Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Attachments being removed

Hey Guys

 

I have an issue here when the IronPort (AsyncOS, 8.5). scans emails from particular sender the folling error occurs and the attachment is stripped.

 

Message 129182579 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN 
Message 129182579 scanned by Anti-Virus engine. Final verdict: Negative 
Message 129182579 contains attachment 'DocumentName_10212014.pdf'. 
Message 129182579: scanning error (name='DocumentName_10212014.pdf', type=document/pdf): file is corrupt

 

I don't believe the file is encrypted and the error only occurs for this one sender, with all attachments they send. They only send PDFs. We are able to receive PDFs from all other companies, however the client is able to send to other companies without their attachments being stripped.

Any Ideas?

Thanks,

Robert

Everyone's tags (1)
1 REPLY
Cisco Employee

Hey Robert,What I would

Hey Robert,

What I would suggest as a temporary workaround for the time being is to create a mail policy for just this sender that will bypass content filters that may have attachment scanning so we can get some of the attachment files to have investigated.

 

There may be some form of damage within the PDF stopping the IronPort from doing a deep scan when coming from this sender and if the attachment is fine and we have the sample, we will attempt to replicate the concern.


Once you have some copies of these PDF attachments which was reported as corrupted, please open a Cisco TAC case and send this to us for review.

 

Regards,

Matthew

350
Views
0
Helpful
1
Replies
CreatePlease to create content