Preview Tool

Cisco Bug: CSCus86222 - files compressed in CAB not actioned properly like zip/rar

Last Modified

Mar 07, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases


Description (partial)

CAB compressed files are not being properly decompressed and scanned by the ESA like it would with other compressed file format (zip/rar)

Content filter or message filter setup to drop by executable file type
Injecting the executable file in a cab compressed format and it will pass with no issues

inject the executable file in a zip compressed format and it will be dropped

Related Community Discussions

Message Filter not giving results
I am trying to strip an .scr attachment which is under compressed file .cab. I have written below filter, but its not resulting out to be effective   Strip_Encrypt_Attachment_MF3: if (recv-listener == "ExternalMail") AND (attachment-filetype == "cab") {                                   drop-attachments-by-name(".scr$", "cfy");                               }   Where am i doing wrong?
Latest activity: Mar 27, 2015
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.