This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block QR codes in body or attachment of email?

ptho 7 months ago

Hi Sophos,

As subject, is it possible within the Central Email Gateway product to quarantine emails if they contain QR codes in the attachment or body of email?

Thanks

This thread was automatically locked due to age.

Top Replies

emmosophos 7 months ago in reply to ptho +4 verified

Hello Ptho, I confirmed with that at the moment is not possible to do QR code analyzing/blocking. There is already an idea for this CEMA-I-147 PM is actively discussing with labs a possible solution…

Parents

0 Erick Jan 7 months ago
Hi ptho,

Thank you for reaching out to Sophos Community.

Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

Kindly check the following KB which might assist you.

Sophos blocked email attachments with specific file extensions.

Blocking Email Attachment

Email Policies
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 ptho 7 months ago in reply to Erick Jan

Hi Erick,

I usually search for a solution online before posting here, yes.

Neither of those reference links directly address my query. I'm aware that QR codes are image filetypes, and so I can block JPEG, PNG, etc. but nothing in those links covers the topic of blocking QR codes specifically.

I wondered if it was a function hidden in one of the spam detection tiers of the Email Gateway product. For instance, if we are currently operating on Suspected Spam tier Level 3 in the Email Security Anti-spam Policy, would raising that to 4 or 5 implement this?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
+2 emmosophos 7 months ago in reply to ptho

Hello Ptho,

I confirmed with that at the moment is not possible to do QR code analyzing/blocking.

There is already an idea for this CEMA-I-147

PM is actively discussing with labs a possible solution.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +4 Vote Down

Cancel

Reply

+2 emmosophos 7 months ago in reply to ptho

Hello Ptho,

I confirmed with that at the moment is not possible to do QR code analyzing/blocking.

There is already an idea for this CEMA-I-147

PM is actively discussing with labs a possible solution.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +4 Vote Down

Cancel

Children

0 Edward Aspden 6 months ago in reply to emmosophos

Hi Sophos,

This is a very big hole in Sophos Email filtering capability. It should be a high priority as it bypasses URL filtering, if a code is scanned it is on a device that likely has a standalone internet connection outside of a firewall via SIM. It should be possible to do image analysis to detect and block QR codes in email without needing to block all types of image files. We see a hugely increased volume of QRishing taking place which is coming through Sophos Email filter.

Can Sophos on Android or iOS mitigate this problem by filtering a malicious URL on a mobile device if a QR code is scanned from an email which is allowed through Sophos Email filter?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
+1 Tom Foucha 6 months ago in reply to Edward Aspden

It is a high priority and we are already in discussions with our developers and Sophos Labs to integrate QR code inspection and control in our product. I will update this community as we get closer to releasing a solution for this.
Cancel
Vote Up +2 Vote Down

Cancel