Mail Security: Check ZIP / Archive files for blocked extensions
I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.
As other guys already suggested, I think it would be very nice, to let the http-proxy recognize exe- and other potential dangerous filetypes while downloading them from the internet, even if they are "hidden" in a zip-container.
I think having certain file types removed from ZIP files during SMTP transport would be a great security feature. There are other software products on the market that can do this process, removing selected files and recomposing the zip again without them.
This is a reason for customers to choose another vendor!!!!!!!
Daniel Wicke commented
so everybody here in germany knows the big spamwave ... they distribute zips or links to zips outside the company.
and waht can we do with sophos UTM? nothing ... except blocking zip completly. But who handle the users shitstorm after doing that?
Year 2014 sophos - Astaro - move on!
This should be done, its an MUST HAVE for an email gateway
This is a reason for customers to choose another vendor. Fix please!
It's year 2014 and your Mail Security still cannot blocked mails with archives who contained blocked extensions :-/
Carlos Rocha commented
Can´t believe sophos haven´t implemented this..
Nathan Lock commented
This is crazy, you are still ignoring us all these years on!!
Anton Abrahams commented
Hi Sophos, I cannot agree with Kashik more. This request has been open since 2009 and has almost 300 votes. How has this not been implemented yet? It is obviously something people really want. One of our users got infected with the CryptoLocker virus because it was sent to them as an exe file within a zip file. Granted, the user should have been smarter than to open it, but this email should not have even gotten through! That virus wasted a lot of our time dealing with it and lost some important data between the last backup and when he got infected. Please implement this...
amazing to see this topic started in 2009 and still this feature is not implemented ? is this called a security firm? This is a shame basically as a lot of phishing and worms are now a days coming through zip files........... ASTARO / SOPHOS CAN YOU OPEN YOUR BRAIN AND EARS .
I would not hold my breath on Astaro/Sophos to address anything anytime soon.
My experience with their tech support has been terrible, clearly security and reliability is not a priority for them.
I cannot believe a modern appliance does not have this feature of banning exe inside zip. I remember using free solutions (in house setup of clam/postfix/spamassasin) that would prevent this from happening.
Jim Blunt commented
My $.02? Based on the number of viruses that spread via .zip file attachments, those (along with .exe files) should be one of the first two file types that you block. IMHO...YMMV.
Hi Sophos, please do not take this request lightly with so many votes and it is not uncommon to send files via archiving since that would reduce the sizes. So blocking zip is not the way to go. By not offering any virus scanning and/or removing of executables within zip, the results are disastrous. Imagine a tech savvy person knows that we are using sophos utm and he simply just tell his friend hey i can send you a .exe files finally makes me shudders to think of the consequence. so please really offer this in 9.2 or asap. Antivirus is your core strength and not able to scan within archives ????
This would be one of the high deciding factor for me to convert to Sophos UTM. Currently I am using Paloalto PAN and you just cant cheat it whether you rename or change or whatsoever. The fact that Sophos cant do this is really unacceptable. Please really include this as a top feature.
please also for me is very important this missing feature .. please add asap
Marcus Schenk commented
I opened a support ticket on that one since we're getting 0 day / 0 hour viruses via email pretty regular which AV engine quite simply is not able to detect yet. And as you all stated "extension blocking" and "mime filter" does not seem to be working to detect inside nested archive files. But this is the only way of blocking yet unknown 0 day executable threats out of our company network. For us it's a really huge security hole we're seeing here.
Bump, this is a serious issue for us - please implement it rather soon!
Stefan Baumgart commented
This is not only for Mail Security. It is also a problem in Web Security where exe files can be blocked by extension but if it is within a archive it is still downloadable.
Other products like Webwasher are able to block this too. I think many customers would prefer such a feature.
Peter Haefliger commented
I agree with Mustafa Nasser, I need to block executable (exe, dll...) files. However, the problem with ASG is, that if files with blocked extensions are zipped they pass - even without password protect the archive !
The same problem happens with 7-zip, zipx and other archive files (with/without password protection).
- Archive files should be blocked if the content is a blocked extension
- Archive files should be blocked if they are password protected
- More archive files should be scanned
first of all Astaro should recognize file type regardless its extension, then came the scan for unallowed fie type inside archive.
Here there is a post similar to your:
I don't talk about antivirus function (it have to scan in in compressed files). I'm talk about this option:
- Quarantine executable content (e.g. exe)
- Additional types to quarantine
In this case if zip contains exe the mail is not quarantined