Hi, 

Can it be that Check Point Threat Prevention and Sandblast in MTA doesn't scan "*.msg" attachments inside an email?

I did the following tests:

First Test (Baseline)

I sent a malicious .doc file attached to an email via the MTA 

Result: email is scanned and find malicious by the Gateway AV which is great!

Second Test 

I took the same malicious doc file and attached it to a message. Then I took the message saved it as a .msg file and attached it to another email so the attachment in the mail is .msg and not .doc file. 

Result: when I send the email, it is not scanned by AV or Threat Emulation, file is completly bypassed by AV/TE and arrives at the recipient mailbox with the infected .msg

Is it a configuration issue, a bug or a really simple way to evade Check Point Threat Prevention?

(Mime Nesting is configured on the Threat Prevention profile)