Dealing with file attachments

From ASSPSMTP

One of the best ways of protecting against virus infection is to block particular email attachment types from reaching the computer; thus preventing it from ever having the chance to be executed. While blocking file attachments alone is not going to be complete protection from viruses or exploits, it is an important layer of protection for minimizing the likelihood of exposure. It is well known that a vast majority of virus outbreaks and Trojan-horse exploits are due to end-users inadvertently opening infected email attachments.

On This Page 1 Methodologies 2 Dangerous Attachments 2.1 Regular Expression 3 Common Attachments 3.1 Regular Expression

Methodologies

Executable email attachments are an equal threat to both home and business users. Each with the potential to effect data loss, security breaches, stolen identities, and leaving in their wake computer systems that can no longer be considered trusted. It can be of significant benefit to block these types of attachment attachments from being passed through e-mail gateways and to never to reach the unsuspecting end-user.

A better approach to dealing with a threat is not to block based on an administratively-maintained list, but to allow based on list of criteria that will inherently be shorter, easier to maintain, as well as faster to process. This methodology takes us full-circle to one of the basic principle lessons of Security 101, "deny all except those permitted explicitly".

The deny all principle is the cornerstone of many security implementations; extending from border router access control lists, firewall security policies, and the file systems of servers and desktop computers. This principle rightfully extends to anti-spam, anti-virus, and anti-malware methodologies as well.

Most all popular applications have been known to be subject to buffer overflow vulnerabilities in the past. Therefore it is important to stay informed about security vulnerabilities and keep up-to-date with system and application updates - especially those pertaining to security issues.

Each file extension listed is accompanied by a description of what that file-type represents, and is hyper-linked to the FileInfo.net - the definitive file extensions resource, which is a source of addition detail about the file-type and the programs that use them.

Dangerous Attachments

The following file-types in this extension list are strongly recommended for blocking. They all have a particular danger of executing or injecting malicious code on a system.

