This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Appliance - Download Types

We're actually doing some tests with the virtual web appliance (v3.9.4.1). My question is regarding download types; you can block/warn/allow file types, which is fine. But in this specific case, .msp files are being categorized as microsoft word (being allowed) instead of Windows Installer (being blocked). Is there a way to change the file type category of a specific extension?

Thanks.

:56430


This thread was automatically locked due to age.
Parents
  • Its all very well to know that all is being scanned but what about having some updated download types (like Microsoft docx, xlsx etc) so we can control what the users are allowed to scan. At the momenty docx seems to be treated as a zip file. An admin created type would also benefit those in specialized industries.

    The attachment shows a docx file being downloaded.

    Paul

    :58061
  • I seem to be having a similar issue. Users aren't able to download .docx files too. When did Microsoft change the file standard 2007? 2010? I know it's been long enough that Sophos should have written this into the code.

    Ryan

  • Hi Ryan,

    The 'Microsoft Word (doc)' download type includes all versions of Word documents including docx.

    What download types are you trying to block with your policy when docx files are getting caught? The only way I could reproduce what you're seeing is by actually having a policy that blocks 'Microsoft Word (doc)', in which case the behaviour is as expected...

    Regards,
    Rich
  • I'm not trying to block any Microsoft Office files is the funny thing. I have it opened up to all users. I do however have .ZIP restricted to a policy. Users can only download .ZIP files if they have permission and I will add them to my .ZIP_ALLOWED policy.

    The problem I am encountering quite frequently is when users are going to xyz.com site and want to download a .pptx or .xlsx etc. Sophos Web Proxy seems to want to block this from users. However anyone whom has .ZIP downloadable access has no problems obtaining these types of files.
  • This is what I have my Default Policy Download Types set to:
    ActionActiveX Controls (ocx) Allow
    Adobe Flash Video (flv, swf) Allow
    Adobe PDF (pdf) Allow
    Audio Video Interleave (avi) Allow
    Cabinet Archive (cab) Allow
    DOS Command File (com) Block
    ISO Image (iso) Block
    Java Applet (class) Allow
    Java Archive (jar) Allow
    Javascript (js) Allow
    MPEG Audio (mp3) Allow
    MPEG Video (mpg, mpeg) Allow
    Microsoft Document (xps) Allow
    Microsoft Excel (xls) Allow
    Microsoft Powerpoint (ppt) Allow
    Microsoft Project (mpp) Allow
    Microsoft Silverlight (xap) Alllow
    Microsoft Word (doc) Allow
    Midi (midi) Allow
    Other Archives (bz2, gz, Z) Allow
    Other Executables Block
    QuickTime Video (mov) Allow
    RAR Archive (rar) Allow
    RealAudio (ra) Allow
    RealMedia (rm) Allow
    Rich Text Format (rtf) Allow
    StuffIt (sit) Block
    Tarball (tar) AllowWarnBlock
    Visual Basic Extensions (vbx) Allow
    Wave (wav) Allow
    Windows Executable (exe) Block
    Windows Installer (msi) Allow
    Windows Library File (dll) Allow
    Windows Media Audio (wma) Allow
    Windows Media Video (wmv) Allow
    Word Perfect (wpd) Allow
    Zip Archive (zip) Block


    X Allow user feedback X Block PUA downloads 
     

  • Can you please provide a URL to a file that is docx and being blocked due to zip, so that we can examine both the file and the web server headers?
  • http://files.groupspaces.com/SIA2/files/1533743/Z5M5nBB31vrFHYZsC6dG/YEAR 2 STATE SUMMARY SHEET - Final.docx?utm_medium=email&utm_source=group-mail&utm_term=group-mail-277558

Reply Children
  • The answer is in your first message, I should have read it better. You are using 3.9.4.1 which is almost a year old. Filetype detection was improved in 4.0. That file detects correctly using the latest version, 4.2.1.1.
    Please note that using an old version means you do not have several security, performance, and functional enhancements.

  • We are on 4.2.1. I will post the next time I see a block regarding the issue I posted earlier.

  • I suspect I know the problem.

    There are two levels of file type detection. One is a quick one that is done based on the first 4k of the file and can be performed before the file is fully downloaded, the second is a more accurate one that is performed by the virus scanner on the full file.

    If you set a site to be "Trusted" then you are turning off the virus scanner for all downloads from that site. As a consequence you are also turning off the more accurate file type detection.

    So if you have set groupspaces.com to be Trusted in your Local Site List, then any docx that you download will not be virus scanned and will not be correctly detected as a Word Document.

    A simple workaround would be to not set to trusted. A more complicated one would be to leave it as trusted but also add a tag to the site. Then create an additional policy that applies to that tag and sets allow for zip files.

  • I suspect your are onto something, however sometimes we set sites as trusted so that they load faster when it is a frequently used site. Especially if  we have used for quite some time.