[SFOS 18.5MR3] Poor spam detection after update to Sophos Anti-Spam Interface

Hello,

Would it be possible to get the output of the /log/u2d.log and /log/sasi.log as well as a few samples .eml files via DM (especially interested in the X-SASI-* headers) so I can provide this info to the pertinent team to investigate.

Regards,

2022-04-04.18:20:31 ERROR [Main] [ precompile.cpp:647] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
2022-04-04.18:21:22 ERROR [Main] [ laseserver.cpp:159] Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..

SFVH_SO01_SFOS 18.5.3 MR-3-Build408# tail /log/sasi.log -F
Failed to run server: Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..
2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
2022-04-04.18:26:38 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315
2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
2022-04-04.18:27:42 MESSAGE [Main] [ engine.cpp:306] Signatures don't exist, fetching new signatures..
2022-04-04.18:27:44 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.antispam is verified with checksum..
2022-04-04.18:27:44 MESSAGE [Main] [ engine.cpp:362] New signatures are downloaded and validated.
2022-04-04.18:27:44 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315

I deleted all files in the /sdisk/sasi dir and restarted the antispam service

No he says the correct asdb.antispam is loaded

SFVH_SO01_SFOS 18.5.3 MR-3-Build408# tail /log/sasi.log -F
Failed to run server: Couldn't fetch new signatures: Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.antispam Exiting..
2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
2022-04-04.18:26:38 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
2022-04-04.18:26:38 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315
2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:78] LASE Daemon STARTED
2022-04-04.18:27:42 MESSAGE [Main] [ main.cpp:80] LASE Daemon Version: 4.1.4
2022-04-04.18:27:42 MESSAGE [Main] [ engine.cpp:306] Signatures don't exist, fetching new signatures..
2022-04-04.18:27:44 MESSAGE [Main] [ precompile.cpp:580] Downloaded file /sdisk/sasi/asdb.antispam is verified with checksum..
2022-04-04.18:27:44 MESSAGE [Main] [ engine.cpp:362] New signatures are downloaded and validated.
2022-04-04.18:27:44 MESSAGE [Main] [ laseserver.cpp:372] Lased started on port : 25315

I deleted all files in the /sdisk/sasi dir and restarted the antispam service

No he says the correct asdb.antispam is loaded

Hello Bart,

Thank you for the info.

Would it be possible for you to share some SPAM emails so I can submit them to our Labs team, and do let me know if after you did the restart of the service the SPAM issue got resolved or it only solved the asdb.antispam.

Regards,

Hi  Emmanuel, the   deletion of the DB files did solve that error but spam is still not detected.  

How can is send you the .eml files?

Thanks.

Hi  Emmanuel,

I sent you the .eml files.

DB errors are back too:

2022-04-04.21:23:57 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta
2022-04-04.23:24:07 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
2022-04-05.05:32:44 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum
2022-04-05.05:40:45 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum
2022-04-05.05:48:38 ERROR [Main] [ precompile.cpp:724] Precompile exception: Failed to apply delta to signatures.
2022-04-05.06:09:01 ERROR [ 3] [ DNS/Request.cpp:246] vector::_M_range_check
2022-04-05.08:12:47 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
2022-04-05.17:01:28 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta
2022-04-05.18:21:36 ERROR [Main] [ precompile.cpp:697] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.tmp
2022-04-05.19:25:38 ERROR [Main] [ precompile.cpp:715] Downloaded file could not be verified with checksum. Discarding /sdisk/sasi/asdb.delta

Hello Bart,

Thank you for the email Samples.

I have submitted them to the pertinent team.

Regards,

Hi Emmanuel,

I think I have the DB errors resolved.

On this line 2022-04-05.05:32:44 ERROR [Main] [ precompile.cpp:661] Couldn't fetch: sasi.sophosupd.com/.../asdb.antispam.old.csum

It says cant fetch, so I checked sasi.sophosupd.com with nslookup, found out that it has only an ipv4 address. I have both ipv4 and ipv6 and I have ipv6 on priority in the dns page, changed that to ipv4 and, no errors anymore. Maybe you could check this on your end why the sasi update server has no ipv6 address, or at leased no dns pointing to it.

So maybe ipv6 is the whole problem with sasi, i did not have any spam detection problems with previous firmware so it could be.

Now I've got to wait for spam...

I folded, reverted to mr2, spam is detected normally now. 

Interesting to see. Did you test the new sophos spam engine with v19 EAP2 too?
My SG-home is running with it but i have no mail server to test it.

It is supposed to work on imap/s and as far as I can see does not.

Ian

Problem also exist in v19EAP2.
I'm back to v18.5MR2 and all anti-spam features working fine.