If an email has been prevented due to a Threat Emulation detection, what is the most efficient way (if any) of releasing the email so that it will be delivered to the end user?
I can think of the first two steps being:
- Whitelist the MD5 of the file in the Threat Prevention policy.
- Remove the hash from the tecli cache.
But I'm not sure if it's possible to then reprocess the email, I would think this is possible due to the fact that Postfix can do this.
Any questions just shout.