How do you keep the original attachments with DeepCDR enabled?
- This article applies to all MetaDefender Core v5 and Email Gateway Security versions
Summary:
Some users may want to retain original email attachments without sanitization by DeepCDR, while still obtaining analysis reports from EGS or CES. Enabling Analysis Mode on DeepCDR is the recommended solution for this use case.
Cause:
When DeepCDR is configured to sanitize based on detected file types, attachments are sanitized by default.

Solution:
Quarantine original email in EGS Security Rules
By default, a copy of the original (unsanitized) email is stored in Quarantine, even when analysis mode is disabled. You can adjust this behavior using the 'Quarantine Original Email' option in the security rule.

Quarantine report emails
Email Gateway Security sends a list of emails of the recipient, that have been quarantined since the last report (if this is the first quarantine report, then the list contains all quarantined emails of the recipient) in a quarantine report email.

For each entry in the quarantine report email there is an Actions link that directs the recipient to Email Gateway Security's Quarantine page for actions on the quarantined email.

Depending on the configuration at the organization, the quarantine actions page currently supports the following actions on quarantined emails:
- Rescan quarantined email: scan the email again as with updated engines the outcome may be different.
- Delete quarantined email: permanently delete the email from the quarantine.
- Deliver quarantined email: release the potentially malicious email from the quarantine.
Users can release potentially malicious emails from the quarantine using Deliver quarantined email action. For this reason this action is usually not enabled for recipients.

For further details about quarantine reports see Quarantine reports.
Using Analysis Mode from MD Core (without Quarantine original email in EGS)
To allow recipients to receive original attachments while maintaining visibility into scan results:
- Enable Analysis Mode on MetaDefender Core (DeepCDR). This will skip sanitization but still perform a full file analysis.
- In MetaDefender Email Security (EGS/CES), admins can continue to monitor and audit scan results in the dashboard.

Result in EGS for audit:

Scan results will still be logged and visible to the admin.

Recipients will receive the original, unsanitized attachments.

If you require further assistance, please follow these instructions on How to Create Support Package?, before creating a support case or chatting with our support engineer.