Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 618 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Antispam Pattern cause high false positive!

André Kufner

Hi all,

today 13:50 (MEZ) our XG Firewall got new Sophos AV Pattern 1.0.16538. Since that time about 30% of our in- and outbounding emails are recognized as confirmed spam and are moved to quarantine.

Does Sophos (or Cyren) do not test their pattern files?

Is there a possibility to rollback to old pattern?



This thread was automatically locked due to age.
  • 0

    Hello Andre,

    Thank you for contacting the Sophos Community!

    I checked but we don't have reports on this, so I would suggest you open a new case to get this investigated.

    Also, you can change the AV to Avira, to see if the issue replicates there. 

    Regards,

  • 0 in reply to emmosophos

    Hello Emmanuel,

    I had immediately created a new case, yesterday. Case ID #03632435.

    This morning I changed AV to Avira, but the issue is still the same. I switched back to sophos because in my opinion sandstorm does not work when using avira AV. 

    Searching the community there are many comments that this happened before. I remember that I have had this issue when using UTM firewall years before. Always it have been a problem with cyren pattern.

    Is there any possibility to escalate to cyren?

  • 0 in reply to André Kufner

    Hello Andre,

    Thank you for the follow-up and the Case ID.

    I checked and the issue has been resolved, it isn't clear for me though, if you’re using SFOS or Cyren, as SFOS doesn't use Cyren, however, the ticket says that Cyren updated the pattern and the pattern got updated and that fixed the issue.

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanual,

    yes, I am very lucky about that.

    I use XG Firewall with SFOS. I am very sure that SFOS uses Cyren Cloud Services for the classifiy of spam emails. Furthermore cyren support and sophos support confirmed that there has been a misclassification due to cyren which caused XG Firewall to classify to much false positive.