Good morning,
I have a question and I'm hoping that someone here can help me. We've recently installed a couple of virtual C100V appliances into our environment running AsyncOS 8.0.0.
We have content filters in place to detect encrypted attachments and automatically quarantine them, this process seems to be working fairly well, however we're seeing alot of regular PDF attachments being flagged by Sophos as encrypted. I can open/read the PDF's that it flags without any problems, so I'm not sure what exactly is 'encrypted' about it? Is this a known bug in Sophos?
The way we're quaranting them is by setting a custom header in the AV section of the mail policy, then have a content filter to check to see if that header exists, and if it does, quarantine and notify the receipient. I tried just using the built in "Is attachment protected", but it was missing some items in the tests that I performed, where Sophos seemed rock solid on detecting encrypted attachments.
Thanks!
Warren
