Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
789
Views
0
Helpful
3
Replies

How to Block Dangerous Email Attachments with Regex?

darklord2020
Level 1
Level 1

‎07-03-2010 03:59 AM - edited ‎03-11-2019 11:07 AM

Dear Reader,

I would like to know that , how can i block email attachment via ASA Regex using ASDM 6.2.

I am able to block websites and stuff like that. But i want to block email attachments which are harmful. As an example i would like to block .mp3 extensions, so that if some one want to send an attachment with mp3 it would get deleted automatically. I hope you got my point.

Thanks a lot for viewing and answering.

Best Regards

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎07-03-2010 06:42 AM

For that you would need spam filter functions that can be delivered by CSC-SSM module for the ASAs , that is able to see email content/attachments and filters them based upon configured rules on the device.

CSC-SSM Product overview

http://www.cisco.com/en/US/products/ps6823/index.html

See tabe-1

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f.html

Regards

Jorge Rodriguez
0 Helpful

darklord2020
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎07-06-2010 08:48 PM

Thanks for the reply, however i thought it was possible with Regex also.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to darklord2020

‎07-06-2010 09:45 PM

Regex is generally used with HTTP inspection. Unfortunately, the fiewall cannot get into the content of the SMTP traffic. For that you do need a content security module.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Typically, using the inspections, the firewall can check the application header and ensure that it meets the policy requirements. However, the firewall cannot get into the application payload (except in some cases like VoIP) and block contents. Hope this helps.

Regards,

NT

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card