Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 22985 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MIME Header wild card

AhmedMaher

In Sophos UTM I used to put video/* in the blocked MIME type list and it would block all videos

I tried doing the same in Sophos XG by creating a new file type and add video/* in the MIME header field and a use it in a web policy to block video files but it does not work

Are wild cards supported in MIME headers like Sophos UTM?



This thread was automatically locked due to age.
Parents
  • 0

    Can you go to Web, Protection, and expand Advanced Settings.  Make sure that "Scan audio and video files" is checked.

    When this is unchecked, then several things are skipped to improve compatibility with streaming media services.  This might include the mime type blocking.

  • 0 in reply to Michael Dunn

    Hi Michael,

    my version of XG doesn't have any boxes with video or audio in the advanced tab to tick. It doesn't expand.

  • 0 in reply to rfcat_vk

    Go to Web, Protection tab.  There is a section for advanced settings there that you can expand.

     

    I don't know whether wildcards are accepted or not.  Maybe its a substring match, try "video/" and see if that works?

  • 0 in reply to Michael Dunn

    Hi Michael,

    you mean the triple dots past the advanced tab. There is three extra tabs, one has the suffixes in groupings and video is one of them, but I am not sure what ticking this does,  maybe blocks the applications?

  • 0 in reply to rfcat_vk

    In 16.01 and 16.05.
    Left menu, web.
    Tab "Protection"
    The first grouping of settings is "Malware Scanning" where you can select the Scan Engine Selection, etc.
    Below the Scan Engine Selection there is "Advanced Settings" with a little triangle.  Click on it to expand.
    You should now see additional options including a "Scan audio and video files".

     

    When this is unchecked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will not virus scan the file and it will tunnel the content directly to the client.

    When this is checked, if the web server has in the header that the file is a video/mpeg (for example), then the proxy will treat it as a normal file download and will do either batch or real time scanning etc like any other file.

     

    I think what you were talking about is the "File Types" tab, which is a file type definition that can then be used in policy.  The checkboxes are just for multi-select deletion.

  • 0 in reply to Michael Dunn

    Thank you, found it, bit obscure, but never mind, now wiser.

  • 0 in reply to Michael Dunn

    I tested it again with substring match and it does not work

    So far this is what I tried

    For example I want to block all audio files so I am testing to download an MP3 file

    I created a File Type definition and added only audio/* in the MIME header option >> Does not work

    I created a File Type definition and added only audio/ in the MIME header option >> Does not work

    I created a File Type definition and added only audio in the MIME header option >> Does not work

    It will only block the download of the MP3 files if I added audio/mpeg in the MIME header option!

    Any other advice?

     

Reply
  • 0 in reply to Michael Dunn

    I tested it again with substring match and it does not work

    So far this is what I tried

    For example I want to block all audio files so I am testing to download an MP3 file

    I created a File Type definition and added only audio/* in the MIME header option >> Does not work

    I created a File Type definition and added only audio/ in the MIME header option >> Does not work

    I created a File Type definition and added only audio in the MIME header option >> Does not work

    It will only block the download of the MP3 files if I added audio/mpeg in the MIME header option!

    Any other advice?

     

Children
No Data