02-03-2017 05:23 AM - edited 03-20-2019 09:14 PM
Hi I can see that 9.8.0-092 as known fixed release of this bug since Feb 01, 2017, however, when I checked my upgrade options, the latest is 10.0.0-203 which has been available since 2016-09-27. May I have someone to confirm if 10.0.0.0 is a fixed release for this bug?
Thanks
Jessica Han
02-06-2017 02:56 AM
When can we expect to see a fixed version for our physical appliances?
I'm currently running version 9.7.1-066.
Can someone answers our questions?
regards
Ulrik R.
02-06-2017 04:54 AM
Y my running version is same as yours.
Jessica
02-08-2017 07:49 AM
Dear Jessica and Ulrik
CSCvb65245 is fixed in AsyncOS version 9.8.0-092. None of the 10.x releases have the fix.
I am working on finding the answer. This may take as long as a week or so. Regret the inconvenience caused by the delay.
Sincerely ... Palani
04-21-2017 08:24 AM
Hi Palani,
Is there any fix yet on the 10.X release?
I believe this bug is also affecting a filter that I'm trying to create to match "Content-Disposition" header.
I tried to match header exist, tried "body and attachment" contains "Disposition", tried body contains... nothing seems to match this piece of email.
Thank you,
02-13-2017 02:45 AM
We created a TAC case for this. The answer is that this bug is currently fixed in versions that include the filter "Duplicate MIME boundaries". This includes 10.0.1.
However the possibility to circumvent attachment based filters is NOT automatically fixed by installing the new AsyncOS version, instead you have to set up this duplicate boundaries verification filter (as a content filter or message filter) and take action like dropping or quarantining such emails! As far as I understood this is because even with 10.0.1 or 9.8 the Cisco Email Security Appliance is still not able to detect the content / file type of such attachments with duplicate boundaries properly, it can only detect that there are duplicate MIME boundaries.
In our opinion this is not a sufficient solution, because there are a lot of emails with duplicate boundaries, including legit business emails, probably created by some broken email software. We created an enhancement request to add the functionality to the ESA to be able to actually read and interpret attachment with duplicate boundaries.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide