Environment
Novell Security Manager powered by Astaro 6
Situation
Files with renamed extension are getting delivered as
attachments through Extension Filter.
As per the Astaro Documentation, even if the user changes the extension of the file to one which is not yet blocked, the file should get blocked as the content type also will be scanned.
As per the Astaro Documentation, even if the user changes the extension of the file to one which is not yet blocked, the file should get blocked as the content type also will be scanned.
Following lines are from the help file on the SMTP Proxy Page
of NSM.
By enabling the File Extension Filter option you can reject, blackhole, quarantine, or deliver emails (with warnings) which contain certain types of files based on their extensions (e.g., executables). Please add the file extensions you want to be checked in the Extensions text box, for instance "com" or "exe" (without the dot separator).
Moreover, to prevent that faked file extensions can pass the extension filter, the content type will be checked in addition if the given content type does not match the file extension.
By enabling the File Extension Filter option you can reject, blackhole, quarantine, or deliver emails (with warnings) which contain certain types of files based on their extensions (e.g., executables). Please add the file extensions you want to be checked in the Extensions text box, for instance "com" or "exe" (without the dot separator).
Moreover, to prevent that faked file extensions can pass the extension filter, the content type will be checked in addition if the given content type does not match the file extension.
Resolution
Escalated to Astaro.
The Online Help is not correct in this part. We changed the behaviour of the File Extension blocking since there have been a lot of issues.
Now we only have a simple file extension blocking. Renaming files disables this feature.
The Online Help is not correct in this part. We changed the behaviour of the File Extension blocking since there have been a lot of issues.
Now we only have a simple file extension blocking. Renaming files disables this feature.