Hello,
I'm testing out the new Sandstorm feature for scanning emails. As i understood, the process should be:
1) The Attachment/email is considered at risk and marked "Suspicious"
2) When marked suspicious, the file is checked against an hash database
3) If the Hash database doesn't contain the File's Hash, the file is sent to Sophos for checking
4) After checking a result is returned to the UTM
To test it out, i've emailed an Excel file with macros and the UTM identified it as suspicious (i see it in the sandstorm screen)
but nothing happened afterwards, the file was not blocked and delivered immediately to the user's mailbox. For sure Sophos
didn't have it's hash as i created it myself with some bogus code.
Am i missing something? I expected the file to be send for checking to sophos...
Thanks,
Dave
This thread was automatically locked due to age.
