This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pgp signature attachement flagged as encrypted attachement -> mail quarantined

Dear all

I am having quite a strange behaviour with my UTM 9 (fully up-to-date Formare 9.509-3). It started  a few weeks ago (can pinpoint the exact time) that certain messages were being quarantined even though they seemed to be ok (Having a 100kB unencrypted PDF attached). I just realised that the link between those was that the messages have a .dat Attachement that contains a pgp signature. I can reproduce the problem on my system by attaching  the dat file to an email and send it to me. The message gets moved to quarantine. Does anybody have the same problem or know a workaround (other than disabling the quarantine for unscannable mails / attachements)?

 

Typical log entry:

2018:05:03-10:50:33 mailgateway smtpd[13870]: SCANNER[13870]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="xxxx.xxx.xxxx.xxxx" from="redacted@domain.com" to="redacted@domain.com" subject="test" queueid="1fE9wf-0003bi-5h" size="1776" reason="unscannable" extra="Encrypted archive"

Content of "Unbenannte Anlage 00016.dat"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iFYEABEKAAYFAlrhkRQACgkQpuuhc59vyKvLjADfeKw/ynArkkyJpieYK+bUlRsQ
ysRrJhy7LaFTFQDg1zpKLNdk/zYOwxXBWA2k+NQPZc6KzWDK2ZUHIg==
=5/hS
-----END PGP SIGNATURE-----

 

Thanks for your replies



This thread was automatically locked due to age.
Parents
  • Hi Niccolo and welcome to the UTM Community!

    Today, I think all you can do is create an Exception for Malware scanning for the sender.  This seems like a great suggestion to make at Ideas.  A signature should not cause quarantining.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    same problem here.

    Since some weeks more and more users are complaining about quarantined mails simply containing a pgp-signature.

    Using a whitelist is no option for us (not even as a temporary solution)!

    This needs to be fixed!

    Thanks, Frank

Reply
  • Hi Bob,

    same problem here.

    Since some weeks more and more users are complaining about quarantined mails simply containing a pgp-signature.

    Using a whitelist is no option for us (not even as a temporary solution)!

    This needs to be fixed!

    Thanks, Frank

Children
No Data