AnsweredAssumed Answered

SandBlast and links inside email

Question asked by Shahar Grober on Dec 13, 2018
Latest reply on Jan 18, 2019 by Shahar Grober


I have an ongoing case with TAC about emulation of links inside emails 


R80.10 with MTA take 25 


Issue: TE doesn't block Links with PDF inside emails 


Scenario: I took a malicious PDF from the  Threat Emulation POC (


Test #1:  download the malicious file through web browser - AV found it as malicious and blocked the connection (see first log) 


Test #2: I took the same link that I downloaded and copy it to an email and forward it via the MTA - TE emulates the link and finds the email is benign (second log)


I also tried it with other files which are not part of the TE POC. As you can see the file is emulated in the link and is forwarded to the recipient


SK's that I already tried 




I am not sure if it is a configuration issue as TAC managed to reproduce it and cannot find any issue with the TE configuration 


can anyone approve if this feature is working on his environment or can try to reproduce it?