RE: Default File Checking Rule Issues
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Default File Checking Rule Issues - 5.Nov.2003 4:52:00 PM
|
|
|
fnbaiss
Posts: 127
Joined: 19.Sep.2003
From: USA
Status: offline
|
Sunday morning I wiped my server, installed the latest build, and made the registry change that Daniel listed in an earlier post. I've had no more of these email problems since then and previously I was getting about 4 per day.
|
|
|
|
|
RE: Default File Checking Rule Issues - 6.Nov.2003 9:26:00 AM
|
|
|
jrh369
Posts: 47
Joined: 24.Sep.2003
From: Evansville, Indiana
Status: offline
|
I'm about finished with my evaluation of MailSecurity and Mail Essentials.
While I think both are good products and I'd like to use them togather this issue with blocking file types really is giving me second thoughts about going with Mail Security for Mission Critical Security Solution.
Can someone from GFI help clarify what the company's position is towards this re: bug v. feature and if you plan to fix it.
Thanks
|
|
|
|
|
RE: Default File Checking Rule Issues - 6.Nov.2003 11:30:00 AM
|
|
|
rs
Posts: 3
Joined: 10.Jul.2003
Status: offline
|
I have had *many* problems with this feature during a trial. In particular, mac word documents not only get quarantined, but corrupted by MS as well. (great)
Will be trying Daniels solutions tonight.. I'm just suprised no-one that I phoned at support suggested it.
|
|
|
|
RE: Default File Checking Rule Issues - 7.Nov.2003 2:53:00 PM
|
|
|
ctsmiths
Posts: 43
Joined: 2.Jun.2003
Status: offline
|
GFI sends out a patch and the file checking rule picks it up as a virus.....
You gotta love it.. This is what I got...
File "vcheck.zip\vcheck.dll" triggered rule "Default File Checking Rule".
More Info The file "vcheck.dll" was blocked by the attachment checking module because the extension dll is related to another file extension which is set to be blocked by this rule.
|
|
|
|
|
RE: Default File Checking Rule Issues - 8.Nov.2003 5:16:00 AM
|
|
|
Kevinl
Posts: 9
Joined: 31.Oct.2003
From: Bahrain
Status: offline
|
Yep, I too have turned off checking via the registry and it still flags them.
I've put this in a Support query that I had open.
Cheers,
Kevin
|
|
|
|
|
RE: Default File Checking Rule Issues - 10.Nov.2003 3:43:00 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
All who had the vcheck.dll/vcheck.zip blocked by MailSecurity can download it directly from ftp://ftp.gfi.com/support/VCheck.zip. Instructions are located at http://kbase.gfi.com/showarticle.asp?id=KBID001840.
Note that this patch is also found in the latest build of MailSecurity as adviced at http://kbase.gfi.com/showarticle.asp?id=KBID001841.
Rick Smith, I think that you are referring to something that has not yet been mentioned in this thread. MailSecurity will detect that a dll is of the same type of an exe and an scr. If you are blocking any of these file-types (exe or scr), MailSecurity will detected that a dll is of the same type and will block the file. This can be disabled by switching the following registry value to '0':
[HKEY_LOCAL_MACHINE\SOFTWARE\GFI Fax & Voice\GFIAV\Ext\AttachChecker]
BlockFiles_ViaExtAssociations (dword)
[ November 10, 2003, 09:44 AM: Message edited by: nicks ]
|
|
|
|
|
RE: Default File Checking Rule Issues - 10.Nov.2003 4:02:00 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Following my last post, it should be noticed that the setting the 'BlockFiles_ViaExtAssociations' to '0' will only disable MailSecurity from checking if the attachment is of the same file-type as a blocked type.
E.g. I am blocking scr. If the above value is set to '1', I am automatically blocking exes and dlls.
However, this thread was initially raised because PDF (and other file types) where being detected as TXT (or a different file type). This is another check that MailSecurity is making. It will check that the file-type and the file extension match. If not, the attachment is blocked. In this case, the file-type is not correctly determined, and MailSecurity will block the attachment.
Currently the only way to disable this is to perform the procedure outlined above by DanielSchell. This will need to be done for all the instances of this issue.
|
|
|
|
|
RE: Default File Checking Rule Issues - 12.Nov.2003 3:17:00 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
RS, regarding the no extension rule, I think you are referring to the fact that MailSecurity/DownloadSecurity will block files without file extension. This can also be disabled from the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\GFI Fax & Voice\GFIAV\Ext\AttachChecker]
Change the value for 'BlockFiles_NoExt' (dword) to '0'.
|
|
|
|
|
RE: Default File Checking Rule Issues - 12.Nov.2003 11:43:00 PM
|
|
|
ufgeorge
Posts: 319
Joined: 11.Sep.2003
Status: offline
|
Dear nicks,
I try your solution about no file extension.
Yes, it works but MailSecrity will add file extension to dat!
Why is that?
|
|
|
|
|
RE: Default File Checking Rule Issues - 14.Nov.2003 3:28:00 PM
|
|
|
glen
Posts: 13
Joined: 10.Nov.2003
Status: offline
|
I think several people here are misunderstanding the BlockFiles_ViaExtAssociations registry fix that Daniel originaly posted, I have added a few comments in bold that may help you understand.
