Some issues with Sophos in Mailscanner

[info at schroeffu.ch]

OK, today Sophos detected its first real virus, a compromized HTML ^_^
 Sophos: >>> Virus 'Troj/HTMLDrop-T' found in file (...)DHL_Deklaration_734.html

So scan engine seems to work, but for me it seems the detection rate is very low in comparison to ClamAV (+SaneSecurity) + ESETS.
And the other issue "whitelist office pw protected files" is discuessed here: http://lists.mailscanner.info/pipermail/mailscanner/2019-November/106076.html (http://lists.mailscanner.info/pipermail/mailscanner/2019-November/106076.html)

all the best
Schroeffu 
20. November 2019 11:26, info at schroeffu.ch (mailto:info at schroeffu.ch) schrieb:
Hi Mailscanner Community,

are some of you using the free sophos virus scanner in production? Maybe you can help me with some issues.

For years i am running ESETS and CLAMAV + SaneSecurity, but the detection is not as good as i wish. So i installed additonally sophos days go to compare.

- Sophos is not detecting any real virus in the wild. ESETS+ClamAV does. Any Idea why?
- Sophos is not detecting EICAR with for example "savscan /tmp/eicar.txt.com". Any Idea why?
- But Sophos is detecting password protected 7zip and MS Office Password protected files. Now, thats not optimal. VBA Virus can be found in MS Office Password PRotected files, so block this files is overkill and not neccessary. How can I whitelist password protected Office files, but still detect pw protected 7zip?

Because my Mailscanner is not detecting password protected 7zip files (see http://lists.mailscanner.info/pipermail/mailscanner/2019-November/106065.html (http://lists.mailscanner.info/pipermail/mailscanner/2019-November/106065.html)) , its good that sophos does. Therefore i didn't deinstall sophos sav scanner yet.

May some of you had the same issue?

thanks for any help
Schroeffu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20191120/20570745/attachment.html>