Illegal file extensions in E-mail Attachments

SFU's mailservers scan all processed e-mail for viruses. Their virus signatures are updated numerous times per day to catch emerging viruses. Unfortunately, it still takes the anti-virus companies some time to come up with signatures for new viruses, which means that when a new virus is released into the wild, our servers are unprotected against that virus for a few hours.

To combat that problem, the anti-virus scanner also rejects any message that contains a file attachment that is suspicious. A suspicious file attachment is one that will be executed by Windows if the user double-clicks on it, and which is capable of carrying a malicious virus. On Windows, this is determined by the file extension - that 3-letter suffix after the final "." in the filename.

Here is the list of currently blocked file extensions:

ade - Access Project Extension 
adp - Access Project file
bas - BASIC program
bat - DOS batch file script
chm - Compiled HTML file
cmd - 1st Reader External Command Menu
com - Command file (program)
cpl - Control Panel Module
crt - Certificate file
eml - Outlook Express message
exe - Executable file (program)
hlp - Windows help file
hta - HTML file
inf - package information file
ins - Install script
isp - Sign-up file(X-Internet)
jse - Javascript?
lnk - Shortcut file (Windows)
mdb - Access database
mde - Access file
msc - Common console document (Windows 2000)
msi - Installer program
msp - Windows Installer patch file
mst - Windows Installer transform
pcd - P-Code compiled test scripts 
pif - Program information file (Win 3.1)
reg - Registration file
scr - Screen saver
sct - FoxPro forms 
shs - Shell scrap file
vbs - Visual Basic program
vbe - Visual Basic related
wsf - Windows Script File
wsh - Windows Script Host Settings File
wsc - Windows Script Component

If a file attachment with one of these file extensions is sent to an SFU user, the message will be rejected with a bounce message informing the sender that the file extension was illegal, and the file should be resent inside a WinZip file.

In addition to the above file extensions, password protected zip files are now also blocked. Password protected zip files are zip files that are encrypted with a password. Their contents can't be examined by the virus scanner to check for viruses, so virus writers have recently capitalized on this. They send their virus in a password protected zip file and put the password in the text of the message, tricking the user into using it. Since we can't examine password protected zip files, we've had to block them completly to protect the user community.

If you would like more information on our anti-virus system, please contact our help desk at help@sfu.ca