Detection s of CXmail/OleDl-AF on Office documents (June 5th 2019)

Sophos is aware that starting today (June 5th) a limited amount of customers have reported detections of CXmail/OleDl-AF. This detection is affecting Office documents (e.g. Excel, Word) that have macros and are being sent via email.

The CXmail/OleDl detection is designed to identify malicious office documents that are sent via email, a recent change to this detection has caused some false positives to occur. A fix for this was published at 11:14 UTC June 5th in the identity: rans-flr.ide.

If you are experiencing this issue please ensure your Sophos products are using the latest update: Sophos products: How to check if the product is up to date

Applies to the following Sophos product(s) and version(s)

Sophos Endpoint/Server and Email products.

The issue has been resolved.

If you are still experiencing issues please check your Sophos product is up to date: Sophos products: How to check if the product is up to date

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.


  • No Related Posts

Leave a Reply