Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CSV files with malicious code


https://www.bleepingcomputer.com/news/security/malicious-csv-text-files-used-to-install-bazarbackdoor-malware/

CSV files are currently not on the default Sophos  Attachment file type list. They can just like any other Office file contain macro’s or functions. Quarantining everything is unworkable. 

Does Sophos Email Security also scans office files for malicious functions, Marcos’s or code?

Sophos advertise with that attachments are loaded in a sandbox to determine their nature. As users we do however  not see that sandbox evaluation or result. We only see it when found to be malicious and I have had instances in the past with office files that were malicious and were detected as such by Intercept X and Puremessage but not by Email Security! Never seen a explanation for it from Support other than that these particular files were now also added to the database. 

regards,

Fred



Added tags
[edited by: Raphael Alganes at 8:50 AM (GMT -7) on 1 Jun 2023]
  • Hello Fred,

    Thank you for contacting the Sophos Community.

    These are the list of extensions available for macros. The following extensions are visible if you select custom list selection.

    *TFT ID*

    *Group*

    *Extensions*

    TFT/WordDoc-G

    Document

    .xml

    TFT/WordDoc-E

    Document

    .docm, .dotm

    TFT/PowerPt-G

    Presentation

    .ppsm, .pptm, .potm

    TFT/Excel-I

    Document

    .xlsm, .xltm

    TFT/WordDoc-I

    Document

    .docm, .dotm

    TFT/WordDoc-K

    Document

    .mhtml

    TFT/Excel-G

    Document

    .xlsm, .xltm

    TFT/PowerPt-E

    Presentation

    .ppsm, .pptm, .potm

    TFT/Excel-H

    Spreadsheet

    .xlsm, .xltm

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.