1. .ADE  - Microsoft Access Data Project Extension file
2. .ADP  - Microsoft Access Data Project file
3. .ASF  - Microsoft Advanced Streaming Format file
4. .ASX  - Microsoft Windows Media Active Stream Redirector file
5. .BAS  - BASIC Language Source file
6. .BAT  - Microsoft DOS Batch Processing file
7. .BIN  - Binary file
8. .CHM  - Microsoft Compiled HTML Help file
9. .CMD  - Microsoft Windows NT Command Script file
10. .COM  - Microsoft DOS Command Application file
11. .CPL  - Microsoft Windows Control Panel Extension file
12. .CRT  - Security Certificate file
13. .CSH  - C Shell Script file
14. .DBX  - Microsoft Outlook Express E-mail Folder file
15. .DLL  - Dynamic Link Library file
16. .DOCM - Microsoft Word Document file, macro-enabled Open XML format
17. .DOTM - Microsoft Word Template file, macro-enabled Open XML format
18. .EXE  - Executable Application file
19. .FDF  - Adobe Forms Data Format file (Adobe Acrobat exported form - likely spam)
20. .FXP  - Microsoft Visual FoxPro Compiled Program file
21. .HIV  - Microsoft Windows Registry Hive file
22. .HLP  - Microsoft Windows Help file
23. .HTA  - Hypertext Markup Language Application file
24. .HTB  - HTTP Browser Database file
25. .HTM  - Hypertext Markup Language file
26. .HTML - Hypertext Markup Language file
27. .INF  - Information Setup file
28. .INS  - Microsoft Internet Communication Settings file
29. .ISP  - Microsoft Internet Service Provider Settings file
30. .JS   - JavaScript / JScript Script file
31. .JSE  - JScript Encoded Script file
32. .KSH  - Korn Shell Script file
33. .LNK  - Microsoft Windows Shortcut Link file
34. .MDA  - Microsoft Access Add-in file
35. .MDB  - Microsoft Access Database file
36. .MDE  - Microsoft Access Encoded Database file
37. .MDT  - Microsoft Access Database Template file
38. .MDW  - Microsoft Access Database Wokgroup file
39. .MDZ  - Microsoft Access Wizard Template file
40. .MHT  - Multipurpose Internet Mail Extension HTML file
41. .MSC  - Microsoft Management Console Snap-in Control file
42. .MSH  - Microsoft Shell Script file
43. .MSI  - Microsoft Windows Installer Package file
44. .MSP  - Microsoft Windows Installer Patch file
45. .MST  - Microsoft Test file
46. .NCH  - Microsoft Outlook Express Folder file
47. .OBJ  - Microsoft Object Code file
48. .OCX  - Microsoft ActiveX Control file
49. .OFT  - Microsoft Outlook Item Template file
50. .OPS  - Microsoft Office Profile Settings file
51. .OVL  - Overlay file
52. .PCD  - Photo CD Image file
53. .PIF  - Program Information File
54. .PL   - Perl Program file
55. .POTM - Microsoft PowerPoint Template file, macro-enabled Open XML format
56. .PPA  - Microsoft PowerPoint Add-in file
57. .PPAM - Microsoft PowerPoint Add-in file, macro-enabled Open XML format
58. .PPSM - Microsoft PowerPoint Slideshow file, macro-enabled Open XML format
59. .PPTM - Microsoft PowerPoint Presentation file, macro-enabled Open XML format
60. .PRF  - Microsoft Outlook Profile Settings file
61. .PS1  - Microsoft PowerShell Script file
62. .REG  - Registry Data file
63. .SCF  - Microsoft Windows Explorer Shell Command File file
64. .SCR  - Screen Saver file
65. .SCT  - Windows Script Component file
66. .SH   - Shell Script file
67. .SHB  - Shell Shortcut Back Into A Document file
68. .SHS  - Shell Scrap object file
69. .SYS  - System file
70. .URL  - Uniform Resource Locator file
71. .VB   - Microsoft Visual Basic file
72. .VBE  - Microsoft VBScript Encoded Script file
73. .VBS  - Microsoft VBScript Script file
74. .VSS  - Microsoft Visio Stencil file
75. .VST  - Microsoft Visio Template file
76. .VXD  - Virtual Device Driver file
77. .WMD  - Microsoft Windows Media Download file
78. .WMS  - Microsoft Windows Media Skin file
79. .WMV  - Microsoft Windows Media Video file
80. .WMZ  - Microsoft Windows Media Compressed Skin file
81. .WSC  - Microsoft Windows Script Component file
82. .WSF  - Microsoft Windows Script file
83. .WSH  - Microsoft Windows Script Host Settings file
84. .XLA  - Microsoft Excel Add-in
85. .XLAM - Microsoft Excel Add-in, macro-enabled Open XML format
86. .XLSM - Microsoft Excel Spreadsheet/Workbook file, macro-enabled Open XML format
87. .XLTM - Microsoft Excel Template file, macro-enabled Open XML format template

Regular Expression

ad[ep]|as[fx]|ba[st]|bin|chm|cmd|com|cpl|crt|csh|dbx|dll|docm|dotm|dotx|exe|fdf|fxp|hiv|hlp|ht[abm]|html|in[fs]|isp|js|jse|ksh|lnk|md[abetwz]|mht|ms[chipt]|nch|obj|ocx|oft|ops|ovl|pcd|pif|pl|potm|ppa|ppam|ppsm|pptm|prf|ps1|reg|sc[frt]|sh|sh[bs]|sys|url|vb|vb[es]|vs[st]|vxd|wm[dsvz]|ws[cfh]|xla|xlam|xlsm|xltm

• The Dangerous Attachments list is based on and is an expansion of Martin Blackstone's List of Danger.

Common Attachments

The following file-types in this extension list are commonly sent attachments that are generally considered safe. They should not pose a particular threat, as they are typically benign or are unable to execute code on systems running reasonably current versions of operating systems or applications required to read or open the files.

