Using KC 8.4.2
In the security log:
[09/Jun/2015 14:18:04] Sophos database has been successfully updated. Sophos Scanning Engine (5.15.9242179/3.60.0.0) is now active.
27 minutes later, this message with a Word document attached sails through and get delivered:
09/Jun/2015 14:45:43] Recv: Queue-ID: 5576edf8-0000dd4a, Service: SMTP, From: <gulletuz58@rmc101.com>, To: <user@ourdomain.co.uk>, Size: 123843, Sender-Host: 118.200.234.95, Subject: fraudulent cc charge, Msg-Id: <WM7LHZNV.2044202<_at_>rmc101.com>
The attachment has a virus that is immediately picked up by Sophos on the client:
File "C:\Users\deuser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\GP9SZIER\statement.doc" belongs to virus/spyware 'Troj/DocDl-QI'.
According to the Sophos website this virus was first seen on June 8th so why didn't Sophos in KC pick it up?
Members
Search
Help
Register
Login
Home
