Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Filter doc and vbs with SP3

To: "'Alonzo Vera'" <[email protected]>, [email protected]
Subject: RE: [FW1] Filter doc and vbs with SP3
From: "Martin, Jeffrey" <[email protected]>
Date: Tue, 13 Mar 2001 16:13:10 -0500
Sender: [email protected]

Hello,

We are using the syntax:

:(forbiddenfiles
	:("{*.vbs,*.exe}")
	)

and it is stripping all vbs and exe attachments. Yes, as far as anyone
knows, the syntax example in the release notes is meaningless gibberish.

My advice is to think very carefully before using this function however as
it is very buggy. We have been working for some time with technical support
about it. Basically, certain emails are being truncated with the message
"invalid or missing boundary" and no one seems to know why. It seems to be
some sort of syntax checking on the 'Content-Type' field in SMTP. For
example, every attachment regardless of name or type is removed that we
receive from Netscape's webmail service. The SMTP message is cut off right
at the 'Content-Type' field. This causes the mail client to be unable to
interpret the message and you get the mailers 'unknown character set'
message or equivalent. Take out the 'forbiddenfiles' entry and it stops
happening. This also happens to any Exchange return receipts we get from
outside the firewall.


Good luck,
Jeff

-----Original Message-----
From: Alonzo Vera [mailto:[email protected]]
Sent: Tuesday, March 13, 2001 3:56 PM
To: [email protected]
Subject: [FW1] Filter doc and vbs with SP3



Does anyone had done this?. Release notes on SP3 says that it is possible.
But the example is not clear (anyway, not clear for me!! =) ).
How does FW-1 know that .DOC and .VBS should be restricted by adding the
lines: 
: {forbiddenfiles
	:("{a*.v,*.xx}")
in the smtp resource?. What about other kind of files, like .JPG or .COM

Any help would be appreciated.

Alonzo.


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Filter doc and vbs with SP3
Next by Date: Re: [FW1] Proxy ARP in LINUX not working???
Previous by thread: [FW1] Filter doc and vbs with SP3
Next by thread: [FW1] Raptor to FW1 ISKMP tunnel issues.
Index(es):
- Date
- Thread