Why aren't encrypted Microsoft Word documents flagged by Sophos Anti-Virus?

Available Languages

Download Options

  • PDF     (5.9 KB)
    View with Adobe Reader on a variety of devices
Updated:August 12, 2014
Document ID:118244

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the scanning behavior of sophos antivirus on Cisco Email Security Appliance (ESA).

Background Information

Sophos Anti-Virus can be configured to treat encrypted messages differently from unencrypted messages. In most cases, Microsoft Word documents encrypted using the built-in encryption methods are not flagged as encrypted by Sophos. As per Sophos:

"The Office95 format uses a simple encryption that can be decrypted on
the fly so we can scan the encrypted macros.

The Office97 format uses a strong encryption which we cannot decrypt,
but the macros are not in the encrypted part so we can scan them anyway.
(It is the macros we need to get at)."

To encrypt Microsoft Word documents in Word 2003, go to Tools -> Options. Click the "Security" tab and set a password to open the file.

Revision History

Revision Publish Date Comments
1.0
12-Aug-2014
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Stephan Fiebrandt and Chris Haag
    Cisco TAC Engineers.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products