I have an issue here when the IronPort (AsyncOS, 8.5). scans emails from particular sender the folling error occurs and the attachment is stripped.
Message 129182579 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN Message 129182579 scanned by Anti-Virus engine. Final verdict: Negative Message 129182579 contains attachment 'DocumentName_10212014.pdf'. Message 129182579: scanning error (name='DocumentName_10212014.pdf', type=document/pdf): file is corrupt
I don't believe the file is encrypted and the error only occurs for this one sender, with all attachments they send. They only send PDFs. We are able to receive PDFs from all other companies, however the client is able to send to other companies without their attachments being stripped.
What I would suggest as a temporary workaround for the time being is to create a mail policy for just this sender that will bypass content filters that may have attachment scanning so we can get some of the attachment files to have investigated.
There may be some form of damage within the PDF stopping the IronPort from doing a deep scan when coming from this sender and if the attachment is fine and we have the sample, we will attempt to replicate the concern.
Once you have some copies of these PDF attachments which was reported as corrupted, please open a Cisco TAC case and send this to us for review.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...