Hi rsc, Basically Sandstorm is a new feature of the Sophos scanner engine, which has long been part of the UTM. :) With the settings you mentioned, the Sophos engine (with Sandstorm feature enabled) will be used as the primary engine and Avira as the secondary. If "Reject malware during SMTP transaction" is turned on (on the top of the Antivirus tab), this means that Sophos engine will be used in SMTP connection time while if it's turned off, Sophos engine will be used after the message is accepted by the UTM. The secondary scan will always be run after the message is accepted, but only if the primary engine didn't find any malware in the message. Niriel~
↧