Attachments 1

[markroberts]

Has anyone got a list of attachments which are recomended that should be blocked. I am looking to filter out any files that could be seen as potentially harmful to the network along with video and audio files.

Thanks in advance

Mark

 

[hnd]

If you have access to a Norton Antivirus you can check for the files to be scanned for Viruses. You could take these extensions.

hnd
hasso55@yahoo.com

 

[rjs]

From a Windows NT article:
Dangerous File Extensions
File Extension Description
ADE Microsoft Access Project Extension
MDB Microsoft Access Application
ADP Microsoft Access Project
MDE Microsoft Access MDE Database
BAS Visual Basic® Class Module
MSC Microsoft Common Console Document
BAT Batch File
MSI Windows Installer Package
CHM Compiled HTML Help File
MSP Windows Installer Patch
CMD Windows NT® Command Script
MST Visual Test Source File
COM MS-DOS® Application
PCD Photo CD Image
CPL Control Panel Extension
PIF Shortcut to MS-DOS Program
CRT Security Certificate
REG Registration Entries
EXE Application
SCR Screen Saver
HLP Windows® Help File
SCT Windows Script Component
HTA HTML Applications
SHS Shell Scrap Object
INF Setup Information File
URL Internet Shortcut (Uniform Resource Locator)
INS Internet Communication Settings
VB VBScript File
ISP Internet Communication Settings
VBE VBScript Encoded Script File
JS JScript® File
VBS VBScript Script File
JSE JScript Encoded Script File
WSC Windows Script Component
LNK Shortcut
WSF Windows Script File
WSH Windows Scripting Host Settings File

 

[hnd]

This List cannot be complete. There are missing all the Office Files like .Doc, .Xls, .Ppt..
Then is Missing .scr, .pif


hnd
hasso55@yahoo.com

 

[SgtB]

hnd - So you'd like to block MS office attachments? Go ahead and block those...see how long it takes before the whole corporation comes screaming down your neck!


You're right about the .scr/.pif files though.
________________________________________
Check out

http://www.security-forums.com

 

[hnd]

That is an other Question but those Files could Carry viruses. Therefore i advice the people to use RTF files instead of .Doc if no macros are used. Or CSV instead .XLS.

But you are right it is difficult to block those extensions. Nevertheless you should be aware the Danger of Viruses in such files und you should scan each file of such types that comes from outside.

hnd
hasso55@yahoo.com

 

[SgtB]

As long as you have your AV up to date, and installed on every machine, then macro vriuses pose little to no threat as they're easily cleaned. As long as you have some type of realtime scanning that is....
________________________________________
Check out

http://www.security-forums.com

 

[rjs]

Ok, scr & pif were missing. I did a cut and paste from a message someone sent me instead of checking my AV SMTP configuration file. SCR and PIF are both very dangerous and should be excluded.

 

[hnd]

What is Missing (could Carry Viruses):
.adt,.bpl, .cbt, .cla
.doc,.dot. .drv, .OV?
.ppt, .xl?, .sys

hnd
hasso55@yahoo.com

 

[AjayM]

The MS article is here -

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q262631

It has the SCR/PIF but doesn't include the common MS docs. And I don't think it's that rare anymore for them to be filtered out. I run a list-server here and there are some companies that filter everything, even TXT files.

Personally I've included the above list, but haven't blocked the common Office apps. I do have all the machines with Office to ask before using executing a macro, and I'm semi-confident in the AV software. So with all of the above, knock on wood, I've been fairly lucky.

Andrew