Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 1 subscriber
  • Views 15699 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email Archived Attachments

Holy
Hello,

we have upgrade tot 9.306-6  and actualy Sophos should Scan with AV Proxy Archived attachment in Email since 9.3 

but i did some test and it passes it through, no scanning.

is there something that i have forgotten? any experiences with archives av scanning?



Thank you in advance


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Holy,

    Do you have 'Quarantine unscannable and encrypted content' selected on the 'Anti-Virus' tab?  Or, did you mean something else?  Please show the lines from the SMTP log where the email was accepted by the SMTP Proxy.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, Holy,

    Do you have 'Quarantine unscannable and encrypted content' selected on the 'Anti-Virus' tab?  Or, did you mean something else?  Please show the lines from the SMTP log where the email was accepted by the SMTP Proxy.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hello,

    yes i have selected the "Quarantine unscannable and encrypted content"



    here is the live log: I packed an .exe in a .zip and then send a test mail

    2015:02:25-10:05:41 ffw-1 exim-in[18533]: 2015-02-25 10:05:41 [157.55.1.166] F= R= Verifying recipient address with callout
    2015:02:25-10:05:41 ffw-1 smtpd[9273]: QMGR[9273]: 1YQXuV-0004om-1N moved to work queue
    2015:02:25-10:05:41 ffw-1 smtpd[9273]: QMGR[9273]: 1YQXuW-0004om-0m moved to work queue
    2015:02:25-10:05:42 ffw-1 smtpd[18478]: SCANNER[18478]: 1YQXuW-0004om-0m => work R=SCANNER T=SCANNER
    2015:02:25-10:05:42 ffw-1 smtpd[18478]: SCANNER[18478]: 1YQXuW-0004om-0m Completed
    2015:02:25-10:05:47 ffw-1 exim-in[18533]: 2015-02-25 10:05:47 1YQXuY-0004ov-07 ctasd reports 'Unknown' RefID:str=0001.0A0C0202.54ED906B.0439,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
    2015:02:25-10:05:47 ffw-1 exim-in[18533]: 2015-02-25 10:05:47 1YQXuY-0004ov-07 example@outlook.de H=dub004-omc2s27.hotmail.com [157.55.1.166]:60774 P=esmtps X=TLSv1.2:AES256-SHA256:256 S=2230420 id=DUB126-W363BFD23D1DD6C550954CA9D170@phx.gbl
    2015:02:25-10:05:47 ffw-1 exim-in[18533]: 2015-02-25 10:05:47 SMTP connection from dub004-omc2s27.hotmail.com [157.55.1.166]:60774 closed by QUIT
    2015:02:25-10:05:48 ffw-1 smtpd[9273]: QMGR[9273]: 1YQXuY-0004ov-07 moved to work queue
    2015:02:25-10:05:49 ffw-1 smtpd[18478]: SCANNER[18478]: 1YQXuf-0004o2-Mz example@outlook.de R=1YQXuY-0004ov-07 P=INPUT S=2229358
    2015:02:25-10:05:50 ffw-1 smtpd[18478]: SCANNER[18478]: 1YQXuf-0004o2-Mz [DLP] Matching DLP expressions
    2015:02:25-10:05:50 ffw-1 smtpd[18478]: SCANNER[18478]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="157.52.1.166" from="example@outlook.de" to="test@test.de" subject="Testmail with Exe inside Zip" queueid="1YQXuf-0004o2-Mz" size="2229358"
    2015:02:25-10:05:50 ffw-1 smtpd[18478]: SCANNER[18478]: 1YQXuY-0004ov-07 => work R=SCANNER T=SCANNER
    2015:02:25-10:05:50 ffw-1 smtpd[18478]: SCANNER[18478]: 1YQXuY-0004ov-07 Completed
    2015:02:25-10:05:50 ffw-1 exim-out[18542]: 2015-02-25 10:05:50 1YQXuf-0004o2-Mz => testr@test.de P= R=static_route_hostlist T=static_smtp H=10.168.201.115 [10.168.201.115]:25 X=TLSv1:ECDHE-RSA-AES256-SHA:256 C="250 2.6.0  [InternalId=35566624178217, Hostname=ADMKMME"
    2015:02:25-10:05:50 ffw-1 exim-out[18542]: 2015-02-25 10:05:50 1YQXuf-0004o2-Mz Completed


    Hi, Holy,

    Do you have 'Quarantine unscannable and encrypted content' selected on the 'Anti-Virus' tab?  Or, did you mean something else?  Please show the lines from the SMTP log where the email was accepted by the SMTP Proxy.

    Cheers - Bob
Unfiltered HTML