How many level of nested attachments are malware scanned by ESS? For example, if an email has attachment, *.eml file, and which has an attachment, *.eml, and so on, how many level of attachments will be scanned? Cynic function is not in use.

Email Security.cloud

STARGate will extract 10 levels of nested .eml.

This is a scan configuration for STARGate that is configured by the integrating application. The default under the hood is 10 levels deep but it depends what ESS/SymScan configures STARGate as. ESS uses the default configuration of STARGate, i.e. 10 levels. For UNC / Skeptic, ESS will decompose to 20 layers.

Note that from STARGate's perspective, .eml is a container, just like zip.