This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scanning of Downloaded Archive files in Web Protection

Am I missing something here but is it right that when I setup Blocked File Extensions in my Filter Action in Web Protection that these are not taken into account when a Archive file (zip, rar etc) containing one or more of these blocked extensions is downloaded?

Is it the case that I have to define this in Blocked MIME Types?

If yes how do I just check for EXE's and MSI files in the Archive file?

Would seem an obvious requirement?

Andy

This thread was automatically locked due to age.

Parents

0 Michael Dunn over 9 years ago

The UTM can look into archives and find the mimetype of every file inside. It cannot find the extension.

Mime type blocking is much better than file extension, since the latter can easily be bypassed using evilfile.exe.txt. The fact is that file extension blocking is a holdover on the UTM from a long time ago.

Mime types:
application/exe
application/x-msi

Google can give you the answer for what various mime types are.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Michael Dunn over 9 years ago

The UTM can look into archives and find the mimetype of every file inside. It cannot find the extension.

Mime type blocking is much better than file extension, since the latter can easily be bypassed using evilfile.exe.txt. The fact is that file extension blocking is a holdover on the UTM from a long time ago.

Mime types:
application/exe
application/x-msi

Google can give you the answer for what various mime types are.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data