Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 1574 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware 'Unscannable' was detected

Fotit

Hi all,

I have this alert today on FW Sophos in Log Viewer \Malware ( look at picture), every ~1 min

What does it mean and how to resolve this or stop it

Thanks to all



This thread was automatically locked due to age.
  • 0

    Do you use Kaspersky? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes i have kaspersky server on the LAN

    the address  (.5) is that of the server, but there are also clients lan addresses

    the current version of sophos AV is 1.0.17980, status is "failed" and i can't upgrade sophos AV module, it still "failed" after downloading time ,when updating pattern.

    these are all urls:

    Malware 'Unscannable' was detected and blocked in a download from:

    www.msftncsi.com
    crl.kaspersky.com
    crl4.digicert.com
    crl3.digicert.com
    crls.pki.goog
    crl.comodoca.com
    crl.verisign.com
    edgedl.me.gvt1.com
    crl.geotrust.com

    these websites are categorized as Information Technology

    What to do please , and why i get this alert only today

  • 0 in reply to Fotit

    Check you pattern updates. Maybe your Avira or Sophos Update are corrupt. You should see it in Firmware - Pattern Update. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Lucas,

    I think there is a problem at the Sophos end. My XG shows last updates for both Sophos and Avira AV as being on the 6th of August and the IPS on the 4th August. Current time and date is 8th August 0825.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Why should this be a problem? Old pattern does not mean failed updates? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    But, what it could mean is the last updates were corrupt and not allowing new updates to be installed, thereby causing the issue reported by the thread originator. My AVs have not updated yet, 1700.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    If it is successful, it was successful. A pattern update does not need to be there every hour. SAVI and Avira works with families. Otherwise the pattern would have to contain millions of entries per day. You can check the /log/u2d.log to see the progress of the update.

    Likely the update broke on this installation for some reason and is in the failed status.

    If this would be a general issue, there would be more users reporting a broken HTTP update. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    On a side-note, LuCar, what is "Unscannable" in general? I've occasionally gotten it I think for images in a web page or something like that -- in fact it's almost the only actual thing I've seen.

  • 0 in reply to Wayne Folta

    Unscannable in a nutshell is a encrypted and/or corrupt  format of a file. 

    The file itself could be corrupt. The file can be encrypted.

    Or the engine could be broken and gives the firewall only "Unscanable" results back. 

    __________________________________________________________________________________________________________________

Unfiltered HTML