Viewing Quarantined attachments?

[32bitbradley]

Hi everyone, I'm looking into implementing PMG for our business, currently in the testing stages.

I have a quick question that I've not been able to find an answer too.

Is there a way to view/download quarantined email attachments so they can be investigated further?

This would be really useful!

Cheers!

 

[dietmar]

You can download the whole email, which includes the attachments.

 

[32bitbradley]

You can download the whole email, which includes the attachments.

Oh really, that's brilliant!

How would I download the whole email? Is there a button somewhere im not seeing haha?

Cheers again

 

[dietmar]

The current quarantine interface allows you to see the RAW email data, so you can simply copy/paste.

 

[32bitbradley]

The current quarantine interface allows you to see the RAW email data, so you can simply copy/paste.

Thanks, that's great. I can see the file name and extension in the Raw email info. Is there a way I can download the actual file?

For example a quarantined .exe file, can I download the .exe so it can be analysed with Hybrid Analysis?

If not via the web interface, is there a directory that they're restored in so I can use SFTP or SSH to grab a copy?

Really appreciate your help on this!

Cheers

 

[tom]

1. go to the quarantine web interface and select the needed email
2. switch to raw view
3. copy all text and paste into into a new file
4. now you can open this file in your email client, e.g. thunderbird

 

[32bitbradley]

1. go to the quarantine web interface and select the needed email
2. switch to raw view
3. copy all text and paste into into a new file
4. now you can open this file in your email client, e.g. thunderbird

Ah! of course, the attachment is encoded at base64 towards the bottom of the raw email! I never knew that haha!

Thanks for the help both!