Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 6262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.314]Malware attachments going into Quarantine

mayday175
For a while now we have had emails with malicious attachments going into quarantine instead of being dropped/blackholed. See the attached image for an example of emails received recently. 

Occasionally, users release their quarantined email and recklessly open the attachment... fortunately Sophos Endpoint protection detects and removes the file at this point.

So, why are these emails with malware attached going to Quarantine? I would prefer they were dropped altogether... the end user should never see emails with malware attached.

Our UTM's SMTP Antivirus settings are as follows:
- Reject malware during SMTP transaction = Enabled
- Antivirus Scanning = Blackhole, Dual Scan, Quarantine unscannable = enabled
- MIME type filter = all disabled (default, I think)
- File extension filter = exe, js, etc (default, I think)

I have toggled every setting on/off just to make sure they are set correctly... but won't know if that helped til the quarantine is monitored for a few days. Do you have any ideas what's happening here?

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    BAlfson,

    Shouldn't that be EMail protection[B]Quarantine Report[/B]\Advanced\Release options?

    See attached image.

    C68
  • 0 in reply to Coder68
    Ok, I've made that change. (@C68, I knew what BAlfson meant [;)] )

    So, that'll prevent users from releasing malware emails from quarantine... but it would be advantageous if these types of emails/attachments were dropped/blackholed all together. I don't want users to know about virus attachments waiting for them in quarantine, nor bother our HelpDesk to inquire about them.

    If the Antivirus:Blackhole setting is not working as expected, is this a problem with our UTM or a problem with my understanding of this function?
Reply
  • 0 in reply to Coder68
    Ok, I've made that change. (@C68, I knew what BAlfson meant [;)] )

    So, that'll prevent users from releasing malware emails from quarantine... but it would be advantageous if these types of emails/attachments were dropped/blackholed all together. I don't want users to know about virus attachments waiting for them in quarantine, nor bother our HelpDesk to inquire about them.

    If the Antivirus:Blackhole setting is not working as expected, is this a problem with our UTM or a problem with my understanding of this function?
Children
Unfiltered HTML