaucht.
Eventuell kann die Bundesdruckerei oder D-Trust Ihrem Kunden da helfen. Was das bereits bestehende Zertifikat angeht sehe ich die Schuld bei Sophos, da keine Kompatibilität mehr zu bieten.
Quick translation:
Sophos ist the bad guy. We are not willing 2 rebuild our CA infrastructure because there are not enough customers using Sophos UTM.
Use another CA!
Nope, I'm not using any kind of Comodo cheap CAs I'm using one of the better expensive once...
...Sophos are U kidding?
I'm not willig 2 accept that my customers won't be able 2 encrypt there Mails because the recipients won't be able 2 decrypt them. U tolled us this special S/MIME encryption isn't secure enough but in my opinion it's better than without encryption.
