32Guards Sandbox

This feature is available if you have licensed the 32Guards Sandbox.

Supported file types

General

  • Executable files
    • Executable files for Windows
  • Microsoft Office
    • Microsoft Excel (all)
    • Microsoft PowerPoint (all)
    • Microsoft Word (all)
  • Text
    • HTML
    • PDF document
    • PDF document with URLs
    • Rich text format
    • Rich text format with OLE objects
  • Scripts
    • .js
    • .vbs
    • .ps1
  • Archives and compressed files

    • 7Zip-compressed file

    • ACE-compressed files

    • AR-compressed files
    • ARJ-compressed file

    • BZIP2-compressed files

    • GZIP-compressed file

    • RAR-compressed files

    • TAR-compressed files

    • Windows Installer file

    • ZIP-compressed file

    • *.alz

    • *.cab

    • *.z

    • *.zoo

NOTE:

We strongly recommend using an allowlisting approach to content filtering. This recommendation applies in particular to the use of the 32Guards sandbox.

An example: Even if an "Executable file for Windows" is supported by the sandbox, the question arises whether one wants to allow this potentially dangerous file type for one's own company at all. In this case, it makes more sense to generally reject this file type and thus also save the upload to the sandbox.

If a file is classified as unsuspicious by the 32Guards sandbox, the respective email is delivered.

Delivery delay

When a file is uploaded to the sandbox, the email is not accepted in the first step but temporarily rejected so that the sending email server delivers it again. Temporary rejection is used here because the analysis takes a certain amount of time, but this should be completed after around five minutes when the next delivery attempt is made.

This means a delivery delay for the delivery, which must be observed accordingly. Thus, we recommend that you carefully check which files should really be sent to the sandbox. Note the following option if time-critical processes or mailboxes exist in the company:

  • Office documents can be converted into a secure PDF document by Content Disarm and Reconstruction (CDR) if necessary. See Hinweise zu Content Disarm and Reconstruction (CDR).

32Guards Sandbox

Further information

TIP: Read our blog article The Time for Proper Email Firewalls Has Come.

NOTE: The number of complete analyses (sandbox upload) by the 32Guards sandbox is limited to 20 per user and month. The billing is not user-based. For example, with 100 users, a total of 2000 complete analyses can be performed, regardless of how many analyses are performed by each user. We recommend that you configure the filters in NoSpamProxy® so that the 32Guards sandbox only checks emails if they have not already been rejected by upstream filter levels. If the limit is exceeded, additional costs may be incurred.