Skip to content

Identifying malware in email

The diagram details Coro's malware in email attachment inspection process:

Coro first determines whether the sender or the entire domain from which the email was received is on the Blocklist

  1. If yes, the email is deleted for all protected users. Non-protected users will continue to receive the email, but a ticket is automatically created and closed on the subject. Coro takes no further action.
  2. If no, the email's attachments are scanned for malware. If malware is detected, the email is quarantined immediately and moved to the Suspected folder (offsite from the recipient).

Malware in email attachment inspection process

If the email is malware-free, Coro performs a phishing inspection.