Sophos Web Appliance users at risk

.bat executable files are not filtered and cannot be filtered using Sophos web appliance (tested on WS1000).

 

untitled11

 

During a recent penetration test we noticed that a client who uses the WS1000 web appliance was able to download .bat files.  For those who don’t know this is a fairly old (but still WIDELY used) executable file.  Enabling users to create scripts to do anything from renew an IP address to formatting a hard drive

Whilst many sites have a software restriction policy in place to prevent the execution of this format, it should never get this far.  If an attacker can get a file onto a system attaining permissions to run it is often just a case of patience.

So after questioning Sophos on how to prevent the download of this file type we were told that this could be raised as a “feature” (see email below).

 

Hello,

Upon further checking, .bat file is not included in the download file type list. For that concern, you can request that feature to http://feature.astaro.com/forums/143211-sophos-web-security. Sophos will evaluate it and will update you if it will be approved. Let me know if you have further concerns or if can now close our case. Thank you.

Regards,

**support name removed**
Sophos Technical Support
http://www.sophos.com/en-us/support/technical-support.aspx

 

So, as this is currently being seen as a “feature” and not an urgent update please go and vote for it:

http://feature.astaro.com/forums/143211-sophos-web-gateway/suggestions/14724606-immediately-allow-the-blocking-of-bat-files

 

As at present any company which uses Sophos Web Appliances could be at risk.

Get Secure

Let’s work together to stay safe online. Fill out the simple form below: