This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sandstorm on UTM-9.4, am I missing something?

Hello,

I'm testing out the new Sandstorm feature for scanning emails. As i understood, the process should be:


1) The Attachment/email is considered at risk and marked "Suspicious"

2) When marked suspicious, the file is checked against an hash database

3) If the Hash database doesn't contain the File's Hash, the file is sent to Sophos for checking

4) After checking a result is returned to the UTM

To test it out, i've emailed an Excel file with macros and the UTM identified it as suspicious (i see it in the sandstorm screen)

but nothing happened afterwards, the file was not blocked and delivered immediately to the user's mailbox. For sure Sophos

didn't have it's hash as i created it myself with some bogus code.

Am i missing something? I expected the file to be send for checking to sophos...

Thanks,

Dave



This thread was automatically locked due to age.
Parents Reply Children
No Data