Get Adobe Flash player

Email

Anti-Virus File Attachments

Oftentimes viruses are spread though email. In an effort to prevent our customers from getting an email virus through their email account with us, TreadStar Communications has  anti-virus programs installed on our servers. Of course you should still have anti-virus software installed on your computer and set up to scan emails as well.

Many of these viruses come in email attachements and the purpose of this post is to let you know what types of files often contain malicious software. These file attachements should be blocked by our anti-virus programs but you should also be aware of them. If an incoming email passes through the anti-spam filter and has one of these types of files attached, the email will be delivered to you without the attachment. The attachments are removed from emails before delivery to you and placed in a quarantine area for 30 days. If you wish to receive them you can contact us for retrieval.

The following is a list of file attachments that may be blocked by the service

These are known to be dangerous in almost all cases.

  • .reg Possible Windows registry attack
  • .chm Possible compiled Help file-based virus
  • .cnf Possible SpeedDial attack
  • .hta Possible Microsoft HTML archive attack
  • .ins Possible Microsoft Internet Comm. Settings attack
  • .jse_ Possible Microsoft JScript attack
  • .lnk Possible Eudora *.lnk security hole attack
  • .ma_ Possible Microsoft Access Shortcut attack
  • .pif Possible MS-Dos program shortcut attack
  • .scf Possible Windows Explorer Command attack
  • .sct Possible Microsoft Windows Script Component attack
  • .shb Possible document shortcut attack
  • .shs Possible Shell Scrap Object attack
  • .vbe or .vbs Possible Microsoft Visual Basic script attack
  • .wsc .wsf .wsh Possible Microsoft Windows Script Host attack
  • .xnk Possible Microsoft Exchange Shortcut attack

These are very often used by viruses

  • .com Windows/DOS Executable
  • .exe Windows/DOS Executable

These are very dangerous and have been used to hide viruses

  • .scr Possible virus hidden in a screensaver
  • .bat Possible malicious batch file script
  • .cmd Possible malicious batch file script
  • .cpl Possible malicious control panel item
  • .mhtml Possible Eudora meta-refresh attack

Deny filenames ending with CLSID’s

  • Filename trying to hide its real extension
    Examples:
    A977FF0C-8757-4E76-8533-482F91946233000209FF-0000-0000-C000-000000000046

Deny filenames with lots of contiguous white space in them.

  • Filename contains lots of white space

Deny double file extensions.

  • This catches any hidden filenames. Examples:
    • .txt.pif
    • .doc.pif
    • .doc.com
    • .txt.exe