The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Known to apply to the following Sophos product(s) and version(s)
Sophos UTM v9
What to do
Rarely the E-Mail Protection engine of Sophos UTM might report Spam-E-Mails or Virus infected E-Mails, which are false. On the other hand Spam-E-Mails or Virus infected E-Mails might be delivered to the recipient occasionally. In order to minimize such cases false positive as well as false negative samples should be submitted to Sophos.
Collect and submit your samples for false positive Spam / Virus E-Mails
In order to be able to capture samples of false positives the E-Mail Protection configuration should be changed as follows:
For false positive viruses
For false positive spam
By Standard the action for Spam and Virus E-Mails is now to Quarantine and samples can be collected. Make sure that the samples are no older than 3 days.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.