Cisco Cisco Email Security Appliance X1070 Information Guide

Contributed by Jacqueline Fleming and Stephan Bayer, Cisco TAC
Engineers.

Jul 29, 2014

Does Sophos Anti−Virus treat password protected Microsoft Office documents as encrypted?

Yes, for most Microsoft Office file types, Sophos Anti−Virus detects that the file contains encrypted parts.

However, Sophos Anti−Virus will scan anything given to it, regardless of whether it thinks it is encrypted or
not.  It will scan 'encrypted' messages to the best of its ability. For example, a message may have many parts
or attachments, only some of which are unscannable or encrypted.

Sophos Anti−Virus scanning considers any message or attachment that is password protected to be
"encrypted." The Sophos engine does not attempt to identify messages that are PGP or S/MIME encrypted.

The anti−virus scanner will look for virus patterns, but if the virus portion has been encrypted, the virus may
or may not match any known virus patterns. Therefore it is prudent to treat encrypted messages with caution
and re−scan at the desktop where decryption is possible.

If you have a policy to allow encrypted messages to pass through into the email network, you may want to tag
the subject lines so that recipients are aware that the message was not completely scanned. An alternative to
passing these messages through is to quarantine them in a system quarantine.

Updated: Jul 29, 2014

Document ID: 118104