mail attachement - blockign file extensions
i had an issue which i raised with support and got no where.
we setup a rule that was supposed to block all attachments except the ones in the allowed list.
as sophos only works on true file type detection, if its not a file type in its database it does not block the email.
such as .xaml which is a valid file and will open in Excel
one big issue is that if i set a rule that only allows .docx files through it should block any other file types regardless of its true file type, whether it is known or not if it doesn't match the .docx extension and true file type then it should be blocked end of!
apparently its normal to not block something you've not allowed and must block it manually, whats the point of an allowed list if you've still got to block every file type you don't want?
sophos support response:
I consulted with my senior team and found that appliance uses true file type detection and hence the name of the extension doesn't matter. Also there are few foreign extension like ".xaml" which requires an individual rule so its normal. Moreover I also under rule "time of click" rule the categories of high, low and medium risk are categorized by sophos lab, they created a list of risky sites and they fall under that category.
As per my conversation with senior team, there are some foreign extensions (mime types) which will require an individual rule to block as those are yet to be update, I am sure this will get covered in the next SEA update.
I had a conversation with senior team and found that, this depends on how the files are zipped, that's not a good policy.
The appliance uses true type detection so if it sees some portion of a file that is allowed it may not work as expected.