Add "application/x-tar" to the Scanned Content Types from Microsoft ISA management -> ISA servers -> Extensions -> Web filters node -> Properties of GFI DownloadSecurity web filter. That's should be enough. BTW: It will be added to the default set of scanned content types in next version of DS. With Regards David Farinic -----Original Message----- From: Jean-Claude CORNELY [mailto:Jean-Claude.CORNELY@xxxxxx] Sent: Friday, June 06, 2003 10:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] Block TGZ files with GFI DownloadSecurity. http://www.ISAserver.org Hello, I use the GFI Download Security to block all the downloads made through Isa Server. But a few days ago, a virus pass through the Download Security whereas it was configured to block all download. The virus was in a .TGZ archive. It seems that Download Security don't scan or block this type of files. I contact the GFI support but they didn't help me much. Here is what they said: I have noticed that GFI Download Security only scans certain Content Types. Would I be able to scan all the files downloaded by the users? _____ The information in this article applies to: * GFI Download Security for ISA Server 5 _____ Article ID: KBID001560 Query keywords: In general, files for which no specific Content Type exists would have the Content Type application/octet-stream. Examples of such file types include mp3 and hlp etc. However, there may be cases where a file has a custom Content Type. In this case, GFI DownloadSecurity would not scan the file, unless the custom Content Type is inserted into the Scanned Content Types from Microsoft ISA management -> ISA servers -> Extensions -> Web filters node -> Properties of GFI DownloadSecurity web filter. GFI DownloadSecurity is checking the header for all the objects and overwriting the Content Type definitions for the following objects: Executables -> application/x-msdownload Java applets -> application/java Flash objects -> application/x-shockwave-flash Zipped objects -> application/x-zip-compressed Can someone help me a bit more an tell me what I have to do exactly. Thanks, Jean-Claude Cornely BEA S.A. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: davidf@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') This mail was content-checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection and anti-virus for Exchange & SMTP servers. Spam, viruses, dangerous attachments and offensive content are removed automatically. Key features include: Multiple virus engines; Email content & attachment checking; Exploit shield - email intrusion detection & defence; Email threats engine - analyses & defuses HTML scripts, .exe files & more. In addition to GFI MailSecurity, GFI also produces the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP.