I was looking for documentation about the workflow about the Threat Extraction and Emulation when used with MTA and couldn't find it.
So when an E-Mail arrives, what will be done first and what exactly will then be processed etc.
A visible workflow would help to understand how the System processes incoming E-Mails.
So what happens if we already have a file in the Cache, what happened with the Reputation of an Attachement and how is the verdict decision done?
It would be helpful if someone has any links or documents to answer this...