Hi,
In UTM, we scan mail for AV at two places. at
If you want to reject malware at SMTP time use enable "SMTP->malware->Scan During SMTP Transaction".
If this config is disabled then you can find logs like "Skipping SMTP inline AV scan for this message" but, policy time AV scanning is performed. When you check full logs you can find other log lines like " AV: calling CSSD for single scan (engine: PRIMARY)". This scanning logs are pointing av scan perform at policy time (dual / Single).
In short, this is normal behavior.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.