Sandstorm - zero-day (unknown and unpublished) threats - Email
Low
Explanation
Send emails for zero-day protection analysis and specify the maximum file size that can be analyzed.
Resolution
- Go to PROTECT > Email > General settings.
-
Ensure that SMTP deployment mode is set to
Mail Transfer Agent (MTA)
.Note
You are at the MTA mode if you are seeing the Switch to legacy mode button. The legacy mode is not compatible with Sandstorm for Email.
-
Set Sophos as the primary antivirus engine under Malware protection.
- Click Apply.
- Go to PROTECT > Email > Policies and exceptions.
- Open or create your
SMTP route & scan
policy. -
Turn on Malware protection and set the following:
- Drop for the antivirus action
- Notify sender
- Quarantine unscannable content
- 10MB for the scanned file size of Detect zero-day threats with Sandstorm
-
Click Save.
More resources