For a while now we have had emails with malicious attachments going into quarantine instead of being dropped/blackholed. See the attached image for an example of emails received recently.
Occasionally, users release their quarantined email and recklessly open the attachment... fortunately Sophos Endpoint protection detects and removes the file at this point.
So, why are these emails with malware attached going to Quarantine? I would prefer they were dropped altogether... the end user should never see emails with malware attached.
Our UTM's SMTP Antivirus settings are as follows:
- Reject malware during SMTP transaction = Enabled
- Antivirus Scanning = Blackhole, Dual Scan, Quarantine unscannable = enabled
- MIME type filter = all disabled (default, I think)
- File extension filter = exe, js, etc (default, I think)
I have toggled every setting on/off just to make sure they are set correctly... but won't know if that helped til the quarantine is monitored for a few days. Do you have any ideas what's happening here?
Thanks
This thread was automatically locked due to age.
