This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG blocks my Sophos logon-page as MALWARE

Hi all,

the sophos XG blocks the WAF logon page from Sophos SG.
There should be "Mal/HTMLGen-A".
But i can't find the problem.
(Others reports problems with this page too)
please check: http://test.now-secure.de/
Can someone help me please?
Thanks,

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 2 years ago +1 suggested

Virustotal reports multiple vendors including Sophos reports back as Phishing.

Parents

0 LuCar Toni over 2 years ago

Virustotal reports multiple vendors including Sophos reports back as Phishing.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 dirkkotte over 2 years ago in reply to LuCar Toni

Hi,

Ok, maybe someone triggers that ... and the others just mark it too?

i can't find some problems. I load the page multiple times from different devices with different browsers and i got the "sophos logon page" + some local loaded CSS files.

All "not only reporting" sites ... the some who really test the site ... can't find malware.

But supposedly sophos uses his own LAB for diagnosis ... so i hope i got more information about the problem ...
Otherwise someone has hacked the sophos firewall to place malware ... really bad

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 2 years ago in reply to dirkkotte

Hello Dirk,

You can request a URL Re-assessment for the website https://support.sophos.com/support/s/filesubmission?language=en_US

Checking internally, I see the site was flagged since April as Phish.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel
0 dirkkotte over 2 years ago in reply to emmosophos

OK, i tried this already. i will check the result later.

But i wonder, why sophos labs mark the sophos-waf-page as "malware". Possible there is malware placed really ...?

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 2 years ago in reply to dirkkotte

Hello Dirk,

Labs mentioned that the URL is hosting some type of Malware.

They asked for what purpose is this site used.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 2 years ago in reply to emmosophos

Hello, Thank you for your efforts.

as you can see, this is a Sophos SG WAF portal, which runs on a sophos sg firewall.
with very few adjustments ... just a little css and a javascript that merges 2 input fields ... when I set it up.
There shouldn't be more ...
... it is a really endangered environment, so the diagnosis from the Sophos LAB is important.

Would be great, someone from LAB contact me!

Thanks, Dirk

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dirkkotte over 2 years ago in reply to emmosophos

Hello, Thank you for your efforts.

as you can see, this is a Sophos SG WAF portal, which runs on a sophos sg firewall.
with very few adjustments ... just a little css and a javascript that merges 2 input fields ... when I set it up.
There shouldn't be more ...
... it is a really endangered environment, so the diagnosis from the Sophos LAB is important.

Would be great, someone from LAB contact me!

Thanks, Dirk

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 emmosophos over 2 years ago in reply to dirkkotte

Hello Dirk,

Thank you for the information, I have shared this with Labs.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel