Hi Luis,

Outbreak filter is enabled.

Unscannable messages are set to deliver with prepending the message with [WARNING: A/V UNSCANNABLE]. But it was delivered without the modified subject, which probably means, that wasn't recognized as unscannable message.

Hi Joerg,

Thanks for your response. In general, "Viewer bailed out" means that the content scanner has problems opening an attachment, because the file is corrupt or incomplete in some ways. Throwing this error is in fact working as intended, as it gives us insight of why an attachment could not be scanned completely. Setting the mail logs to Debug level also gives us more details.

HTH,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Hi Luis

I've set the log level from mail_logs to debug. Here the result:
--- --- ---
Wed Jul 17 08:37:38 2013 Info: Start MID 721558 ICID 1396828
Wed Jul 17 08:37:38 2013 Info: MID 721558 ICID 1396828 From: <sender@sender.com>
Wed Jul 17 08:37:38 2013 Info: MID 721558 ICID 1396828 RID 0 To: <recipient@recipient.com>
Wed Jul 17 08:37:38 2013 Info: MID 721558 Message-ID '<WC20130717063703.77001C@sender.com>'
Wed Jul 17 08:37:38 2013 Info: MID 721558 Subject 'Fwd: Exe in Zip'
Wed Jul 17 08:37:38 2013 Info: MID 721558 ready 531240 bytes from <sender@sender.com>
Wed Jul 17 08:37:38 2013 Info: MID 721558 matched all recipients for per-recipient policy DEFAULT in the inbound table
Wed Jul 17 08:37:39 2013 Debug: MID 721558 using engine: CASE definitely negative
Wed Jul 17 08:37:39 2013 Info: MID 721558 using engine: CASE spam negative
Wed Jul 17 08:37:39 2013 Info: MID 721558 interim AV verdict using Sophos CLEAN
Wed Jul 17 08:37:39 2013 Info: MID 721558 antivirus negative
Wed Jul 17 08:37:39 2013 Info: MID 721558 attachment 'calc.zip'
Wed Jul 17 08:37:39 2013 Debug: scanning: MID 721558 'zip' file id 1802 (d), actually not ooxml
Wed Jul 17 08:37:39 2013 Warning: MID 721558: scanning error (name='calc.exe', type=executable/exe): viewer bailed out
Wed Jul 17 08:37:39 2013 Debug: scanning: MID 721558 id 1800: ("'_stellent _stellent.check_error 113'", "", 'viewer bailed out', '[stellent_rpc_server|_extract_from_document|309] [stellent|extract_data|181] [_stellent|_stellent.DocHandle.extract_data|611] [_stellent|_stellent.DocHandle._extract_text_content_to|660] [_stellent|_stellent.DocContent._read_internal|1206] [_stellent|_stellent.check_error|113]')
Wed Jul 17 08:37:39 2013 Info: MID 721558 Outbreak Filters: verdict positive
Wed Jul 17 08:37:39 2013 Info: MID 721558 Threat Level=3 Category=Virus Type=Viral Attachment
Wed Jul 17 08:37:39 2013 Info: MID 721558 Virus Threat Level=3
Wed Jul 17 08:37:39 2013 Info: MID 721558 attachment types zip
Wed Jul 17 08:37:40 2013 Info: MID 721558 quarantined to "Outbreak" (Outbreak rule:OUTBREAK_0006381)
--- --- --- ---

The mail was put into the outbreak quarantine, but after a while, it will be delivered without any further checking. But the policy defines, that exe-files must be deleted in any case resp copied to the policy quarantine.

Hi Joerg,

I found this bug CSCzv79270 but it might be fixed on the version you are running.

At this point I suggest you to raise a TAC case.

Thanks,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Hi Luis

Thank you very much for your explanations and your advice. I'll raise a TAC case and let you know.

Regards

Joerg

Hi Luis

Just to let you know.

I'm now on AsyncOS 7.6.3-019. Unfortunately no success. Cisco has accepted this as a bug. The Bug ID is 26487. So I'll wait for an indefinite time.

Thank you once more for your advice.

Regards

Jörg

Thanks for sharing your experience. At some point you can contact your Account Team to expedite the resolution of the bug since it is on "Release Pending" state.

I hope it wont take that long.

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html