We are wondering if AMP Advanced Malware Protection scans email attachments? Lets consider two scenarios. One scenario is the email is flowing unencrypted. The other is encrypted email server connection.
The MX Security Appliance will block HTTP-based file downloads based on the disposition received from the AMP cloud. If the MX receives a disposition of malicious for the file download, it will be blocked. If the MX receives a disposition of clean or unknown, the file download will be allowed to complete.
The supported file types for inspection are:
MS OLE2 (.doc, .xls, .ppt) MS Cabinet (Microsoft compression type) MS EXE ELF (Linux executable) Mach-O/Unibin (OSX executable) Java (class/bytecode, jar, serialization) PDF ZIP (regular and spanned)* EICAR (standardized test file) SWF (shockwave flash 6, 13, and uncompressed)
* This includes the inspection of XML-based Microsoft Office file types (.docx, .xlsx, etc...).
If you wanted to scan email attachments specifically for file disposition, your best bet would be to look at using a Cisco Email Security Appliance or Cloud Email Security, both of which will allow you to layer on AMP.