This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Still no extension blocking within zip files?

I hope i am wrong,, I really do, but could it be true that in 2015 UTM still can not check for blocked extensions (no i am not talking about mime types i am talking about stupid simple extensions like .js) inside zip archives? This was announced for 9.300. Seems to me the announcement was wrong and only covers mime types. PLEASE tell me i am wrong. Best, Joerg

This thread was automatically locked due to age.

Emily over 8 years ago

Unfortunately this is still the case, files within archives (e.g. zip files) will not be scanned for blocked file types or blocked extensions.

Instead you would need to use MIME types to block inside archive files. Once this is enabled you would also need to enable 'MIME Blocking Inspects HTTP Body' under Web Protection > Filtering Options > Misc.
Cancel
Vote Up 0 Vote Down

Cancel
JoergRiether over 8 years ago in reply to Emily

Emily,

thanks for the answer. Albeit is does not help at all. The bad guys will not follow your "standards" i guess.

This has to be taken care of NOW! It is an impossible situation that the UTM still can´t handle such basic tasks.

Best,
Joerg
Cancel
Vote Up 0 Vote Down

Cancel
JoergRiether over 8 years ago in reply to JoergRiether

ähm. Anyone at Sophos like to comment on this? I find this is an impossible situation!
Cancel
Vote Up 0 Vote Down

Cancel
JoergRiether over 8 years ago in reply to JoergRiether

and why was this thread moved to web protection? it belongs to mail protection.
Cancel
Vote Up 0 Vote Down

Cancel
vilic over 8 years ago in reply to JoergRiether

Moderators, please move this thread to Mail protection forum.

I can confirm that behavior, having the Sophos PureMessage for Exchange behind the UTM at one of my clients catching everything that UTM missed:
Cancel
Vote Up 0 Vote Down

Cancel
Scott_Klassen over 8 years ago

moved

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
JoergRiether over 8 years ago in reply to Scott_Klassen

Sophos, this has to be solved/implemented NOW, it is not only very dangerous, it is embarrassing.
Cancel
Vote Up 0 Vote Down

Cancel
Scott_Klassen over 8 years ago

"Anyone at Sophos like to comment on this? I find this is an impossible situation!" Emily is a Sophos employee and she did Joerg. :) Devs and those who can get development time aren't on these forums. You'd need to take this to the feature request site at http://feature.astaro.com. I know it's already on there somewhere, just add votes. Other than that, if you're a reseller, you can contact your channel manager to discuss. If a paid license user, you can contact your reseller to contact their channel manager.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
JoergRiether over 8 years ago in reply to Scott_Klassen

Hi Scott,

the feature request is there for a long time (feature.astaro.com/.../3263802-av-scan-for-file-extensions-within-zip-files).

We already contacted sales and support. Multiple times.

Now - only place left to tell Sophos this is an impossible situation is this place ;-)

What makes me very angry is the releases notes of 9.3. They say:

#True-File-Type Detection
#In our web and mail proxy we now traverse archive files (zip, rar, etc.) to detect the types of files inside. This
#allows granular policy enforcement based on file types included in an archive rather than blocking archive
#files in general.

And that is just not true. Not for ANY mail, just for some where the MIME stuff fits just right for the Sophos logic. And we are in 2015.

Again: This is an impossible situation!

Best,
Joerg
Cancel
Vote Up 0 Vote Down

Cancel
JoergRiether over 8 years ago in reply to Scott_Klassen

Oh wow. I just wrote a long answer and the board says i am on moderation now - my post has to be freed by a moderator.
Cancel
Vote Up 0 Vote Down

Cancel