Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andreas_Ahrnby
Contributor

Content awareness

Hi,

I have a rule that allow MS Office files to be uploaded to a FTP server and I block execute files. 

But if I import an execute file inside an excel file the blade let the file pass. 
Cant the blade be this “smart” to see the inserted .exe or i am doing something wrong here?

6 Replies
HristoGrigorov

Most File Type Recognition libraries rarely iterate over entire file content for performance reasons. In most cases they only look for predefined patterns to "guess"file type.

Notice that you are uploading Excel file with binary content inside it but it is after all Excel file which is allowed by the policy.

 

0 Kudos
PhoneBoy
Admin
Admin

What rule comes first, the one that blocks EXE files or the one that allows Excel?
Order matters.
0 Kudos
Andreas_Ahrnby
Contributor

The exe block rule is first.
0 Kudos
PhoneBoy
Admin
Admin

Might be worth a TAC case to confirm this is correct behavior.
0 Kudos
Andreas_Ahrnby
Contributor

Actually I find out that the content sees the embedded file but not as its file name but as a inobject.bin. Don’t remember the exact name now so what I did was to make a own template and block everything with .bin

this behavior seems only to be with MS office files, if I take an .pdf with an embedded .exe file it gets blocked and the blade can see the exact filename inside the .pdf

PhoneBoy
Admin
Admin

At least you have a workaround, which is good.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events