Does Zscaler Scan Email Traffic?

Hi All,

Was wondering when forwarding all Traffic and all ports to Zscaler, does it scan email traffic (including email attachments) for Viruses, any malicious content or perform Sandboxing on attachments.

Sandboxing works on HTTP/HTTPS/FTP so if your email traffic is using those protocols and SSL inspection is enabled they you should be good.

I think the Advanced Threat also only works on those protocols. Maybe someone else can confirm this?

The IPS policy works on all protocols so even your POP3 email traffic should be good.

1 Like

Zscaler scans for malware in email attachment e.g. if it is a dropper file or a weaponized doc file. Zscaler doesn’t inspect email natively other than webmail.
But when that file attachment is opened and it is beaconing to download the larger payload – that’s when the IPS will catch it or reputation check will detect the destination or the sandbox will catch the malicious payload inline if it was seen for other users. Beyond that the C2 detection engine will detect any C&C activity. Zscaler uses a Defense in depth approach to mitigate such threats.

1 Like

Appreciate the detailed replay :slight_smile:

1 Like