Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 22987 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MIME Header wild card

AhmedMaher

In Sophos UTM I used to put video/* in the blocked MIME type list and it would block all videos

I tried doing the same in Sophos XG by creating a new file type and add video/* in the MIME header field and a use it in a web policy to block video files but it does not work

Are wild cards supported in MIME headers like Sophos UTM?



This thread was automatically locked due to age.
Parents
  • 0

    Can you go to Web, Protection, and expand Advanced Settings.  Make sure that "Scan audio and video files" is checked.

    When this is unchecked, then several things are skipped to improve compatibility with streaming media services.  This might include the mime type blocking.

  • 0 in reply to Michael Dunn

    Hi Michael,

    my version of XG doesn't have any boxes with video or audio in the advanced tab to tick. It doesn't expand.

  • 0 in reply to rfcat_vk

    Go to Web, Protection tab.  There is a section for advanced settings there that you can expand.

     

    I don't know whether wildcards are accepted or not.  Maybe its a substring match, try "video/" and see if that works?

  • 0 in reply to Michael Dunn

    Hi Michael,

    you mean the triple dots past the advanced tab. There is three extra tabs, one has the suffixes in groupings and video is one of them, but I am not sure what ticking this does,  maybe blocks the applications?

  • 0 in reply to rfcat_vk

    In 16.01 and 16.05.
    Left menu, web.
    Tab "Protection"
    The first grouping of settings is "Malware Scanning" where you can select the Scan Engine Selection, etc.
    Below the Scan Engine Selection there is "Advanced Settings" with a little triangle.  Click on it to expand.
    You should now see additional options including a "Scan audio and video files".

     

    When this is unchecked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will not virus scan the file and it will tunnel the content directly to the client.

    When this is checked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will treat it as a normal file download and will do either batch or real time scanning etc like any other file.

     

    I think what you were talking about is the "File Types" tab, which is a file type definition that can then be used in policy.  The checkboxes are just for multi-select deletion.

Reply
  • 0 in reply to rfcat_vk

    In 16.01 and 16.05.
    Left menu, web.
    Tab "Protection"
    The first grouping of settings is "Malware Scanning" where you can select the Scan Engine Selection, etc.
    Below the Scan Engine Selection there is "Advanced Settings" with a little triangle.  Click on it to expand.
    You should now see additional options including a "Scan audio and video files".

     

    When this is unchecked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will not virus scan the file and it will tunnel the content directly to the client.

    When this is checked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will treat it as a normal file download and will do either batch or real time scanning etc like any other file.

     

    I think what you were talking about is the "File Types" tab, which is a file type definition that can then be used in policy.  The checkboxes are just for multi-select deletion.

Children