Sophos Web Appliance users at risk
.bat executable files are not filtered and cannot be filtered using Sophos web appliance (tested on WS1000).
During a recent penetration test we noticed that a client who uses the WS1000 web appliance was able to download .bat files. For those who don’t know this is a fairly old (but still WIDELY used) executable file. Enabling users to create scripts to do anything from renew an IP address to formatting a hard drive
Whilst many sites have a software restriction policy in place to prevent the execution of this format, it should never get this far. If an attacker can get a file onto a system attaining permissions to run it is often just a case of patience.
So after questioning Sophos on how to prevent the download of this file type we were told that this could be raised as a “feature” (see email below).
Upon further checking, .bat file is not included in the download file type list. For that concern, you can request that feature to http://feature.astaro.com/forums/143211-sophos-web-security. Sophos will evaluate it and will update you if it will be approved. Let me know if you have further concerns or if can now close our case. Thank you.
**support name removed**
Sophos Technical Support
So, as this is currently being seen as a “feature” and not an urgent update please go and vote for it:
As at present any company which uses Sophos Web Appliances could be at risk.