We have a Cisco IronPort S170 (7.5.2-303 for Web) which controls Internet Access. The access policy in place is configured to block Executable Code. However, it has come to our attention that it is currently possible to download the GoToMyPC Software executable from a particular link. I should add that 99.5% of the time the Web Appliance does successfully block the download of executable content.
I examined the logs to see why this might be the case and found that the IronPort Web Appliance was categorising the response body MIME type of the executable as an image/gif as opposed to say, application/x-dosexec.
Could someone please suggest what may be the issue here and how we could go about addressing it?
We have resolved this issue. It turns out the problem lay in a misconfiguration in our Decrypt Policy. The GoToMyPC website had a WBRS which permitted it to pass through the appliance without scanning. Increasing the WBRS scanning range within the decrypt policy forced scanning of the content and the file download was identified and blocked.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...