Hi! We're new to Reflexion Total Control (through an MSP that is also new to Reflexion). Given that we have shared management of our Reflexion settings and I'm working to find the right balance on spam filtering, I was curious if: Does anyone know how Reflexion's anti-virus scanner works? Is it unpacking and running them? Scanning them against a database? What engine it's using? We're coming over from an on-prem Trustwave SEG, where (ironically) we were using the available Sophos AV engine to scan attachments. With Reflexion being added to Sophos, some of the information out there is kinda separated and difficult to split. Other info seems simply nonexistent. Currently, our MSP has set most attachments to get quarantined, but we deal A LOT with those with our customers, and I'm trying to figure it how much faith I can place in Reflexion's AV scanning in order to possibly pass more of those (non-executable) office-type attachments to users' inboxes. Thanks! -Jim

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New to Reflexion - Question about attachments and anti-virus scanning

Hi!

We're new to Reflexion Total Control (through an MSP that is also new to Reflexion). Given that we have shared management of our Reflexion settings and I'm working to find the right balance on spam filtering, I was curious if:

Does anyone know how Reflexion's anti-virus scanner works?
Is it unpacking and running them? Scanning them against a database?
What engine it's using? We're coming over from an on-prem Trustwave SEG, where (ironically) we were using the available Sophos AV engine to scan attachments.

With Reflexion being added to Sophos, some of the information out there is kinda separated and difficult to split. Other info seems simply nonexistent. Currently, our MSP has set most attachments to get quarantined, but we deal A LOT with those with our customers, and I'm trying to figure it how much faith I can place in Reflexion's AV scanning in order to possibly pass more of those (non-executable) office-type attachments to users' inboxes.

Thanks!

-Jim

This thread was automatically locked due to age.

0 Sure Win 2 over 8 years ago

Hi JimDuyck. Sorry for not getting back to you sooner.

Sophos Reflexion uses dual AV engines to protect from malware, with Sophos Anti-Virus as the primary engine. Optimally, SAV scanning for email threats in Reflexion paired with Sophos Endpoint Standard or Advanced provides the greatest level of security from malware and ransomware threats.

Our engines update frequently, but there can be a lag between the outbreak of a virus and the implementation of an update to our virus engine so that it can detect and thus blocked. This time is usually very short, but on rare occasions, new viruses/variations might get through in the meantime.

Sure Win 2
Cancel
Vote Up 0 Vote Down

Cancel
0 JimDuyck over 8 years ago in reply to Sure Win 2

Thanks for your reply! I do have one follow-up question:

Are you able to do any scanning for malicious scripting embedded in Word document attachments?
Cancel
Vote Up 0 Vote Down

Cancel
0 AimanAnsari over 8 years ago in reply to JimDuyck

Hello Jim,

By default, all attachments will be scanned for embedded scripts containing malware.

Regards,

Aiman Ansari | Network & Security Engineer
Cancel
Vote Up 0 Vote Down

Cancel