cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1975
Views
0
Helpful
8
Replies

Sophos Problems

jparker32
Level 1
Level 1

Hi

I seem to be having problems with Sophos AV marking emails as encrypted. It seems to be mainly emails with .xls attachments but when looking at the email or the attachment cant see why the email is being marked as encrypted. This is not all emails with xls attachments but the odd 1 or 2. We also have Sophos saying some xls files are unscannable.

We also run McAfee on the same boxes and they are marking the emails as clean and having no problems scanning the emails.

We currently set all encrypted based mails to be quanrantined. Would also like peoples views on this should we let them through or block/stop them getting through to the user?



Regards

Jamie

8 Replies 8

If there is a password protected field in your .xls somewhere, it will be marked as 'encrypted'.

Kr,

Raf

"We currently set all encrypted based mails to be quanrantined. Would also like peoples views on this should we let them through or block/stop them getting through to the user?"


I agree. Mails that has not been scanned for virus, should be quarantined. And a mail that contains a attachment that is PW protected, can't be scanned.

Best regards
Thorsten

jparker32
Level 1
Level 1

thanks for the help

Jamie

Pat_ironport
Level 1
Level 1

"We currently set all encrypted based mails to be quanrantined. Would also like peoples views on this should we let them through or block/stop them getting through to the user?" 
We don't quarantine such encrypted mails and let them through to the recipient.
We think, someone that need the knowledge about decrypting a file with the matching password knows the sender, the content and the risk about a possible infection. (In addition, we have a antivirus-program on every PC.)

Seth Miller
Level 1
Level 1

Ditto for what Pat said.

igor.karasik
Level 1
Level 1

>>Would also like peoples views on this should we let them through or block/stop them getting through to the user?

We quarantine all encrypted files and release them according request

Pat_ironport
Level 1
Level 1

@igork:
I'm just curious: What is the advantage of your process?

igor.karasik
Level 1
Level 1

>>@igork:
>>I'm just curious: What is the advantage of your process?

We are goverment office. Our users is not "computers guru" and they CAN open attached file from unknown sender. And some viruses use zip file with password.
Of course, we have antivirus on users workstations as well, but I preffer to catch such file on gateway and release them according request (we have 5-10 such requests per month for 1200 mailboxes)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: