Mail attachments list

The Mail attachments list widget displays a list of attachments received by the mail server in the network.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

The columns to be displayed in the list can be customized by clicking the additional content icon.

Customize the number of rows to be displayed. The default is 20 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

Each row is a summary of a downloaded file. Click the plus icon (or anywhere on an entry row) to access a detailed view of the attachment.

The list is sorted by score and includes the following fields:

Timestamp

Indicates when the message was received. The time is shown in the currently selected timezone.

Click the sort icon to sort the list by the timestamp.

Sensor

Name of the sensor that detected the message.

Sender

The email address of the sender of the message. This email address may be spoofed.

Recipient

The email address of the recipient of the message.

Subject

The provided subject of the message.

Filename

The filename of the attachment.

MD5

The MD5 hash of the attachment.

Type

The high-level file type of the attachment. Supported types are currently:

  • Archive Archive formats such as ZIP or RAR

  • Document Includes other types of Office documents

  • Executable Binary program formats such as Windows Portable Executable

  • Java Java application or applet

  • Media Macromedia (Adobe) Flash file

  • Other Other recognized file format

  • PDF Portable Document Format files

  • Script An executable script such as JavaScript, Python, and others

  • Unknown Unknown file type

AV Class

A label defining the antivirus class of the attachment. If the label has a tag icon, you can click that for a pop-up description.

Malware

A label defining the malware type of the attachment. If the label has a tag icon, you can click that for a pop-up description.

Score

The score assigned to the attachment by the system analysis indicates the critical level of the detected threat and ranges from 0 to 100:

  • Threats that are 70 or above are considered to be critical.

  • Threats that are between 30 and 69 are considered to be medium-risk.

  • Threats that are between 1 and 30 are considered to be benign.

For details, see Maliciousness score and Risk estimate.

If the stop icon appears, it indicates the artifact has been blocked.

The list is sorted by decreasing order (most critical threats at the top). Click the angle up icon to sort the list in increasing order (least critical threats at the top), then click the angle down icon to toggle back to the default.