Hello,
i want to block any attachment (.zip ) content virus, but pass clean .zip
is there any possibility?
thanks
The FN will do this. What device and FW are you running? You need to take some things into consideration:
[ol]
Thanks for reply,
The Deep-inspection Already Enable for the policy. and test Eicar virus it blocked successfully
but can you explain me Macro files i dont understand , other word can you help me to block this files.
thanks
Sorry i forgot to tell my device model,
i am using Fortigate200D and FW(5.2.3)
thanks.
Here's some info:
http://www.trendmicro.com...hat-macro-malware-pose
The Word, Excel, and PDFs that use this type of attack are not technically viruses. They have macros or scripts enabled so that when a user opens the file, code is executed that attempts to download and run an exploit. Because of this, most scanners will not detect them. There are multiple things you can do to reduce the chance that these will succeed. If you have good endpoint AV that helps mitigate them from working also.
1. Enable MS Office and PDF applications to restrict untrusted embedded code from running. Use the first link above for MS Office, for PDFs I disable Javascript and enable Protected Mode and Enhanced Security. Also critical to keep all updates installed for these apps of course.
2. Make sure you restrict downloads of ANY and ALL executables from untrusted sources. I create a firewall rule with AV scanning enabled (just in case) of trusted domains such as dell.com, microsoft.com, etc so I can download updates and patches. This takes work (my list is over 250 hosts) but after a while you get it in place and only need to update it occasionally). All other downloads go through a rule with full IDS for Clients and DLP for file blocking enabled.
3. Users should not be running as Admins (this one step prevents +90% of malicious downloads from succeeding)
4. Educate your users to be suspicious of unsolicited Resumes, invoices, or orders.
5. Remove Java from your systems if you aren't using it. Same for Flash but this is harder to do for another year or so.
6. Restrict the types of attachments you allow via email. We allow PDF, TXT, XLS/X, DOC/X, PPT/X, MSG and images. All other files types should be banned except for special use cases. RTFs have been weaponized so best to not allow those either. If you work with a specific application such as CAD that need to be sent you can exempt those but block as much as possible. JS, ARJ, and RAR are especially bad for what should be obvious reasons.
These payloads will attempt to launch CryptoWall/Locker or a banking trojan depending on your geographic location and industry.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.