Known to apply to the following Sophos product(s) and version(s)
Sophos UTM v9
What to do
Rarely the E-Mail Protection engine of Sophos UTM might report Spam-E-Mails or Virus infected E-Mails, which are false. On the other hand Spam-E-Mails or Virus infected E-Mails might be delivered to the recipient occasionally. In order to minimize such cases false positive as well as false negative samples should be submitted to Sophos.
Collect and submit your samples for false positive Spam / Virus E-Mails
In order to be able to capture samples of false positives the E-Mail Protection configuration should be changed as follows:
For false positive viruses
For false positive spam
By Standard the action for Spam and Virus E-Mails is now to Quarantine and samples can be collected. Make sure that the samples are no older than 3 days.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.