Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

PDF Malformed-File

Hi,

We are finding that virtually every PDF is being blocked by the Anti-Spyware. Due to them being flagged by

pdf.MP_336 (Malformed-File) signature. Which is stopping users from downloading them.

This is the detection count for the last week. All from different sites.

It never used to be the case, but looks to have only started since installing the latest firmware.

I don't want to exclude this signature, or is this a new change in the latest update?


Thanks,

Category: Firewall Security Services
Reply

Answers

  • RussFRussF Newbie ✭

    Which "latest firmware" are you referring to? I was planning on installing 7.0.1-5065 this weekend, but since we deal with a LOT of PDFs, I just may hold off.

    Russ

  • MartinDTMartinDT Newbie ✭

    Were running SonicOS 7.0.1-5052, didn't notice that 7.0.1-5065 came out this week.

    I'll install that and see if it makes any difference. As there looks to be a lot of fixes in that version.

  • RussFRussF Newbie ✭

    That's interesting. I'm still on -5051 and was originally planning on installing -5052 this weekend until I saw that -5065 came out and has supposedly fixed a number of issues introduced with -5052.

    Please let us know. I will hold off our scheduled update because at least -5051 is reasonably stable for us at this point.

    Russ

  • MartinDTMartinDT Newbie ✭

    It's still the same with the new firmware, we have disabled signature pdf.MP_336 (Malformed-File), for now.

  • RussFRussF Newbie ✭

    Sonicwall's pdf.MP_336 refers to CVE-2018-12754 which was published in July of 2018. It's odd that the anti-spyware engine would all of a sudden start false-flagging a signature that's nearly four years old (not impossible - just unlikely). Especially in lieu of the fact that no one else has chimed in on this thread with the same problem. Is your signature database current? Again, if it was a bad distribution of the database, I would think that others would have the same problem.

    I think I will proceed with the update. If I suddenly start having problems, I'll post (after I roll back the version.)

    Russ

Sign In or Register to comment.