Sanitisation of content

Discussion in 'other firewalls' started by deBoetie, Feb 5, 2015.

  1. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,148
    Location:
    UK
    Not sure if this is a dumb question or if this is a well-established technique, but are there any firewall/UTM solutions that perform a default sanitization of incoming files such as jpg, doc, pdf. I don't want to operate extensive blocking lists or rely on signatures.

    I'd be thinking about having the firewall execute an automatic jpg -> tiff -> jpg conversion (just as one example), which would have the effect of stripping many of the nasties that get delivered that way. Is this possible?
     
  2. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm not sure that a firewall would be the best tool for the job. That would add a lot of code to the firewall, much of which would already exist in the default handlers for each file type. You might consider using scripts that use the default or separate handlers in a sandbox to perform the conversions.
     
  3. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I'm not aware of anything like that- it'd have to be the world's greatest file converter ever made (in the sense of supported file types, optimization for hardware and conversion ease) and even then it'd hog resources to bog down even somewhat fast machines depending on the workload.
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    These only work on e-mail as best as I can determine and are directed to commercial e-mail server environments. Not on direct downloaded files from the Internet.
     
  6. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I mentioned those in original post, but omitted in this thread, sorry.