Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1555
Views
0
Helpful
1
Replies

Attachments with accents received cut by the ironport

Alberto Hontoria
Level 1
Level 1

‎08-13-2020 02:53 AM

Hello friends. My first question in this board.

 

  We have an strange behaviour in our ironports.

 

  We are receiving a mail with an attachment called "20-106_OC-Pozo San Nicolás 2 - EQ.pdf" 279KB from one customer. When we receive it in the mailbox, we see "20-106_OC-Pozo San" file without extension and 302Bytes. In the message tracking we see this

 

Response received for file reputation query from Cloud. File Name = 20-106_OC-Pozo San, MID = 761917, Disposition = FILE UNKNOWN, Malware = None, Analysis Score = 0, sha256 = 4425fe48aa694800bca6c9f1fd301e71555e5540ad5d6ea34a52c40457dc6ace, upload_action = Recommended to send the file for analysis
Message 761917 is unscannable by Advanced Malware Protection engine. Reason: Message Error
Message 761917 scanned by Advanced Malware Protection engine. Final verdict: UNSCANNABLE
Message 761917 contains attachment '20-106_OC-Pozo San' (SHA256 4425fe48aa694800bca6c9f1fd301e71555e5540ad5d6ea34a52c40457dc6ace).
Message 761917 attachment '20-106_OC-Pozo San' scanned by Advanced Malware Protection engine. File Disposition: Unknown
Message 761917 contains attachment '20-106_OC-Pozo San'.
Message 761917 queued for delivery.
SMTP delivery connection (DCID 589431) opened from Cisco IronPort interface 10.0.0.240 to IP address 10.250.2.239 on port 25.
(DCID 589431) Delivery started for message 761917 to XXXXX
(DCID 589431) Delivery details: Message 761917 sent to XXXXX
Message 761917 to XXXXX received remote SMTP response '2.6.0 <bb7d6a6e-b05a-d9e1-1590-58c76d93db04@gtic.es> [InternalId=19864223744219, Hostname=XXXXX] 4055 bytes in 0.160, 24,597 KB/sec Queued mail for delivery'.

-> As you see, the attachment file name is cut at the receiving state, and only 4055Bytes are sent to the exchange transport hub

 

  But the most strange thing is that if i send the same file from office365 to the ironport, it goes through and is received correctly, so the accent in the attachment is not the problem. It seems like some kind of problem in codification utf between then sending mta and the ironport.

 

  Have you seen something similar? What do you think of this?

 

  Regards, and thanks in advance

 

 

Labels:
0 Helpful
1 Reply 1

marc.luescherFRE
Spotlight
Spotlight

‎08-21-2020 10:20 AM

You will need to open a ticket with TAC, it appears to me that the filename parsing routine of AMP has a problem with that accented character.

0 Helpful
Customers Also Viewed These Support Documents