General discussion

  • Creator
    Topic
  • #2185963

    DOWNLOAD: Which e-mail attachments are on your hit list?

    Locked

    by jodygilbert ·

    http://techrepublic.com.com/5138-1035-5843573.html

    After you take a look at this download, please post your feedback, ideas for improvements, or further thoughts on this topic.

    Thanks,
    –The TechRepublic Downloads Team

All Comments

  • Author
    Replies
    • #3053719

      I would add..

      by jaqui ·

      In reply to DOWNLOAD: Which e-mail attachments are on your hit list?

      .doc
      .xls
      .xl*

      not to forget the block any html formatted email

      If it is a document that I’m to view, but not alter, use pdf
      if I’m to alter the contents, send in a compressed file, with the contents being html.

      If you send html formatted email, expect to be blacklisted as a spammer.

      If you send an email with an attachnemt, and I’m not expecting it.
      The email and attachement will be deleted without being looked at.

      These are my rules, even with using a webmail interface. ( which stops auto download / install of anything. )

      • #3054659

        Reply To: DOWNLOAD: Which e-mail attachments are on your hit list?

        by angry_white_male ·

        In reply to I would add..

        I would be careful about blocking Word and Excel files. Have a good anti-virus system on your mail gateway AND your mail server to weed out the macro-virus issues. Most mail these days is HTML formatted – so again, you need good AV protection and the ability to sort out good HTML from bad HTML along with web filtering to keep users from clicking on undesirable links. The more proactive steps you take at the gateway, the happier and more productive your users will be. Unfortunately not everyone has a PDF writer or the know-how to make one.

        We block the following (I’m just pulling down the list from our SMTP filter in no particular order):

        .ARC
        .ARJ
        .CAB
        GZIP, BZIP, MS Compressed archives
        .LBR
        .LZH
        .RAR
        .TAR
        .UUE
        .ZIP (not blocked, but isolated with an autonotify to the user to determine if it’s a business file based on the sender and subject line… if so they call me and I vefify it’s legit before releasing or deleting it)
        .ZOO
        .DAT
        .INF
        .PIF
        Font files
        .INI
        .REG
        .LNK
        .BAT
        .EXE
        .HTM
        .HTML
        .JS (or any Javascript stuff)
        .SHS/SHB scrap objects
        Visual Basic scripts
        Windows Scripts
        Source code files (C/C++, Java, Perl, VB)
        .BAT
        .COM
        .EXE
        .HQX
        .P7C
        .P7M
        .P7S
        .PIC
        .SCR

        Things like audio/video files we allow – however I run monthly reports to see who’s sending out a large amount of the stuff for non-business use and we take action from there.

        • #3046998

          But since

          by jaqui ·

          In reply to Reply To: DOWNLOAD: Which e-mail attachments are on your hit list?

          I an a 100% linux shop, ms office formats aren’t needed or wanted.

          so nope, word and exel files are rejected formats.

          xml, xhtml, html or plain text if I’m to alter it.
          pdf if just read it.

          all files to be in archives to reduce data transfer usage.

          bzip is actually a preffered archive format, it compresses tighter than zip. ( the only tighter is stuffit’s sit format )

          since javascript and java both have no way of running on my machines, they are deleted as useless.
          the windows scripting stuff is also ineffective.

          I also make it clear what formats are acceptable, so if people insist on sending unacceptable formats they obviously don’t really want to to business with me.

    • #3046913

      additional file extensions

      by robertbernal ·

      In reply to DOWNLOAD: Which e-mail attachments are on your hit list?

      I looked at your list of blocked file extensions. We also block pif,exe,cpl,com,dll,vbs,vbx,wsf

    • #3046852

      Other types…

      by rknrlkid ·

      In reply to DOWNLOAD: Which e-mail attachments are on your hit list?

      There are some more obscure formats that I see periodically:

      .rm – Real Media (Real Player) files
      .lit – Microsoft E-Book Reader

      I forget the extension, but there are also BitTorrent links that can be sent (.bit?) I’ve only seen this twice, so I don’t remember.

      • #3046827

        Reply To: DOWNLOAD: Which e-mail attachments are on your hit list?

        by kurse ·

        In reply to Other types…

        BitTorrent links are .torrent

    • #3046784

      How about allow?

      by m.r. ·

      In reply to DOWNLOAD: Which e-mail attachments are on your hit list?

