Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 15703 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Email Protection is missing Macro Virus detection

MikeManning

Hi all,

It looks like the old Macro Viruses are making a rapid comeback and over the last few months our customers have been bombarded by these emails with .doc attachments - They say that in the IT world the old will become new again if it's left long enough and it seems this is the case.  Macro viruses have probably been removed for detection by most antiviruses these days so they're making a big comeback.  Does Sophos plan to implement detection of these?

Cheers, Mike



This thread was automatically locked due to age.
Parents
  • 0
    Hi Mike,

    I have submitted several samples in the last month from the clients I look after. They are indeed coming through the SMTP proxy undetected. To Sophos's credit they get detected after the next day's definition update, but I agree with your post they are a bit behind detection rates for the macro viruses.

    Some come in attached as a simple word .doc and others are zipped word documents.

    Maybe an extra layer of scanning protocols on particular extensions? Or allow us to specify the 2nd scan engine on Dual-scanning options in the UTM?

    Regards,
    Kevin

    ------------

    Kevin

Reply
  • 0
    Hi Mike,

    I have submitted several samples in the last month from the clients I look after. They are indeed coming through the SMTP proxy undetected. To Sophos's credit they get detected after the next day's definition update, but I agree with your post they are a bit behind detection rates for the macro viruses.

    Some come in attached as a simple word .doc and others are zipped word documents.

    Maybe an extra layer of scanning protocols on particular extensions? Or allow us to specify the 2nd scan engine on Dual-scanning options in the UTM?

    Regards,
    Kevin

    ------------

    Kevin

Children
No Data
Unfiltered HTML