Feature Request: What happens when the user clicks on the link

Question

Hello, 
 I received a message from a user saying that he had been sent an email with a link to a document. This user regularly receives emails from this sender, but the documents are usually PDFs. The user has now downloaded the document, but the file seemed suspicious to him, so he deleted it immediately. I have now been asked to check what really happened, but I can only check which type of document is downloaded by clicking on the link myself, which of course I don't want to do. Is there a way to build a "what would happen if I downloaded this file" into Sophos Email Protection? Also in relation fo reporting a link?

Tom Foucha · Accepted Answer

Here is one possible path that I would take. 
 1. Clawback the message to the Post Delivery Quarantine 
 2. From there you can download the document in an encrypted password protected attachment 
 3. I would probably then submit that file to Sophos Intelix for further/deeper inspection which the sandbox allows you to see the interaction with a virtual desktop. 
 I'm sure others could provide some other methods but this should protect your user, your admin and give you insight into the file.

Feature Request: What happens when the user clicks on the link

Top Replies