cancel
Showing results for 
Search instead for 
Did you mean: 
cscoup8
Level 9

List of file types for which embedded objects are scanned

Is there a documented list of file types for which embedded objects are scanned?

0 Kudos
6 Replies
eelsasser
Level 15

Re: List of file types for which embedded objects are scanned

No sure i understand the question.

All objects are scanned. We don't skip any unless your policy says to.

0 Kudos
cscoup8
Level 9

Re: List of file types for which embedded objects are scanned

Sorry, what I meant to ask was a list of file types for which web gateway has an opener and can scan the objects that are within them.   For example if somebody creates an outlook message file (.msg), attaches an executable file within that message file, and puts that .msg file on a public web server somewhere to be downloaded by others, does web gateway's antimalware scanner scan the executable file within that outlook message or does it just scan the .msg container?

I can try to test this myself to figure out what happens, but was wondering whether there was a list somewhere of all file types for which MWG7 has an opener.

0 Kudos
eelsasser
Level 15

Re: List of file types for which embedded objects are scanned

Technically, it most things where MediaType.HasOpener = true.

This is usually the entire list of media types in the mediaType system list. That's over 700 file types.

The opener may or may not catch everything embedded in every single file type, but just for fun, I attached a 25 level deep nested zip in a message and saved the .msg to disk. Then i sent it rhough a command line utility through ICAP.

It caught it.

C:\My Documents\Desktop\MWG-ICAP>ICAP.Client.exe -file:"..\..\FW Web Gateway Re List of file types for which embedded objects are scanned.msg"

Results:
configFile        : icap.xml
scanFile          : ..\..\fw web gateway re list of file types for which embedded objects are scanned.msg
stdOut            : Console
stdErr            : Console
respBody          : null
defaultAction     : ALLOW

Processed Headers : 14
-------------------------
BLOCK  ICAP/1.0 200 OK
INFO   ISTag: "00001734-11.70.92-00007035"
INFO   X-HASH-MD5: 8d0e958b028ad02a7fb972331c4c3e23
INFO   X-HASH-SHA1: cf70c5623d9e0e9a62a7f8df05f7e61c352ad6e6
INFO   X-Scan-Stop: 2013-04-04 23:49:30
INFO   X-Media-Type: application/vnd.ms-outlook, application/x-ole2
INFO   X-Scan-Start: 2013-04-04 23:49:29
BLOCK  X-Virus-Name: McAfeeGW: EICAR test file
INFO   X-MWG-Version: 7.3.1.1.0
BLOCK  X-Block-Reason: Malware found
INFO   X-Scan-Elapsed: 837
BLOCK  X-WWBlockResult: 80
INFO   X-Antimalware-Version: AM-DAT=1734|AM-Engine=7001.1202.1796|MFE-DAT=7035|MFE-Engine=5400.5001|Avira-Engine=8.2.12.24|Avira-VDF=7.11.70.92|Avira-Savapi=1.4.0.11
BLOCK  HTTP/1.1 403 VirusFound

Final Action: BLOCK (200)
-------------------------
Connection Attempts:
RESPMOD icap://192.168.2.231:1344/RESPMOD    SUCCESSFUL

But then I scanned the entire PST file and it did not catch it, so not everything can possibly be scanned.

0 Kudos
pcoates
Level 10

Re: List of file types for which embedded objects are scanned

Re-opening an old thread,

Is there a list available of objects that have an opener, so MediaType.HasOpener=True.

We've noticed that several archive types do not meet the criteria MediaType.HasOpener=True, including application/x-apple-diskimage (.dmg file) and application/x-redhat-package-manager.   Both of these are in the media type system list Archive, so if you only allow archive types that have openers, these will be blocked. (ePO install file contains both these archive types)

0 Kudos
asabban
Level 17

Re: List of file types for which embedded objects are scanned

Hello,

we don't provide a list of supported archives. If you have a sample and think that one should be supported please provide it to support. They will check with engineering if there is a problem with the product (e.g. the archive should be handled but is not due to an issue) or if we need to enhance the opener and add support to MWG.

Best,

Andre

0 Kudos
malefunk
Level 7

Re: List of file types for which embedded objects are scanned

We have the same issue .. not supporting the scanning of rpm's is a massive drawback and should be fixed immediately

0 Kudos