This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible bug in 9.509-3 regarding attachment content-type scanning

We have since long defined the following content-types in "Additional Types to Quarantine"

application/vnd.ms-word.document.macroEnabled.12
application/vnd.ms-word.template.macroEnabled.12
application/vnd.ms-excel.sheet.macroEnabled.12
application/vnd.ms-excel.template.macroEnabled.12
application/vnd.ms-excel.addin.macroEnabled.12
application/vnd.ms-excel.sheet.binary.macroEnabled.12
application/vnd.ms-powerpoint.addin.macroEnabled.12
application/vnd.ms-powerpoint.presentation.macroEnabled.12
application/vnd.ms-powerpoint.template.macroEnabled.12
application/vnd.ms-powerpoint.slideshow.macroEnabled.12
application/vnd.ms-powerpoint.slide.macroEnabled.12

However this is sending all normal .docx and .xlsx files to quarantine and mailmanager shows a normal empty word document with only 1 word in it and saved as .docx as application/vnd.ms-word.template.macroenabled.12 filetype and thus sends it to quarantine.

I believe this behaviour started after upgrading UTM from 9.505 to 9.509 so I believe this to be a bug introduced in one of the versions 9.506, 9.507, 9.508 or 9.509.

Anyone else seeing this or know how to resolve this?



This thread was automatically locked due to age.
Parents
  • it seems it still not fixed

     

    Anyone has an answer from the support ?

  • If you contact support they will be able to make some adjustments on your UTM. Sophos made changes on ours and we don't have this problem no more. Unfortunately I don't know exactly what has changed.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • If you contact support they will be able to make some adjustments on your UTM. Sophos made changes on ours and we don't have this problem no more. Unfortunately I don't know exactly what has changed.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children