https://live.paloaltonetworks.com/t5/general-topics/blocking-mp3-s-with-file-blocking-data-filtering-how/m-p/28845#M21066 <HTML><HEAD></HEAD><BODY><P>Can't control this with file blocking, as it's not a recognized file type that PAN can decode, and data filtering is only going to look for patterns within certain file types also, so that may not do it either.</P><P></P><P>You may want to control these at their source or destination.&nbsp; For example if you know they're being downloaded or uploaded from a particular site (rapidshare, yahoo mail, etc.), you may want to block file transfers to that site, or block the site all together.</P><P></P><P>I haven't tested this, but it may be possible to create a custom vulnerability signature for this.&nbsp; In a quick peek at some MP3 files on my PC, I've seen that the files all seem to contain these strings at the beginning of the file:</P><P></P><P>WM/MediaClassPrimaryID<BR />WM/MediaClassSecondaryID<BR />WMContentID<BR />WM/UniqueFileIdentifier</P><P></P><P>Maybe you could create a custom vulnerability signature, selecting a pattern match around these strings in the TCP or UDP request/response payload?&nbsp; I haven't tried this, but maybe you can give it a shot and let us know how it works!</P></BODY></HTML> Fri, 28 Jan 2011 17:17:13 GMT spolo 2011-01-28T17:17:13Z https://live.paloaltonetworks.com/t5/general-topics/blocking-mp3-s-with-file-blocking-data-filtering-how/m-p/28844#M21065 <HTML><HEAD></HEAD><BODY><P>We tried using the 'MPEG' file type and file blocking, but this doesn't do the job (in fact it only seems to block MPEG video's, not MPEG-3 audio). We also tried creating a data filter with "MP3HASH" as a regular expression, but this didn't appear to match MP3's either.</P><P></P><P>How can we successfully block MP3's using data filtering or file blocking?</P></BODY></HTML> Thu, 27 Jan 2011 12:58:52 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-mp3-s-with-file-blocking-data-filtering-how/m-p/28844#M21065 supporton2it 2011-01-27T12:58:52Z https://live.paloaltonetworks.com/t5/general-topics/blocking-mp3-s-with-file-blocking-data-filtering-how/m-p/28845#M21066 <HTML><HEAD></HEAD><BODY><P>Can't control this with file blocking, as it's not a recognized file type that PAN can decode, and data filtering is only going to look for patterns within certain file types also, so that may not do it either.</P><P></P><P>You may want to control these at their source or destination.&nbsp; For example if you know they're being downloaded or uploaded from a particular site (rapidshare, yahoo mail, etc.), you may want to block file transfers to that site, or block the site all together.</P><P></P><P>I haven't tested this, but it may be possible to create a custom vulnerability signature for this.&nbsp; In a quick peek at some MP3 files on my PC, I've seen that the files all seem to contain these strings at the beginning of the file:</P><P></P><P>WM/MediaClassPrimaryID<BR />WM/MediaClassSecondaryID<BR />WMContentID<BR />WM/UniqueFileIdentifier</P><P></P><P>Maybe you could create a custom vulnerability signature, selecting a pattern match around these strings in the TCP or UDP request/response payload?&nbsp; I haven't tried this, but maybe you can give it a shot and let us know how it works!</P></BODY></HTML> Fri, 28 Jan 2011 17:17:13 GMT https://live.paloaltonetworks.com/t5/general-topics/blocking-mp3-s-with-file-blocking-data-filtering-how/m-p/28845#M21066 spolo 2011-01-28T17:17:13Z