Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Feature Request: What happens when the user clicks on the link

Hello,

I received a message from a user saying that he had been sent an email with a link to a document. This user regularly receives emails from this sender, but the documents are usually PDFs. The user has now downloaded the document, but the file seemed suspicious to him, so he deleted it immediately.
I have now been asked to check what really happened, but I can only check which type of document is downloaded by clicking on the link myself, which of course I don't want to do.
Is there a way to build a "what would happen if I downloaded this file" into Sophos Email Protection? Also in relation fo reporting a link?



Added TAGs
[edited by: Raphael Alganes at 11:49 AM (GMT -7) on 30 Sep 2024]
  • Here is one possible path that I would take.

    1. Clawback the message to the Post Delivery Quarantine

    2. From there you can download the document in an encrypted password protected attachment

    3. I would probably then submit that file to Sophos Intelix for further/deeper inspection which the sandbox allows you to see the interaction with a virtual desktop.

    I'm sure others could provide some other methods but this should protect your user, your admin and give you insight into the file.