How to Block Dangerous Email Attachments with Regex?

darklord2020 · ‎07-03-2010

Dear Reader,

I would like to know that , how can i block email attachment via ASA Regex using ASDM 6.2.

I am able to block websites and stuff like that. But i want to block email attachments which are harmful. As an example i would like to block .mp3 extensions, so that if some one want to send an attachment with mp3 it would get deleted automatically. I hope you got my point.

Thanks a lot for viewing and answering.

Best Regards

JORGE RODRIGUEZ · ‎07-03-2010

For that you would need spam filter functions that can be delivered by CSC-SSM module for the ASAs , that is able to see email content/attachments and filters them based upon configured rules on the device.

CSC-SSM Product overview

http://www.cisco.com/en/US/products/ps6823/index.html

See tabe-1

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f.html

Regards

Jorge Rodriguez

darklord2020 · ‎07-06-2010

Thanks for the reply, however i thought it was possible with Regex also.

Nagaraja Thanthry · ‎07-06-2010

Regex is generally used with HTTP inspection. Unfortunately, the fiewall cannot get into the content of the SMTP traffic. For that you do need a content security module.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Typically, using the inspections, the firewall can check the application header and ensure that it meets the policy requirements. However, the firewall cannot get into the application payload (except in some cases like VoIP) and block contents. Hope this helps.

Regards,

NT