Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2577
Views
0
Helpful
1
Replies

[WARNING: ATTACHMENT UNSCANNED] added to mail subject.

jawa09
Level 1
Level 1

‎06-29-2022 07:39 AM

Hi 

We are running 2 ESA 690 in a cluster facing internet.

Since yesterday afternoon all mails with attachment get [WARNING: ATTACHMENT UNSCANNED] added to beginning of mail subject. We haven't changed anything. We are using AMP, I have checked from both servers CLI with telnet on port 443 and we can access theses sites which I found in the help. 

api.amp.sourcefire.com

api.eu.amp.sourcefire.com

api.apjc.amp.sourcefire.com

api.amp.cisco.com

api.eu.amp.cisco.com

api.apjc.amp.cisco.com

 

Do you have any clue why this has started?

I will leave for the day now so please send a mail, I will be available from 08CET tomorrow.

Regards //Jacob

Labels:
0 Helpful
1 Reply 1

UdupiKrishna
Cisco Employee
Cisco Employee

‎06-30-2022 05:43 PM - edited ‎06-30-2022 05:44 PM

What AsynsOS version are you currently on? There was a field notice published few months ago about AMP retiring support for TLS 1.0 and 1.1. This took effect on June 28th 2022 (few days ago). Older ESA versions use TLS 1.0 or 1.1 which is now being denied by the AMP servers on cloud due to which you may seeing these errors.

 

Here's the field notice - https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72181.html

Fix is to upgrade the AsyncOS to latest version or you can try disabling the use "SSL" option for file reputation and ESA will default to port 32137. Ensure to permit access from ESA to TALOS server on port 32137.

Screenshot 2022-07-01 at 6.09.52 AM.png

0 Helpful
Customers Also Viewed These Support Documents