No sure i understand the question.
All objects are scanned. We don't skip any unless your policy says to.
Sorry, what I meant to ask was a list of file types for which web gateway has an opener and can scan the objects that are within them. For example if somebody creates an outlook message file (.msg), attaches an executable file within that message file, and puts that .msg file on a public web server somewhere to be downloaded by others, does web gateway's antimalware scanner scan the executable file within that outlook message or does it just scan the .msg container?
I can try to test this myself to figure out what happens, but was wondering whether there was a list somewhere of all file types for which MWG7 has an opener.
1 of 1 people found this helpful
Technically, it most things where MediaType.HasOpener = true.
This is usually the entire list of media types in the mediaType system list. That's over 700 file types.
The opener may or may not catch everything embedded in every single file type, but just for fun, I attached a 25 level deep nested zip in a message and saved the .msg to disk. Then i sent it rhough a command line utility through ICAP.
It caught it.
C:\My Documents\Desktop\MWG-ICAP>ICAP.Client.exe -file:"..\..\FW Web Gateway Re List of file types for which embedded objects are scanned.msg"
configFile : icap.xml
scanFile : ..\..\fw web gateway re list of file types for which embedded objects are scanned.msg
stdOut : Console
stdErr : Console
respBody : null
defaultAction : ALLOW
Processed Headers : 14
BLOCK ICAP/1.0 200 OK
INFO ISTag: "00001734-11.70.92-00007035"
INFO X-HASH-MD5: 8d0e958b028ad02a7fb972331c4c3e23
INFO X-HASH-SHA1: cf70c5623d9e0e9a62a7f8df05f7e61c352ad6e6
INFO X-Scan-Stop: 2013-04-04 23:49:30
INFO X-Media-Type: application/vnd.ms-outlook, application/x-ole2
INFO X-Scan-Start: 2013-04-04 23:49:29
BLOCK X-Virus-Name: McAfeeGW: EICAR test file
INFO X-MWG-Version: 22.214.171.124.0
BLOCK X-Block-Reason: Malware found
INFO X-Scan-Elapsed: 837
BLOCK X-WWBlockResult: 80
INFO X-Antimalware-Version: AM-DAT=1734|AM-Engine=7001.1202.1796|MFE-DAT=7035|MFE-Engine=5400.5001|Avira-En gine=126.96.36.199|Avira-VDF=188.8.131.52|Avira-Savapi=184.108.40.206
BLOCK HTTP/1.1 403 VirusFound
Final Action: BLOCK (200)
RESPMOD icap://192.168.2.231:1344/RESPMOD SUCCESSFUL
But then I scanned the entire PST file and it did not catch it, so not everything can possibly be scanned.
Re-opening an old thread,
Is there a list available of objects that have an opener, so MediaType.HasOpener=True.
We've noticed that several archive types do not meet the criteria MediaType.HasOpener=True, including application/x-apple-diskimage (.dmg file) and application/x-redhat-package-manager. Both of these are in the media type system list Archive, so if you only allow archive types that have openers, these will be blocked. (ePO install file contains both these archive types)
we don't provide a list of supported archives. If you have a sample and think that one should be supported please provide it to support. They will check with engineering if there is a problem with the product (e.g. the archive should be handled but is not due to an issue) or if we need to enhance the opener and add support to MWG.
We have the same issue .. not supporting the scanning of rpm's is a massive drawback and should be fixed immediately