Blocked extensions being missed

[jhablitzel]

I am running a Firebox II with ver 6.2 software. I have the inbound SMTP Proxy set up to strip attachments based on a list of executable extensions. With the influx of the SOBIG virus, needless to say, this function is getting a workout, and I am having a problem with some of these attachments getting through. It seems to block and strip most of them, but about 10% are getting through and being caught by my mail server. Most of the extensions I am getting are .PIF, and I can't determine any differences between the ones that get through and the ones that are stripped. Anyone else having a problem with this?

 

[Davetoo]

I'm configured to stop .PIF's as well and haven't had any problems.

Are you sure the emails are coming from outside and not from user to user inside your mail server?

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.

 

[jhablitzel]

Thanks for replying. Good idea, but I double-checked the logs and they are coming from the outside, and from many of the same addresses that had them blocked. Very strange. Haven't had anything get through since this died down last week (8/26 was the last one). Is it possible that the box just got overloaded?

 

[Davetoo]

Not sure if you can overload the box, sure hope not. But, like you, I have my mail server set to block the same attachments, just in case.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.