Guest

Cisco Email Security Appliance

Does Sophos Anti-Virus treat password protected Microsoft Office documents as encrypted?

Document ID: 118104

Updated: Jul 29, 2014

Contributed by Jacqueline Fleming and Stephan Bayer, Cisco TAC Engineers.

   Print

Question:

Does Sophos Anti-Virus treat password protected Microsoft Office documents as encrypted?

Answer:

Yes, for most Microsoft Office file types, Sophos Anti-Virus detects that the file contains encrypted parts.

However, Sophos Anti-Virus will scan anything given to it, regardless of whether it thinks it is encrypted or not.  It will scan 'encrypted' messages to the best of its ability. For example, a message may have many parts or attachments, only some of which are unscannable or encrypted.

Sophos Anti-Virus scanning considers any message or attachment that is password protected to be "encrypted." The Sophos engine does not attempt to identify messages that are PGP or S/MIME encrypted.

The anti-virus scanner will look for virus patterns, but if the virus portion has been encrypted, the virus may or may not match any known virus patterns. Therefore it is prudent to treat encrypted messages with caution and re-scan at the desktop where decryption is possible.

If you have a policy to allow encrypted messages to pass through into the email network, you may want to tag the subject lines so that recipients are aware that the message was not completely scanned. An alternative to passing these messages through is to quarantine them in a system quarantine.

Updated: Jul 29, 2014
Document ID: 118104