MessageLabs Passive Screening causing false positives on click through

I need a solution

We have several customers that receive emails from various sources that require tracking of clicked URL’s by end users.

These domains and IP’s were whitelisted and everything worked well as Messagelabs passed the emails through as expected.

Now the release of the Passive Screening feature has been introduced, these links are now being clicked/activated by the sandboxing/scans and causing many headaches.

This Passive Screening ignores whitelisting and scans/opens every link it appears – is this correct?

How can they get MessageLabs to bypass passive screening for whitelisted domains/IP’s?  

This is such an issue, several are looking to move to Mimecast or similar.

Within ForcePoint’s email sandbox environment you can configure:





Image files sending to sandboxing from CAS

I need a solution


I noticed that CAS isn’t sending image files “ipeg, ipg, png” to MAA for sandboxing, even with configuring sandbox threashold with value 0, which means sending all files to sandboxing.

Also, I tried manual image file scanning and I got the result expect sandboxing = false.

ICAP/1.0 204 No modifications needed
X-Apparent-Data-Types: JPG
X-ICAP-Metadata: { “expect_sandbox”: false }
Service: CAS
Service-ID: avscanner
ISTag: “5A9552CC”
Encapsulated: null-body=0
Date: Tue, 27 Feb 2018 12:53:45 GMT

I tried adding the extension on CAS sandboxing settings with no added value.

any Ideas why the image files aren’t sent to sandboxing.

Thanks in advance,