Bug?: Why is my local mail domain excluded in sandstorm?

Hi Sophos Team,


all mails with executable content are excluded in sandstorm. There is no exception. Is this a Bug?

From the smtp log:

"Warning: localdomain.tld profile excludes SANDBOX scan"

regards

mod

Parents
  • Hi mod,

    This log line is caused by your configuration: Dual scan works in a way that the primary engine (which can be selected on WebAdmin under Management > System settings > Scan settings > Single scan engine) will be used to scan your message in SMTP connection time, while the other is run when the message is already accepted by the UTM. Sandstorm is only supported by Sophos scan engine, so in case you have Avira as your primary scanner, Sandstorm scan will not be run by Exim, leading to the log line you mentioned.

    I do agree however that the message itself may lead to confusions, so we might change the description to clear any misunderstandings, thanks for reporting it!

    Niriel~

Reply
  • Hi mod,

    This log line is caused by your configuration: Dual scan works in a way that the primary engine (which can be selected on WebAdmin under Management > System settings > Scan settings > Single scan engine) will be used to scan your message in SMTP connection time, while the other is run when the message is already accepted by the UTM. Sandstorm is only supported by Sophos scan engine, so in case you have Avira as your primary scanner, Sandstorm scan will not be run by Exim, leading to the log line you mentioned.

    I do agree however that the message itself may lead to confusions, so we might change the description to clear any misunderstandings, thanks for reporting it!

    Niriel~

Children