I have a strange problem on a customer's XG210 (SFOS 18.0.5 MR-5-Build586). We have been granulating the Filetype-Filter in the E-Mail Protections Mailpolicy. We recently added the MIME-Types for Macro-Enabled officefiles to the Filter
application/vnd.ms-word.document.macroEnabled.12, application/vnd.ms-word.template.macroEnabled.12, application/vnd.ms-excel.sheet.macroEnabled.12, application/vnd.ms-excel.template.macroEnabled.12, application/vnd.ms-excel.addin.macroEnabled.12, application/vnd.ms-excel.sheet.binary.macroEnabled.12, application/vnd.ms-powerpoint.addin.macroEnabled.12, application/vnd.ms-powerpoint.presentation.macroEnabled.12, application/vnd.ms-powerpoint.template.macroEnabled.12, application/vnd.ms-powerpoint.slideshow.macroEnabled.12, application/vnd.ms-powerpoint.slide.macroEnabled.12
This list here is regarding the MIME-Types for Post Office 2007 Macro-Enabled Filetypes which works accordingly. Now I wanted to Add the Pre-2007 filetypes, which didn't differentiate between Macro-Enabled File and Non-Macro-Enabled filetypes. Since this is an old standard I added the MIME-Types as well to be filtered:
But when I do this post Office 2007 Filetypes, that are not macroenabled are beeing filtered too. These Filetypes are pptx, docx and xslx. I tested thoroughly by creating new Testfiles and als checking the MIME-Type manually with Tools.
They were recognized as the following, which are obviously different.
Is this a known bug? I couldn't find anything regarding this Problem. I already contacted Sophos Support, but it's rather exhausting, since they still don't understand my issue and I don't want to waste anymore time.
Thanks in advance for your help!
my ticket got escalated to a Global Escalation Specialist. After I told him I would try to update the appliance, he said that an update would probably not help. This problem was already…
Thank you for contacting the Sophos Community.
Could you please share the Case ID you open with us, so I can see what has been done.
sorry for the late reply. I was in contact with Sophos Support now and i think we have managed to clear up any misunderstandings. The CaseID: 04259550
I provided Sophos Support access to the Appliance. Currently I am waiting for a reply.
Thank you for the Case ID, I reach out to the engineer assigned to the case to update you.
i got answer from Support. This issue seems to be fixed with 18.5.1 which released during my open Case. I will install the new release, check if the issue is resolved and give an update. Thanks in the meanwhile for your help!
Thank you for taking the time to update the community.
my ticket got escalated to a Global Escalation Specialist. After I told him I would try to update the appliance, he said that an update would probably not help. This problem was already discussed with development but rejected according to him. The following workaround helped me:
Adding the MIME-Types for all Office Files (legacy and modern Office-MIME-Types) to the Filefilter.
Select the modern OfficeFiles-MIME-Types in the MIME-Whitelist.
Somehow Sophos does recognize the right MIME-Type, but for whatever reason is also checked against the MIME-Types of Legacy Office Files. Adding them to Exceptions (Whitelist) stops processing of the files and will then not filter them.