AnsweredAssumed Answered

Sandblast and .msg attachments

Question asked by Shahar Grober on Nov 15, 2018
Latest reply on Feb 12, 2019 by Benoit Verove



Can it be that Check Point Threat Prevention and Sandblast in MTA doesn't scan "*.msg" attachments inside an email?


I did the following tests:


First Test (Baseline)

I sent a malicious .doc file attached to an email via the MTA 

Result: email is scanned and find malicious by the Gateway AV which is great!


Second Test 

I took the same malicious doc file and attached it to a message. Then I took the message saved it as a .msg file and attached it to another email so the attachment in the mail is .msg and not .doc file. 


Result: when I send the email, it is not scanned by AV or Threat Emulation, file is completly bypassed by AV/TE and arrives at the recipient mailbox with the infected .msg


Is it a configuration issue, a bug or a really simple way to evade Check Point Threat Prevention?

(Mime Nesting is configured on the Threat Prevention profile)