1. .AI   - Adobe Illustrator Vector Graphic file (Adobe Creative Suite)
2. .ASC  - ASCII Text file (used for PGP signatures)
3. .BHX  - BinHex Compressed Archive file
4. .BMP  - Bitmap Picture file
5. .CSV  - Comma Separated Values file
6. .DAT  - Data file (used by Microsoft Office Outlook e-mail with RTF and TNEF encapsulation)
7. .DOC  - Microsoft Word Document file (Microsoft Office)
8. .DOCX - Microsoft Word Document file, Open XML format (Microsoft Office)
9. .DOTX - Microsoft Word Template file, Open XML format (Microsoft Office)
10. .EMF  - Enhanced Windows Metafile file
11. .EML  - E-mail Message file (used with TNEF encapsulation)
12. .EMZ  - Enhanced Windows Metafile file, GZIP compressed
13. .EPS  - Encapsulated PostScript file
14. .GIF  - Graphic Interchange Format file
15. .HQX  - Macintosh BinHex Compressed Archive file
16. .ICS  - iCalendar Calendar Data file (calendar items for Mac, Office, Palm apps)
17. .INDD - Adobe InDesign Document file (Adobe Creative Suite)
18. .INDT - Adobe InDesign Template file (Adobe Creative Suite)
19. .JPEG - Joint Photographic Experts Group Image file
20. .JPG  - Joint Photographic Experts Group Image file
21. .P7S  - PKCS #7 Signature (used for S/MIME signatures)
22. .PDF  - Adobe Portable Document Format file (Adobe Creative Suite)
23. .PM6  - Adobe PageMaker (version 6) Document file
24. .PMT  - Adobe PageMaker Template file
25. .POTX - Microsoft PowerPoint Template file, Open XML format (Microsoft Office)
26. .PPT  - Microsoft PowerPoint Presentation file (Microsoft Office)
27. .PPTX - Microsoft PowerPoint Presentation file, Open XML format (Microsoft Office)
28. .PSD  - Adobe Photoshop Document file (Adobe Creative Suite)
29. .PUB  - Microsoft Publisher Document file (Microsoft Office)
30. .RAR  - RAR Compressed Archive file
31. .RPT  - Report file (Crystal Reports)
32. .RTF  - Rich Text Format file
33. .SIT  - StuffIt Compressed Archive file
34. .SITX  - StuffIt X Compressed Archive file
35. .SNP  - Microsoft Access Report Snapshot file (Microsoft Office)
36. .TIF  - Tagged Image Format file
37. .TIFF - Tagged Image Format file
38. .TXT  - Text file
39. .VCF  - vCard Contact Data file (contact items for Mac, Office, Palm apps)
40. .VCS  - vCalendar Calendar Data file (calendar items for Mac, Office, Palm apps)
41. .VSD  - Microsoft Visio Document file (Microsoft Office)
42. .WPD  - Corel WordPerfect Document file (Corel WordPerfect Office)
43. .XLS  - Microsoft Excel Spreadsheet/Workbook file (Microsoft Office)
44. .XLSB - Microsoft Excel Spreadsheet/Workbook file, Binary format (Microsoft Office)
45. .XLSX - Microsoft Excel Spreadsheet/Workbook file, Open XML format (Microsoft Office)
46. .XLTX - Microsoft Excel Template file, Open XML format (Microsoft Office)
47. .XPS  - XML Paper Specification file
48. .ZIP  - ZIP Compressed Archive file

Regular Expression

ai|asc|bhx|bmp|csv|dat|doc|docx|em[flz]|eps|gif|hqx|ics|ind[dt]|jpeg|jpg|p7s|pdf|pm[6t]|potx|ppt|pptx|psd|pub|rar|rpt|rtf|sit|sitx|snp|tif|tiff|txt|vc[fs]|vsd|wpd|xls|xls[bx]|xltx|xps|zip

• The Common Attachments list is based on and is an expansion of Micheal Espinola Jr's List of Creamy Goodness.