Delayed Attachment Notification and Release

Background

In a 2008 report, enterprise anti virus vendor Sophos reported that approximately 96% of all email is spam. In that same report they also state

"The figures show an alarming rise in the proportion of spam emails sent with malicious attachments between July - September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users. "

All e-mail messages that pass through the University of Denver's mail transport servers are scanned for viruses. Because viruses and worms passed through e-mail as executable attachments are typically generated automatically and profusely by infected computers, e-mail messages found to contain infected attachments are discarded.

Network security has identified a number of attachment types that have, historically, been used to exploit computer operating system and application vulnerabilities for which software vendors have been slow to release patches. We have chosen to define these as Potentially Malicious Attachments or PMAs.

Because criminals can take advantage of these vulnerabilities in a very short period from the moment they are identified, many institutions block the affected attachment types. The approach at DU is different.

The list of file types considered to be potentially unsafe is given below.

WARNINGS

Do not open any e-mail attachment unless you:

  • Know the sender. Do not accept e-mail "candy" from strangers.
  • Confirm that the sender actually sent the attachment. Malicious messages may be disguised as coming from legitimate addresses. Do not open message attachments if you have any reason to suspect the authenticity of the message.

WORKAROUNDS

Please review the above warnings before opening any e-mail attachments.

People who need to transmit potentially malicious file types, may do so in several ways:

  • Senders can post the file on a website and tell recipients where they can download it. (This is usually the most appropriate method for distributing files to many recipients.)
  • Senders can rename the file before attaching it and provide recipients with instructions for changing the file name back to its original value.
  • Senders may encrypt the attachment or the message and provide instructions to decrypt it upon receipt.

Important: These techniques are sometimes used by criminals in an attempt to spread malware. The recipient should still heed the WARNINGS given above AND have up-to-date anti virus software installed and working on their system.

POTENTIALLY MALICIOUS FILE TYPES

E-mail messages containing attachments with the following file types destined for DU e-mail addresses will be delayed when passing through the University of Denver's central mail servers. Because security risks can change rapidly, this list may be modified without notice.

The University of Denver's e-mail servers use the following rules to deal with these file types:

  1. Attachments of e-mails destined for du.edu addresses are scanned for viruses. If viruses are found, messages are discarded.
  2. If attachments contain no viruses, messages are sidelined for 4 hours and then scanned again. (The delay is intended to prevent viruses from being distributed before virus signatures are available.) If executable viruses are found in the second scan, messages are discarded. If no viruses are found in the second scan, the messages are passed on unchanged.

Messages will not be rescanned by the mail server. The recipient must take additional measures to ensure the safety of their system and data.

Extension

File type

 

.ade

Access Project Extension (Microsoft)

 

.adp

Access Project (Microsoft)

 

.app

Executable Application

 

.asp

Active Server Page

 

.bas

BASIC Source Code

 

.bat

Batch Processing

 

.cer

Internet Security Certificate File

.chm

Compiled HTML Help

.cmd

DOS CP/M Command File, Command File for Windows NT

.com

Command

.cpl

Windows Control Panel Extension (Microsoft)

.crt

Certificate File

.csh

csh Script

.exe

Executable File

.fxp

FoxPro Compiled Source (Microsoft)

.hlp

Windows Help File

.hta

Hypertext Application

.inf

Information or Setup File

.ins

IIS Internet Communications Settings (Microsoft)

.isp

IIS Internet Service Provider Settings (Microsoft)

.its

Internet Document Set, Internation Translation

.js

JavaScript Source Code

.jse

JScript Encoded Script File

.ksh

UNIX Shell Script

.lnk

Windows Shortcut File

.mad

Access Module Shortcut (Microsoft)

.maf

Access (Microsoft)

.mag

Access Diagram Shortcut (Microsoft)

.mam

Access Macro Shortcut (Microsoft)

.maq

Access Query Shortcut (Microsoft)

.mar

Access Report Shortcut (Microsoft)

.mas

Access Stored Procedures (Microsoft)

.mat

Access Table Shortcut (Microsoft)

.mau

Media Attachment Unit

.mav

Access View Shortcut (Microsoft)

.maw

Access Data Access Page (Microsoft)

.mda

Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)

.mdb

Access Application (Microsoft), MDB Access Database (Microsoft)

.mde

Access MDE Database File (Microsoft)

.mdt

Access Add-in Data (Microsoft)

.mdw

Access Workgroup Information (Microsoft)

.mdz

Access Wizard Template (Microsoft)

.msc

Microsoft Management Console Snap-in Control File (Microsoft)

.msi

Windows Installer File (Microsoft)

.msp

Windows Installer Patch

.mst

Windows SDK Setup Transform Script

.ops

Office Profile Settings File

.pcd

Visual Test (Microsoft)

.pdf

Portable Document Format (Adobe)

.pif

Windows Program Information File (Microsoft)

.pps

Power Point Slide Show (Microsoft)

.ppt

Power Point Document (Microsoft)

.prf

Windows System File

.prg

Program File

.pst

MS Exchange Address Book File, Outlook Personal Folder File (Microsoft)

.rar

RAR archives

.reg

Registration Information/Key for W95/98, Registry Data File

.scf

Windows Explorer Command

.scr

Windows Screen Saver

.sct

Windows Script Component, Foxpro Screen (Microsoft)

.shb

Windows Shortcut into a Document

.shs

Shell Scrap Object File

.tmp

Temporary File/Folder

.url

Internet Location

.vb

VBScript File or Any VisualBasic Source

.vbe

VBScript Encoded Script File

.vbs

VBScript Script File, Visual Basic for Applications Script

.vsmacros

Visual Studio .NET Binary-based Macro Project (Microsoft)

.vss

Visio Stencil (Microsoft)

.vst

Visio Template (Microsoft)

.vsw

Visio Workspace File (Microsoft)

.ws

Windows Script File

.wsc

Windows Script Component

.wsf

Windows Script File

.wsh

Windows Script Host Settings File

.xls

Excel Document (Microsoft)

.zip

Zip Archive

RELATED DOCUMENTS

 Ebert squirrel