Hello, I'm testing out the new Sandstorm feature for scanning emails. As i understood, the process should be: 1) The Attachment/email is considered at risk and marked "Suspicious" 2) When marked suspicious, the file is checked against an hash database 3) If the Hash database doesn't contain the File's Hash, the file is sent to Sophos for checking 4) After checking a result is returned to the UTM To test it out, i've emailed an Excel file with macros and the UTM identified it as suspicious (i see it in the sandstorm screen) but nothing happened afterwards, the file was not blocked and delivered immediately to the user's mailbox. For sure Sophos didn't have it's hash as i created it myself with some bogus code. Am i missing something? I expected the file to be send for checking to sophos... Thanks, Dave
↧