• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Blocking files based on their contents

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Blocking files based on their contents Page: [1]
Login
Message << Older Topic   Newer Topic >>
Blocking files based on their contents - 10.Nov.2006 9:52:54 AM   
chibibo

 

Posts: 4
Joined: 7.Nov.2006
Status: offline
Hello all,

In order to enhance the security of our network, I would like to prevent users from downloading certain types of files, such as executables and music. Both ISA Server and several add-ins have options for doing so, but they all seem to be based on the file's MIME type and/or extension. Unfortunately this type of file checking is extremely limited; for example, if someone renames a file 'game.exe' to 'document.pdf' and places it on a web server, a user would be able to download it, rename the downloaded copy to 'game.exe' and do all kinds of stuff with it, most of which is probably not work-related.

To prevent users from using such workarounds, I am looking for an add-in for ISA Server that is able to determine the file type based on its contents, rather than the MIME type or extension, and that allows me to choose which types of files to allow and/or which to block.
GFI WebMonitor claims to be able to do exactly what I want, but after doing a simple test this claim does not seem to hold true.

Can someone tell me which ISA add-in can perform this type of content filtering, if such a piece of software exists at all? Thanks in advance.
Post #: 1
RE: Blocking files based on their contents - 13.Nov.2006 3:53:37 AM   
Antioch

 

Posts: 11
Joined: 12.Jul.2005
Status: offline
Hey Chibibo,

We're using GFI WebMonitor and blocking of re-named files seems to work for us.

What is happening exactly in your case?

_____________________________

Statistics are used as a drunk uses lampposts - for support, not for illumination.

(in reply to chibibo)
Post #: 2
RE: Blocking files based on their contents - 13.Nov.2006 8:52:12 AM   
Shakeel Riaz

 

Posts: 2
Joined: 28.Oct.2006
Status: offline
Heloo Friends...use isa guota enforcer for Blocking files based on their contents....its a very good software.....im also using it...

(in reply to Antioch)
Post #: 3
RE: Blocking files based on their contents - 15.Nov.2006 3:50:20 AM   
chibibo

 

Posts: 4
Joined: 7.Nov.2006
Status: offline
quote:

We're using GFI WebMonitor and blocking of re-named files seems to work for us.

What is happening exactly in your case?

I took a small MP3 file, renamed it to 'test.pdf' and uploaded this file to a web server. In GFI WebMonitor, I configured Web Traffic Scanning to block MP3 audio and to allow PDF documents and scan them for viruses.

After applying the settings in WebMonitor, I am still able to download the 'test.pdf' file without any errors or warnings, where I would expect WebMonitor to recognize it as an MP3 file. Renaming the downloaded file to 'test.mp3' produces a perfectly playable piece of audio. I also noticed that I don't see the page with the progress bar WebMonitor usually produces, even though I configured antivirus scanning to show the progress to the user. Instead, the browser (IE 6.0 SP2) starts Adobe Reader immediately to open the file.

Since WebMonitor seems to do the trick for you, I will do some additional testing with other files and file types. Thanks for your reply!

(in reply to Antioch)
Post #: 4
RE: Blocking files based on their contents - 15.Nov.2006 6:46:26 AM   
Patrizia

 

Posts: 18
Joined: 12.Jan.2004
Status: offline
chibibo,

It would appear that the file is not being scanned by GFI WebMonitor. Can you ensure that the website you are downloading from is not listed being excluded from scanning?

(in reply to chibibo)
Post #: 5
RE: Blocking files based on their contents - 16.Nov.2006 7:30:27 AM   
chibibo

 

Posts: 4
Joined: 7.Nov.2006
Status: offline
quote:

It would appear that the file is not being scanned by GFI WebMonitor. Can you ensure that the website you are downloading from is not listed being excluded from scanning?

Yup, I double-checked, and the site is not excluded.

However, I did the same test I described in my reply to Antioch, using an .exe file instead, and this time the file is blocked. I haven't tested any other files yet, but my first impression is that WebMonitor's MP3 detection is not 100% reliable.

(in reply to Patrizia)
Post #: 6
RE: Blocking files based on their contents - 20.Nov.2006 11:12:47 AM   
Patrizia

 

Posts: 18
Joined: 12.Jan.2004
Status: offline
chibibo,

Would it be possible to send a set of debug troubleshooter files over to forums@gfi.com in order to help us investigate your issue further?  Kindly reference the url of this thread in your mail.

(in reply to chibibo)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Blocking files based on their contents Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts