This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Howto use Extension blocking for Office documents the right way?

Hi,
due to current threads like Locky etc, we want to block all incoming Office documents by file extension. 

I've tested this with a simple BAT file which I've send to myself - of course from an external email domain.
As expected it get's quaratined cause of extension (BAT).

Now, we want to give the users a possible solution to still receive Office documents by email - we'd like to go the way Sophos recommends in his Whitepaper.
(Link for the German version: web.sophos.com/.../92aaef928aee3e5ff8216622c999157c.pdf

Excerpt of the relevant part in German:
Alternativ kann er den Geschäftspartner bitten, zukünftig alle Dokumente in ein passwortgeschütztes ZIP-Archiv einzupacken, dessen Passwort beide während dieses Gespräches ausmachen. Solche passwortgeschützte ZIP-Archive werden nie in E-MailQuarantäne gestellt,

Which is (roughly) in english:
The email sender should take all Office documents and ZIP them in an encrypted file. The password should be told by phone. Those ZIP-encrypted archives will never be sent to Quarantine...

But they will!

I took the same mentioned BAT file and zipped it - blocked reason Extension (BAT)
Same file zipped in an encrypted archive - same result, blocked with reason Extension (BAT).

Finally I've put the file in a folder and zipped the folder with an encrypted ZIP - same result :(

Is this a bug? And the UTM does not really decrypt the archive, but looks into the contained files?
How should one achieve what Sophos recommends?

Or am I completely looking in the wrong direction?


Thanks for hints and ideas.

BR
Michael

BTW: We are using Sophos UTM 9 (9.355-1) Appliance with Fullguard Subscription.



This thread was automatically locked due to age.
Parents Reply Children