We are wondering if AMP Advanced Malware Protection scans email attachments? Lets consider two scenarios. One scenario is the email is flowing unencrypted. The other is encrypted email server connection.
Your input is appreciated.
Thank you, Jordan
The MX Security Appliance will block HTTP-based file downloads based on the disposition received from the AMP cloud. If the MX receives a disposition of malicious for the file download, it will be blocked. If the MX receives a disposition of clean or unknown, the file download will be allowed to complete.
The supported file types for inspection are:
MS OLE2 (.doc, .xls, .ppt)
MS Cabinet (Microsoft compression type)
ELF (Linux executable)
Mach-O/Unibin (OSX executable)
Java (class/bytecode, jar, serialization)
ZIP (regular and spanned)*
EICAR (standardized test file)
SWF (shockwave flash 6, 13, and uncompressed)
* This includes the inspection of XML-based Microsoft Office file types (.docx, .xlsx, etc...).
@Dashboard_DJthis means that SMTP traffic would NOT be inspected, correct? In other words, AMP file scanning is limited to traffic on port 80?
My understanding is that it does - provided that the communications are not encrypted.
Only if it were on port 80 (so webmail).
If you wanted to scan email attachments specifically for file disposition, your best bet would be to look at using a Cisco Email Security Appliance or Cloud Email Security, both of which will allow you to layer on AMP.