Sophos Problems

Unanswered Question
Feb 5th, 2008
User Badges:

Hi

I seem to be having problems with Sophos AV marking emails as encrypted. It seems to be mainly emails with .xls attachments but when looking at the email or the attachment cant see why the email is being marked as encrypted. This is not all emails with xls attachments but the odd 1 or 2. We also have Sophos saying some xls files are unscannable.

We also run McAfee on the same boxes and they are marking the emails as clean and having no problems scanning the emails.

We currently set all encrypted based mails to be quanrantined. Would also like peoples views on this should we let them through or block/stop them getting through to the user?



Regards

Jamie

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Poesjkin_ironport Tue, 02/05/2008 - 20:36
User Badges:

If there is a password protected field in your .xls somewhere, it will be marked as 'encrypted'.

Kr,

Raf

tflaursen_ironport Wed, 02/06/2008 - 08:17
User Badges:

"We currently set all encrypted based mails to be quanrantined. Would also like peoples views on this should we let them through or block/stop them getting through to the user?"


I agree. Mails that has not been scanned for virus, should be quarantined. And a mail that contains a attachment that is PW protected, can't be scanned.

Best regards
Thorsten

Pat_ironport Wed, 02/06/2008 - 11:24
User Badges:


"We currently set all encrypted based mails to be quanrantined. Would also like peoples views on this should we let them through or block/stop them getting through to the user?" 
We don't quarantine such encrypted mails and let them through to the recipient.
We think, someone that need the knowledge about decrypting a file with the matching password knows the sender, the content and the risk about a possible infection. (In addition, we have a antivirus-program on every PC.)
igor.karasik Wed, 02/06/2008 - 16:42
User Badges:

>>Would also like peoples views on this should we let them through or block/stop them getting through to the user?

We quarantine all encrypted files and release them according request

Pat_ironport Wed, 02/06/2008 - 18:55
User Badges:

@igork:
I'm just curious: What is the advantage of your process?

igor.karasik Thu, 02/07/2008 - 09:08
User Badges:

>>@igork:
>>I'm just curious: What is the advantage of your process?

We are goverment office. Our users is not "computers guru" and they CAN open attached file from unknown sender. And some viruses use zip file with password.
Of course, we have antivirus on users workstations as well, but I preffer to catch such file on gateway and release them according request (we have 5-10 such requests per month for 1200 mailboxes)

Actions

This Discussion