6 Replies Latest reply on Nov 5, 2015 7:12 AM by malefunk

    List of file types for which embedded objects are scanned

      Is there a documented list of file types for which embedded objects are scanned?

        • 1. Re: List of file types for which embedded objects are scanned

          No sure i understand the question.

          All objects are scanned. We don't skip any unless your policy says to.

          • 2. Re: List of file types for which embedded objects are scanned

            Sorry, what I meant to ask was a list of file types for which web gateway has an opener and can scan the objects that are within them.   For example if somebody creates an outlook message file (.msg), attaches an executable file within that message file, and puts that .msg file on a public web server somewhere to be downloaded by others, does web gateway's antimalware scanner scan the executable file within that outlook message or does it just scan the .msg container?

             

            I can try to test this myself to figure out what happens, but was wondering whether there was a list somewhere of all file types for which MWG7 has an opener.

            • 3. Re: List of file types for which embedded objects are scanned

              Technically, it most things where MediaType.HasOpener = true.

              This is usually the entire list of media types in the mediaType system list. That's over 700 file types.

              The opener may or may not catch everything embedded in every single file type, but just for fun, I attached a 25 level deep nested zip in a message and saved the .msg to disk. Then i sent it rhough a command line utility through ICAP.

              It caught it.

               

               

              C:\My Documents\Desktop\MWG-ICAP>ICAP.Client.exe -file:"..\..\FW Web Gateway Re List of file types for which embedded objects are scanned.msg"

              Results:
              configFile        : icap.xml
              scanFile          : ..\..\fw web gateway re list of file types for which embedded objects are scanned.msg
              stdOut            : Console
              stdErr            : Console
              respBody          : null
              defaultAction     : ALLOW

              Processed Headers : 14
              -------------------------
              BLOCK  ICAP/1.0 200 OK
              INFO   ISTag: "00001734-11.70.92-00007035"
              INFO   X-HASH-MD5: 8d0e958b028ad02a7fb972331c4c3e23
              INFO   X-HASH-SHA1: cf70c5623d9e0e9a62a7f8df05f7e61c352ad6e6
              INFO   X-Scan-Stop: 2013-04-04 23:49:30
              INFO   X-Media-Type: application/vnd.ms-outlook, application/x-ole2
              INFO   X-Scan-Start: 2013-04-04 23:49:29
              BLOCK  X-Virus-Name: McAfeeGW: EICAR test file
              INFO   X-MWG-Version: 7.3.1.1.0
              BLOCK  X-Block-Reason: Malware found
              INFO   X-Scan-Elapsed: 837
              BLOCK  X-WWBlockResult: 80
              INFO   X-Antimalware-Version: AM-DAT=1734|AM-Engine=7001.1202.1796|MFE-DAT=7035|MFE-Engine=5400.5001|Avira-En gine=8.2.12.24|Avira-VDF=7.11.70.92|Avira-Savapi=1.4.0.11
              BLOCK  HTTP/1.1 403 VirusFound

              Final Action: BLOCK (200)
              -------------------------
              Connection Attempts:
              RESPMOD icap://192.168.2.231:1344/RESPMOD    SUCCESSFUL

               

              But then I scanned the entire PST file and it did not catch it, so not everything can possibly be scanned.

              1 of 1 people found this helpful
              • 4. Re: List of file types for which embedded objects are scanned
                pcoates

                Re-opening an old thread,

                 

                Is there a list available of objects that have an opener, so MediaType.HasOpener=True.

                 

                We've noticed that several archive types do not meet the criteria MediaType.HasOpener=True, including application/x-apple-diskimage (.dmg file) and application/x-redhat-package-manager.   Both of these are in the media type system list Archive, so if you only allow archive types that have openers, these will be blocked. (ePO install file contains both these archive types)

                • 5. Re: List of file types for which embedded objects are scanned
                  asabban

                  Hello,

                   

                  we don't provide a list of supported archives. If you have a sample and think that one should be supported please provide it to support. They will check with engineering if there is a problem with the product (e.g. the archive should be handled but is not due to an issue) or if we need to enhance the opener and add support to MWG.

                   

                  Best,

                  Andre

                  • 6. Re: List of file types for which embedded objects are scanned
                    malefunk

                    We have the same issue .. not supporting the scanning of rpm's is a massive drawback and should be fixed immediately