Block specific Files
Coffee_is_life last edited by Coffee_is_life
in order to protect our company, we used GPO to block some files in outlook.
For example all “.zip”,".rar",".bat" and some more are not availible in Outlook.
Is there a way or a plugin to prevent users to access these files via Webapp?
MailScanner? But that only takes care of files that are being sent or received.
But it would mean that even if the users add a say .BAT file to an email and try to send it, it would then be blocked by MailScanner before they get to the recipient, either inside the network or outside (at least that’s how I have set it up).
would be another 3rd-party program…
it should be possible to create a plugin to block some files. - prefer something like that
yes but on the other hand you do need to run need to run some sort of anti virus etc. on incoming mail right? So MailScanner blocks the extensions too.
Note that it would block also extensions (I think) that are mis named. E.g. someone hiding a .zip calling it something else etc.
A plugin may not be clever enough to do so…
We got a firewall with antispam/Virus-Filter - but this first security is not enough for some users, who unblock mails they dont know (even if they got different instructions).
So these unblocked mails are delivered to the inbox and thats not good.
i was told, that another 3rd-Party program is not an option.
The plugin or setting via config-file just need to prevent .zip files from loading and replace this with a message: “Blocked file: $blocked_file_name - contact yout IT” - or something like that.
I see. MailScanner (at least in my installation) doesn’t let the users unblock anything but they have to physically ask the admin to retrieve the attachment… A little bit more cumbersome but it’s all blocked.
The plugin perhaps would work, but the issue is, as I mentioned, renamed files.
Someone can simply rename a .zip file as .z1p and the plugin won’t block it, unless of course you add a lot more sophistication to the code.
on the other hand, if its renamed, the system itself wont open the file via 7zip or another archive-program…
in this case the user would ask the it how to open this file.
well… the user can write in the email something like " I send you a zip file renamed as z1p" and you can save it and rename it and that will do the trick.
Anyway I am not saying a plugin or some settings somewhere in webapp to avoid uploading a certain set of extensions is a bad idea, just that it can be very simple (simply block the name) or very complicated depending on how much time and effort you want to invest to write this…