 |
 |
 |
| CONTENTS A-Z | SEARCH | CHANGE YOUR PASSWORD | ANNOUNCEMENTS | STATUS MESSAGES |
|
Blocked Attachments
One of the main routes by which viruses propagate themselves is in the form of email attachments which are executable programs of one form or another. A recipient triggers the virus just by opening the attachment, which causes the program to run. What makes it easy for the virus to propagate is that the action required to run it is so simple, and a recipient might open the attachment and trigger the virus without realising.
In common with most other internet service providers, the University blocks attachments which are considered dangerous. It does so at two points: on the SMTP servers which receive mail from off-campus, and on the exchange servers.
SMTP servers
The SMTP servers block any file with any of the extensions (in any case):-
bat, ceo, cer, chm, cmd, cnf, com,
cpl, exe, hta, ins, its, job, jse? (ie any 4-character extension beginning jse),
lnk, mad, maf, mag, mam, maq, mar,
mas, mat, mau, mav, maw, mda, mdz,
mhtml, pif, prf, pst, reg, scf, scr,
sct, shb, shs, tmp, vbe, vbs, vsmacros,
vss, vst, vsw, wmf, ws, wsc, wsf, wsh, or
xnk. They also block many files called winmail.dat, any file with a name
which appears to have more than one file extension, such as data.feb.csv, and
very long filenames.
Some of these warrant special explanation:-
- winmail.dat
- winmail.dat is a file generated by Outlook when it sends a Rich-Text or HTML format email over the internet. The body contains the text, while winmail.dat contains formatting information that the recipient's Outlook uses to reconstruct the formatted text. Mailers other than Outlook simply ignore the attachment. Problems can arise when our anti-virus program tries to parse the winmail.dat file, and fails. It then cannot confirm that the attachment is virus-free, and plays the situation safe: it blocks the attachment.
- Files with apparent multiple extensions, such as data.feb.csv
- Windows filenames should contain only one file extension, frequently used to select the program used to process them. Files with multiple extensions can produce anomalous behaviour on some systems, so we block all such files.
When a message is blocked, it is replaced with a text file, ArchivedEmail.txt, which explains what has happened, and how you may recover the attachment. The sender of the message is not alerted.
Exchange servers
The exchange servers blocks files with dangerous extensions, replacing the email with
a notification message. There is no way round this block.
The file types which are currently blocked are:-
bat, com, eml, exe, js, jse, lnk,
pif, scr, vbe, vbs, wmf, wsf, or wsh
Having such files emailed to you successfully
Despite these blocks, if you need to be emailed such a file, it can be done. (Somewhat inconveniently, which is regrettable, but necessary). You should ask the sender to put the file in a ZIP file (not password-protected). If it is sent internally, it will be handled only by the exchange servers, which allows ZIPs to pass. The SMTP servers examine the contents of ZIPs, and will block them. But you can request their release, which will then allow them to pass through.