Originally posted by DanielSchell:
Hopefully this will clear things up:
The registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\GFI FAX & VOICE\GFIAV\Ext\AttachChecker\BlockFiles_ViaExtAssociations
Is used to block files such as *.JPEG if only *.JPG is in the blocked attachment list. Setting this to 0 will disable this type of checking (not really relevant in this case).
This only disables like attachment types, as was stated above, .jpeg if you are already blocking .jpg, .ddl & .scr if you are already blocking .exe (these are all executable files - same file type, different extension), This will not help with a .doc that is seen as a .txt or .rtf (these are different file formats - same extension different file type)
Use the fix below for .doc found as .txt or .rtf
You can make exclusions for individual incorrect detections which may be occuring as follows:
Eg.
Scenario: A .DOC detected as .TXT and was blocked due to possible renaming:
1. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\GFI FAX & VOICE\GFIAV\Ext\FileTypeChecker\KnownTypes
2. Find the value of the extension type that MailSecurity is detecting it as (In this case TXT = 1)
If your .docs are blocked as .txt add DOC wth the dword value for txt, if .docs are blocked as .rtf add DOC with the dword value for rtf.
You can find the list of extension types and numbers for GFI at the following reg entry
HKEY_LOCAL_MACHINE\SOFTWARE\GFI FAX & VOICE\GFIAV\Ext\FileTypeChecker\KnownTypes
3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\GFI FAX & VOICE\GFIAV\Ext\AttachChecker\BlockByAssocExceptions
4. Create a new DWORD with the extension of the file type being blocked (in this case DOC) and set the value to be the value (1) found in step 2.
5. Restart the SMTPSVC
In the past I have seen JPG files which were created on a Mac detect as TXT, and also DOC files created by an non-ms product suite detect incorrectly. I am sure the developers are working on detecting more file types from different products correctly.
Hopefully this has helped out.
Regards,
Daniel Schell - GFI Asia Pacific
Sorry if this is messy, I wanted to include Daniel's message as he originally posted the fix.
I hope this helps sort out some of the issues.
Just remember that just because a .doc is detected as something else doesn't mean its always an issue with GFI. I was just yelled at today as to why a user's simple .doc wouldn't go through and was blocked as a .doc detected as a .pdf, when I opened up the file in a text editor the file header was for a pdf. I renamed the file to .pdf and to the users suprize it wasn't a .doc at all it was realy a .pdf file someone had renamed as .doc ![[Confused]](/image/smiles/confused.gif) ....not sure why but, whatever!
[ November 24, 2003, 03:55 PM: Message edited by: Glen W ]
|
|
|
|
|
RE: Default File Checking Rule Issues - 19.Nov.2003 4:29:00 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
To globally disable the option of matching the file extension with the file-type is impossible. However, the following workaround can be used to configure MailSecurity to ignore such instances.
IMPORTANT: This workaround will disable MailSecurity from performing some other checks done at the Attachment Checking stage. Please see the NOTES at the end of the post.
Basically, when MailSecurity finds an attachment that shows a file extension but is detected as another file-type, the actions are taken from the first Attachment checking rule.
Therefore, if the first Attachment checking rule is configured to delete the attachment, the attachment is deleted, if it is configured to quarantine the attachment, the attachment is quarantined. And if it is configured to not block the file, the rule is still triggered, but the email and attachment are not blocked.
Using this information we can configure a rule that is set not to block any files. Here is the procedure to do this:
1. From the MailSecurity configuration, create a new Attachment Checking rule.
2. The rule should be configured as follows:
General tab
-----------
Check Inbound e-mails - Enabled;
Check Outbound e-mails - Enabled;
Block this list - no items should be added to the list;
Block files greater then - Disabled;
Actions tab
-----------
Block attachment and perform this action - Disabled;
Notify user via e-email - Optional;
Notify manager via e-email - Optional;
Log rule occurrence to this file - Optional;
Users/Folders tab
-----------------
Select "All except the list below";
The list should be empty;
3. Click Apply and OK to save the rule
4. Select the rule and move it to the top of the list.
NOTES:
------
By configuring this rule, you would also be allowing the following files to bypass MailSecurity:
- Files with no extensions will go through.
- Files with no name before extension will go through.
- Files which are recognized as other types will go through.
- Attachments are not checked for long file-names at the Attachment checking stage.
[ November 19, 2003, 10:32 AM: Message edited by: nicks ]
|
|
|
|
|
RE: Default File Checking Rule Issues - 19.Nov.2003 4:41:00 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Glen W,
I would like to point out a small mistake in your last post:
Glen W said:
" If your .docs are blocked as .txt add .txt with its value if .docs are blockes as .rtf add rtf with its value. Once you add .txt anything found as .txt will be let through (eg. Mac attachments .gif found as .txt will now come through)"
If you add the following to your registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\GFI Fax & Voice\GFIAV\Ext\AttachChecker\BlockByAssocExceptions]
"doc"=dword:00000001
you will be configuring MailSecurity to ignore word documents (DOC) when these are detected as TXT. However MailSecurity will not ignore other file-types that are detected as TXT.
Therefore with the above, MailSecurity will still block GIF that are detected as TXT.
|
|
|
|
|
RE: Default File Checking Rule Issues - 19.Nov.2003 4:43:00 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
ufgeorge,
Can you please explain further your situation. Maybe you can provide us with an example?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
![[Roll Eyes]](/image/smiles/rolleyes.gif)
![[Smile]](/image/smiles/smile.gif)