Cisco Cisco Email Security Appliance X1070 Troubleshooting Guide

Contributed by Jackie Fleming and Robert Sherwin, Cisco TAC
Engineers.
Sep 04, 2014

This document describes Sophos Anti−virus scanning errors that may occur with PDF files through the Cisco
Email Security Appliance (ESA).

From the mail_logs, an indication of UNSCANNABLE is triggered against PDF files similar to the following:

Tue Aug 19 09:08:59 2014 Info: MID 134 interim AV verdict

using Sophos UNSCANNABLE

Tue Aug 19 09:08:59 2014 Info: MID 134 antivirus unscannable

'0x8004021a' myexample.PDF

The 0x8004021A error indicates that the file was corrupt or does not conform to the PDF specifications. This
often happens for files created by third party applications. The PDF document may still be viewable in
Acrobat Reader. As a result of the corruption or inconsistency, the Sophos Anti−Virus engine cannot
guarantee that the file is virus−free, and therefore cannot scan it.

To allow Sophos to scan the PDF, the following workaround to antivirusconfig can be configured:

myesa.local> antivirusconfig

Choose the operation you want to perform:

− SOPHOS − Configure Sophos Anti−Virus.

− MCAFEE − Configure McAfee Anti−Virus.

[]> sophos

Sophos Anti−Virus: Enabled

Choose the operation you want to perform:

− SETUP − Configure Sophos Anti−Virus.

[]> pdf

Unscannable PDF files are currently reported as unscannable.