A detailed breakdown of how Attachment Sandboxing handles incoming mail. This article covers how the default policy works, supported attachment types, the queue and sandbox process, and details on the optional email release process.
Default policy vs. custom policy actions
One of the strengths of VIPRE Email Security is its policies, which allow for deep filtering of incoming and outgoing mail, and a slew of actions to perform on those messages. Attachment Sandboxing has a simple predefined default policy which you can enable if you wish.
Note: The default policy for Attachment Sandboxing is initially set to disabled. |
The Sandboxing default policy has one rule, and one action:
- rule: matches on any supported attachment type
- action: sends all matching attachments to the sandbox
Therefore, any email message that contains supported attachment types will be processed, and its attachments are sent to the sandbox for analysis.
Use a custom policy for better filtering
You can change how Sandboxing chooses which email attachments to send to the sandbox by creating and using a custom policy in place of the default policy. Custom policies allow for much more granular filtering of incoming mail and actions taken on that mail.
If you use a custom policy, you must disable the default policy; they cannot operate in tandem.
See Create and Enable a Custom Policy.
Supported attachment types
Sandboxing recognizes attachment extensions based on the MIME type in the message headers.
Attachment types supported by Sandboxing
- Executables: .com, .exe
- Documents: .pdf, .doc, .docm, .docx, .dot, .dotm, .dotx, .rtf
- Presentations: .pot, .potx, .pps, .ppsx, .ppt, .pptx
- Spreadsheets: .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx
- Archives: .zip, .rar
How Sandboxing handles archives
Regardless of extension, all attachments are checked to see if they are archives “disguised” as another file type.
Archives are extracted during sandbox analysis and their contents are processed by the sandbox.
Password-protected archives are not currently supported by the sandbox.
How attachments are processed
Regardless of which policy (default or custom) is enabled, the end result is that the policy sends an attachment for further analysis.
The simplified process is:
- Email attachments are pushed to a sandbox, where they are analyzed
- Attachments with a result of No Risk Found are passed along to the user with the original email
- Attachments that are Suspicious or Malicious are listed in the next scheduled Quarantine Report sent to the user
- Depending on user permissions, the user may be able to release Suspicious attachments from quarantine
- Malicious attachments can not be released from quarantine
For additional details, see