This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malicious payload detected in emails

We have been receiving emails for the last few weeks - with subject "Undeliverable email"

The emails appear to come from totally random - but genuine sources - and all contain "malicious payload"

I have done an IP trace on many of them - and they always produce a blank

Here's a typical one :

 

"This message was created automatically by mail delivery software. Your email message was not delivered as is to the intended recipients because malware was detected in one or more attachments included with it. All attachments were deleted.

--- Additional Information ---:

 Subject: HM revenue & customs

Sender: UnitedKingdom@lundbeck.com

 Time received: 7/18/2018 9:27:23 AM

Message ID:<20180718092416.351650274930B451@lundbeck.com>

Detections found:

Letter of income.pdf      Malicious Payload"

 

What can we do about this ?

Do we need to download and install MTD separately to version 5.5.0 enterprise console ?



This thread was automatically locked due to age.
  • Hello Weeboo,

    this is definitely not an Endpoint question unless they actually originate within your network (and then you'd have to identify the offending source first). Hard to say without the headers or the raw message, this might or might not be backscatter.

    Christian

  • QC said:

    Hello Weeboo,

    this is definitely not an Endpoint question unless they actually originate within your network (and then you'd have to identify the offending source first). Hard to say without the headers or the raw message, this might or might not be backscatter.

    Christian

     

    It appears that MTD is not installed on our server - Enterprise 5.5.0

    Is this not included as standard ?

    I have run the test script and nothing has been detected ,,,

  • Hello Weeboo,

    MTD is not installed on our server
    MTD is an Endpoint component included with all licenses except Endpoint Protection Standard. Please not that (for whatever reason) it will not install on on-premise (SEC) managed servers.

    More important - I don't see how MTD (or any Endpoint component) should come into play here? You're talking about emails, aren't you, and MTD deals with HTTP traffic of non-browser applications. So maybe there's some misunderstanding w.r.t MTD.

    Christian

  • Hi Weeboo,

    As already mentioned, I would also recommed you to see if we can find the source of these emails? Are they from internal user accounts or external domains? Is there any email gateway in place to scan these emails?

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.