This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Block Attachment Name

Hello everyone.  We've been getting a lot of emails through our UTM with the my_resume.zip file malware attached, it's passing through the Sophos spam filter, and even Kaspersky at the desktop level isn't picking this up as malware yet.

I'm wondering if I can force a quarantine on any emails with the attachment of a file named my_resume.zip

I've tried adding the file as both a MIME type (anti-virus) and expression (spam) both without success.  Any help would be appreciated, thanks!


This thread was automatically locked due to age.
Parents
  • No magic bullet that I know of, just Sophos UTM: How to report undetected Viruses/Spam emails.

    I looked at that in a sandbox.  It's a webpage to a zip file on a googledocs account.  That zip on google is where the Trojan Iframe-MY is located.  Looking again, Sophos Endpoint does now detect the link in the zip - it did not yesterday.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • No magic bullet that I know of, just Sophos UTM: How to report undetected Viruses/Spam emails.

    I looked at that in a sandbox.  It's a webpage to a zip file on a googledocs account.  That zip on google is where the Trojan Iframe-MY is located.  Looking again, Sophos Endpoint does now detect the link in the zip - it did not yesterday.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data