沙箱問題

Albert_Kwok
Albert_Kwok 文章數: 4  Freshman Member
Third Anniversary
防火牆系列
1. 沙箱的操作原理是甚麼?
2. 沙箱報告已將有可礙的郵件消滅, 為甚麼電郵服務器仍收到有關的電郵?
 

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily 文章數: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    答覆✓

    沙箱的操作原理請參考以下說明.

    How Does Sandbox Work ?

    The Anti-Malware examines file for threats before deciding to block or pass to Sandbox 


    If the file is never seen, the device copies and send file to Sandbox 
    - The analysis can take up to 15 minutes, so the device allows the file pass the traffic
    - The device can not block this threat until getting the Sandbox’s feedback  


    The file with threat will be identified once it comes again.
    Once the gateway detect the file again, the gateway can identify the file and take the action based on the previous analysis result on local cache. The gateway doesn’t send the file to Could Sandbox again. The local cache will be deleted when the device reboots.


    請檢查郵件是否符合以下檔案格式, 大小和protocol
    The device just sends most possible infected file to Sandbox to optimize resource usage 
    - File type
    Archives(.zip)
    Executable (.exe)
    MS Office Documents (.doc,.docx)
    Macromedia Flash Data (.swf)
    PDF
    RTF
    - File size
    32KB ≤ File ≤ 8 MB

    Zyxel Sandbox
    - OS type support 
    Windows and mac OSX Operating System

    - Protocol support 
    HTTP, FTP, POP3, SMTP and their equivalent SSL-encrypted versions

All Replies

  • Zyxel_Emily
    Zyxel_Emily 文章數: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    答覆✓

    沙箱的操作原理請參考以下說明.

    How Does Sandbox Work ?

    The Anti-Malware examines file for threats before deciding to block or pass to Sandbox 


    If the file is never seen, the device copies and send file to Sandbox 
    - The analysis can take up to 15 minutes, so the device allows the file pass the traffic
    - The device can not block this threat until getting the Sandbox’s feedback  


    The file with threat will be identified once it comes again.
    Once the gateway detect the file again, the gateway can identify the file and take the action based on the previous analysis result on local cache. The gateway doesn’t send the file to Could Sandbox again. The local cache will be deleted when the device reboots.


    請檢查郵件是否符合以下檔案格式, 大小和protocol
    The device just sends most possible infected file to Sandbox to optimize resource usage 
    - File type
    Archives(.zip)
    Executable (.exe)
    MS Office Documents (.doc,.docx)
    Macromedia Flash Data (.swf)
    PDF
    RTF
    - File size
    32KB ≤ File ≤ 8 MB

    Zyxel Sandbox
    - OS type support 
    Windows and mac OSX Operating System

    - Protocol support 
    HTTP, FTP, POP3, SMTP and their equivalent SSL-encrypted versions

分類

Zyxel Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)