cancel
Showing results for 
Search instead for 
Did you mean: 

upload malware file scaning

Hi,

I'm currently testing McAfee Web Gateway 7. And I have issue with scaning uploaded files, for example, uploading EICAR test file to web based email as atachment. Seems like it works good enough with Firefox, detects test virus as .zip, .com, .exe, without extension at all, .txt2, etc. Only not detects as .txt. But from Internet Explorer it detects only .com and .zip, does not detect .exe or with no extensions or with any other extension. Most worring thing is that it does not detect it as .exe.

Question is, why is such a difference, why it scans upload from Firefox better than from IE? And why it does not scans IE uploaded exe files? And how to resolve that issue?

Thanks in advance.

2 Replies
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: upload malware file scaning

Hello,

what webmailer do you use? Are you using SSL Scanner?

Some webmailer are hiding their payload and it simply a matter of finding out what the mailer does in order to set up the rule correctly

best,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)

Re: upload malware file scaning

SSL Scanner is active, but in that case is not used, it's http connection.

The same situation is not only with that public webmailer only.

With fiddler I found that IE sends exe file as text/plain Content-Type. Firefox sends exe file as application/octet-stream. Same Content types for files without extensions. Of course text/plain content looks harmless, but should not Web Gateway scan it anyway? Maybe it is possible to change this?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center