Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Muri
New Contributor III

[FortiMail] message with scanned attachment always ends in the quarantine and is not released

Hello,

I haven't find a solution, how can I set a policy that all scanned e-mails that do not contain harmful attachments or content will not be forwarded and remain in the quarantine, but will after the scan, be delivered to the recipient?

 

Br

Muri

6 REPLIES 6
AEK
SuperUser
SuperUser

Hello

If I understand well your request you have an issue like your received e-mails with attachment are all put in quarantine, right? If so then you have probably a misconfiguration in your content profile.

Please share a screenshot of your content profile that is used on the affected policy.

AEK
AEK
Muri
New Contributor III

Hello @AEK 

 

we have a policy that when an e-mail has a suspicious attachment or content, then is scanned by fortisandox and moslty all those messages are then quarantined.

is there any option to set the policy so, that when the attachment then is declared as not malicious, that the recipient can get the e-mail message normally delivered?

 

Br

Muri

AEK

  • When the mail is quarantined is it because FortiSandbox returns that the scanned file is malicious, high risk, low risk, ...?
  • Can you share a screenshot of the antivirus profile you are using in the affected policy?
  • What you see in the log of the quarantined mail (monitor > log)? There you can click on the mail session id to see more details and why it was blocked.
AEK
AEK
Muri
New Contributor III

Hello,

 

as from LOG all scanned files seems to be clean at the end of scan:

 

File name: Tovarnastikalnihnaprav_23.xlsm, detected by Content Filter, filetype executable/vba filename vba in file Tovarnastikalnihnaprav_23.xlsm, attachment scan rule: executable_windows
File name: ODLOČBA 2015.pdf, scanned by Antivirus Scanner(clean), Attachment Filter(clean)
File name: TovarnaStikalnihNaprav_Vprašalnik_22.xlsm, scanned by Antivirus Scanner(clean), Attachment Filter(clean)
File name: Tovarnastikalnihnaprav_23.xlsm(checksum:286ac9f574dc8bc2263d881fd513901cacb19b899aeb38614e3f4beb89671f8d), scanned by Antivirus Scanner(clean), Attachment Filter(detected)

 

This is the log in FortiMail - mail was caught and scanned by the Attachemnt FIlter and Quarantined

2024-04-09_07h41_34.png

Av profile for this policy is :

 

Muri
New Contributor III

2024-04-09_07h47_10.png

AEK
SuperUser
SuperUser

Hi Muri

I see the AV profile looks fine, also from logs I don't see the mail is being quarantined, the last 3 lines show that it is sent to the mail server, right?

The idea is to look in logs of a quarantined mail for the reason why it is being quarantined. Can you check for this?

On the other hand did you try to disable FortiSandbox check, or just set scan mode to "Submit only"? This can be useful to check if the mails are (or are not) quarantined because of FSA.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors