Guest

Preview Tool

Cisco Bug: CSCvi12392 - ESA generates errors when scanning .xxe encoded files

Last Modified

Mar 15, 2019

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

10.0.2-020 11.0.1-027

Description (partial)

Symptom:
When a message filetype xxe passes through a content filter configured to capture this specific filetype, it generates a scan error.
The message passes without taking the configured action.

Sampl1
Wed Feb 21 09:39:58 2018 Debug: scanning: MID 837834: ('egg/body_scanner.py _scan_uuencoded|2460', "<type 'exceptions.AttributeError'>", "'NoneType' object has no attribute 'seek'", '[egg/body_scanner.py scan_message|1459] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11765)|1099] [egg/body_scanner.py _scan_message|1428] [egg/body_scanner.py _scan_part|2840] [egg/body_scanner.py _scan_part|2897] [egg/body_scanner.py _scan_file|1978] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11765)|1099] [egg/body_scanner.py _scan_uuencoded|2460]')

Sample 2

Mon Feb 19 19:15:51 2018 Warning: MID 956, Message Scanning Problem: Illegal char
Mon Feb 19 19:15:51 2018 Debug: scanning: MID 956: ('egg/body_scanner.py _decode_uu_line|2423', "<class 'binascii.Error'>", 'Illeg                                                                                                           al char', '[egg/body_scanner.py scan_message|1459] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11765)|1099] [egg/body_s                                                                                                           canner.py _scan_message|1428] [egg/body_scanner.py _scan_part|2840] [egg/body_scanner.py _scan_part|2897] [egg/body_scanner.py _sc                                                                                                           an_file|1978] [_coro.pyx coro._coro.sched.with_timeout (coro/_coro.c:11765)|1099] [egg/body_scanner.py _scan_uuencoded|2479] [egg/                                                                                                           body_scanner.py _decode_uu_line|2423]')

Conditions:
Normal conditions
Any policy or service which would utilize body scanning
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.