Guest

Preview Tool

Cisco Bug: CSCus86222 - files compressed in CAB not actioned properly like zip/rar

Last Modified

Mar 07, 2018

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

8.5.6-106

Description (partial)

Symptom:
CAB compressed files are not being properly decompressed and scanned by the ESA like it would with other compressed file format (zip/rar)

Conditions:
Content filter or message filter setup to drop by executable file type
Injecting the executable file in a cab compressed format and it will pass with no issues

inject the executable file in a zip compressed format and it will be dropped

Related Community Discussions

Message Filter not giving results
I am trying to strip an .scr attachment which is under compressed file .cab. I have written below filter, but its not resulting out to be effective   Strip_Encrypt_Attachment_MF3: if (recv-listener == "ExternalMail") AND (attachment-filetype == "cab") {                                   drop-attachments-by-name(".scr$", "cfy");                               }   Where am i doing wrong?
Latest activity: Mar 27, 2015
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.