This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

pgp signature attachement flagged as encrypted attachement -> mail quarantined

Dear all

I am having quite a strange behaviour with my UTM 9 (fully up-to-date Formare 9.509-3). It started  a few weeks ago (can pinpoint the exact time) that certain messages were being quarantined even though they seemed to be ok (Having a 100kB unencrypted PDF attached). I just realised that the link between those was that the messages have a .dat Attachement that contains a pgp signature. I can reproduce the problem on my system by attaching  the dat file to an email and send it to me. The message gets moved to quarantine. Does anybody have the same problem or know a workaround (other than disabling the quarantine for unscannable mails / attachements)?

 

Typical log entry:

2018:05:03-10:50:33 mailgateway smtpd[13870]: SCANNER[13870]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="xxxx.xxx.xxxx.xxxx" from="redacted@domain.com" to="redacted@domain.com" subject="test" queueid="1fE9wf-0003bi-5h" size="1776" reason="unscannable" extra="Encrypted archive"

Content of "Unbenannte Anlage 00016.dat"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iFYEABEKAAYFAlrhkRQACgkQpuuhc59vyKvLjADfeKw/ynArkkyJpieYK+bUlRsQ
ysRrJhy7LaFTFQDg1zpKLNdk/zYOwxXBWA2k+NQPZc6KzWDK2ZUHIg==
=5/hS
-----END PGP SIGNATURE-----

 

Thanks for your replies



This thread was automatically locked due to age.
Parents Reply
  • Probably a Sophos virus pattern problem.  Setting scanning to just use one engine or the other should be a short-term necessity.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data