Introduction
This document describes Sophos Anti-virus scanning errors that may occur with PDF files through the Cisco Email Security Appliance (ESA).
Why does Sophos mark a PDF file unscannable '0x8004021A'?
From the mail_logs, an indication of UNSCANNABLE is triggered against PDF files similar to the following:
Tue Aug 19 09:08:59 2014 Info: MID 134 interim AV verdict
using Sophos UNSCANNABLE
Tue Aug 19 09:08:59 2014 Info: MID 134 antivirus unscannable
'0x8004021a' myexample.PDF
The 0x8004021A error indicates that the file was corrupt or does not conform to the PDF specifications. This often happens for files created by third party applications. The PDF document may still be viewable in Acrobat Reader. As a result of the corruption or inconsistency, the Sophos Anti-Virus engine cannot guarantee that the file is virus-free, and therefore cannot scan it.
To allow Sophos to scan the PDF, the following workaround to antivirusconfig can be configured:
myesa.local> antivirusconfig
Choose the operation you want to perform:
- SOPHOS - Configure Sophos Anti-Virus.
- MCAFEE - Configure McAfee Anti-Virus.
[]> sophos
Sophos Anti-Virus: Enabled
Choose the operation you want to perform:
- SETUP - Configure Sophos Anti-Virus.
[]> pdf
Unscannable PDF files are currently reported as unscannable.
Report unscannable PDFs as clean? [N]> y
Sophos Anti-Virus: Enabled
Note: The pdf command is a hidden sub-command within antivirusconfig.
Commit the changes to your configuration with commit.
The verdict 'clean' that you set with this option only refers to the PDF getting flagged as unscannable. Sophos will still continue to scan the document for viruses, and flag it accordingly.
Related Information
Feedback