Hi,
Can it be that Check Point Threat Prevention and Sandblast in MTA doesn't scan "*.msg" attachments inside an email?
I did the following tests:
First Test (Baseline)
I sent a malicious .doc file attached to an email via the MTA
Result: email is scanned and find malicious by the Gateway AV which is great!
Second Test
I took the same malicious doc file and attached it to a message. Then I took the message saved it as a .msg file and attached it to another email so the attachment in the mail is .msg and not .doc file.
Result: when I send the email, it is not scanned by AV or Threat Emulation, file is completly bypassed by AV/TE and arrives at the recipient mailbox with the infected .msg
Is it a configuration issue, a bug or a really simple way to evade Check Point Threat Prevention?
(Mime Nesting is configured on the Threat Prevention profile)