Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
cysaw
Staff & Editor
Staff & Editor

Created on ‎06-03-2025 10:11 PM Edited on ‎06-03-2025 11:30 PM By Staff

Article Id 394800

Technical Tip: Configuration for the 'UNSEEN' error in FortiMail’s log

Description This article provides the best configuration for the 'UNSEEN' error in FortiMail’s log.
Scope FortiMail.
Solution

If the error below is observed in the FortiMail’s cross-search log, it might be due the duration of the FortiSandbox Scan timeout in the FortiMail being too short for the FortiSandbox to complete the file scanning and return the result to FortiMail:' Email [Session ID] is expired, 30 queries made, UNSEEN: File <File name>, 600s used'.

 

Snipaste_2025-06-04_14-18-44.png

 

Below are the scenarios for the issue:

  • FortiSandbox tracer and rating engines update.
  • FortiSandbox is busy with high-pending jobs.

 

In FortiMail, navigate to System -> FortiSandbox to configure the scan timeout to 30 minutes because 30 minutes is the recommended value for the FortiSandbox to complete the URL/File scanning.


cysaw_0-1748997894077.png
297
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.