Deprecated: Assigning the return value of new by reference is deprecated in /home/alpinesu/public_html/knowledgebase/global.php on line 173

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/alpinesu/public_html/knowledgebase/global.php:173) in /home/alpinesu/public_html/knowledgebase/inc/user_session.inc.php on line 111

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/alpinesu/public_html/knowledgebase/global.php:173) in /home/alpinesu/public_html/knowledgebase/inc/user_session.inc.php on line 111
MailScanner - Anti-Virus Dangerous File Attachments .: Alpine Support Knowledge Base
 
Domain Names Dedicated Servers Templates
Alpine Support Knowledge Base Glossary   
Search  
   
Browse by Category
Alpine Support Knowledge Base .: Hosting Knowledgebase .: Linux Hosting .: Email .: MailScanner - Anti-Virus Dangerous File Attachments

MailScanner - Anti-Virus Dangerous File Attachments

The following is a list of file attachments that may be blocked by the service (the attachments are removed from emails before delivery to you and placed in a quarantine area for 30 days should you wish to receive them):


# These are known to be dangerous in almost all cases.
.reg Possible Windows registry attack
.chm Possible compiled Help file-based virus
.cnf Possible SpeedDial attack
.hta Possible Microsoft HTML archive attack
.ins Possible Microsoft Internet Comm. Settings attack
.jse_ Possible Microsoft JScript attack
.lnk Possible Eudora *.lnk security hole attack
.ma_ Possible Microsoft Access Shortcut attack
.pif Possible MS-Dos program shortcut attack
.scf Possible Windows Explorer Command attack
.sct Possible Microsoft Windows Script Component attack
.shb Possible document shortcut attack
.shs Possible Shell Scrap Object attack
.vbe or .vbs Possible Microsoft Visual Basic script attack
.wsc .wsf .wsh Possible Microsoft Windows Script Host attack
.xnk Possible Microsoft Exchange Shortcut attack


# These 2 added by popular demand - Very often used by viruses
.com Windows/DOS Executable
.exe Windows/DOS Executable


# These are very dangerous and have been used to hide viruses
.scr Possible virus hidden in a screensaver
.bat Possible malicious batch file script
.cmd Possible malicious batch file script
.cpl Possible malicious control panel item
.mhtml Possible Eudora meta-refresh attack


# Deny filenames ending with CLSID's
{[a-hA-H0-9-]{25,}\} Filename trying to hide its real extension
Examples:
A977FF0C-8757-4E76-8533-482F91946233
000209FF-0000-0000-C000-000000000046


# Deny filenames with lots of contiguous white space in them.
Filename contains lots of white space


# Deny all other double file extensions. This catches any hidden filenames.
Found possible filename hiding
Examples:
.txt.pif
.doc.pif
.doc.com
.txt.exe

How helpful was this article to you?

Related Articles

article MailScanner Tutorial
With the MailScanner service you can control...

  1-13-2006    Views: 6423   
article MailScanner FAQ'a
This list of Frequently Asked Questions is...

(No rating)  1-13-2006    Views: 3085   
article When I try to open the flash fla file, I get an error Unexpected file format.
This means that .fla file is incompatible with...

(No rating)  8-9-2004    Views: 2233   

User Comments

Add Comment
No comments have been posted.


.: Powered by Lore 1.5.9
Copyright ©2001 - 2006   Alpine Internet ABN 65 109 918 747