McAfee Support Community - MWG 7.5.2 Block files with particular extension .x...

grahamd · ‎07-04-2016

Hi All,

I have recently commissioned a two node MWG cluster as a reverse proxy which is working fine, but I have a requirement that does not appear to be directly catered for

My app will only accept .xls files as uploads. Sometimes users attempt to upload .xlsm files some of which get through my MWG rule base. some of which do not, the MWG unpacks the .xlsm and applies my configured rules and reports upon items INSIDE the .xlsm. Whereas I want to be able to stop anything at all being uploaded with an .xlsm extension and ask the user via a custom message to resave in .xls format

I know file extensions can be spoofed this not a security configuration just a courtesy to my users! Does anyone know how I can setup blocking on file extension of a submission?

It would also be nice to able to be able to configure two separate rule bases, one for in bound and one four out bound or apply rules to inbound / outbound / both but again not seen any way to do that in the MWG policy config

Any insights (particularly around file extension blocking) gratefully received, Many thanks, Graham

frederic.fichte · ‎01-30-2017

Hi Graham,

Use URL.FileExtension and match on a list of wildcards that contains "xlsm" and the other extensions you might want to forbid.

Best,

Frederic

Regis · ‎01-31-2017

The following Excel mediatype.ensuredtypes "at least one in list" with a list that includes these macroEnabled thingees might be something you'd like to block as well as an OR function to the URL.FileExtension matching, and action of Block.

This would get around anyone simply renaming files to get around a file extension block.

MWG 7.5.2 Block files with particular extension .xlsm

Re: MWG 7.5.2 Block files with particular extension .xlsm

Re: MWG 7.5.2 Block files with particular extension .xlsm