Mail Security: Check ZIP / Archive files for blocked extensions
I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.
Mustafa Nasser
shared this idea
10 comments
-
Anonymous
commented
please also for me is very important this missing feature .. please add asap
-
Marcus Schenk
commented
I opened a support ticket on that one since we're getting 0 day / 0 hour viruses via email pretty regular which AV engine quite simply is not able to detect yet. And as you all stated "extension blocking" and "mime filter" does not seem to be working to detect inside nested archive files. But this is the only way of blocking yet unknown 0 day executable threats out of our company network. For us it's a really huge security hole we're seeing here.
-
FlorianGee
commented
Bump, this is a serious issue for us - please implement it rather soon!
-
Stefan Baumgart
commented
This is not only for Mail Security. It is also a problem in Web Security where exe files can be blocked by extension but if it is within a archive it is still downloadable.
Other products like Webwasher are able to block this too. I think many customers would prefer such a feature. -
Peter Haefliger
commented
I agree with Mustafa Nasser, I need to block executable (exe, dll...) files. However, the problem with ASG is, that if files with blocked extensions are zipped they pass - even without password protect the archive !
The same problem happens with 7-zip, zipx and other archive files (with/without password protection).
Request:
- Archive files should be blocked if the content is a blocked extension
- Archive files should be blocked if they are password protected
- More archive files should be scanned -
flaserra
commented
Hello Martinelli,
first of all Astaro should recognize file type regardless its extension, then came the scan for unallowed fie type inside archive.Here there is a post similar to your:
http://feature.astaro.com/forums/17359-astaro-gateway-feature-requests/suggestions/409662-mail-security-check-zip-archive-files-for-block?ref=title -
flaserra
commented
Hello bob,
I don't talk about antivirus function (it have to scan in in compressed files). I'm talk about this option:- Quarantine executable content (e.g. exe)
- Additional types to quarantineIn this case if zip contains exe the mail is not quarantined
-
Bob Alfson
commented
The anti-virus in the SMTP proxy already scans zip files for malicious content, and that would include any exe in the zip. What should happen if a zip contains an exe?
-
Julio Fumoso
commented
I agree with you the ability to customize more policies the better. In my opinion it's a security hole to let these file types through, granted they are scanned by the antivirus scanner, but what if the scanner fails to detect a virus, unlikely but possible.
-
Christopher Amatulli
commented
I like this idea... though it cant just strip them. their needs to be a replacement (txt file saying it was removed), and possibly a way to "release" the attachment from a quarantine system. There are to many products on the market these days which just inhibit productivity due to a blanket policy. Their are several cases that you need that file, so just stripping it causes all sorts of issues on a business / compliance / productivity level.
