Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2443 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine Digest mail without malware

FelixSteinbeis

Hi together,

Short question.

The Quarantine Digest mails lists only spam mails but not malware mails.

But mails containing malware moved correctly to quarantine.

So currently the users don't know, if they received mails including malware

How can I enable, that ALL mails in quarantine are listed in the Quarantine Digest mails?

Thanks a lot.

Many greetings
Felix



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Quarantine Digest is an E-mail, which contains a list of quarantined messages filtered by Sophos Firewall and stored inside the user Quarantine Area.The Digest provides a link to User My Account which from there, the user can access his quarantined messages and take necessary action. There are two quarantines that users can access; the malware quarantine and the spam quarantine. Users cannot release emails from the malware quarantine as this would risk infections on the network.

    As far as I know due to above fact the Quarantine Digest E-mail not contains "malware" email release link.
  • 0 in reply to Vishal_R

    Hi ,

    Thanks for your answer.

    I know, that users cannot release infected mails out of quarantine. Only spam mails or mails with unscannable content can release out of quarantine.

    But I would expected, that infected mails also reported in the Quarantine Digest E-Mail even without a release link.

    Currently no infected mails are reported to the recipient. So the user doesn't know, that he received an infected mail, that was quarantined.

    I hope you understand what I mean.

    Many greetings
    Felix

  • +1 in reply to FelixSteinbeis

    Hi  

    Yes I do understand but unfortunately at the moment as per current design only quarantined spam mails are included in Quarantine Digest report. Unfortunately no other manual way to include malware mails summary(without release link). As of now If user would like to know/view the same they can check by login over User portal.

    If you still required malware quarantine summary (without release link) in Quarantine Digest mail then you may raise a request over Ideas Portal.

    https://ideas.sophos.com/forums/330219-xg-firewall

  • 0 in reply to Vishal_R

    Hi ,

    Thanks for clarification. I see.

    Unfortunately, there are a few significant limitations compared to the UTM.

    Workaround in my case is system notifications in case of viruses in mails.

    Many greetings
    Felix

  • 0 in reply to FelixSteinbeis

    Do you use Sandstorm? Because Sandstorm has another level of Quarantine, which is for the administrator.

    Eicar and other tools are by the AV engine as "Malicious" flagged. 

    Looking at the current attacks, sandstorm will likely strike such attachments and will move them into quarantine. 

    Take a quick look at the V18 Sandstorm technology. 

  • 0 in reply to LuCar Toni

    Hi LuCar Toni 

    No, currently I am not using Sandstorm.

    I'll check it out.

    Many greetings
    Felix

  • 0 in reply to FelixSteinbeis

    You can start a Evaluation in XG Webadmin or MySophos for 30 Days. This is possible in V17.5 and you can restart another Trial in V18 for another 30 Days.

    I would highly recommend to test it in V18. 

    The new Threat Intelligence is Sandstorm: https://community.sophos.com/products/xg-firewall/f/recommended-reads/117033/sophos-sandstorm---more-data-than-ever-before

    And this is how to interact with Attachments. 

     

    PS: You really want to give your Users the power to release Malware from the quarantine? 

    Malware Emails in Threat Intelligence will be presented to the Admin. There will be many Tools to interact in a proper manner with them. 

     

    Listing them into a Quarantine Report is maybe not the best approach, will likely causing user to flood the IT department with "Release X, Release Y". 

    I am able to see your points in giving the User the possibility to see, that there is actually something sitting in the Quarantine and the Admin needs to do something, but if Sandstorm strikes something, likely because there is something shady going on with this attachment. And Users should not "Stress" the Administrator to release such stuff nowadays. 

    Always reverse the points: If Sandstorm tells the Administrator: This file is going to do bad stuff "i guess". But the User is saying he needs it, you are the point of failure in this discussion. If you release this file to the user, because he is screaming at you, if the file is encrypting your Setup, it is your fault. You cannot blame the user for this. 

    So leaving the User out of this discussion by not informing him of the Strike is properly the best approach (my opinion). 

  • 0 in reply to LuCar Toni

    Hi LuCar Toni,

    Thanks for your explanation. A true point.

    I have not yet considered it from this side.

    Many greetings
    Felix

Reply Children
No Data