I recently installed the latest version of Email Gateway 7.5.2 hoping that this would have been fixed.
After creating a file filtering rule that would block certain file type, I sent emails through my MEG with those denied file type attached and they were blocked
However, if I create a new message in my outlook client, attach a file that should be blocked, save that message as a "newfile.msg" then send a new email with that file (newfile.msg which contains the attachment that should be blocked) as an attachment, the MEG will not detect its content therefore, does not block the nested attachment.
I followed the instruction in KB79338 that describe how to enable scanning of nested attachment but when I get to the point of uploading the modified config to the email gateway, I get the following error message :
Importing this configuration version is not supported
Here are the steps I took :
Logged into MEG
Navigate to System, System Administration, Configuration Management, Backup Configuration
Clicked Backup Configuration, and then click the .zip file to save it to my computer.
Extracted the zip file
Opened the file "SharedSettings.xml" with notepad and added the following attribute EvalChildRulesOnTrigger="1" to my file filtering rule. The result looks like this :
<Rule id="FFR:A261955E-C3EF-xxxxxxxxxx" FormatCheck="0" Unrecognised="0" FilenameCheck="1" EvalChildRulesOnTrigger="1" ProtectedCheck="0" PROTECTED="1" SizeCheck="0" SizeType="greater" SizeLimit="10485760" name="deny script">
I saved the file, zipped the original backup folder and tried to do a Restore Configuration.
That's when I receive the error message.
There's a part of the KB that is a bit unclear :
The way I do it, the file remains an XML file when I save it. I tried to save it as a .txt but that also fails.
Anybody ever tried this KB ?
I've tried this KB (as well as others that mention the direct modification of the config files) and edit the files on a windows wks using notepad (save using encoding ANSI, as Unicode might be what is screwing it up) and never had an issue.
Depending on your level of support with McAfee (unsure if you have the credentials to login to the shell directly), I could also suggest doing it directly from an SSH session using VI (making a copy of the original config file first), it works just as well.
Message was edited by: malware-alerts on 3/13/14 10:53:11 AM CDTMessage was edited by: malware-alerts on 3/13/14 10:56:06 AM CDT