Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SASI - Does the SASI engine scan imap/s traffic?

I asked this question some 6 months ago, the thread is locked so I can no longer update it.

Today I received a number of spam messages, which the XG has marked shown by the message in the mail message, but I get the same message added to genuine messages.

why isn't the spam being detected and why are genuine messages tagged as possible spam. This included the daily reports generated ny the XG.

Ian



This thread was automatically locked due to age.
  • Hi folks, yesterday I received over 20 spam messages, none was identified as spam. My legitimate messages had the XG Spam messages added to the mail message.

    In the following screenshots there are a large number of spam messages supposedly received by the XG, in fact majority of them are mail accounts checking for mail updates.

    Ian

    Deleted two unreadable files. I need to convert them to a readable format.

    Added an updated format file.

    not spamm with xg message.rtf

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Thank you for sharing this. I would recommend kindly sending a sample to Sophos Labs to have this looked into the Global Spam Protection.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Thank you for the suggestion, but as a home user I do not have that option.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi rfcat_vk,

    Upon checking with the Internal team, the Sophos Firewall Home user can also send a sample file.

    You may refer to the following.

    support.sophos.com/.../filesubmission

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Ian,

    as Erick wrote, Home users can report spam false positives/negatives too.

    For false positives, please look for the "Release and report" function in email quarantine area.

    For reporting false negatives, you can use the Sophos Outlook Add-in (in case you use Outlook) or send the original email to Labs as an attachment. For the later case I can send you instructions on the required format.

    Regards,

    Janos

  • I have submitted 5 files. There is no data in there release and report function.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • My case has been closed without any feedback and th issue does not appear to have been fixed.

    A couple of days ago I submitted a response to a survey on the mail issue and have since received two emails and a few case number, The email ask me to submit the details I had previously submitted and arrange a time for a session to work through th issue.

    "Good day and I hope you are doing well,

    We have received your feedback on regards to case 07033646 and we apologized that the case has been closed without any response from us.

    To continue may we know the following below:

    •  Please provide the screenshot mentioned on the case description.
    • Can you elaborate further the issue/ concern on the Sophos firewall. Are there legitimate emails that are being tagged as SPAM?
    • Best time to troubleshoot or investigate via remote session?

    Should there be any concern, feel free to reach us via email, chat, or call our Support Hotline ( https://www.sophos.com/en-us/support/contact-support.aspx > For Critical Cases > Choose your region). Our lines are open 24/7.

    Kind Regards,

    Glen | Network Security Group
    Sophos Technical Support"

    I find the response to a negative review very strange, especially when they already have the files and screenshots.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    We regret to hear about your experience. Upon checking, case 07033646  was closed due to no response received from your side.

    The case handler tried to reach out via  +** *** *** *88 and emailyesterday, a new case was created 07057088 and awaiting your response.

    For the request for samples and files from the previous case, no attached files were included. 

    Kindly refer to the KB below.

    I see where you're coming from and hoping for your understanding.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • I did not receive any phone calls from numbers I know and there weasn't any voicemail message so I did not repsond. The only message I received was that the case was closed, no details as to why the case was closed.

    I sent the files as per instructions provided. I also included comments. I will send them again.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Understood, I'll forward the given information to the case handler. Again, thank you for your understanding.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.