Sending documents, image and other files as email attachments is an easy way to share information. It is also an easy way to send viruses and infect computers.
Attackers use email attachments because it is an easy and effective method to spread viruses. They work well because:
- Most people automatically trust attachments from people they know.
- Viruses can scan address books and email themselves to all the contacts. People do not have to forward the virus.
- The "from" address can be spoofed to look like it came from someone the receiver knows.
- Email programs allow people to attach almost any kind of file.
- Email programs are sometimes set to automatically download attachments.
Attachment Handling Tips
To help reduce the likelihood of being infected by a virus sent as an attachment, follow these tips.
- Disable the setting in your email program for automatic download of attachments.
- Ensure your anti-virus software and system patches are up to date.
- Verify the source of the attachment, especially if you were not expecting it.
- Save and manually scan the file before opening it, especially if you could not verify it
Blocking Attachments
The University, along with most other Internet service providers, blocks attachments which are "simply-executable" programs. The reason for this practice is to limit the possibility of viruses being spread via email. There is always a delay between a new virus appearing and conventional anti-virus software being able to detect it. Refusing executable attachments will reduce the occurrences of new viruses getting on to the network via email. The file types currently blocked are those with the any of the following extensions:
|
Blocked Attachments:
|
|
ADE
|
ADP
|
ASX
|
|
|
|
|
|
|
|
|
| BAS |
BAT
|
|
|
|
|
|
|
|
|
. |
| CHM |
CMD
|
COM
|
CPL
|
CRT
|
|
|
|
|
|
|
| EXE |
|
|
|
|
|
|
|
|
|
|
| HTA |
HLP |
|
|
|
|
|
|
|
|
|
|
INF
|
INS
|
ISP
|
|
|
|
|
|
|
|
|
|
JS
|
JSE |
|
|
|
|
|
|
|
|
|
| LNK |
|
|
|
|
|
|
|
|
|
|
|
MDA
|
MDB
|
MDE
|
MDL
|
MDT
|
MDW
|
MDZ
|
MSC
|
MSI
|
MSP
|
MST
|
| OPS |
|
|
|
|
|
|
|
|
|
|
|
PCD
|
PIF
|
PRF
|
|
|
|
|
|
|
|
|
| REG |
|
|
|
|
|
|
|
|
|
|
| SCF |
SCR
|
SCT
|
SHB
|
SHS
|
|
|
|
|
|
|
| URL |
|
|
|
|
|
|
|
|
|
|
| VB |
VBE
|
VBS
|
|
|
|
|
|
|
|
|
|
WSC
|
WSF
|
WSH
|
|
|
|
|
|
|
|
|
If an email with a banned attachment type comes into the University from an external source, the attachment will be replaced by a warning message and the email forwarded to the recipient. No warning is passed back to the sender.
Sending and Receiving Blocked Attachments
Where you have a genuine need to send a program as an attachment then you should enclose it in a ZIP file before attaching it. Windows XP and Mac OS X have this functionality built in. Do not create a self-extracting zip file because that will result in an executable type of file that will also be blocked.
In order to properly receive a program file as an attachment, you will have to ask the sender to enclose the program in a ZIP file before sending.
Attachment File Extensions
Attackers have attached viruses with seemingly harmless filenames to email messages. Some computers are configured by default to hide filename extensions and attackers will try to take advantage of this and mask the .exe file by giving it a fake extension to make an executable file look like a simple document or text file. If your file extensions are hidden you would see only "filename.txt" or "filename.doc" and could mistake it for a harmless file. With the ability to see file extension, the file would read "filename.txt.exe" or "filename.doc.exe." Attackers may even deceive you by having the virus behave as you would expect, while it is really attacking your computer. To help avoid this, make sure that your computer shows all file extensions.
