Fortinet Community

angie1996 · ‎02-22-2021

Good day * There are emails that the FORTISANDBOX has classified as high risk, low risk, malicious; However, FORTIMAIL is classifying it as 'Not Spam' or 'Safe System', despite the severity it presents, it is letting it pass. What is the reason that FORTIMAIL has accepted it, despite the severity that FORTISANDBOX classified it? The logs were reviewed and they do not indicate if the email is malicious or high risk. The domains or emails that are included in the "safe list" of FORTIMAIL, are not going to perform any scan analysis? because in the logs it is observed that despite the severity they are letting FORTIMAIL pass.

abelio · ‎02-23-2021

Hi,

whitelisting domains or address is a last resource strategy, not a toy to play with.

Is important to solve email traffic using the several antispam layers available.

If fortisandbox is well integrated and configured with fortimail, an infected email will not pass.

But, if you whitelist domains or e-mails addresses widely, all your efforts will be, literally, wasted

regards

__ Abel

angie1996 · ‎02-23-2021

gracias por su respuesta amigo. Por lo que me dices, entiendo que si los dominios estan en la lista blanca a pesar que el fortisandbox los catalogue como peligrosos, entonces el fortimail los dejara pasar porque estan incluidos en la lista blanca del fortimail por lo tanto no toma ninguna accion. estoy en lo correcto?

Fortinet Community

Emails that were considered "high risk" in Fortisandbox, Fortimail is letting it go.