Skip to content

Sandstorm - zero-day (unknown and unpublished) threats - Email

Low

Explanation

Send emails for zero-day protection analysis and specify the maximum file size that can be analyzed.

Resolution

  1. Go to PROTECT > Email > General settings.
  2. Ensure that SMTP deployment mode is set to Mail Transfer Agent (MTA).

    Note

    You are at the MTA mode if you are seeing the Switch to legacy mode button. The legacy mode is not compatible with Sandstorm for Email.

  3. Set Sophos as the primary antivirus engine under Malware protection.

  4. Click Apply.
  5. Go to PROTECT > Email > Policies and exceptions.
  6. Open or create your SMTP route & scan policy.
  7. Turn on Malware protection and set the following:

    • Drop for the antivirus action
    • Notify sender
    • Quarantine unscannable content
    • 10MB for the scanned file size of Detect zero-day threats with Sandstorm
  8. Click Save.

More resources