Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion
Parents Reply
  • That's not correct, I indeed can compare both engines for the very same email. I just send one of the two mails I posted above to an exchange server behind a XGS I downgraded to MR2, guess what the result was?

    MSG   Jun 21 09:15:06Z [1o3ZyT-0006wW-Mn]: spam scanning result: 'Confirmed spam'

Children
  • Could you provide this particular Email as a Lab Request to get this sorted out? 

    __________________________________________________________________________________________________________________

  • Sure, I submitted a few samples to is-spam@labs.sophos.com that passed the SASI engine with ease.

    Why is the detection rate of the SASI engine that poor? We're talking about the usual "buy cheap viagra here!!!!"-mails I haven't received in years, just until you guys decided it would be a good idea to switch the spam engine. Since that day me and our customers a pleased with the most obvious spam mails that we all thought were dead.

  • It looks to me like Sophos doesn't see this for what it is: a serious problem that needs a fast solution. Our customers were willing to wait for a patch, but now it seems like the engine is just bad and a fix will, as always with Sophos, take ages to get released. I simply can't expect our customers to wait for that long, so if you guys don't surprise us, then we will look for another product from another company, at least for mail protection. Not just because we're disappointed with Sophos, but also because our customers would not be willing to buy another solution from the very same company that broke the one they already bought. I'm still having trouble explaining why a company like Sophos would replace a reasonably functional antispam engine without thoroughly testing the replacement.

  • So do you use the reputation filter in MTA or not? You did not answer this question.

    And also which kind of RBL do you use? 

    __________________________________________________________________________________________________________________

  • Hi, 

    The filter works in legacy mode.

    RBL:
    dnsbl-1.uceprotect.net
    pbl.spamhaus.org
    sbl-xbl.spamhaus.org

  • I don't see how this is even relevant, since the settings have not changed but the Spam Engine has. Anyway, reputation filter is enabled and I use all RBLs provided by Sophos + zen.spamhaus.org

  • Here you have a comparison of one week MR2 vs. one week MR4:

    The detection rate is just plain bad and I highly doubt that you guys did any propper testing before releasing this to your customers!

  • Hi , a new Development ID NC-98258 has been assigned to investigate this issue of poor SPAM detection rate even after upgrading to 18.5.4. We will update this thread as we know more.

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • has there been any movement on this? I show last response about a month ago and a similar chain on the xg v19mr1 with no resolution either. We have noticed this new poor anti spam detection as well and have been consequently upgrading to latest MR in hopes it would get fixed but nothing yet.

  • No progress so far, 19.0 MR1 is as bad as 18.5 MR3/MR4. I have a case open with Sophos, but so far it doesn't seem to go anywhere in the near future. They just want me to send them spam mails that got through so they can submit them to Sophos labs. My customers get super obvious spam mails with the corresponding mail headers showing a SASI spam probability between 10-20%, it's ridiculous.