Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 6143 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus/SAVI for Linux fails to properly detect file type

gossamer

Hi,

I have Sophos SAVI antivirus for Linux running on fedora20, and it has been running successfully for a few days. Occassionally, I see it unable to properly detect a file, and instead think it's encrypted:

Mar 4 11:12:29 mail01 amavis[29420]: (29420-10) p003 1/2 Content-Type: application/vnd.ms-excel, size: 592896 B, name: 9130.xls

Mar 4 09:38:13 mail01 amavis[5352]: (05352-16) (!)run_av (Sophos-SSSP) FAILED - unexpected , output="FAIL 0212 /var/spool/amavisd/tmp/amavis-20150304T092615-05352-fIDvvoCv/parts/p004\r\nFAIL 0212 /var/spool/amavisd/tmp/amavis-20150304T092615-05352-fIDvvoCv/parts/p002\r\nDONE FAIL 0212 File was encrypted\r\n"
Mar 4 09:38:13 mail01 amavis[5352]: (05352-16) (!)Sophos-SSSP av-scanner FAILED: CODE(0x546df48) unexpected , output="FAIL 0212 /var/spool/amavisd/tmp/amavis-20150304T092615-05352-fIDvvoCv/parts/p004\r\nFAIL 0212 /var/spool/amavisd/tmp/amavis-20150304T092615-05352-fIDvvoCv/parts/p002\r\nDONE FAIL 0212 File was encrypted\r\n" at (eval 133) line 900.

The files aren't encrypted. This has happened a handful of times. In this case, it was an Excel xls file. Other types that have failed are Excel xlsx files.

Is this a known issue? I'm unable to post the files publically due to confidentiality.

This is a serious problem for me.

:56139


This thread was automatically locked due to age.
Parents
  • 0

    No one has any ideas why SAVI consistently thinks Excel files are encrypted and returns "FAIL 0212" ???

    It also happens when scanning the file from the command-line:

    $ savscan testfile.03.2015.xlsx |grep -v ^Using
SAVScan virus detection utility
Version 5.09.0 [Linux/AMD64]
Virus data version 5.12, March 2015
Includes detection for 8758209 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 09:25:34 PM, System date 06 March 2015

IDE directory is: /var/lib/sophos/lib/sav


Quick Scanning

Password protected file testfile.03.2015.xlsx

1 file scanned in 5 seconds.
1 error was encountered.
No viruses were discovered.
1 encrypted file was not checked.
End of Scan.

    Thanks

    :56181
Reply
  • 0

    No one has any ideas why SAVI consistently thinks Excel files are encrypted and returns "FAIL 0212" ???

    It also happens when scanning the file from the command-line:

    $ savscan testfile.03.2015.xlsx |grep -v ^Using
SAVScan virus detection utility
Version 5.09.0 [Linux/AMD64]
Virus data version 5.12, March 2015
Includes detection for 8758209 viruses, Trojans and worms
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.

System time 09:25:34 PM, System date 06 March 2015

IDE directory is: /var/lib/sophos/lib/sav


Quick Scanning

Password protected file testfile.03.2015.xlsx

1 file scanned in 5 seconds.
1 error was encountered.
No viruses were discovered.
1 encrypted file was not checked.
End of Scan.

    Thanks

    :56181
Children
No Data