Operational Defect Database
BugZero found this defect 3152 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3gISAQ
POP3 and SMTP proxy mistakenly blocks password-protected Office documents as application/CDFV2-corrupt
Last update date:
10/7/2015
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
Fixed releases:
All
Description:
Issue
When the SMTP or POP3 proxy detects the content of some Microsoft Office documents, the content type is sometimes mistakenly identified as being “application/CDFV2-corrupt” and the document is blocked by the Firebox. Note: Attempts to AV Scan encrypted files such as password-protected Office documents will always fail. If your default action for content type is to AV scan, the default proxy configuration will lock these files. This issue applies to any password-protected Microsoft Office document, and Office 2003 documents, whether they are password-protected or not.
Workaround/Solution
To allow these files, follow these steps to edit the POP3 or SMTP Proxy Action: From the Fireware Web UI, select Firewall > Firewall Policies.Click the Lock icon at the top of the page to allow configuration changes. Select the Policy name for the POP3 or SMTP proxy policy.Select the Proxy Action tab. If (predefined) appears to the right of the Proxy Action drop-down list, select Clone the current proxy action from the drop-down list to create a new Proxy Action that you can edit.In the Proxy Action, select Attachments > Content Types.Click Add.In the Rule name text box, type or paste application/CDFV2-corrupt.Make sure the Match type drop-down selection is set to Pattern Match.In the Value text box, type application/CDFV2-corrupt.From the Action drop-down list, select Allow.Click OK to add the new content type rule to the list, and click Save to confirm the change to your proxy policy configuration.
