This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pgp signature attachement flagged as encrypted attachement -> mail quarantined

Dear all

I am having quite a strange behaviour with my UTM 9 (fully up-to-date Formare 9.509-3). It started  a few weeks ago (can pinpoint the exact time) that certain messages were being quarantined even though they seemed to be ok (Having a 100kB unencrypted PDF attached). I just realised that the link between those was that the messages have a .dat Attachement that contains a pgp signature. I can reproduce the problem on my system by attaching  the dat file to an email and send it to me. The message gets moved to quarantine. Does anybody have the same problem or know a workaround (other than disabling the quarantine for unscannable mails / attachements)?

 

Typical log entry:

2018:05:03-10:50:33 mailgateway smtpd[13870]: SCANNER[13870]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="xxxx.xxx.xxxx.xxxx" from="redacted@domain.com" to="redacted@domain.com" subject="test" queueid="1fE9wf-0003bi-5h" size="1776" reason="unscannable" extra="Encrypted archive"

Content of "Unbenannte Anlage 00016.dat"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iFYEABEKAAYFAlrhkRQACgkQpuuhc59vyKvLjADfeKw/ynArkkyJpieYK+bUlRsQ
ysRrJhy7LaFTFQDg1zpKLNdk/zYOwxXBWA2k+NQPZc6KzWDK2ZUHIg==
=5/hS
-----END PGP SIGNATURE-----

 

Thanks for your replies



This thread was automatically locked due to age.
Parents Reply Children
  • Probably a Sophos virus pattern problem.  Setting scanning to just use one engine or the other should be a short-term necessity.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Just checked with a fully up to date system and the issue still persists.  Switching to single engine scanning with Avira seems to be the only viable workaround right now.

  • Sophos still (11 Jun 2018) suggests "Navigate to Email Protection > SMTP > Malware. Uncheck Quarantine unscannable and encrypted content."

    See community.sophos.com/.../132007

    This is not acceptable for us. We further on need "normal" unscannable mail content to be quarantined and mails containing PGP signatures to pass without resistance.

    Since we own an official license for an UTM 9, I'll try to open a support case ...

     

    Frank