05-04-2018 12:40 AM - edited 03-20-2019 10:07 PM
Dear Cisco Team,
Bug CSCvd65801 has been opened since 18/09/2017. When can we expect a fix for it? Additionally, we are running the latest AsyncOS version (11.1.0-128) and are still facing the issue. I believe the "Known Affected Releases" field needs to be adjusted.
Best regards,
11-02-2018 10:47 AM - edited 11-02-2018 11:12 AM
11-02-2018 11:12 AM
Can Cisco TAC post an official complete message filter in the BUG as a fix for stripping the .MSO attachment if EXE was detected as proposed in this thread?
04-23-2019 12:56 AM
Version 12, same Problem overhere...
04-23-2019 08:44 AM
I think Cisco's post using content filter to remove .mso is best solution as of now.
04-30-2019 02:41 AM
This is not a real Solution.
It Block encryptet .zip.
Block executable (searches .zip & 7z for executables).
wenn I customize my filter:
(?i)\.(exe|scr|ace|apk|app|bat|cmd|com|command|cpl|csh|dll|exe|gadget|hta|inf1|ins|inx|ipa|isu|java|job|jse|ksh|lnk|mrc|msc|msi|msp|mst|osx|out|paf|pif|prg|ps1|py|reg|rgs|run|scr|sis|sct|shb|shs|u3p|vb|vbe|vbs|vbscript|workflow|ws|wsf|7z|rar|7zip|cpl|js|cab|jsp|class|zip)
or
attachment-filename == "\\.(exe|scr|ace|apk|app|bat|cmd|com|command|cpl|csh|dll|exe|gadget|hta|inf1|ins|inx|ipa|isu|java|job|jse|ksh|lnk|mrc|msc|msi|msp|mst|osx|out|paf|pif|prg|ps1|py|reg|rgs|run|scr|sis|sct|shb|shs|u3p|vb|vbe|vbs|vbscript|workflow|ws|wsf|7z|rar|7zip|cpl|js|cab|jsp|class|zip)$\""
It blocks zip completly... but i want to block executables and I want that .zip and 7z are scanned for executables.
How can i do this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide