This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Appliance - Download Types

We're actually doing some tests with the virtual web appliance (v3.9.4.1). My question is regarding download types; you can block/warn/allow file types, which is fine. But in this specific case, .msp files are being categorized as microsoft word (being allowed) instead of Windows Installer (being blocked). Is there a way to change the file type category of a specific extension?

Thanks.

:56430


This thread was automatically locked due to age.
Parents
  • Its all very well to know that all is being scanned but what about having some updated download types (like Microsoft docx, xlsx etc) so we can control what the users are allowed to scan. At the momenty docx seems to be treated as a zip file. An admin created type would also benefit those in specialized industries.

    The attachment shows a docx file being downloaded.

    Paul

    :58061
  • Hi Paul,

    I've tried a number of things to reproduce the issue you report. The Web Appliance can definitely tell the difference between a zip and a docx file, but there may be other factors at play.

    Download type blocking on the SWA looks at a number of factors when deciding what to block, and will make a decision as soon as there's information to back it up. It is likely that in your case, the server is reporting an incorrect mime-type.

    When downloading a file, the server reports a MIME-type for the file in the HTTP response headers. This information is available to the Web Appliance as soon as the web server starts sending the response, before the whole download has been received.

    Sometimes Web server send an incorrect or inaccurate mime-type. If the server you're downloading from sends a MIME-type that suggests the file is a zip, and you have a policy that blocks zips, then we will block the response immediately without waiting to download the file first. In general, if you have a policy that blocks something, you don't want to wait until you've downloaded a great big file before making the decision to block it if you already have good reason to believe it's bad.

    Regards
    Rich
Reply
  • Hi Paul,

    I've tried a number of things to reproduce the issue you report. The Web Appliance can definitely tell the difference between a zip and a docx file, but there may be other factors at play.

    Download type blocking on the SWA looks at a number of factors when deciding what to block, and will make a decision as soon as there's information to back it up. It is likely that in your case, the server is reporting an incorrect mime-type.

    When downloading a file, the server reports a MIME-type for the file in the HTTP response headers. This information is available to the Web Appliance as soon as the web server starts sending the response, before the whole download has been received.

    Sometimes Web server send an incorrect or inaccurate mime-type. If the server you're downloading from sends a MIME-type that suggests the file is a zip, and you have a policy that blocks zips, then we will block the response immediately without waiting to download the file first. In general, if you have a policy that blocks something, you don't want to wait until you've downloaded a great big file before making the decision to block it if you already have good reason to believe it's bad.

    Regards
    Rich
Children
No Data