One of the changes is that: Email Protection anti-spam engine changed to Sophos Anti-Spam Interface (SASI)
Anybody has experience with that change? Does it effect the rate of recognition? I haven't figured out yet if the Commtouch Advanced Security Daemon (ctasd) is dropped with this or not. And if so aren't the results from cyren no longer used?
We have the issue that there are no mails in quarantine since we installed the update. Looks like we don't get any spam mails. Opened a support case now. Let's see how Sophos can help here.
Good call, Alex! Indeed, zgrep shows that the last appearance of ctasd in the SMTP logs was just before the Up2Date to 9.706 in our instance in AWS.
The last line with ctasd:
2021:05:16-16:39:07 secure exim-in: 2021-05-16 16:39:07 1liOTb-0006Gy-0z ctasd reports 'Unknown' RefID:str=0001.0A742F25.60A190FB.0016:SCFSTAT53756616,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
The first line with sasi:
2021:05:16-16:54:04 secure exim-in: 2021-05-16 16:54:04 1liOi3-00024X-1i sasi reports probability: 0.958928, version: Antispam-Engine: 4.1.4, AntispamData:2021.2.4.135417
Cheers - Bob
That is odd. I'm not sure about 9.706. Since upgrading to 9.705-7 there is less spam messages showing up in the quarantine. Also, less spam is going through. I do not know if it is related to summer time or Sophos anti-spam engine changes, though.
Could you please provide the support case number by sending me a private message?
Since you do not see quarantined emails in the mail manager, would it be possible to check if any spam emails got delivered? If you find any sample spam emails, send the original email in .eml format on your support case.
I am certain that the change to SASI is in one word f$%ked. I have not had a single spam email blocked since this update, yes I am getting all sorts of rubbish passing straight through the scanning. On top of this the constant downloading of patterns has meant having to turn off auto updates.No response from Sophos, no fixes, nothing....
To add to my humble opinion as well. For us, the changeover has improved the situation. The recognition is at the level before our problems with commtouch started and we had lots of false positives.In the meantime we are also rejecting confirmed spam again.I hope that the issues described here are problems on individual devices.
Well, i have issues as described in this thread:
more and more spam passing by and is sryl annoying !
I'd suggest opening a support case with the original spam sample email in .eml format for further investigation.
I can't open a case, because i am a homeuser.
Would it be possible for you to share those samples emails and smptd logs via personal message? I will report them to the Sophos LAB on behalf of you.