Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Parents
  • Hi,

    I received an email about 10 minutes ago, it has a number of attachments which are all blank, further the email does not show in logviewer -> email. There a e two entries at the time of the email with no details and show possible spam.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Further to the message above, I sent the originator a question about the attachment and he advised other recipient were able to view it. I took the iPhone out of the wifi and was able to see the attachment which is an mp4 file.. So something is broken in the latest mail functions in v19.0.1.

    I have not made any changes to my mail settings, least of all have the ability to hide messages from XG log viewer -> email report. I have received other messages which do not show up in log viewer. This is an issue that was fixed a couple of versions ago.

    Ian

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi

    do you have some news to share on the spam detection topic?

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • No, nothing new. They will investigate the issue and get back to me, but so far they haven't even admitted that there is a problem at all.

  • I had opened support case about spam, which has been closed yesterday by tehnician with reason inactivity(I send last email response on friday and he close it on monday)... For us case is not closed until engine will not work as before with older engine which has been reason to use and BUY this subscription but Sophos know that better than us.

    After upgrade to MR1 AND Sophos Lab actions to include our samples into engine spam detection in last 10 days has been a lot of better. We receive only national(slovenian) spams. but today we start receiving some phishing mails which are not in national language:

  • Hi , sorry to hear your case was closed prior to resolution. Reviewing the case, the email response you sent on Friday did not come through. Please let me know and I can reopen a case. 

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Hi Karlos,

    If I resend email without attachments will case be reopened or you need reopen it? Now Im on vacation until 6.9. so maybe reopen it after that...

    Thanks.

    Best regards, Dejan

  • Yes, I would need to open a new case. Once you are back and ready to pick up, please send me a DM and I will provide you a new case ID.

    Best,

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Hi and

    Have you any news for the poor spam recognition on v18.5 MR3 / v19.0 and versions above?

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • This is the last answer I got from the support:

    "Development has sent a proposal for handling "bulk" messages and change how the spam classification works in the MTA mode. After the proposal is approved by both Product Management and Labs, we schedule this new feature for an MR Release."

    They will get back to me this week, so at least there's some hope I guess.

  • Thanks for your effort and sharing your information!

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Dreamcatcher,
    did Sophos Support get in touch with you, did you receive any further information?

Reply Children
  • Yes, to tell me that they need more time. They said they will get back to me this week, but that didn't happen yet.

  • Hi Dreamcatcher, thanks for your effort. Did you received something new about the case?

  • Yes, support contacted me yesterday. They asked to get access for 4 weeks to the firewall to check if their current solution is working. Maybe we will see a public release at least this year? We'll see.

  • Hi  ,

    do you have any news on this?

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • Hey, not really. They asked for more spam samples and are working on a better bulk spam detection, but no ETA or anything.

  • My case is also still opened. I daily report phishing emails to SophosLabs and after week or two they add them to detection policy but after that I receive new spams and Im again in infinity loop...  In last few months I don't remember if we receive more than few spam emails, but we receive  a ton of phishing emails...

    I’m also mention to different support tickets and tehnicians few times simple solution as configurable probable spam and spam % score limit/threshold will solve most of our(and probably also others) issues… For example we will set:

    probablespam 5%

    spam 10%

    And none of that phishing emails(Or only few) will not be send to user and expose us… I as software developer think that this can be added to 19.5 MR fix with very small modifications(in config file add 2 parameters and replace fixed values in code with that parameter) and then advanced users can with support help change this parameter and if it will help other users solve spam issues can be later added to CLI or WEB GUI…

  • Hi  , 

    Latest update from Development is that they're working on a solution that'll enable admins to handle 'bulk' messages and define an action for them to improve the detection rate. I do know they are actively working on this. Appreciate your patience and we will update this thread once we know more.

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.