Hi Everyone,
Some Sophos customers may experience legitimate emails being blocked or quarantined- Inbound and the outbound emails are affected.
We are actively investigating the reported issue. Please follow the below KBA for more updates.
Advisory: Sophos XG, UTM, and Central Email may be quarantining legitimate emails
[Update] SPAM patterns have been updated and detection has returned to normal. Apologies for the inconvenience caused.
Any customers still experiencing issues with SPAM are requested to refer to the articles in the related information section of the published article and to contact Sophos Support.
Regards,
[Update] Some appliances are still reporting these detections due to relying on cached lookups. If you are still experiencing false positive confirmed spam detections then rebooting the appliance will clear the cache.
Alternatively, the commands below will also restart the affected services:
UTM - Run the following commands as root:
/var/mdw/scripts/ctasd_inbound stop
/var/mdw/scripts/ctasd_outbound stop
mv /var/cache/ctasd /var/cache/ctasd.old
/var/mdw/scripts/ctasd_inbound start
/var/mdw/scripts/ctasd_outbound start
Sophos XG Firewall:
service antispam:stop -ds nosync
rm -rf /sdisk/as/*
rm -rf /sdisk/os/*
service antispam:start -ds nosync
Cyberoam:
Under investigation
The workaround would be to bypass domain from Anti-SPAM.
Sophos Email:
No action required. Services are in the process of being restarted and should be complete by noon CEST May 8th
[Update] Some appliances are still reporting these detections due to relying on cached lookups. If you are still experiencing false positive confirmed spam detections then rebooting the appliance will clear the cache.
Alternatively, the commands below will also restart the affected services:
UTM - Run the following commands as root:
/var/mdw/scripts/ctasd_inbound stop
/var/mdw/scripts/ctasd_outbound stop
mv /var/cache/ctasd /var/cache/ctasd.old
/var/mdw/scripts/ctasd_inbound start
/var/mdw/scripts/ctasd_outbound start
Sophos XG Firewall:
service antispam:stop -ds nosync
rm -rf /sdisk/as/*
rm -rf /sdisk/os/*
service antispam:start -ds nosync
Cyberoam:
Under investigation
The workaround would be to bypass domain from Anti-SPAM.
Sophos Email:
No action required. Services are in the process of being restarted and should be complete by noon CEST May 8th
[Update] Sophos has released a hotfix via a pattern update to clear the cache automatically on SG/XG appliances. This has now been released for all versions of the UTM and XG.
