Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 19 subscribers
  • Views 8416 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HOWTO submit virus sample via CLI script

gygy

The easiest way I found was to use mutt to send the files directly to mx1.sophos.com.

Step 1: create a muttrc file with only two lines:

 set from = 'XXXXX@XYXYXY.me'
 set smtp_url = 'smtp://mx1.sophos.com:25'

Step 2: use this mutrc file to send virus sample:

 mutt -F sophos-mutrc samples@sophos.com -s "Virus sample I found" -a firus_file.zip

:57313


This thread was automatically locked due to age.
Parents
  • 0

    Hello gygy,

    The easiest way

    but not the best one. What's wrong with using the online submission form? Sure, Submitting samples of suspicious files to Sophos lists email (BTW: hard coded MX hosts are not best practice) as alternate method of submission. The article clearly states (*) that you should construct the message in a specific way. Even if you leave out the requested details the attached archive should be password protected archive (do not assume that the MX will waive it through if it isn't) and therefore the password must be included in the message.

    Christian

    (*) When an Englishman says if possible you should construe it as by all means

    :57323
Reply
  • 0

    Hello gygy,

    The easiest way

    but not the best one. What's wrong with using the online submission form? Sure, Submitting samples of suspicious files to Sophos lists email (BTW: hard coded MX hosts are not best practice) as alternate method of submission. The article clearly states (*) that you should construct the message in a specific way. Even if you leave out the requested details the attached archive should be password protected archive (do not assume that the MX will waive it through if it isn't) and therefore the password must be included in the message.

    Christian

    (*) When an Englishman says if possible you should construe it as by all means

    :57323
Children
No Data
Unfiltered HTML