The following is a list of file attachments
that are
blocked by the service
(the attachments are removed from emails before
delivery to you and placed in a quarantine
area for 30 days should you wish to receive
them):
#
These are known to be dangerous in almost all
cases.
deny \.reg$ Possible Windows registry attack
deny \.chm$ Possible compiled Help file-based virus
deny \.cnf$ Possible SpeedDial attack
deny \.hta$ Possible Microsoft HTML archive attack
deny \.ins$ Possible Microsoft Internet Comm. Settings attack
deny \.jse?$ Possible Microsoft JScript attack
deny \.lnk$ Possible Eudora *.lnk security hole attack
deny \.ma[dfgmqrstvw]$ Possible Microsoft Access Shortcut attack
deny \.pif$ Possible MS-Dos program shortcut attack
deny \.scf$ Possible Windows Explorer Command attack
deny \.sct$ Possible Microsoft Windows Script Component attack
deny \.shb$ Possible document shortcut attack
deny \.shs$ Possible Shell Scrap Object attack
deny \.vb[es]$ Possible Microsoft Visual Basic script attack
deny \.ws[cfh]$ Possible Microsoft Windows Script Host attack
deny \.xnk$ Possible Microsoft Exchange Shortcut attack
# These 2 added by popular demand - Very often used by viruses
deny \.com$ Windows/DOS Executable
deny \.exe$ Windows/DOS Executable
# These are very dangerous and have been used to hide viruses
deny \.scr$ Possible virus hidden in a screensaver
deny \.bat$ Possible malicious batch file script
deny \.cmd$ Possible malicious batch file script
deny \.cpl$ Possible malicious control panel item
deny \.mhtml$ Possible Eudora meta-refresh attack
# Deny filenames ending with CLSID's
deny \{[a-hA-H0-9-]{25,}\}$ Filename trying to hide its real extension
# Deny filenames with lots of contiguous white space in them.
deny \s{10,} Filename contains lots of white space
# Deny all other double file extensions. This catches any hidden filenames.
deny \.[a-z][a-z0-9]{2,3}\s*\.[a-z0-9]{3}$ Found possible filename
hiding
