This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MIME Header wild card

In Sophos UTM I used to put video/* in the blocked MIME type list and it would block all videos

I tried doing the same in Sophos XG by creating a new file type and add video/* in the MIME header field and a use it in a web policy to block video files but it does not work

Are wild cards supported in MIME headers like Sophos UTM?

This thread was automatically locked due to age.

Parents

0 Michael Dunn over 8 years ago

Can you go to Web, Protection, and expand Advanced Settings. Make sure that "Scan audio and video files" is checked.

When this is unchecked, then several things are skipped to improve compatibility with streaming media services. This might include the mime type blocking.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 8 years ago in reply to Michael Dunn

Hi Michael,

my version of XG doesn't have any boxes with video or audio in the advanced tab to tick. It doesn't expand.
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Dunn over 8 years ago in reply to rfcat_vk

Go to Web, Protection tab. There is a section for advanced settings there that you can expand.

I don't know whether wildcards are accepted or not. Maybe its a substring match, try "video/" and see if that works?
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 8 years ago in reply to Michael Dunn

Hi Michael,

you mean the triple dots past the advanced tab. There is three extra tabs, one has the suffixes in groupings and video is one of them, but I am not sure what ticking this does, maybe blocks the applications?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 8 years ago in reply to Michael Dunn

Hi Michael,

you mean the triple dots past the advanced tab. There is three extra tabs, one has the suffixes in groupings and video is one of them, but I am not sure what ticking this does, maybe blocks the applications?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Michael Dunn over 8 years ago in reply to rfcat_vk

In 16.01 and 16.05.
Left menu, web.
Tab "Protection"
The first grouping of settings is "Malware Scanning" where you can select the Scan Engine Selection, etc.
Below the Scan Engine Selection there is "Advanced Settings" with a little triangle. Click on it to expand.
You should now see additional options including a "Scan audio and video files".

When this is unchecked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will not virus scan the file and it will tunnel the content directly to the client.

When this is checked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will treat it as a normal file download and will do either batch or real time scanning etc like any other file.

I think what you were talking about is the "File Types" tab, which is a file type definition that can then be used in policy. The checkboxes are just for multi-select deletion.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 8 years ago in reply to Michael Dunn

Thank you, found it, bit obscure, but never mind, now wiser.
Cancel
Vote Up 0 Vote Down

Cancel