Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Email Gateway versus PureMessage - Viral content not detected by Email Gateway

We moved from Puremessage on premise to Sophos Email Gateway. The Puremessage installation has not been removed as we are in the process of replacing our mail server but it is no longer updated since january first of 2021. Sophos Email Gateway has been found to deliver viral messages now three times, they were detected by PureMessage and by Endpoint X as malicious.

I received an email from SophosLabs confirming that they were malicous in nature and that they will update their database. 

"Your sample submission 04399005 has been analysed. The file(s) you submitted are malicious in nature and detection will be available on the Sophos Labs Database shortly.

Please update Sophos Anti-Virus or Sophos Central Endpoint and run a Full System Scan to clean up this threat."

The problem is that the detection engine of both PureMessage and Endpoint X are already detecting these files BUT Email Gateway with Sandbox did not.

- Is Email Gateway using a different database / detection Engine?

- Why are only Sandbox details available of viral messages (Intelix Threat Summary) and not of all messages with attachment types that require sandboxing?

- Furthermore why can't we forward / submit viral messages to Sophos Labs from the Emergancy mailbox?

Thanks,

Fred



Edited tags
[edited by: Raphael Alganes at 6:28 AM (GMT -7) on 7 Jun 2023]
Parents
  • I have send the email examples to SophosLab and according to Sophos Support the virus signature was added to the database and should now be stopped by Email Gateway. Both old Puremessage and up-to-date Endpoint X already detected it.

    After that I was still able to send the viruses to Sophos Support Delivery Succesfull without triggering Sophos Email Gateway SAV and/or Sandbox.

    Sigh

Reply
  • I have send the email examples to SophosLab and according to Sophos Support the virus signature was added to the database and should now be stopped by Email Gateway. Both old Puremessage and up-to-date Endpoint X already detected it.

    After that I was still able to send the viruses to Sophos Support Delivery Succesfull without triggering Sophos Email Gateway SAV and/or Sandbox.

    Sigh

Children
No Data