This issue sounds very similar to https://community.sophos.com/products/unified-threat-management/astaroorg/f/81/t/65706
An external user has sent a series of split RAR files, one per email, to our internal user. The first email/RAR appears to be delivered without error. The remaining emails/RARs are dropped into quarantine with the tag "Malware (UNSCANNABLE)". See the attached screen capture for an example.
When I manually download/open a quarantined email, save the attachment, then unRAR it (with 7zip), I get a "Data error in '[filename]' File is broken" error message on the first file and a "CRC failed in '[filename]' File is broken" error message on the last file. This makes sense to me as I've only opened a single RAR file from the series; the first and last file inside the RAR are split into the adjacent RAR files. I can't test the whole RAR series as I don't have access to the first RAR file (I think it was delivered successfully). Of the quarantined RARs I have examined, none of them contained malware (according to SESC) as per the error message.
Is this something you'd like to investigate?
That said, I'm not completely disappointed by this error... had all the emails/RARs been delivered successfully, our internal user would not have been able to unRAR the series (a suitable tool is not part of our standard operating environment). As such, this error has saved our Help Desk from having to deal with this task on behalf of our user [;)]
This thread was automatically locked due to age.