      I had a long list of blocked items that I finaly gave up on. It worked fine but I found an “allow” list was much shorter. I don’t have to guess at what new attachment might be the next big virus host. I’m not sure if most venders have global deny with allow exceptions but it only took a few days to weed out the needed attachments. Allowed files are still scanned for viri.

      • #3047137

        Allow is much better

        by fcleroux ·

        In reply to How about allow?

        Only allow .ZIC ?? We only allow ZIP files that have had the file extension renamed to .ZIC (the C is the first letter of our company name which means it was intented for us.)

        This is in a policy! If someone runs to you to tell you that they are not getting their attachment, we remind them of the policy.

        It adds a little extra work but is well worth the effort.

      • #3047131

        Could someone post an Allow List?

        by wearsmanyhats ·

        In reply to How about allow?

        I wonder if someone could post their allow list? I’ve never setup either an allow or disallow list but here’s a guess:

        .txt
        .html

        What others?

      • #3055147

        Allow is far safer…

        by boomslang ·

        In reply to How about allow?

        Given all the unknowns out there, I do not have time to monitor Secunia, CERT, et al. to see what the security hole of the day is for all the garbage that might have been installed by some not so security minded minion and since they don’t monitor it, not likely to be caught until after the fact.

        Block ALL Attachments!

        Then get yourself a really good antivirus scanner that understands how to scan various files for internal problems (MS Office, Archives, etc). Get a second antivirus scanner that is used directly by your mail server and preferrably not from the company that makes the first one.

        Good site for identifying files: http://filext.com/

        Allow such files as:

        .PDF
        .DOC
        .XLS
        .MDB ?
        .GIF
        .JPG
        .HTM ?
        .CSV
        .PSD
        .P65

        Only a beginning because it is totally dependent on the software used in your organization.

        Since most of the zip files we get here are viruses, we do not accept them. They are too easy to open and misuse with Windows XP Zipfolders. Same with rar files, we are seeing more of them be virus emails.

        Agree companywide on a rename extension for .ZIP and if someone really has to send a zip archive, they can rename it. When you receive it on the other end, do a save as from your email client to a preset folder that you scan with your antivirus immediately after saving it to this folder.

        This has eliminated all infections in our system by file attachments. It also limits down your worries to things like monitoring Adobe Acrobat, MS Office, etc. for security exploits.

        Then all you have to worry about is the ones that direct you to a trojan webpage that uses some browser exploit to autodownload the virus/worm/trojan junk out there.

    • #3055447

      We block 60 different extensions

      by shunter ·

      In reply to DOWNLOAD: Which e-mail attachments are on your hit list?

      Among the more “popular” extensions:

      BAS, EML, EMAIL, GIF, HLP, JPG, LNK, MDB, MOV, MPE, MSI, RAR, SHS, VB, ZIP.

      The files are stripped off and placed in a secure directory that only myself, my staff and top management has access to (they can retrieve their own files that way). Other users must contact us to request their files. If the files are work related, we send them on. We’ve only had 1 or 2 users ask for non-work related stuff.

      Most of what gets stripped off are GIF’s that come along with spam (emails hit our attachment blocker before our anti-spam engine). The next are JPG’s. We also see alot of WMV’s and MPG’s. I was just requested to look at how many PPT’s and PPS’s are coming through. Those are tough because there are so many legitimate ones.

      We can grant users an exception to sending and/or receiving blocked attachments. Some users have legitimate reasons for sending or receiving JPG’s, for instance.

      The only thing I don’t like about this system is that all attachments are stripped if even one of them is forbidden. Lots of senders have GIF’s attached to their emails, which causes legitimate attachements to be stripped off. I wish the software would only pull what it had to.

      We automatically delete all ZIP, SCR, COM, PIF and 8 other attachments due to virus “plagues” over the last 2 or 3 years. We setup exceptions for those that need it.

      I think this strict policy has contributed the most to our being virus free for over 5 years. The employees don’t seem to mind – they hear horror stories from their friends in other Departments about networks and PC’s being down all the time. And we try to accomodate their requests when we can. We just approach it as a security issue and it goes over pretty well.

Viewing 4 reply threads