E-Mail Analyzer FAQ

Frequently asked questions about function and interpretation of results

How does the IS-FOX E-Mail Analyzer work?

Each e-mail sent for analysis is tracked in our ticket system, broken down into individual analysis elements (links and attachments) and examined in detail in a multi-stage analysis process.

In the individual analysis steps, risk points are assigned for certain anomalies. At the end, these points are summed up and result in the threat score.

Depending on the threat score, the element then gets the result.

E-Mail Analyzer mode of operation

Can I click on an element with the result 'no anomalies'?

Legally, we can never guarantee to find really every malware and phishing attack. Nor can airbag manufacturers give you a guarantee that you will survive every accident, although the probability with airbags increases tremendously.

Therefore, let's put it this way: there is always a remaining risk, no matter in which area of life. By using the E-Mail Analyzer, you have already performed a very good technical check. In a second step you should use your common sense: does the whole e-mail make sense at all? If you work in the HR department and receive an application as a PDF, it makes sense. If you work in the accounting department, a speculative application is rather unusual. And the uncle from Nigeria, who wants to give you 1 million EUR if you only open the attachment, is so unrealistic that you should not open an attachment even if it shows 'no anomalies'.

What does the result 'suspicious' mean?

As mentioned earlier, we determine a threat score for each element. Above a certain threshold we report 'suspicious'.

This threat score can be caused by a well-camouflaged malware, but it could also be a harmless file that attracts attention through its behavior. For example, PDFs or documents can download images or data from the Internet. This can be an 'unfortunate' or maybe even intentional embedding, but it could also be malicious code behind it. Therefore, such behavior results in a 'suspicious'.

It is better not to click on such links and files, but to ask the sender (if known) what is inside the file, because your security analysis issues a warning message.

Is an element classified as 'malicious' really dangerous?

Short and sweet: Yes. At least one analysis step has produced this result, for example because the element has already been recorded as malicious by other sources or because our analyses of machine learning and sandbox behavior have revealed a correspondingly high threat score. In any case, keep your hands off these elements, the error rate is very low.