Hi Sophos,
As subject, is it possible within the Central Email Gateway product to quarantine emails if they contain QR codes in the attachment or body of email?
Thanks
This thread was automatically locked due to age.
Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.
Hi ptho,
Thank you for reaching out to Sophos Community.
Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?
Kindly check the following KB which might assist you.
Sophos blocked email attachments with specific file extensions.
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Hi Erick,
I usually search for a solution online before posting here, yes.
Neither of those reference links directly address my query. I'm aware that QR codes are image filetypes, and so I can block JPEG, PNG, etc. but nothing in those links covers the topic of blocking QR codes specifically.
I wondered if it was a function hidden in one of the spam detection tiers of the Email Gateway product. For instance, if we are currently operating on Suspected Spam tier Level 3 in the Email Security Anti-spam Policy, would raising that to 4 or 5 implement this?
Thanks
Hello Ptho,
I confirmed with that at the moment is not possible to do QR code analyzing/blocking.
There is already an idea for this CEMA-I-147
PM is actively discussing with labs a possible solution.
Regards,
Hello Ptho,
I confirmed with that at the moment is not possible to do QR code analyzing/blocking.
There is already an idea for this CEMA-I-147
PM is actively discussing with labs a possible solution.
Regards,
Hi Sophos,
This is a very big hole in Sophos Email filtering capability. It should be a high priority as it bypasses URL filtering, if a code is scanned it is on a device that likely has a standalone internet connection outside of a firewall via SIM. It should be possible to do image analysis to detect and block QR codes in email without needing to block all types of image files. We see a hugely increased volume of QRishing taking place which is coming through Sophos Email filter.
Can Sophos on Android or iOS mitigate this problem by filtering a malicious URL on a mobile device if a QR code is scanned from an email which is allowed through Sophos Email filter?
Thanks
It is a high priority and we are already in discussions with our developers and Sophos Labs to integrate QR code inspection and control in our product. I will update this community as we get closer to releasing a solution for this.