Setup

MGMT Server : Open Server

Security Gateway : 15600

TE Appliance

MTA : Enabled

Requirement : Our requirement is that Threat Emulation or Antivirus should drop the mail if any other or unknown extension is attach in the mail. (Currently Checkpoint TE and AV blade support more than 90 file type [AV] and 65 file type by [TE] )

Seanario1 :  Our case we change the extension of malicious file to any known extension as listed on above and send a mail and here AV is able to block the mail.

Seanario2 : Suppose I change the  extension to any other or unknown extension of that malicious file then here AV is not able to block that mail. 

Example : File Name : samples.tar (malicious file)

INTERNET ---->  MAIL (samples.tar mail attatchment ) ----->  BLOCK by TE

INTERNET ---->  MAIL (samples.tar.pdf mail attatchment ) ----->  BLOCK by TE  (just changing the extension)

INTERNET ---->  MAIL (samples.tar.mht mail attatchment ) ----->  Allow and not able to find any log  (just changing the extension)

INTERNET ---->  MAIL (samples.tar.der mail attatchment ) ----->  Allow and not able to find any log 

NOTE : We update the TE engine to version  58.990000298. (sk92509)

Installed latest jumbo Take_33  with MTA take_24.

As per the sk121097 (Last update on 25-Oct-2017 )

Threat Emulation is not scanning files if their extension was changed to unsupported file type is an expected behavior.

# Chinmaya Naik