Messaging Gateway

Hi,

I want to download the attachement in a qurantined message before releasing it.

In fact I want to analyse the email in virustotal.com.

Is that possible?

Thanks

Hi,

Yes (1) - open the quarantined mail, download the attachment and upload to virustotal.

Yes (2) - on action of quarantine archive a copy of the message to a directory on your mailservers or using a honeypot

Yes (3) - but only by using the unsopported way via support-user.

Regards

Thomas

Hi,

Thanks for your answer, but to be honest I haven't got you.

Yes (1) - open the quarantined mail, download the attachment and upload to virustotal.

There is no "download attachement" option in the quarantine section.

Yes (2) - on action of quarantine archive a copy of the message to a directory on your mailservers or using a honeypot

There is no such option in the quarantine section.

Yes (3) - but only by using the unsopported way via support-user.

Could you please explain further?

It would be great to drop a screenshot.

Thanks

Hi,

ad 1 - ok, i'm only using incident folders and you can view the caught mail and you can click on the malicios attachment ... not my prefered of analyzing

ad 2 - action in content rules you will find the option to archive the message. by selecting it a new window opens up and gives you the option to forward to any honeypot, or send it to a receive connector which just drops the mail to a queue ...

ad 3 - ssh to your cc, set-support is documentented e.g. here https://support.symantec.com/en_US/article.TECH235117.html

Then explore the dirs /data/bcc/work/cfi/...

BUT BE CAREFUL - linux knowledge is a must! And dont call support after that if you broke something!

Thomas

Many Thanks Thomas.

Second options looks the most hany one to me. Hope things get easier in next releases.