AnsweredAssumed Answered

SandBlast and links inside email

Question asked by Shahar Grober on Dec 13, 2018
Latest reply on Jan 18, 2019 by Shahar Grober

 

I have an ongoing case with TAC about emulation of links inside emails 

 

R80.10 with MTA take 25 

 

Issue: TE doesn't block Links with PDF inside emails 

 

Scenario: I took a malicious PDF from the  Threat Emulation POC (http://poc-files.threat-cloud.com/demo/poc/)

 

Test #1:  download the malicious file through web browser - AV found it as malicious and blocked the connection (see first log) 

 

Test #2: I took the same link that I downloaded and copy it to an email and forward it via the MTA - TE emulates the link and finds the email is benign (second log)

 

I also tried it with other files which are not part of the TE POC. As you can see the file is emulated in the link and is forwarded to the recipient

 

SK's that I already tried 

sk109573

sk115313

 

I am not sure if it is a configuration issue as TAC managed to reproduce it and cannot find any issue with the TE configuration 

 

can anyone approve if this feature is working on his environment or can try to reproduce it?

Outcomes