General discussion
-
CreatorTopic
-
August 26, 2005 at 11:21 am #2185963
DOWNLOAD: Which e-mail attachments are on your hit list?
Lockedby jodygilbert · about 18 years, 7 months ago
http://techrepublic.com.com/5138-1035-5843573.html
After you take a look at this download, please post your feedback, ideas for improvements, or further thoughts on this topic.
Thanks,
–The TechRepublic Downloads TeamTopic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
August 27, 2005 at 12:10 am #3053719
I would add..
by jaqui · about 18 years, 7 months ago
In reply to DOWNLOAD: Which e-mail attachments are on your hit list?
.doc
.xls
.xl*not to forget the block any html formatted email
If it is a document that I’m to view, but not alter, use pdf
if I’m to alter the contents, send in a compressed file, with the contents being html.If you send html formatted email, expect to be blacklisted as a spammer.
If you send an email with an attachnemt, and I’m not expecting it.
The email and attachement will be deleted without being looked at.These are my rules, even with using a webmail interface. ( which stops auto download / install of anything. )
-
August 29, 2005 at 8:25 am #3054659
Reply To: DOWNLOAD: Which e-mail attachments are on your hit list?
by angry_white_male · about 18 years, 7 months ago
In reply to I would add..
I would be careful about blocking Word and Excel files. Have a good anti-virus system on your mail gateway AND your mail server to weed out the macro-virus issues. Most mail these days is HTML formatted – so again, you need good AV protection and the ability to sort out good HTML from bad HTML along with web filtering to keep users from clicking on undesirable links. The more proactive steps you take at the gateway, the happier and more productive your users will be. Unfortunately not everyone has a PDF writer or the know-how to make one.
We block the following (I’m just pulling down the list from our SMTP filter in no particular order):
.ARC
.ARJ
.CAB
GZIP, BZIP, MS Compressed archives
.LBR
.LZH
.RAR
.TAR
.UUE
.ZIP (not blocked, but isolated with an autonotify to the user to determine if it’s a business file based on the sender and subject line… if so they call me and I vefify it’s legit before releasing or deleting it)
.ZOO
.DAT
.INF
.PIF
Font files
.INI
.REG
.LNK
.BAT
.EXE
.HTM
.HTML
.JS (or any Javascript stuff)
.SHS/SHB scrap objects
Visual Basic scripts
Windows Scripts
Source code files (C/C++, Java, Perl, VB)
.BAT
.COM
.EXE
.HQX
.P7C
.P7M
.P7S
.PIC
.SCRThings like audio/video files we allow – however I run monthly reports to see who’s sending out a large amount of the stuff for non-business use and we take action from there.
-
August 29, 2005 at 5:50 pm #3046998
But since
by jaqui · about 18 years, 7 months ago
In reply to Reply To: DOWNLOAD: Which e-mail attachments are on your hit list?
I an a 100% linux shop, ms office formats aren’t needed or wanted.
so nope, word and exel files are rejected formats.
xml, xhtml, html or plain text if I’m to alter it.
pdf if just read it.all files to be in archives to reduce data transfer usage.
bzip is actually a preffered archive format, it compresses tighter than zip. ( the only tighter is stuffit’s sit format )
since javascript and java both have no way of running on my machines, they are deleted as useless.
the windows scripting stuff is also ineffective.I also make it clear what formats are acceptable, so if people insist on sending unacceptable formats they obviously don’t really want to to business with me.
-
-
-
August 30, 2005 at 5:33 am #3046913
additional file extensions
by robertbernal · about 18 years, 7 months ago
In reply to DOWNLOAD: Which e-mail attachments are on your hit list?
I looked at your list of blocked file extensions. We also block pif,exe,cpl,com,dll,vbs,vbx,wsf
-
August 30, 2005 at 7:57 am #3046852
Other types…
by rknrlkid · about 18 years, 7 months ago
In reply to DOWNLOAD: Which e-mail attachments are on your hit list?
There are some more obscure formats that I see periodically:
.rm – Real Media (Real Player) files
.lit – Microsoft E-Book ReaderI forget the extension, but there are also BitTorrent links that can be sent (.bit?) I’ve only seen this twice, so I don’t remember.
-
August 30, 2005 at 9:22 am #3046827
Reply To: DOWNLOAD: Which e-mail attachments are on your hit list?
by kurse · about 18 years, 7 months ago
In reply to Other types…
BitTorrent links are .torrent
-
-
August 30, 2005 at 12:09 pm #3046784
How about allow?
by m.r. · about 18 years, 7 months ago
In reply to DOWNLOAD: Which e-mail attachments are on your hit list?
