This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pgp signature attachement flagged as encrypted attachement -> mail quarantined

Dear all

I am having quite a strange behaviour with my UTM 9 (fully up-to-date Formare 9.509-3). It started  a few weeks ago (can pinpoint the exact time) that certain messages were being quarantined even though they seemed to be ok (Having a 100kB unencrypted PDF attached). I just realised that the link between those was that the messages have a .dat Attachement that contains a pgp signature. I can reproduce the problem on my system by attaching  the dat file to an email and send it to me. The message gets moved to quarantine. Does anybody have the same problem or know a workaround (other than disabling the quarantine for unscannable mails / attachements)?

 

Typical log entry:

2018:05:03-10:50:33 mailgateway smtpd[13870]: SCANNER[13870]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="xxxx.xxx.xxxx.xxxx" from="redacted@domain.com" to="redacted@domain.com" subject="test" queueid="1fE9wf-0003bi-5h" size="1776" reason="unscannable" extra="Encrypted archive"

Content of "Unbenannte Anlage 00016.dat"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iFYEABEKAAYFAlrhkRQACgkQpuuhc59vyKvLjADfeKw/ynArkkyJpieYK+bUlRsQ
ysRrJhy7LaFTFQDg1zpKLNdk/zYOwxXBWA2k+NQPZc6KzWDK2ZUHIg==
=5/hS
-----END PGP SIGNATURE-----

 

Thanks for your replies



This thread was automatically locked due to age.
Parents
  • Hi Niccolo and welcome to the UTM Community!

    Today, I think all you can do is create an Exception for Malware scanning for the sender.  This seems like a great suggestion to make at Ideas.  A signature should not cause quarantining.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob

    Thank you for your suggestion but I can't predict who uses pgp signatures and creating an exception for malware scanning quite defeats the purpose of having a license for a UTM. IMHO this is quite clearly a bug since it is not an encrypted attachement that is flagged as such. I will open a support request through our supplier.

Reply
  • Hi Bob

    Thank you for your suggestion but I can't predict who uses pgp signatures and creating an exception for malware scanning quite defeats the purpose of having a license for a UTM. IMHO this is quite clearly a bug since it is not an encrypted attachement that is flagged as such. I will open a support request through our supplier.

Children
No Data