CSV files are currently not on the default Sophos Attachment file type list. They can just like any other Office file contain macro’s or functions. Quarantining everything is unworkable.
Does Sophos Email Security also scans office files for malicious functions, Marcos’s or code?
Sophos advertise with that attachments are loaded in a sandbox to determine their nature. As users we do however not see that sandbox evaluation or result. We only see it when found to be malicious and I have had instances in the past with office files that were malicious and were detected as such by Intercept X and Puremessage but not by Email Security! Never seen a explanation for it from Support other than that these particular files were now also added to the database.
Thank you for contacting the Sophos Community.
These are the list of extensions available for macros. The following extensions are visible if you select custom list selection.
.ppsm, .pptm, .potm