Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 19.0 MR1 new email option

Thomas_XG

Hi,

in 19.0 MR1 there is a new option "Email - Added an option to report a spam email as a False Positive from the quarantine release screen".

Our HR department will receive mails from another company which sends encrypted pdfs - so the MTA can't scan it and will move those mails to quarantine. Will this feature whitelist those senders (with encrypted attachments) after using the new option several times?

I can't test it because there are still issues with spam detection with SASI therefore I won't upgrade in the near future.



This thread was automatically locked due to age.
Parents
  • +1

    No, that is not possible. This option is is more likely something to report back to SophosLabs. 

    You could check Central Email instead. Waiting on a firmware update on a security product is not a wise move. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    "Waiting on a firmware update on a security product is not a wise move" - I understand your argument and share it too.
    If I would update to the newest firmware now, the possibilty for phising/malware will increase (with the bug at the moment) and therefore your argument will bring me in much more troubles. I'am the first who update the systems to the last.
    But on the other hand there is a problem (which popped up with an update) with the product we bought and now we should switch to another mail protection product (and pay additionally to the existing one) from Sophos because there is serveral months no fix for the poor spam regonization with SASI on XG(S) firewalls?

    Nevertheless my question is answered, thanks Lucar!

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to LuCar Toni

    "Waiting on a firmware update on a security product is not a wise move" - I understand your argument and share it too.
    If I would update to the newest firmware now, the possibilty for phising/malware will increase (with the bug at the moment) and therefore your argument will bring me in much more troubles. I'am the first who update the systems to the last.
    But on the other hand there is a problem (which popped up with an update) with the product we bought and now we should switch to another mail protection product (and pay additionally to the existing one) from Sophos because there is serveral months no fix for the poor spam regonization with SASI on XG(S) firewalls?

    Nevertheless my question is answered, thanks Lucar!

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Thomas_XG

    If I would update to the newest firmware now, the possibilty for phising/malware will increase (with the bug at the moment) and therefore your argument will bring me in much more troubles. I'am the first who update the systems to the last.

    That is actually not correct.

    Spam =!= Malware. Spam is likely just unwanted Emails. See definition of Spam. So phising/malware is a different concern. If you find a valid malware or phising Email coming through, the question is, which module should fetch this attack. SFOS/UTM does not have good modules to detect phising in the first place (never had). Malware is something, which we can fetch with Intelix/Zero Day. 

    If an advertising Email gets through, which could be considered as Spamming (bulk), this is a security concern per se - Only annoying for the end user. 

    So if your concerns are security related, the only move would be to check the solutions for valid BEC and modern technologies. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    We use the Xstream Protection bundle with Email Protection and zero-day protection activated in MTA. Will those mails be checked for beeing spam with zero-day protection too or only on the XG itself?

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Thomas_XG

    Zero Day Protection is a malware battle technique. Intelix is being used in SFOS to detect attacks, not Spam. 

    __________________________________________________________________________________________________________________

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML