Mail and Security

Many attempts to intrude on organizational networks are made either through the organization's email server or through sending mail directly to users of the network. There are several steps which should be taken to reduce the chance of penetration success in this area.

• Block many dangerous email attachments on your mail server or at your firewall. Many attachment types may contain code that can be run on workstations or servers and create a method for an outsider to gain control of that machine. If an executable attachment is sent to one of your users and they double click on the attachment, it is likely that the code will run and the attack will succeed. The only defense in this case is your antivirus software on the machine. However consider the possibility that the virus program may not recognize the attachment as hostile code either because it was not detected yet or because a hacker specifically wrote the code to penetrate your network. We block the following attachments because they either can point to dangerous code, are dangerous code or can contain dangerous code:
1. *ade - Microsoft Access project extension can contain executable code.
2. *adp - Microsoft Access project can contain executable code.
3. *app - Microsoft FoxPro application is executable code.
4. *asp - Active server pages
5. *asx -
6. bas - Basic program source code is executable code.
7. bat - Batch file which can call executable code.
8. *chm - Compiled HTML help file can contain executable code.
9. cmd - Windows NT command script file is executable code.
10. com - Command file program is executable code.
11. cpl - Control panel extension
12. *crt
13. *csh
14. -dll - Dynamic link library is executable code. Could be placed on your system then run by the system later.
15. exe - Binary executable program is executable code.
16. *fxp - Microsoft FoxPro is executable code.
17. *hlp - Help file
18. *hta - HTML program
19. *inf - Setup information
20. *ins - Internet naming service
21. *isp - Internet communication settings
22. js - JavaScript file
23. jse - JavaScript encoded file
24. *ksh - Unix shell file
25. *lnk - Link file
26. *mda - Microsoft Access add-in program
27. *mdb - Microsoft Access program
28. *mde - Microsoft Access MDE database
29. *mdt - Microsoft Access file
30. *mdw - Microsoft Access file
31. *mdz - Microsoft Access wizard program
32. *msc - Microsoft Common Console document
33. msi - Microsoft windows installer package
34. *msp - Windows Installer patch
35. mst - Visual Test source files
36. *ops - FoxPro file
37. pcd - "Photo CD image or Microsoft Visual Test compiled script"
38. pif - "Shortcut to MS-DOS program"
39. *prf - "Microsoft Outlook Profile Settings"
40. *prg - "FoxPro program source file"
41. reg - Registry files
42. *scf - "Windows Explorer Command file"
43. scr - Screen saver
44. sct - Windows® script component
45. *shb - Document shortcut
46. *shs - Shell scrap object
47. *url - Internet address
48. vb - Visual Basic file
49. vbe - Visual Basic encoded script file
50. vbs - Visual Basic file
51. *vsd
52. *vss
53. *vst
54. *vsw
55. wsc - Windows script component
56. wsf - Windows script file
57. wsh - Windows script host settings file
58. xsl - XML file may contain executable code

Microsoft Outlook blocks these above attachments by default in Outlook 2003 as noted at Attachment File Types Restricted by Outlook 2003.