Hello,
I haven't find a solution, how can I set a policy that all scanned e-mails that do not contain harmful attachments or content will not be forwarded and remain in the quarantine, but will after the scan, be delivered to the recipient?
Br
Muri
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
If I understand well your request you have an issue like your received e-mails with attachment are all put in quarantine, right? If so then you have probably a misconfiguration in your content profile.
Please share a screenshot of your content profile that is used on the affected policy.
Hello @AEK
we have a policy that when an e-mail has a suspicious attachment or content, then is scanned by fortisandox and moslty all those messages are then quarantined.
is there any option to set the policy so, that when the attachment then is declared as not malicious, that the recipient can get the e-mail message normally delivered?
Br
Muri
Hello,
as from LOG all scanned files seems to be clean at the end of scan:
File name: Tovarnastikalnihnaprav_23.xlsm, detected by Content Filter, filetype executable/vba filename vba in file Tovarnastikalnihnaprav_23.xlsm, attachment scan rule: executable_windows
File name: ODLOČBA 2015.pdf, scanned by Antivirus Scanner(clean), Attachment Filter(clean)
File name: TovarnaStikalnihNaprav_Vprašalnik_22.xlsm, scanned by Antivirus Scanner(clean), Attachment Filter(clean)
File name: Tovarnastikalnihnaprav_23.xlsm(checksum:286ac9f574dc8bc2263d881fd513901cacb19b899aeb38614e3f4beb89671f8d), scanned by Antivirus Scanner(clean), Attachment Filter(detected)
This is the log in FortiMail - mail was caught and scanned by the Attachemnt FIlter and Quarantined
Av profile for this policy is :
Hi Muri
I see the AV profile looks fine, also from logs I don't see the mail is being quarantined, the last 3 lines show that it is sent to the mail server, right?
The idea is to look in logs of a quarantined mail for the reason why it is being quarantined. Can you check for this?
On the other hand did you try to disable FortiSandbox check, or just set scan mode to "Submit only"? This can be useful to check if the mails are (or are not) quarantined because of FSA.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1548 | |
1032 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.