Thread Info
  • Locked Locked
  • Replies 16 replies
  • Subscribers 8 subscribers
  • Views 45250 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Still no extension blocking within zip files?

JoergRiether
I hope i am wrong,, I really do, but could it be true that in 2015 UTM still can not check for blocked extensions (no i am not talking about mime types i am talking about stupid simple extensions like .js) inside zip archives? This was announced for 9.300. Seems to me the announcement was wrong and only covers mime types. PLEASE tell me i am wrong. Best, Joerg


This thread was automatically locked due to age.
Parents
  • Unfortunately this is still the case, files within archives (e.g. zip files) will not be scanned for blocked file types or blocked extensions.

    Instead you would need to use MIME types to block inside archive files. Once this is enabled you would also need to enable 'MIME Blocking Inspects HTTP Body' under Web Protection > Filtering Options > Misc.
  • in reply to Emily

    Hello!

    It's simple business task: block all JS inside ZIP (mail protection).

    It is really a new epidemic - JS downloaders that run encryption-virus. Endpoint AV don't help..., because it's 'legal' encryption. 

    JS looks like DOC, and users just click on it, especially in targeted attack.

  • in reply to AlexanderPopov

    It´s unbelievable Sophos has not covered this by now. It´s really unbelievable.

  • in reply to JoergRiether

    Hello Joerg,

    did you already take a look into this? Pretty interesting.

    http://noxxi.de/research/sophos-utm-webprotection-bypass2.html

    I am really missing the documentation  about this "weaknesses" in the utm. I think its no good advertisement to get to know about this information on different websites (I also created an own thread for this), but not on the official sophos site. In this case im pretty disappointed about the way sophos cares about this... To put that into relation to other arguments: When someone is talking about feature requests for certain things, I´ve often read, that this or that feature will not be implemented for security reason, because it doesn´t fit into the product philosphy. I think theres somethong wrong in here...

    Regards

    Sebastian

  • in reply to seroal

    Sebastian,

    yeah - as I said - i find that unbelievable!

    I can tell you what I am doing: I do SMTP- and HTTP-chaining and put another good Multi-Engine AV Product behind our UTM. That catches all the configured attachments the UTM would let pass.

    Sophos HAS TO come around with a solution! This is no rocket science! The situation now - with SMTP only MIME types filtering by extensions within archives - to be honest - that makes me really sad.


    Thanks
    Joerg


  • in reply to JoergRiether

    Hi,

    out of my support case, I got this information: It´s a bug: Bug ID NUTM-3505

    But so far no date, when it will be solved....

Reply Children
No Data
Unfiltered HTML