What is the Libra ESVA QuickSand file sandbox

It is a service that protects from malicious active content in Microsoft Office and PDF files.

Active content is any executable code embedded in the document like macros, javascript code, ActiveX applications.

The QuickSand sandbox runs on the gateway, which means that the files never leave ESVA.

As the name suggests, it is a very quick sandbox: the attachments are analyzed in the same pipeline of the email analysis without additional delays, it is not vulnerable to the sandbox evasion techniques.

The QuickSand sandbox identifies active content inside documents and classifies it based on the behavior. The possible categories are:

safe: active content is present and it does not perform any critical operation in respect to security
suspicious: potentially critical actions are performed by the active content like downloading data from the internet, launching programs, performing actions on the filesystem and so on
indeterminate: active content is present but for technical reasons it’s behavior cannot be categorized with sufficient accuracy
encrypted: the document is encrypted and therefore it is not possible to tell whether there is active content inside

For each of these categories, you can choose what to do with the file:

deliver: deliver the file as is
sanitize and deliver: disarm the active content and deliver the disarmed document
block: do not deliver the file, it will be removed from the email

Not all of these actions are available for all the the categories, for safety reasons. You can also define fallback actions in case the document cannot be sanitized for technical reasons. In this case you can either fallback to deliver or block.

The default actions are what we suggest as the best compromise.

The attached documents are analyzed and cleaned/removed also if they are contained in archives, even if the archives are nested inside other archives.

When a file is either sanitized or blocked, the entire email message is quarantined so that the original version of the file remains available for a release should it be needed.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How the Libra ESVA QuickSand file sandbox works

What is the Libra ESVA QuickSand file sandbox

Related Articles

How to delist a blacklisted IP address

How the Libraesva URLSand sandboxing service works

Products

Industry

Solutions

Resources

Partners

Company

How the Libra ESVA QuickSand file sandbox works

What is the Libra ESVA QuickSand file sandbox

Related Articles

How to delist a blacklisted IP address

How the Libraesva URLSand sandboxing service works

Products

Industry

Solutions

Resources

Partners

Company

WordPress Download Manager