Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SASI - Does the SASI engine scan imap/s traffic?

I asked this question some 6 months ago, the thread is locked so I can no longer update it.

Today I received a number of spam messages, which the XG has marked shown by the message in the mail message, but I get the same message added to genuine messages.

why isn't the spam being detected and why are genuine messages tagged as possible spam. This included the daily reports generated ny the XG.

Ian



This thread was automatically locked due to age.
Parents
  • Hi folks, yesterday I received over 20 spam messages, none was identified as spam. My legitimate messages had the XG Spam messages added to the mail message.

    In the following screenshots there are a large number of spam messages supposedly received by the XG, in fact majority of them are mail accounts checking for mail updates.

    Ian

    Deleted two unreadable files. I need to convert them to a readable format.

    Added an updated format file.

    not spamm with xg message.rtf

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Thank you for sharing this. I would recommend kindly sending a sample to Sophos Labs to have this looked into the Global Spam Protection.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Ian,

    as Erick wrote, Home users can report spam false positives/negatives too.

    For false positives, please look for the "Release and report" function in email quarantine area.

    For reporting false negatives, you can use the Sophos Outlook Add-in (in case you use Outlook) or send the original email to Labs as an attachment. For the later case I can send you instructions on the required format.

    Regards,

    Janos

  • I have submitted 5 files. There is no data in there release and report function.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • My case has been closed without any feedback and th issue does not appear to have been fixed.

    A couple of days ago I submitted a response to a survey on the mail issue and have since received two emails and a few case number, The email ask me to submit the details I had previously submitted and arrange a time for a session to work through th issue.

    "Good day and I hope you are doing well,

    We have received your feedback on regards to case 07033646 and we apologized that the case has been closed without any response from us.

    To continue may we know the following below:

    •  Please provide the screenshot mentioned on the case description.
    • Can you elaborate further the issue/ concern on the Sophos firewall. Are there legitimate emails that are being tagged as SPAM?
    • Best time to troubleshoot or investigate via remote session?

    Should there be any concern, feel free to reach us via email, chat, or call our Support Hotline ( https://www.sophos.com/en-us/support/contact-support.aspx > For Critical Cases > Choose your region). Our lines are open 24/7.

    Kind Regards,

    Glen | Network Security Group
    Sophos Technical Support"

    I find the response to a negative review very strange, especially when they already have the files and screenshots.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    We regret to hear about your experience. Upon checking, case 07033646  was closed due to no response received from your side.

    The case handler tried to reach out via  +** *** *** *88 and emailyesterday, a new case was created 07057088 and awaiting your response.

    For the request for samples and files from the previous case, no attached files were included. 

    Kindly refer to the KB below.

    I see where you're coming from and hoping for your understanding.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • I did not receive any phone calls from numbers I know and there weasn't any voicemail message so I did not repsond. The only message I received was that the case was closed, no details as to why the case was closed.

    I sent the files as per instructions provided. I also included comments. I will send them again.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Understood, I'll forward the given information to the case handler. Again, thank you for your understanding.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Erick,

    Thank you. I have located the files and will load them shortly.

    Ian

    I suspect the portal is not working at the moment?

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    This might be a possibilty, let me inquire this to be sure.

    Also,, I’ve reached out to the case handler to communicate this with you incase the same issue occur again.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Erick,

    Thank you, I received a request from Glen, I have sent him all the messages I included initially.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    Upon verification, there seems to be an issue.

    From your email. The sample file was attached however this did not reflect to the case, even on my side when I was checking.

    Again. We deeply regret your experience and thank you for understanding.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply Children
  • Hi Erick,

    there is no SASI entry in any of those files, there used to be.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian,

    This is noted. I've also informed the case handler. 

    Also, kindly be reminded of the following types of extensions that can be uploaded. 

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Erick,

    I sent them via email as requested by the case handler.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I have been working with the L1 and L2 support teams and identified the probable spam messages are caused by MAC mail and are not an XG issue.

    I have raised the question in the Apple support community and waiting for a response.

    24 hours later, a small number of views, but no suggested answers.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi folks,

    one possible solution (about 99%) to the probable spam issue is the apple devices synch'ing. I have 3 apple devices that share various email addresses and I can see belated entries in the logviewer - email tab when I access the messages from one device and then another or delete and the others update.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.