Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
634 Views 6 Replies Latest reply: Jan 4, 2013 8:17 AM by stifi RSS
stifi Newcomer 12 posts since
Dec 28, 2012
Currently Being Moderated

Jan 4, 2013 4:23 AM

executable in an archive (zip) not blocked as expected to be by media type filtering

Hi there

Due to our security policy our users are not allowed to download executables (application/executable). To enforce that policy downloading archives (application/zip, application/rar and so on) is also forbidden as this archives could include unwanted files.

In the process of upgrading from 7.1.0.2.0 to 7.3.0 we would like to allow the user to download archives except in case of that the archive includes a forbidden mime type such as application/executable. From my understanding the composite opener should extract an archive to allow the following rulesets and rules to go through the content of the archive. So I would expect the composite opener to extract such an archive and as follows the media type filter to identify the executable in the archive and block it.

 

However....this does not work in my configuration. Meaning, I'm still unable to download executables however, I'm able to download archives including executables. Might anything missing or is this just not working, that is, cannot the mime type filter go through an archive extracted by the composite opener?

 

This is a preview to the ruleset:

 

mwg-ruleset-snip.jpg

 

If there is some a ressource or a thread which would answer that question you are also welcome to point me to that.

 

Thanks for any hints, Stefan

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points