https://community.sophos.com/utm-firewall/unified-threat-management-beta/utm_94_beta/f/sophos-utm-9-4-public-beta/74794/bug-mail-manager-shows-malware-antivirus-engine-errorHi there, this a new Bug. Mail manager shows malware (antivirus engine error) for a normal newsletter mail. In daily Quarantine Report this mail is shown with reason &quot;SPAM&quot;. If I release this mail over the embedded link. The mail comes for one accounten-USTelligent Community 12https://community.sophos.com/thread/289412?ContentTypeID=1Fri, 04 Mar 2016 06:24:30 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:ca6eb596-c617-49fb-a763-d659e2f2f761mod2402<p>great news :)</p><div style="clear:both;"></div>https://community.sophos.com/thread/289408?ContentTypeID=1Fri, 04 Mar 2016 05:45:37 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:b05029de-2827-489a-947f-8b90867e0014Tamas Bajaki<p>Hi mod,</p> <p>Thanks to the logs your provided, we managed to find out the cause of the error. The fix is already on the way. Thank you very much for the feedback!</p> <p>Niriel~</p><div style="clear:both;"></div>https://community.sophos.com/thread/289382?ContentTypeID=1Fri, 04 Mar 2016 02:45:40 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:5a08f0df-5c07-4072-aabb-ff965401f10fmod2402<p>Hi Niriel,</p> <p></p> <p>here are the release log lines:</p> <p>smtp log:</p> <pre>2016:02:13-10:37:27 asg-1 smtpd[7052]: MASTER[7052]: (Re-)loading configuration from Confd 2016:02:13-10:37:27 asg-1 smtpd[7052]: MASTER[7052]: Past 07:00:00, QR status one set to &#39;sent&#39; 2016:02:13-10:37:27 asg-1 smtpd[7052]: MASTER[7052]: QR two disabled, status two set to &#39;disabled&#39; 2016:02:13-10:37:27 asg-1 exim-in[8770]: 2016-02-13 10:37:27 pid 8770: SIGHUP received: re-exec daemon 2016:02:13-10:37:27 asg-1 exim-in[8770]: 2016-02-13 10:37:27 exim 4.82_1-5b7a7c0-XX daemon started: pid=8770, no queue runs, listening for SMTP on port 25 (IPv4) port 587 (IPv4) and for SMTPS on port 465 (IPv4) 2016:02:13-10:37:30 asg-1 smtpd[7052]: MASTER[7052]: Action: scanning mail 1aUFuo-0004e1-GI after quarantine release request. 2016:02:13-10:37:30 asg-1 smtpd[7052]: MASTER[7052]: Action: replacing mail 1aUFuo-0004e1-GI back after scan because reason: av. 2016:02:13-10:37:30 asg-1 smtpd[7052]: MASTER[7052]: 1aUFuo-0004e1-GI Sending &#39;Quarantine release failed&#39; notification to klaus@localdomain.tld 2016:02:13-10:37:30 asg-1 exim-out[13439]: 2016-02-13 10:37:30 SMTP connection from MailerDaemon 2016:02:13-10:37:30 asg-1 exim-out[13439]: 2016-02-13 10:37:30 1aUWdu-0003Ul-1p &lt;= &lt;&gt; R=1aUFuo-0004e1-GI U=MailerDaemon P=local-bsmtp S=1256<br /><br />fallback.log:</pre> <pre>2016:02:13-10:37:30 asg-1 [daemon:info] cssd[5631]: [ 0x9c94d40] saviscanner_scan (saviscanner.c:159) Failed to open /var/chroot-smtp/spool/work/.eml: No such file or directory<br /><br />regards<br />mod<br /><br /></pre><div style="clear:both;"></div>https://community.sophos.com/thread/289335?ContentTypeID=1Thu, 03 Mar 2016 11:50:13 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:fd5eb448-8994-4c37-857a-a57391380594Tamas Bajaki<p>Hi mod,</p> <p>This seems to be a simple case of spam mail according to the logs (ctasd identifies it as a bulk mail) and gets quarantined accordingly. When you try to release this mail, an AV scan will be run to see if it also contains a malware besides being a spam mail. Did I get right that the issue happens when you try to release it? If so, then there should be corresponding log lines for the release (and rescan) as well.</p> <p>Niriel~</p><div style="clear:both;"></div>https://community.sophos.com/thread/289329?ContentTypeID=1Thu, 03 Mar 2016 11:14:24 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:94c1cf09-4101-4e95-9397-f5081790280bmod2402<p>Hi Niriel,<br /><br /><br />Sandstorm is turned on. No smtpd_debug.log file from this time present. I can&#39;t reproduce this issue at the moment. The fallback.log don&#39;t show anything that is related to this issue.