cancel
Showing results for 
Search instead for 
Did you mean: 
stifi
Level 7

executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

Hi there

Due to our security policy our users are not allowed to download executables (application/executable). To enforce that policy downloading archives (application/zip, application/rar and so on) is also forbidden as this archives could include unwanted files.

In the process of upgrading from 7.1.0.2.0 to 7.3.0 we would like to allow the user to download archives except in case of that the archive includes a forbidden mime type such as application/executable. From my understanding the composite opener should extract an archive to allow the following rulesets and rules to go through the content of the archive. So I would expect the composite opener to extract such an archive and as follows the media type filter to identify the executable in the archive and block it.

However....this does not work in my configuration. Meaning, I'm still unable to download executables however, I'm able to download archives including executables. Might anything missing or is this just not working, that is, cannot the mime type filter go through an archive extracted by the composite opener?

This is a preview to the ruleset:

mwg-ruleset-snip.jpg

If there is some a ressource or a thread which would answer that question you are also welcome to point me to that.

Thanks for any hints, Stefan

0 Kudos
1 Solution

Accepted Solutions
alexott
Level 11

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

I checked your ruleset, and it works for me with small modification - I changed ruleset's enter condition to Always instead of checking on user-defined property.

I now see why this problem exists - the last rule in your rulesets sets user-defined property to true value. This happens when your file is passing through Request cycle. After that, the extraction of data from archive starts, and Rule Engine enters into Embedded cycles. But because this is the same transaction, the value of user-defined property is true, so it won't enter into ruleset that has condition "User-Defined Property == false". So, either you need to explicitly set your used-defined property to false before this ruleset, or delete rule that sets this property to true value.

I added my rule set that I've used for testing on 04/01/13 13:40:16 CET
0 Kudos
6 Replies
alexott
Level 11

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

Hello

Does your rule set is enabled in Embedded cycle?  Can you give us URL with archive, so we can check that file type is correctly recognized

P.S. For performance reasons, it's better to first check value of user-defined property, and only after that - check for prohibited file types. This should work faster as your user-defined property is simple boolean

0 Kudos
stifi
Level 7

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

Yes, embedded cycle is activated:

mwg-ruleset-snip-1.jpg

I will upload the file I am testing on it once I know how to upload it to the thread.

0 Kudos
alexott
Level 11

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

Maybe it doesn't work because the User-Defined property has true value before entering to your ruleset? I see that your ruleset has condition on this user-defined property - try to change it to always?

I checked the file, file was detected as executable. I'll try soon how the complete ruleset will work

0 Kudos
stifi
Level 7

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

So this is the file I'm testing. You are welcome to test it if it is properly recognized.

Thank you for that hint to the order of the conditions of a rule, I will change it.

0 Kudos
alexott
Level 11

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

I checked your ruleset, and it works for me with small modification - I changed ruleset's enter condition to Always instead of checking on user-defined property.

I now see why this problem exists - the last rule in your rulesets sets user-defined property to true value. This happens when your file is passing through Request cycle. After that, the extraction of data from archive starts, and Rule Engine enters into Embedded cycles. But because this is the same transaction, the value of user-defined property is true, so it won't enter into ruleset that has condition "User-Defined Property == false". So, either you need to explicitly set your used-defined property to false before this ruleset, or delete rule that sets this property to true value.

I added my rule set that I've used for testing on 04/01/13 13:40:16 CET
0 Kudos
stifi
Level 7

Re: executable in an archive (zip) not blocked as expected to be by media type filtering

Jump to solution

Thank you very much for that investigation. Will adapt your suggestions, basic testing worked also on my systems.

0 Kudos