Cisco Community
English
Register
COMMUNITY HELPING COMMUNITY - With your Community actions and contributions, we will donate up to $10,000 to UNICEF by end of January- PARTICIPATE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
753
Views
0
Helpful
1
Replies
Highlighted
Pravar
Beginner
Beginner
‎07-31-2017 06:09 AM
‎07-31-2017 06:09 AM

Message filter to drop certain file types

Hi, 

We are using following message filter to drop the mentioned file name attachments.However it is not working effectively when they are compressed in the zip files. Looks like there is a bug in our OS.  So, we want to use attachment-filetype instead of attachment-filename to restrict these files passing through the appliances without bringing in any other issues with this change. Any help is appreciated.

restrict_malicious_filename: if (recv-listener == "Inmx") AND (attachment-filename ==
"\\.(386|ad|ade|adp|cmd|cnt|com|cpl|crt|csh|der|exe|fxp|gadget|grp|ksh|lib|lnk|mad|maf|mag|mam|maq|mar|mas|mat|mau|mav|maw|mcf|mda|mmsp|mst|nsh|ocx|ops|osd|pcd|pif|psc1|psc2|pst|reg|scf|scr|sct|vbs|vbp|vs|vss|vst|vsw|vxd|ws|wsc|wsf|wsh|xbap|xnk)$") {
drop();
}

Labels:
0 Helpful
Reply
1 REPLY 1
Highlighted
Libin Varghese
Cisco Employee
Cisco Employee
‎07-31-2017 08:39 AM
‎07-31-2017 08:39 AM

Hi,

I would recommend working on the existing filter to see why a specific attachment was not caught and confirming it is a defect before changing the filter to attachment-filetype altogether.

Attachment-filetype looks at the fingerprint of the attachment while the attachment-filename only looks at the name irrespective of the type of file. You can choose whichever works best for your requirements.

- Libin V

0 Helpful
Reply
Latest Contents
Cyber Ops Pro 350-201 CBRCOR
Created by Gallifrean on 11-25-2020 02:44 PM
1
0
1
0
Does anyone know when and where study resources will become available for this certification?
Is it right way to exclude ? \Program Files\Commvault\*
Created by Pruthvirajnasagoni89418 on 11-24-2020 09:34 AM
0
0
0
0
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ?  *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting ,  So... view more
Customer Connection Briefing - Central Log Management using ...
Created by Kelsy Tibshraeny on 11-24-2020 09:27 AM
0
0
0
0
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c... view more
How to: Integrate Cisco ISE MDM with Microsoft Intune
Created by pavagupt on 11-23-2020 01:54 AM
0
5
0
5
Introduction             Mobile Device Management (MDM) servers secure, monitor, manage, and support mobile devices deployed across mobile operators, service providers, and enterprises. MDM servers a... view more
Cyberattacks are on the Rise - Secure your Digital Experienc...
Created by carbaker on 11-19-2020 11:49 AM
0
0
0
0
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business.  Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring... view more
Content for Community-Ad
Cisco Community October 2020 Spotlight Award Winners

Follow our Social Media Channels