https://labs.portcullis.co.uk/blog/could-sophos-antivirus-web-protection-cause-a-privacy-concern-for-your-organisation/
The blog post above looks at Endpoint Web Protection with the http based SXL lookup and returned values. Similar data appears available via DNS based SXL lookups but I'm not sure what, if anything, uses the DNS mechanism.
"tr a-z n-za-m" works for ROT13 on lowercase and works on the Sophos UTM.
A previous thread touched on some potential privacy/disclosure concerns https://community.sophos.com/products/unified-threat-management/astaroorg/f/53/t/33654 other threads may exist.
Further, could a sufficiently interested/malicious actor spoof/manipulate responses to potentially alter web policy enforcement? According to my tests: Yes.
This thread was automatically locked due to age.
