cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

List of file types for which embedded objects are scanned

Is there a documented list of file types for which embedded objects are scanned?

6 Replies
Highlighted

Re: List of file types for which embedded objects are scanned

No sure i understand the question.

All objects are scanned. We don't skip any unless your policy says to.

Highlighted

Re: List of file types for which embedded objects are scanned

Sorry, what I meant to ask was a list of file types for which web gateway has an opener and can scan the objects that are within them.   For example if somebody creates an outlook message file (.msg), attaches an executable file within that message file, and puts that .msg file on a public web server somewhere to be downloaded by others, does web gateway's antimalware scanner scan the executable file within that outlook message or does it just scan the .msg container?

I can try to test this myself to figure out what happens, but was wondering whether there was a list somewhere of all file types for which MWG7 has an opener.

Highlighted

Re: List of file types for which embedded objects are scanned

Technically, it most things where MediaType.HasOpener = true.

This is usually the entire list of media types in the mediaType system list. That's over 700 file types.

The opener may or may not catch everything embedded in every single file type, but just for fun, I attached a 25 level deep nested zip in a message and saved the .msg to disk. Then i sent it rhough a command line utility through ICAP.

It caught it.

C:\My Documents\Desktop\MWG-ICAP>ICAP.Client.exe -file:"..\..\FW Web Gateway Re List of file types for which embedded objects are scanned.msg"

Results:
configFile        : icap.xml
scanFile          : ..\..\fw web gateway re list of file types for which embedded objects are scanned.msg
stdOut            : Console
stdErr            : Console
respBody          : null
defaultAction     : ALLOW

Processed Headers : 14
-------------------------
BLOCK  ICAP/1.0 200 OK
INFO   ISTag: "00001734-11.70.92-00007035"
INFO   X-HASH-MD5: 8d0e958b028ad02a7fb972331c4c3e23
INFO   X-HASH-SHA1: cf70c5623d9e0e9a62a7f8df05f7e61c352ad6e6
INFO   X-Scan-Stop: 2013-04-04 23:49:30
INFO   X-Media-Type: application/vnd.ms-outlook, application/x-ole2
INFO   X-Scan-Start: 2013-04-04 23:49:29
BLOCK  X-Virus-Name: McAfeeGW: EICAR test file
INFO   X-MWG-Version: 7.3.1.1.0
BLOCK  X-Block-Reason: Malware found
INFO   X-Scan-Elapsed: 837
BLOCK  X-WWBlockResult: 80
INFO   X-Antimalware-Version: AM-DAT=1734|AM-Engine=7001.1202.1796|MFE-DAT=7035|MFE-Engine=5400.5001|Avira-Engine=8.2.12.24|Avira-VDF=7.11.70.92|Avira-Savapi=1.4.0.11
BLOCK  HTTP/1.1 403 VirusFound

Final Action: BLOCK (200)
-------------------------
Connection Attempts:
RESPMOD icap://192.168.2.231:1344/RESPMOD    SUCCESSFUL

But then I scanned the entire PST file and it did not catch it, so not everything can possibly be scanned.

Level 10
Report Inappropriate Content
Message 5 of 7

Re: List of file types for which embedded objects are scanned

Re-opening an old thread,

Is there a list available of objects that have an opener, so MediaType.HasOpener=True.

We've noticed that several archive types do not meet the criteria MediaType.HasOpener=True, including application/x-apple-diskimage (.dmg file) and application/x-redhat-package-manager.   Both of these are in the media type system list Archive, so if you only allow archive types that have openers, these will be blocked. (ePO install file contains both these archive types)

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: List of file types for which embedded objects are scanned

Hello,

we don't provide a list of supported archives. If you have a sample and think that one should be supported please provide it to support. They will check with engineering if there is a problem with the product (e.g. the archive should be handled but is not due to an issue) or if we need to enhance the opener and add support to MWG.

Best,

Andre

Highlighted

Re: List of file types for which embedded objects are scanned

We have the same issue .. not supporting the scanning of rpm's is a massive drawback and should be fixed immediately

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community