Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block QR codes in body or attachment of email?

Hi Sophos,

As subject, is it possible within the Central Email Gateway product to quarantine emails if they contain QR codes in the attachment or body of email?

Thanks



This thread was automatically locked due to age.
  • Hi ptho,

    Thank you for reaching out to Sophos Community.

    Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

    Kindly check the following KB which might assist you. 

    Sophos blocked email attachments with specific file extensions.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Erick,

    I usually search for a solution online before posting here, yes.

    Neither of those reference links directly address my query. I'm aware that QR codes are image filetypes, and so I can block JPEG, PNG, etc. but nothing in those links covers the topic of blocking QR codes specifically.

    I wondered if it was a function hidden in one of the spam detection tiers of the Email Gateway product. For instance, if we are currently operating on Suspected Spam tier Level 3 in the Email Security Anti-spam Policy, would raising that to 4 or 5 implement this?

    Thanks

  • Hello Ptho,

    I confirmed with that at the moment is not possible to do QR code analyzing/blocking.

    There is already an idea for this CEMA-I-147

    PM is actively discussing with labs a possible solution.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Sophos,

    This is a very big hole in Sophos Email filtering capability. It should be a high priority as it bypasses URL filtering, if a code is scanned it is on a device that likely has a standalone internet connection outside of a firewall via SIM. It should be possible to do image analysis to detect and block QR codes in email without needing to block all types of image files. We see a hugely increased volume of QRishing taking place which is coming through Sophos Email filter.

    Can Sophos on Android or iOS mitigate this problem by filtering a malicious URL on a mobile device if a QR code is scanned from an email which is allowed through Sophos Email filter?

    Thanks

  • It is a high priority and we are already in discussions with our developers and Sophos Labs to integrate QR code inspection and control in our product. I will update this community as we get closer to releasing a solution for this.