cancel
Showing results for 
Search instead for 
Did you mean: 
chris.lee
Level 7

Block upload Attachment on webmail (gmail,msn,ymail)

Hi, i using MWG7.1. and i would like to configure a policy to allow read webmail but not upload attachment. do anyone done it before. please advise.

Thanks!

0 Kudos
3 Replies
McAfee Employee

Re: Block upload Attachment on webmail (gmail,msn,ymail)

Conceptually:

As you just can't create a rule that would looks like if category=webmail & COMMAND=POST then block, you need to look into this by URL, as blocking the POST will automatically block the login, so you end in the same situation. YOu can use a tool like firebug to identify the URL to which data is uploaded for attachements and block that.

If category=webmail & URL=http://www.somewemailer.com/upload/attachement.php* then block.

best,

Michael

0 Kudos
chris.lee
Level 7

Re: Block upload Attachment on webmail (gmail,msn,ymail)

I had configure as suggested and using firebug to look for the URL for hotmail uploader but still not luck to block it. i had attached screen shot as below.

Thanks

firebug01.png firebug02.png

0 Kudos
alexott
Level 11

Re: Block upload Attachment on webmail (gmail,msn,ymail)

Hello Chris

I think, that it's will be better idea to use that fact, that usually attachments are sent as multipart/mixed inside POST form. The rule should look like: if category=webmail AND Body.HasMimeHeaderParameter("Content-Disposition", "filename") == true then Block.  This rule should be executed in request cycle, and Composite Openers should be enabled before this rule, so data could be parsed. Although this method may not work on all web-mails, we need to look onto network traces for particular services

Another approach could be checking size or mime-types of multipart uploads with rule that will be executed in request embedded cycle (with pre-condition like "Cycle.TopName == Request" - you can see example in standard rules, where separate mime types are blocked in request & response cycles). Rule will look like: if category=webmail AND Body.NestedArchiveLevel > 0 AND Body.Size > SomeConstant then Block, although it could also block some big texts, so instead of Body.Size, it could be better use list of disabled mime types

0 Kudos