In order to enhance the security of our network, I would like to prevent users from downloading certain types of files, such as executables and music. Both ISA Server and several add-ins have options for doing so, but they all seem to be based on the file's MIME type and/or extension. Unfortunately this type of file checking is extremely limited; for example, if someone renames a file 'game.exe' to 'document.pdf' and places it on a web server, a user would be able to download it, rename the downloaded copy to 'game.exe' and do all kinds of stuff with it, most of which is probably not work-related.
To prevent users from using such workarounds, I am looking for an add-in for ISA Server that is able to determine the file type based on its contents, rather than the MIME type or extension, and that allows me to choose which types of files to allow and/or which to block. GFI WebMonitor claims to be able to do exactly what I want, but after doing a simple test this claim does not seem to hold true.
Can someone tell me which ISA add-in can perform this type of content filtering, if such a piece of software exists at all? Thanks in advance.
We're using GFI WebMonitor and blocking of re-named files seems to work for us.
What is happening exactly in your case?
I took a small MP3 file, renamed it to 'test.pdf' and uploaded this file to a web server. In GFI WebMonitor, I configured Web Traffic Scanning to block MP3 audio and to allow PDF documents and scan them for viruses.
After applying the settings in WebMonitor, I am still able to download the 'test.pdf' file without any errors or warnings, where I would expect WebMonitor to recognize it as an MP3 file. Renaming the downloaded file to 'test.mp3' produces a perfectly playable piece of audio. I also noticed that I don't see the page with the progress bar WebMonitor usually produces, even though I configured antivirus scanning to show the progress to the user. Instead, the browser (IE 6.0 SP2) starts Adobe Reader immediately to open the file.
Since WebMonitor seems to do the trick for you, I will do some additional testing with other files and file types. Thanks for your reply!
It would appear that the file is not being scanned by GFI WebMonitor. Can you ensure that the website you are downloading from is not listed being excluded from scanning?
It would appear that the file is not being scanned by GFI WebMonitor. Can you ensure that the website you are downloading from is not listed being excluded from scanning?
Yup, I double-checked, and the site is not excluded.
However, I did the same test I described in my reply to Antioch, using an .exe file instead, and this time the file is blocked. I haven't tested any other files yet, but my first impression is that WebMonitor's MP3 detection is not 100% reliable.
Would it be possible to send a set of debug troubleshooter files over to forums@gfi.com in order to help us investigate your issue further? Kindly reference the url of this thread in your mail.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Misc.] >> 3rd Party Add-ons >> Blocking files based on their contents 
Blocking files based on their contents - 
RE: Blocking files based on their contents - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread