After consulting the Sophos reseller we added the extra layer of protection of a Sophos Sandbox subscription.
I now have two additional MALWARE E-MAILS that ended up in the quarentine queue that based on the XG settings should have been dropped. Piuremessage with old definitions identifies them as Mal/Generic-S, Mal/DrodRar-AIC and Mal/Generic-S, Mal/Inject-GM, CXmail/MalPE-B.
XG MTA with SAV DUAL SCAN engine, primary set to Sophos and DETECT ZERO DAY threats with SANDSTORM ENABLED does not detect the malware in these e-mails. In my understanding e-mails that is still being scanned for malware not yet given the all green from both SAV scanning and Sandstrom should not be in the quarantine queue.
Support is not really responding other than sending their default e-mails with instructions to upload the file, My answer again and again is that the fille requested is in the online case portal already uploaded there.
These two new emails are now uploaded also and the case record updated.
The case number is 03694098.
Fred
This thread was automatically locked due to age.
