2 Replies Latest reply on Nov 12, 2010 3:10 AM by guntars

    upload malware file scaning

      Hi,

       

      I'm currently testing McAfee Web Gateway 7. And I have issue with scaning uploaded files, for example, uploading EICAR test file to web based email as atachment. Seems like it works good enough with Firefox, detects test virus as .zip, .com, .exe, without extension at all, .txt2, etc. Only not detects as .txt. But from Internet Explorer it detects only .com and .zip, does not detect .exe or with no extensions or with any other extension. Most worring thing is that it does not detect it as .exe.

      Question is, why is such a difference, why it scans upload from Firefox better than from IE? And why it does not scans IE uploaded exe files? And how to resolve that issue?

       

      Thanks in advance.

        • 1. Re: upload malware file scaning
          michael_schneider

          Hello,

           

          what webmailer do you use? Are you using SSL Scanner?

          Some webmailer are hiding their payload and it simply a matter of finding out what the mailer does in order to set up the rule correctly

           

          best,

          Michael

          • 2. Re: upload malware file scaning

            SSL Scanner is active, but in that case is not used, it's http connection.

            The same situation is not only with that public webmailer only.

            With fiddler I found that IE sends exe file as text/plain Content-Type. Firefox sends exe file as application/octet-stream. Same Content types for files without extensions. Of course text/plain content looks harmless, but should not Web Gateway scan it anyway? Maybe it is possible to change this?