04-19-2017 03:36 AM
i can't scan compressed files with (.rar) extension with Cisco ESA so i'm asking if there's way to block this type of compressed files with Cisco ESA ?
04-19-2017 05:48 AM
Hello,
You can block any extension on the Cisco ESA using Content Filtering in your Incoming Mail Policy.
Mail Policies -> Incoming Content Filtering -> Attachment Filetype: Executable
Mail Policies -> Incoming Content Filtering -> Attachment Filename contains: Executable(?i)\.(rar|scr)$
Set Action to drop or per your requirements.
Another option is to use a message filter. For example:
attach_drop: if (attachment-filename =='(?i)\\.(ade|cmd|eml|ins|mdb|mst|reg|url|wsf|adp|com|exe|isp|mde|pcd|scr|vb|wsh|bas|cpl|hlp|js|msc|pif|sct|vbe|bat|crt|hta|jse|msi|pl|scx|vbs|chm|dll|inf|lnk|msp|pot|shs|wsc)$'){
drop();
}
04-20-2017 01:09 PM
I don't believe .rar files are executable. Another way to filter is to point to a dictionary that has the extensions you want to block. That makes is very easy to add/remove file extensions to block.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide