Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 15701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Email Protection is missing Macro Virus detection

MikeManning

Hi all,

It looks like the old Macro Viruses are making a rapid comeback and over the last few months our customers have been bombarded by these emails with .doc attachments - They say that in the IT world the old will become new again if it's left long enough and it seems this is the case.  Macro viruses have probably been removed for detection by most antiviruses these days so they're making a big comeback.  Does Sophos plan to implement detection of these?

Cheers, Mike



This thread was automatically locked due to age.
  • 0
    Hi Mike,

    I have submitted several samples in the last month from the clients I look after. They are indeed coming through the SMTP proxy undetected. To Sophos's credit they get detected after the next day's definition update, but I agree with your post they are a bit behind detection rates for the macro viruses.

    Some come in attached as a simple word .doc and others are zipped word documents.

    Maybe an extra layer of scanning protocols on particular extensions? Or allow us to specify the 2nd scan engine on Dual-scanning options in the UTM?

    Regards,
    Kevin

    ------------

    Kevin

  • 0
    "Or allow us to specify the 2nd scan engine on Dual-scanning options in the UTM". The options are Sophos and Avira. You can set which is used when only using single scan at Management > System Settings > Scan Settings. No other engines are available as these are the only two that are licensed for inclusion in UTM.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Yup we're using the dual scan engine on the UTM (we have the ASG320)
  • 0
    Mike, it might be time to have upper management remind folks that they should never click on a link or a document that they weren't expecting. Your post would seem like a good starting point for his missive to the troops. If you have good AV on each endpoint, trying to save a suspicious file to your device usually reveals if it is malware.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Couldn't agree more there Bob,

    We run a small ISP and constantly send out reminder emails to customers saying beware of opening attachments, but unfortunately the older generation that are less computer literate still seem to open them up.

    I just ran a scan on one of the DOC files using virustotal.com and it only had a hit rate of 3/54 which is pretty poor - I run Avira pro on my workstation here. www.virustotal.com/.../

    Cheers, Mike
Unfiltered HTML