How to Block Dangerous Email Attachments with Regex?

Unanswered Question
Jul 3rd, 2010

Dear Reader,


I would like to know that , how can i block email attachment via ASA Regex using ASDM 6.2.


I am able to block websites and stuff like that. But i want to block email attachments which are harmful. As an example i would like to block .mp3 extensions, so that if some one want to send an attachment with mp3 it would get deleted automatically. I hope you got my point.


Thanks a lot for viewing and answering.


Best Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sat, 07/03/2010 - 06:42

For that you would need spam filter functions that can be delivered by CSC-SSM module for the ASAs , that is able to see email content/attachments and filters them based upon configured rules on the device.


CSC-SSM Product overview

http://www.cisco.com/en/US/products/ps6823/index.html



See tabe-1

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f.html



Regards

darklord2020 Tue, 07/06/2010 - 20:48

Thanks for the reply, however i thought it was possible with Regex also.

Nagaraja Thanthry Tue, 07/06/2010 - 21:45

Regex is generally used with HTTP inspection. Unfortunately, the fiewall cannot get into the content of the SMTP traffic. For that you do need a content security module.


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml


Typically, using the inspections, the firewall can check the application header and ensure that it meets the policy requirements. However, the firewall cannot get into the application payload (except in some cases like VoIP) and block contents. Hope this helps.


Regards,


NT

Actions

This Discussion