File types
FortiSandbox, by default, supports the following file types:
You can create a custom file type and associate it to an existing VM. Therefore, file type analysis is not limited to just the file types listed in the table above. |
Sometimes input sources send .eml
files to FortiSandbox. For example, FortiMail sends .eml
files to FortiSandbox when the .eml
file is attached inside an email. FortiSandbox parses the .eml
file to extract its attachments and perform file scans.
When sandboxing-embeddedurl
is enabled, the top three URLs inside the email body are extracted and scanned along with the .eml inside the same VM. If the URL is a direct download link, the file is downloaded and sent with the URL to be scanned.
This feature is useful when you want to scan older emails when they are loaded to FortiSandbox, such as through an On-Demand scan or Network Share scan.
By default, FortiMail holds a mail item for a time to wait for the FortiSandbox verdict. Before FortiSandbox scans a file or URL sent from FortiMail, it checks if FortiMail still needs the verdict as FortiMail might have already released the email after time out. If not, FortiSandbox gives the job an Unknown rating and skipped status. Use the CLI command |
To use remote VMs including MACOSX and Windows Cloud VM, you need to purchase subscription service from Fortinet. Files are uploaded to Fortinet Sandboxing cloud to scan according to Scan Profile settings. |