Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 3 subscribers
  • Views 18713 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail Protection from Malicious file under Zip.

AIZAZSHAIKH

Hello team due to lack of this zip file scan and block malicious file feature in sophos UTM we have faced very huge damage in our LAN network where some one has sent us an email with malicious JavaScript file inside Zip file. May i know when or what is expected date that we can scan and block malicious or virus infected file which we receive some time through email as Zip attachment.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Aizaz,

    Greetings.

    Sophos UTM v9.3 and later does support this feature. Web and Email proxy can scan archive files (zip, rar, etc.). This allows granular policy enforcement based on file types included in an archive rather than blocking archive files in general.

    You can refer this link for further information.

    https://blogs.sophos.com/2014/11/10/sophos-utm-advantage-9-3-is-coming-soon-find-out-whats-new-2/

    If the ZIP file is password protected, then UTM's AV scan will be unable to deep inspect such files.

    Hope that helps.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello Sachin, i have gone through multiple time on above article which has release on the date of 10-11-2014 where under "Other New Features" column article says "True-File-Type Detection: In our web and mail proxy we now traverse archive files (zip, rar, etc.) to detect the types of files inside. This allows granular policy enforcement based on file types included in an archive rather than blocking archive files in general" but requesting  you that kindly go through below Sophos article which is on going "https://community.sophos.com/products/unified-threat-management/f/56/t/15972" and one of your Sophos team member has commented on the date "

    Replied: 10 Dec 2015 3:24 PM" that still this issue has been not resolved and still this article is open as you can check on 2nd page of this article where user has commented on 16/March/2016.

    From your end i just want that if this is possible with version 9.3xx than kindly provide us the doc or ref. link using which we can achieve this requirement.


     

  • 0 in reply to AIZAZSHAIKH

    Hi Aizaz,

    This feature is UP and running as per the latest update I received. Request  you to check the residing Pattern and Firmware version in your UTM. Please update if required.

    Next I also request you to use Dual Scan which can be found by navigating through Email Protection > SMTP> Anti Virus > Antivirus Scanning> Dual Scan. Also select the "Quarantine unscannable and encrypted content" option for better protection.

    Note: password protected zip file cannot be prevented. 

    I also request you to check if any exceptions are configured in Email protection for AntiVirus checking. 

    Hope this helps :)

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Although I haven't personally tried these experiments, Sachin, I've seen this issue come up here many times over the years.  I believe that what we have now is the ability to quarantine MIME types as opposed to file extensions in non-encrypted archives (not just zip).  If you can run an experiment in your lab, please let us know the result.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Balfson,

    Yes, we have the ability to quarantine MIME types. Again protection against malicious files under ZIP is working, there can be False Negatives at time, which should be reported to our Support Team, who can forward the sample for further testing.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0 in reply to BAlfson

    Hi Balfson,

    Yes, we have the ability to quarantine MIME types. Again protection against malicious files under ZIP is working, there can be False Negatives at time, which should be reported to our Support Team, who can forward the sample for further testing.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
  • 0 in reply to sachingurung

    Sachin, please get proof from the devs that this works today.  It may have worked at one time, but I haven't seen or heard of it working in several years.  Have you seen it done?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML