Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mailsweeper - Which file types need blocking?

Status
Not open for further replies.
shedlord

shedlord

IS-IT--Management
Jan 13, 2005
14
GB
Our email scanning is run by an external company. It has been working up to a point, but due to the large amount of spam getting through they are upgrading this service. As part of this upgrade, I have been given a list of attachment file types and asked which I want them to block and which to allow.

Half of these I am pretty sure about, but I need some guidance on whether the others are a genuine security threat.

Here's what I have left...

Binary - encrypted

Binary - not protected

LZH compressed archive (if we allow .zip, any reason not to allow these?)

Binhex

Microsoft Compress

TNEF

Possible install shield

PEM - Privacy enhanced mail (we are allowing PGP, so why not these?)

ARJ (see LZH comment)

TAR

CMP

GZP

UUE

Apple double resource fork

Apple single

CDA

DCX

Embedded OLE Object

Embedded OLE Package

JTD

Lotus 123

MS Project - MPP

Pattern matched

XML

Win32 Unknown Executable

DWG

PPM

WMF

PCX

PKCS message



Then, is there any reason to allow any of these scripts in a business email message...

Javascript, JavascriptEncoded, Unknown Script, VBScript, VBScriptEncoded


Thanks
 
Sort by date Sort by votes
Below is what i would do with these:

Binary - encrypted - NO

Binary - not protected - NO

LZH compressed archive (if we allow .zip, any reason not to allow these?) - YES as long as you users are intelligent enough not to open everything they receive.

Binhex - NO

Microsoft Compress - I am assuming this is a .CAB file. Again OK if your users won't just open everything.

TNEF - Could be a Word type e-mail body so YES.

Possible install shield - NO

PEM - Privacy enhanced mail (we are allowing PGP, so why not these?) - YES

ARJ (see LZH comment) - Same as ZIP policy

TAR - UNIX Archive - unlikely you will get many but same as ZIP policy

CMP - NO (XML file with additional info)

GZP - Same as ZIP Policy

UUE

Apple double resource fork - NO

Apple single - NO

CDA - NO

DCX - Unlikely but it depends if you use them.

Embedded OLE Object - NO

Embedded OLE Package - NO

JTD - Japenses Word Processor - Up to you.

Lotus 123 - YES (Probably)

MS Project - MPP - YES

Pattern matched - ?

XML - NO

Win32 Unknown Executable - NO

DWG - AutoCAD Drawing File - YES

PPM - Image File - MAYBE

WMF - MetaFile - Probably NOT.

PCX - Image File - MAYBE

PKCS message - Cerificate Message - NOT unless you need to.

There is no good reason to allow any form of script, cmd, bat, etc.

Hope that helps.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
290
Sameer258
Sameer258
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
92
PauS0n
PauS0n
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
74
markd885
markd885
Modem80
  • Locked
  • Question
Novice SonicOS user, need routing help
Replies
2
Views
101
Modem80
Modem80
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
100
texwiz
texwiz

Part and Inventory Search

Sponsor

Back
Top