1 Reply Latest reply on Mar 13, 2014 10:56 AM by malware-alerts

    Email Gateway does not detect attachments nested in another attachment

    bblanchard

      I recently installed the latest version of Email Gateway 7.5.2 hoping that this would have been fixed.

       

      After creating a file filtering rule that would block certain file type, I sent emails through my MEG with those denied file type attached and they were blocked

      However, if I create a new message in my outlook client, attach a file that should be blocked, save that message as a "newfile.msg" then send a new email with that file (newfile.msg which contains the attachment that should be blocked) as an attachment, the MEG will not detect its content therefore, does not block the nested attachment.

       

      I followed the instruction in KB79338 that describe how to enable scanning of nested attachment but when I get to the point of uploading the modified config to the email gateway, I get the following error message :

       

      Importing this configuration version is not supported

       

      Here are the steps I took :

       

      Logged into MEG

      Navigate to System, System Administration, Configuration Management, Backup Configuration

      Clicked Backup Configuration, and then click the .zip file to save it to my computer.

      Extracted the zip file

      Opened the file "SharedSettings.xml" with notepad and added  the following attribute EvalChildRulesOnTrigger="1"   to my file filtering rule. The result looks like this :

       

      <Rule id="FFR:A261955E-C3EF-xxxxxxxxxx" FormatCheck="0" Unrecognised="0" FilenameCheck="1" EvalChildRulesOnTrigger="1" ProtectedCheck="0" PROTECTED="1" SizeCheck="0" SizeType="greater" SizeLimit="10485760" name="deny script">

       

      I saved the file, zipped the original backup folder and tried to do a Restore Configuration.

       

      That's when I receive the error message.

       

       

      There's a part of the KB that is a bit unclear :

       

      1. Save the file. If prompted, choose .txt  and ignore the warning about stripping the formatting by clicking Yes.
        IMPORTANT: Saving the file as RTF results in a loss of the configuration.
      2. Manually confirm that the SharedSettings.xml file has been saved as text.

       

      The way I do it, the file remains an XML file when I save it. I tried to save it as a .txt but that also fails.

       

       

      Anybody ever tried this KB ?

        • 1. Re: Email Gateway does not detect attachments nested in another attachment
          malware-alerts

          I've tried this KB (as well as others that mention the direct modification of the config files) and edit the files on a windows wks using notepad (save using encoding ANSI, as Unicode might be what is screwing it up) and never had an issue.

           

          Depending on your level of support with McAfee (unsure if you have the credentials to login to the shell directly), I could also suggest doing it directly from an SSH session using VI (making a copy of the original config file first), it works just as well.

           

          Message was edited by: malware-alerts on 3/13/14 10:53:11 AM CDT

           

          Message was edited by: malware-alerts on 3/13/14 10:56:06 AM CDT