Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 17 subscribers
  • Views 2907 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Feature Request: What happens when the user clicks on the link

Ulrich Haucke

Hello,

I received a message from a user saying that he had been sent an email with a link to a document. This user regularly receives emails from this sender, but the documents are usually PDFs. The user has now downloaded the document, but the file seemed suspicious to him, so he deleted it immediately.
I have now been asked to check what really happened, but I can only check which type of document is downloaded by clicking on the link myself, which of course I don't want to do.
Is there a way to build a "what would happen if I downloaded this file" into Sophos Email Protection? Also in relation fo reporting a link?



This thread was automatically locked due to age.
Parents
  • +1

    Here is one possible path that I would take.

    1. Clawback the message to the Post Delivery Quarantine

    2. From there you can download the document in an encrypted password protected attachment

    3. I would probably then submit that file to Sophos Intelix for further/deeper inspection which the sandbox allows you to see the interaction with a virtual desktop.

    I'm sure others could provide some other methods but this should protect your user, your admin and give you insight into the file.

Reply
  • +1

    Here is one possible path that I would take.

    1. Clawback the message to the Post Delivery Quarantine

    2. From there you can download the document in an encrypted password protected attachment

    3. I would probably then submit that file to Sophos Intelix for further/deeper inspection which the sandbox allows you to see the interaction with a virtual desktop.

    I'm sure others could provide some other methods but this should protect your user, your admin and give you insight into the file.

Children
No Data
Unfiltered HTML