Web Appliance - Download Types

Its all very well to know that all is being scanned but what about having some updated download types (like Microsoft docx, xlsx etc) so we can control what the users are allowed to scan. At the momenty docx seems to be treated as a zip file. An admin created type would also benefit those in specialized industries.

The attachment shows a docx file being downloaded.

Paul

I seem to be having a similar issue. Users aren't able to download .docx files too. When did Microsoft change the file standard 2007? 2010? I know it's been long enough that Sophos should have written this into the code.

Ryan

This is what I have my Default Policy Download Types set to:
ActionActiveX Controls (ocx) Allow
Adobe Flash Video (flv, swf) Allow
Adobe PDF (pdf) Allow
Audio Video Interleave (avi) Allow
Cabinet Archive (cab) Allow
DOS Command File (com) Block
ISO Image (iso) Block
Java Applet (class) Allow
Java Archive (jar) Allow
Javascript (js) Allow
MPEG Audio (mp3) Allow
MPEG Video (mpg, mpeg) Allow
Microsoft Document (xps) Allow
Microsoft Excel (xls) Allow
Microsoft Powerpoint (ppt) Allow
Microsoft Project (mpp) Allow
Microsoft Silverlight (xap) Alllow
Microsoft Word (doc) Allow
Midi (midi) Allow
Other Archives (bz2, gz, Z) Allow
Other Executables Block
QuickTime Video (mov) Allow
RAR Archive (rar) Allow
RealAudio (ra) Allow
RealMedia (rm) Allow
Rich Text Format (rtf) Allow
StuffIt (sit) Block
Tarball (tar) AllowWarnBlock
Visual Basic Extensions (vbx) Allow
Wave (wav) Allow
Windows Executable (exe) Block
Windows Installer (msi) Allow
Windows Library File (dll) Allow
Windows Media Audio (wma) Allow
Windows Media Video (wmv) Allow
Word Perfect (wpd) Allow
Zip Archive (zip) Block


X Allow user feedback X Block PUA downloads 
 

http://files.groupspaces.com/SIA2/files/1533743/Z5M5nBB31vrFHYZsC6dG/YEAR 2 STATE SUMMARY SHEET - Final.docx?utm_medium=email&utm_source=group-mail&utm_term=group-mail-277558

The answer is in your first message, I should have read it better. You are using 3.9.4.1 which is almost a year old. Filetype detection was improved in 4.0. That file detects correctly using the latest version, 4.2.1.1.
Please note that using an old version means you do not have several security, performance, and functional enhancements.

We are on 4.2.1. I will post the next time I see a block regarding the issue I posted earlier.

I suspect I know the problem.

There are two levels of file type detection. One is a quick one that is done based on the first 4k of the file and can be performed before the file is fully downloaded, the second is a more accurate one that is performed by the virus scanner on the full file.

If you set a site to be "Trusted" then you are turning off the virus scanner for all downloads from that site. As a consequence you are also turning off the more accurate file type detection.

So if you have set groupspaces.com to be Trusted in your Local Site List, then any docx that you download will not be virus scanned and will not be correctly detected as a Word Document.

A simple workaround would be to not set to trusted. A more complicated one would be to leave it as trusted but also add a tag to the site. Then create an additional policy that applies to that tag and sets allow for zip files.

I suspect your are onto something, however sometimes we set sites as trusted so that they load faster when it is a frequently used site. Especially if  we have used for quite some time.