<br /><br />The related log lines from the smtp log:</p> <pre>2016:02:12-16:45:39 asg-1 exim-in[8770]: 2016-02-12 16:45:39 SMTP connection from [91.192.42.212]:45512 (TCP/IP connection count = 1) 2016:02:12-16:45:40 asg-1 exim-in[17820]: 2016-02-12 16:45:40 H=duounusduo.xi.ecm-cluster.com [91.192.42.212]:45512 Warning: localdomain.tld profile excludes SANDBOX scan 2016:02:12-16:45:40 asg-1 exim-in[17820]: 2016-02-12 16:45:40 [91.192.42.212] F=&lt;g-2668693670-2838-1300938333-1455288436371@bounce.borussia-newsletter.de&gt; R=&lt;klaus@localdomain.tld&gt; Verifying recipient address in Active Directory 2016:02:12-16:45:40 asg-1 exim-in[17820]: 2016-02-12 16:45:40 1aUFue-0004dQ-1A DKIM: d=borussia-newsletter.de s=ecm1 c=relaxed/relaxed a=rsa-sha256 t=1455288436 [verification succeeded] 2016:02:12-16:45:40 asg-1 exim-in[17820]: 2016-02-12 16:45:40 1aUFue-0004dQ-1A ctasd reports &#39;Bulk&#39; RefID:str=0001.0A0B0206.56BDF08B.0171,ss=3,sh,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0 2016:02:12-16:45:40 asg-1 exim-in[17820]: 2016-02-12 16:45:40 1aUFue-0004dQ-1A Greylisting: Successful greylist retry from 91.192.42.212 (original host was 91.192.42.214/32) 2016:02:12-16:45:40 asg-1 exim-in[17820]: 2016-02-12 16:45:40 1aUFue-0004dQ-1A &lt;= g-2668693670-2838-1300938333-1455288436371@bounce.borussia-newsletter.de H=duounusduo.xi.ecm-cluster.com [91.192.42.212]:45512 P=esmtp S=29170 id=wd0e0p.ikjt5s43713wj2t@borussia-newsletter.de 2016:02:12-16:45:42 asg-1 smtpd[8718]: QMGR[8718]: 1aUFue-0004dQ-1A moved to work queue 2016:02:12-16:45:46 asg-1 exim-in[17820]: 2016-02-12 16:45:46 SMTP connection from duounusduo.xi.ecm-cluster.com [91.192.42.212]:45512 lost 2016:02:12-16:45:50 asg-1 smtpd[17857]: SCANNER[17857]: 1aUFuo-0004e1-GI &lt;= g-2668693670-2838-1300938333-1455288436371@bounce.borussia-newsletter.de R=1aUFue-0004dQ-1A P=INPUT S=26979 2016:02:12-16:45:51 asg-1 smtpd[17857]: SCANNER[17857]: id=&quot;1001&quot; severity=&quot;info&quot; sys=&quot;SecureMail&quot; sub=&quot;smtp&quot; name=&quot;email quarantined&quot; srcip=&quot;91.192.42.212&quot; from=&quot;g-2668693670-2838-1300938333-1455288436371@bounce.borussia-newsletter.de&quot; to=&quot;klaus@localdomain.tld&quot; subject=&quot;Alle Infos: Der VfL zu Gast beim Hamburger SV.&quot; queueid=&quot;1aUFuo-0004e1-GI&quot; size=&quot;26979&quot; reason=&quot;as&quot; extra=&quot;&quot; 2016:02:12-16:45:51 asg-1 smtpd[17857]: SCANNER[17857]: 1aUFue-0004dQ-1A =&gt; work R=SCANNER T=SCANNER 2016:02:12-16:45:51 asg-1 smtpd[17857]: SCANNER[17857]: 1aUFue-0004dQ-1A Completed</pre> <p>regards</p> <p>mod</p> <p></p><div style="clear:both;"></div>https://community.sophos.com/thread/289322?ContentTypeID=1Thu, 03 Mar 2016 10:31:19 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:c77b3d32-2afc-4ff6-bbd7-ac4d927d8529Tamas Bajaki<p>Hi mod and quasar!</p> <p><br />To help investigate this issue, please provide the following details:</p> <p>&nbsp;- Is Sandstorm turned on?</p> <p>&nbsp;- Are there any log lines starting with &quot;Failure from cssd: ...&quot; in /var/chroot-smtp/tmp/smtpd_debug.log?</p> <p>&nbsp;- If you are able to reproduce this issue, please check /var/log/fallback.log for any entries when this happens and paste them here</p> <p></p> <p>Kind regards,</p> <p>Niriel</p><div style="clear:both;"></div>https://community.sophos.com/thread/287989?ContentTypeID=1Fri, 19 Feb 2016 12:15:23 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:c4a8fc67-88b3-46d0-a9d5-179f009dec3amod2402Is this a beta forum or a user 2 user forum? Where are the sophos employes?<br /> Do you want to know which bugs are present or is this all nonsens?<div style="clear:both;"></div>https://community.sophos.com/thread/287727?ContentTypeID=1Wed, 17 Feb 2016 10:05:04 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:e624f003-e22a-46b5-995b-5c59e9329d20quasar3c279Hi,<br /> <br /> same here. Happens everytime when I release mails. No difference in releasing from mail manager or quarantine link.<br /> <br /> If you want to have a look it&#39;s clearly reproducable...<div style="clear:both;"></div>