Here's my pertinent settings:
DoBlockExes block
BlockExec (external) Level 2
BlockWLExes Level 1
BlockNPExecs Level 1
BaddAttachLevel1
exe-bin|url|ade|adp|asx|bas|bat|dot|dotx|xlt|xlts|bin|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|htb|inf|ifs|isp|js|jse|lnk|mda|mdb|mde|mdz|mht|msc|msi|msp|mst|nch|pcd|pif|prf|ps1|reg|scf|scr|sct|shb|shs|vb|vbe|vbs|vba|wms|wsc|wsh
Levels2, 3, 4 are currently blank
In UserAttach I have only this:
zip: allo...@ourdomain.org => good-out => *|crypt\-zip
DoASSP_AFC enabled
ASSP_AFCblockEncryptedZip is checked
No matter if the documentation is clear, I find the options to be a bit
convoluted and the way I understand it doesn't match what I see happening.
Here's what happening for me
1) No user may send or receive encrypted zip files except
allo...@ourdomain.org [as expected]
2) If I didn't have the *|crypt\-zip and instead just had crypt\-zip,
allowed@ourdomain could not send non-encrypted zip files [as expected]
3) files that match level 1 (but aren't zipped) are blocked for all users
[as expected]
4) The allo...@ourdomain.org user, the one who is in the UserAttach file,
CAN receive zip files (just not encrypted) despite what you've explained.
I thought you said that if the line isn't fully defined, everything else
would be a block. [*not as expected*]
5) all users >can< receive zip files that contain dll files as an example.
I though that they'd be disallowed as dll is in level 1 [*not as expected*]
6) I didn't test allo...@ourdomain.com and other non-zip attachments. What
would you expect to happen?
*So, let me please restate my questions, maybe more clearly?*
Based on my settings, does it look like I'm doing something wrong? Is it
working as expected, but I just don't understand?
If there isn't a FULLY definted UserAttach line for a user and there's only
say a good-out, are you saying that bad-out, bad-in, and good-in will be
considered to be blank?
If so, what does a blank good-in and bad-in rule do? Everything is good,
but everything is bad? Which wins?
If I define a zip: line for a specific user but not a non-zip: line, will
the level 1,2,3,4 blocks still be effective?
On Wed, Feb 17, 2016 at 12:40 PM, Thomas Eckardt <thomas.ecka...@thockar.com
> wrote:
> The doc is clear. If a user entry is made and matches - all level
> definitions are skipped!
> Yes, zip: definitions have to be made explicite.
> If you want to act AFC the same way for regular attachments and zip file
> content, you'll need two identical definitions - one without and one with
> the leading zip:
>
> Thomas
>
>
>
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 17.02.2016 16:39
> Betreff: Re: [Assp-test] AFC Plugin, UserAttach. Encrypted zip
>
>
>
> and a followup, even though I've got both exe-bin and dll listed in level
> 1, it seems that zip files that include those extensions are still allowed
> through to / from all users.
>
> Is there a way to have AFC block attachments for all (not counting
> UserAttach exceptions) if any level 1,2,3 file is inside a zip? I'm not
> talking encrypted, just a regular zip.
>
> On Wed, Feb 17, 2016 at 9:55 AM, K Post <nntp.p...@gmail.com> wrote:
>
> > sorry, hit send by mistake....
> >
> > If I put a line like
> >
> > zip: theuser@ourdomain => => good-out => crypt\-zip
> >
> > 1) that will allow the encrypted zips right?
> >
> > 2) Will that block the person from being able to send zips that are NOT
> > encrypted? If so, how do we allow encrypted zips and any other zip to
> go
> > EXCEPT those that contain something prohibited by Level 1?
> >
> > 3) The description's unclear to me - if you have a line in the user
> > attach file but only specify what IS allowed and don't have a block bit
> to
> > the line, does that remove all blocks from Level 1 etc?
> >
> > 4) If I wanted different attachment handling for a person and different
> > zip handling for that same person, am I correct in saying that I'd use 2
> > lines in userattach, one normal, and one prefixed with zip?
> >
> > THANK YOU
> >
> >
> >
> > On Wed, Feb 17, 2016 at 9:49 AM, K Post <nntp.p...@gmail.com> wrote:
> >
> >>
> >> I've read and reread the gui, but still am not completely clear.
> >>
> >> Attachment blocking works well. We don't allow, in or out, the
> standard
> >> stuff: exe, etc.
> >>
> >> I've got ASSP_AFCblockEncryptedZIP checked, and that works well too.
> >>
> >> My problem is that I've got 2 users who need to be able to send
> encrypted
> >> zip files, but not receive them. All other restrictions, in and out,
> for
> >> those users should be the standard.
> >>
> >> I assume I use UserAttach for this. If I understand correctly, if I
> had
> >> a regular line in UserAttach, that will override everything else in the
> >> attachment blocking section.
> >>
> >> If I put a line like
> >>
> >> zip: theuser@ourdomain => => good-out => crypt\-zip
> >>
> >> 1) that will allow the encrypted zips right?
> >>
> >> 2) Will that block the person from being able to send zips that are NOT
> >> encrypted?
> >>
> >
> >
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
