How Sandboxing works in SpamTitan
Using a pre-filter that is more aggressive than the normal AV engine, Bitdefender Antivirus determines if an email attachment should or should not be sent to the sandbox. If the engine recommends an attachment be sent to the sandbox, the following occurs:
If the email would not otherwise have been blocked by any other means, SpamTitan uploads the attachment to the sandbox where it is assigned a job identifier.
SpamTitan queries the sandbox every fifteen seconds (for up to twenty minutes) to see if the job is complete. During this period, the message delivery status in History is 'Sent to Sandbox'.
If no result is returned after twenty minutes, the file is marked as clean and the email passed.
If the sandbox returns that the attachment contains malware, the email is blocked as a virus with the virus name assigned as ATP.Sandbox. The message will be listed under Viruses in the relevant Quarantine report.
Tip
You can view emails that have been sandboxed by filtering them in History. Go to Reporting > History > Mail Filters and check 'Sandboxed'.
If a message blocked as spam is released and it was originally marked as 'Sent to Sandbox', upon release SpamTitan will re-scan the message against the Bitdefender Antivirus engine. This may result in the message getting blocked or being sent to the sandbox.