An anti-malware tool must scan files that are attached to an email.
Malicious emails could include attachments disguised as documents, PDFs, e-files, and voicemails.
This requirement is verified in following services
- CIS-9_6. Block unnecessary file types
- CWE™-509. Replicating malicious code (virus or worm)
- MITRE ATT&CK®-M1021. Restrict web-based content
- MITRE ATT&CK®-M1049. Antivirus/antimalware
- FedRAMP-RA-5. Vulnerability scanning
- ISO/IEC 27002-8_7. Protection against malware
- ISSAF-J_4. Network security - Anti-virus system (objective)
- ISSAF-J_6_4. Network security - Anti-virus system (methodology)
- OWASP ASVS-12_4_2. File storage
- SIG Core-D_4_4_4. Asset and information management
- OWASP ASVS-5_2_3. Sanitization and sandboxing
- ISO/IEC 27001-8_7. Protection against malware
- CASA-5_2_3. Sanitization and Sandboxing
- CASA-12_4_2. File Storage
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.