Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 3477 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block QR codes in body or attachment of email?

ptho

Hi Sophos,

As subject, is it possible within the Central Email Gateway product to quarantine emails if they contain QR codes in the attachment or body of email?

Thanks



This thread was automatically locked due to age.
  • 0

    Hi ptho,

    Thank you for reaching out to Sophos Community.

    Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

    Kindly check the following KB which might assist you. 

    Sophos blocked email attachments with specific file extensions.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Hi Erick,

    I usually search for a solution online before posting here, yes.

    Neither of those reference links directly address my query. I'm aware that QR codes are image filetypes, and so I can block JPEG, PNG, etc. but nothing in those links covers the topic of blocking QR codes specifically.

    I wondered if it was a function hidden in one of the spam detection tiers of the Email Gateway product. For instance, if we are currently operating on Suspected Spam tier Level 3 in the Email Security Anti-spam Policy, would raising that to 4 or 5 implement this?

    Thanks

  • +2 in reply to ptho

    Hello Ptho,

    I confirmed with that at the moment is not possible to do QR code analyzing/blocking.

    There is already an idea for this CEMA-I-147

    PM is actively discussing with labs a possible solution.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Sophos,

    This is a very big hole in Sophos Email filtering capability. It should be a high priority as it bypasses URL filtering, if a code is scanned it is on a device that likely has a standalone internet connection outside of a firewall via SIM. It should be possible to do image analysis to detect and block QR codes in email without needing to block all types of image files. We see a hugely increased volume of QRishing taking place which is coming through Sophos Email filter.

    Can Sophos on Android or iOS mitigate this problem by filtering a malicious URL on a mobile device if a QR code is scanned from an email which is allowed through Sophos Email filter?

    Thanks

  • +1 in reply to Edward Aspden

    It is a high priority and we are already in discussions with our developers and Sophos Labs to integrate QR code inspection and control in our product. I will update this community as we get closer to releasing a solution for this.

Unfiltered HTML