Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

Mail Security: Check ZIP / Archive files for blocked extensions

I need, for example, to block exe files. however, the problem with ASG is that if files with blocked extensions are zipped - even without password protect the archive - they pass, because apparently Astaro only checks the zip file extension (rar, zip) and not the extensions of the files inside the archive, which means that you can bypass the blocking of any files by zipping them first. My only option now is to block zipped files which is not so practical as they may contain legitimate content that I don't want to block.

209 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Mustafa Nasser shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      • cris commented  ·   ·  Flag as inappropriate

        still not working
        i udate my utm to 9,351-3 with pattern version 91534

      • Nathan Lock commented  ·   ·  Flag as inappropriate

        Sophos sure are slow to update this site, 9.3 was released months ago and only today has Eric they updated this feature request closing it off. You need to be looking and responding to this site a lot more!

      • Buddy commented  ·   ·  Flag as inappropriate


        this feature is already released as part of Version 9.300.

        From the Release Notes:

        True-File-Type Detection

        In our web and mail proxy we now traverse archive files (zip, rar, etc.) to detect the types of files inside. This allows granular policy enforcement based on file types included in an archive rather than blocking archive files in general.


      • Fernando Calugullín commented  ·   ·  Flag as inappropriate

        I known Symantec Messaging Gateway for several years and this function is covered by this product due it is very important today. This product can block executable attachments i.e. exe by extension or by true file type, so nobody can send emails that contains executable files even if they are in containers files (zip, rar) or extension renamed (i.e. to .txt) or with a maximum container scan depth until 20 levels.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Today, I tried to send a zip file with some .js files in it. It was blocked! Could it be that scanning inside zip files is now enabled?
        P.S. Tried 7-zip and then it went out anyway, so if this hole is closed, it is closed just a little bit...

      • Luis Mompó Handen commented  ·   ·  Flag as inappropriate

        I'm using mailcleaner as smtp pre-scanner until sophos is able to provide this feature. you can also modify the exim setting in the utm with something like:

        acl_smtp_mime = acl_check_mime
        begin acl
        deny message = A .zip attachment contains a Windows-executable file - \
        blocked because we are afraid of new viruses \
        not recognized [yet] by antiviruses or sophos utm
        condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
        condition = ${if def:sender_host_address}
        !authenticated = *
        decode = default
        log_message = forbidden binary in attachment: filename=$mime_filename, \
        condition = ${if match{${run{/usr/local/bin/unzip -l \

        deny message = Windows-executable attachments forbidden because we are \
        afraid of new viruses not recognized [yet] by antiviruses.
        condition = ${if def:sender_host_address}
        !authenticated = *
        log_message = forbidden attachment: filename=$mime_filename, \
        content-type=$mime_content_type, recipients=$recipients
        condition = ${if or{\


      • Thomas commented  ·   ·  Flag as inappropriate

        I can´t believe it. One of the most used intrusion doors for Malware would be closed now. I´m looking forward
        I´m only happy that the AV Scanner on the clients blocked these Malware mails (i.e. the executables) in the past. The AV scanner is from Sophos!
        Its just a shame, that an AV Company took such a long time

      • Daniel Wicke commented  ·   ·  Flag as inappropriate

        so everybody here in germany knows the big spamwave ... they distribute zips or links to zips outside the company.
        and waht can we do with sophos UTM? nothing ... except blocking zip completly. But who handle the users shitstorm after doing that?

        Year 2014 sophos - Astaro - move on!

      • Bart commented  ·   ·  Flag as inappropriate

        This is a reason for customers to choose another vendor. Fix please!

      • Anonymous commented  ·   ·  Flag as inappropriate

        It's year 2014 and your Mail Security still cannot blocked mails with archives who contained blocked extensions :-/

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.