Hi,
we have a problem at some firewalls, sandstorm is marking files as clean, but report sees bad behaviour.
Do you have such reports?
Thanks
may
This thread was automatically locked due to age.
Firmware 9.705-3.
SMTP Sandstorm is active with Frankfurt Datacenter, no excluded mime types.
I have several zips, with xlsm files inside. Sandstorm analysis:
But it is marked as Clean.
log:
sandboxd-2021-03-23.log:2021:03:23-13:58:02 gw-1 sandboxd[12870]: h=- u="112.204.89.132" s=200 X=- t=1616503969 T=313000000 Ts=313 act=1 cat="-" app="-" rsn=- threat="-" type="-" ctype="-" sav-ev=- sav-dv=- uri-dv=- cache=- in=- out=73372 meth=GET ref="-" ua="-" req="GET xxx HTTP/1.1" dom="wkrajcik@grupoedelsur.com" filetype="application/octet-stream" rule="-" filesize=73372 axtime=- fttime=- scantime=- src_cat="-" labs_cat="-" dcat_prox="-" target_ip="-" labs_rule_id="-" reqtime=- adtime=- ftbypass=- os=- authn=- auth_by=- dnstime=- quotatime=- sandbox=4
sandboxd-2021-03-23.log:2021:03:23-14:10:02 gw-1 sandboxd[12870]: h=- u="112.204.89.132" s=200 X=- t=1616504600 T=402000000 Ts=402 act=1 cat="-" app="-" rsn=- threat="-" type="-" ctype="-" sav-ev=- sav-dv=- uri-dv=- cache=- in=- out=73362 meth=GET ref="-" ua="-" req="GET xxx HTTP/1.1" dom="wkrajcik@grupoedelsur.com" filetype="application/octet-stream" rule="-" filesize=73362 axtime=- fttime=- scantime=- src_cat="-" labs_cat="-" dcat_prox="-" target_ip="-" labs_rule_id="-" reqtime=- adtime=- ftbypass=- os=- authn=- auth_by=- dnstime=- quotatime=- sandbox=4
may
Astaro user since 2001 - Astaro/Sophos Partner since 2008
Firmware 9.705-3.
SMTP Sandstorm is active with Frankfurt Datacenter, no excluded mime types.
I have several zips, with xlsm files inside. Sandstorm analysis:
But it is marked as Clean.
log:
sandboxd-2021-03-23.log:2021:03:23-13:58:02 gw-1 sandboxd[12870]: h=- u="112.204.89.132" s=200 X=- t=1616503969 T=313000000 Ts=313 act=1 cat="-" app="-" rsn=- threat="-" type="-" ctype="-" sav-ev=- sav-dv=- uri-dv=- cache=- in=- out=73372 meth=GET ref="-" ua="-" req="GET xxx HTTP/1.1" dom="wkrajcik@grupoedelsur.com" filetype="application/octet-stream" rule="-" filesize=73372 axtime=- fttime=- scantime=- src_cat="-" labs_cat="-" dcat_prox="-" target_ip="-" labs_rule_id="-" reqtime=- adtime=- ftbypass=- os=- authn=- auth_by=- dnstime=- quotatime=- sandbox=4
sandboxd-2021-03-23.log:2021:03:23-14:10:02 gw-1 sandboxd[12870]: h=- u="112.204.89.132" s=200 X=- t=1616504600 T=402000000 Ts=402 act=1 cat="-" app="-" rsn=- threat="-" type="-" ctype="-" sav-ev=- sav-dv=- uri-dv=- cache=- in=- out=73362 meth=GET ref="-" ua="-" req="GET xxx HTTP/1.1" dom="wkrajcik@grupoedelsur.com" filetype="application/octet-stream" rule="-" filesize=73362 axtime=- fttime=- scantime=- src_cat="-" labs_cat="-" dcat_prox="-" target_ip="-" labs_rule_id="-" reqtime=- adtime=- ftbypass=- os=- authn=- auth_by=- dnstime=- quotatime=- sandbox=4
may
Astaro user since 2001 - Astaro/Sophos Partner since 2008