Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Mail Security: Check ZIP / Archive files for blocked extensions

I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.

521 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Mustafa NasserMustafa Nasser shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    martinellimartinelli shared a merged idea: recognize exe within zip  ·   · 
    Julio FumosoJulio Fumoso shared a merged idea: Smtp: removing certain file types i.e. exe from zip's  ·   · 


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • Anonymous commented  ·   ·  Flag as inappropriate

        Today, I tried to send a zip file with some .js files in it. It was blocked! Could it be that scanning inside zip files is now enabled?
        P.S. Tried 7-zip and then it went out anyway, so if this hole is closed, it is closed just a little bit...

      • Luis Mompó HandenLuis Mompó Handen commented  ·   ·  Flag as inappropriate

        I'm using mailcleaner as smtp pre-scanner until sophos is able to provide this feature. you can also modify the exim setting in the utm with something like:

        acl_smtp_mime = acl_check_mime
        begin acl
        deny message = A .zip attachment contains a Windows-executable file - \
        blocked because we are afraid of new viruses \
        not recognized [yet] by antiviruses or sophos utm
        condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
        condition = ${if def:sender_host_address}
        !authenticated = *
        decode = default
        log_message = forbidden binary in attachment: filename=$mime_filename, \
        condition = ${if match{${run{/usr/local/bin/unzip -l \

        deny message = Windows-executable attachments forbidden because we are \
        afraid of new viruses not recognized [yet] by antiviruses.
        condition = ${if def:sender_host_address}
        !authenticated = *
        log_message = forbidden attachment: filename=$mime_filename, \
        content-type=$mime_content_type, recipients=$recipients
        condition = ${if or{\


      • ThomasThomas commented  ·   ·  Flag as inappropriate

        I can´t believe it. One of the most used intrusion doors for Malware would be closed now. I´m looking forward
        I´m only happy that the AV Scanner on the clients blocked these Malware mails (i.e. the executables) in the past. The AV scanner is from Sophos!
        Its just a shame, that an AV Company took such a long time

      • Daniel WickeDaniel Wicke commented  ·   ·  Flag as inappropriate

        so everybody here in germany knows the big spamwave ... they distribute zips or links to zips outside the company.
        and waht can we do with sophos UTM? nothing ... except blocking zip completly. But who handle the users shitstorm after doing that?

        Year 2014 sophos - Astaro - move on!

      • BartBart commented  ·   ·  Flag as inappropriate

        This is a reason for customers to choose another vendor. Fix please!

      • Anonymous commented  ·   ·  Flag as inappropriate

        It's year 2014 and your Mail Security still cannot blocked mails with archives who contained blocked extensions :-/

      • Anton AbrahamsAnton Abrahams commented  ·   ·  Flag as inappropriate

        Hi Sophos, I cannot agree with Kashik more. This request has been open since 2009 and has almost 300 votes. How has this not been implemented yet? It is obviously something people really want. One of our users got infected with the CryptoLocker virus because it was sent to them as an exe file within a zip file. Granted, the user should have been smarter than to open it, but this email should not have even gotten through! That virus wasted a lot of our time dealing with it and lost some important data between the last backup and when he got infected. Please implement this...

      • KashikKashik commented  ·   ·  Flag as inappropriate

        amazing to see this topic started in 2009 and still this feature is not implemented ? is this called a security firm? This is a shame basically as a lot of phishing and worms are now a days coming through zip files........... ASTARO / SOPHOS CAN YOU OPEN YOUR BRAIN AND EARS .

      • Anonymous commented  ·   ·  Flag as inappropriate

        I would not hold my breath on Astaro/Sophos to address anything anytime soon.
        My experience with their tech support has been terrible, clearly security and reliability is not a priority for them.
        I cannot believe a modern appliance does not have this feature of banning exe inside zip. I remember using free solutions (in house setup of clam/postfix/spamassasin) that would prevent this from happening.

      • Jim BluntJim Blunt commented  ·   ·  Flag as inappropriate

        My $.02? Based on the number of viruses that spread via .zip file attachments, those (along with .exe files) should be one of the first two file types that you block. IMHO...YMMV.

      • BenBen commented  ·   ·  Flag as inappropriate

        Hi Sophos, please do not take this request lightly with so many votes and it is not uncommon to send files via archiving since that would reduce the sizes. So blocking zip is not the way to go. By not offering any virus scanning and/or removing of executables within zip, the results are disastrous. Imagine a tech savvy person knows that we are using sophos utm and he simply just tell his friend hey i can send you a .exe files finally makes me shudders to think of the consequence. so please really offer this in 9.2 or asap. Antivirus is your core strength and not able to scan within archives ????

      • BenBen commented  ·   ·  Flag as inappropriate

        This would be one of the high deciding factor for me to convert to Sophos UTM. Currently I am using Paloalto PAN and you just cant cheat it whether you rename or change or whatsoever. The fact that Sophos cant do this is really unacceptable. Please really include this as a top feature.

      ← Previous 1

      Feedback and Knowledge Base