I had a long list of blocked items that I finaly gave up on. It worked fine but I found an “allow” list was much shorter. I don’t have to guess at what new attachment might be the next big virus host. I’m not sure if most venders have global deny with allow exceptions but it only took a few days to weed out the needed attachments. Allowed files are still scanned for viri.
-
August 31, 2005 at 9:16 am #3047137
Allow is much better
by fcleroux · about 18 years, 7 months ago
In reply to How about allow?
Only allow .ZIC ?? We only allow ZIP files that have had the file extension renamed to .ZIC (the C is the first letter of our company name which means it was intented for us.)
This is in a policy! If someone runs to you to tell you that they are not getting their attachment, we remind them of the policy.
It adds a little extra work but is well worth the effort.
-
August 31, 2005 at 9:27 am #3047131
Could someone post an Allow List?
by wearsmanyhats · about 18 years, 7 months ago
In reply to How about allow?
I wonder if someone could post their allow list? I’ve never setup either an allow or disallow list but here’s a guess:
.txt
.htmlWhat others?
-
September 2, 2005 at 7:46 am #3055147
Allow is far safer…
by boomslang · about 18 years, 7 months ago
In reply to How about allow?
Given all the unknowns out there, I do not have time to monitor Secunia, CERT, et al. to see what the security hole of the day is for all the garbage that might have been installed by some not so security minded minion and since they don’t monitor it, not likely to be caught until after the fact.
Block ALL Attachments!
Then get yourself a really good antivirus scanner that understands how to scan various files for internal problems (MS Office, Archives, etc). Get a second antivirus scanner that is used directly by your mail server and preferrably not from the company that makes the first one.
Good site for identifying files: http://filext.com/
Allow such files as:
.PDF
.DOC
.XLS
.MDB ?
.GIF
.JPG
.HTM ?
.CSV
.PSD
.P65Only a beginning because it is totally dependent on the software used in your organization.
Since most of the zip files we get here are viruses, we do not accept them. They are too easy to open and misuse with Windows XP Zipfolders. Same with rar files, we are seeing more of them be virus emails.
Agree companywide on a rename extension for .ZIP and if someone really has to send a zip archive, they can rename it. When you receive it on the other end, do a save as from your email client to a preset folder that you scan with your antivirus immediately after saving it to this folder.
This has eliminated all infections in our system by file attachments. It also limits down your worries to things like monitoring Adobe Acrobat, MS Office, etc. for security exploits.
Then all you have to worry about is the ones that direct you to a trojan webpage that uses some browser exploit to autodownload the virus/worm/trojan junk out there.
-
-
August 31, 2005 at 3:06 pm #3055447
We block 60 different extensions
by shunter · about 18 years, 7 months ago
In reply to DOWNLOAD: Which e-mail attachments are on your hit list?
Among the more “popular” extensions:
BAS, EML, EMAIL, GIF, HLP, JPG, LNK, MDB, MOV, MPE, MSI, RAR, SHS, VB, ZIP.
The files are stripped off and placed in a secure directory that only myself, my staff and top management has access to (they can retrieve their own files that way). Other users must contact us to request their files. If the files are work related, we send them on. We’ve only had 1 or 2 users ask for non-work related stuff.
Most of what gets stripped off are GIF’s that come along with spam (emails hit our attachment blocker before our anti-spam engine). The next are JPG’s. We also see alot of WMV’s and MPG’s. I was just requested to look at how many PPT’s and PPS’s are coming through. Those are tough because there are so many legitimate ones.
We can grant users an exception to sending and/or receiving blocked attachments. Some users have legitimate reasons for sending or receiving JPG’s, for instance.
The only thing I don’t like about this system is that all attachments are stripped if even one of them is forbidden. Lots of senders have GIF’s attached to their emails, which causes legitimate attachements to be stripped off. I wish the software would only pull what it had to.
We automatically delete all ZIP, SCR, COM, PIF and 8 other attachments due to virus “plagues” over the last 2 or 3 years. We setup exceptions for those that need it.
I think this strict policy has contributed the most to our being virus free for over 5 years. The employees don’t seem to mind – they hear horror stories from their friends in other Departments about networks and PC’s being down all the time. And we try to accomodate their requests when we can. We just approach it as a security issue and it goes over pretty well.
-
-
AuthorReplies