What files can be inspected by Sandboxing?

Sandboxing only applies to attachments in Email Messages – it does not inspect files attached to Secure Messages, or shared in DropZone.

Where does File Detonation occur?

MailGate has a pre-filter engine which uses intelligence from previous file analysis to evaluate message attachments locally on the MailGate appliance.

If the attachment is unrecognized and it is necessary to detonate the file, it will be offloaded to a Cloud Sandbox for detonation.

What happens my message while the attachment is inspected?

Email Messages will be detained during the Sandbox inspection.

How long will the Sandbox inspection take?

This will depend on a number of variables, particularly File size and Network Latency.

However, results should generally be available in the order of minutes, or less.

What type of data is sent to the Cloud Sandbox?

MailGate can be configured to operate in 2 ways:

• Hash Live Look up:

This is a quick lookup of the attributes of the file, against a live list in the Cloud Sandbox.

• Full File detonation:

If the Hash Lookup does not return a definitive classification, then the full file can be sent to the Cloud Sandbox for detonation.

Note that email metadata is never passed to the Sandbox. E.g., message attributes such as To, From, Time\Date, Subject, Body content. Etc.

Where is my Cloud Sandbox located?

Axway Sandbox solution has Datacenters in 4 locations: US, Japan, Germany and UK.

If it is necessary to detonate a file, the MailGate pre-filter engine will communicate with the lowest-latency connection Datacenter, which usually is the one within that region.

Is the File retained after detonation?

Both the Sandbox and File are deleted immediately after the detonation of the file.

A hash of the file, along with the result of the detonation, is stored for 30 days and afterwards - permanently erased from the system.

Are there limitations?

Attachments larger than 10MB will never be directed to a Sandbox.

Attachments larger than 15MB will not be scanned.

Nested EML messages will not be traversed.

Authenticated HTTP Proxy blocks Sandstorm API requests.

RAR5 files will not be processed.

What options do I have with files that cannot be processed by Sandbox?

As Sandboxing is integrated with MailGate’s Policy Engine, Administrators can predetermine actions to be applied to such files. E.g., Quarantine, Reject, Strip, etc.