Preventing viruses and other malware from propagating across the campus network and email system is a constant challenge. Many types of viruses and inappropriate software applications use email as a means of delivering the malicious code onto the users computer. As of result of these risks SPU blocks certain types of files from being attached to email messages. The criteria for blocking these files types is generally based on whether software code will execute within the email client or run a script, and also whether known viruses and exploits have circulated to bypass the normal filter defenses.
These are the current blocked extentions:
.ade .adp .app .asp .bas .bat .cer .chm .cmd .cnf .com .cpl .crt .csh .exe
.fxp .hlp .hta .inf .ins .isp .its .js .jse .ksh .lnk .mad .maf .mag .mam .maq
.mar .mas .mat .mau .mav .maw .mda .mdb .mde .mdt .mdw .mdz .mhtml
.msc .msi .msp .mst .ops .pcd .pif .prf .prg .pst .reg .scf .scr .sct .shb
.shs .tmp .url .vb .vbe .vbs .vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh
Even with these file blocking rules in place it is still possible that malicious code and malware could make it past the border filters. Therefore, it is also a requirement for all computers that connect to the campus network to also have installed, active, and up-to-date anti-virus software. We have licensed McAfee VirusScan for all campus students and employees for this purpose. More information can be found on the software anti-virus page.
There are three layers to file attachment screening and blocking. The first layer is at the border email filter appliance. We use the Barracuda Networks spam prevention appliance to filter email as it is being delivered to campus. This tool looks at all email messages and blocks certain attachments and places them in a quarantine role. If it is not certain whether there is legitimate content in the message, it will send the original receiptant a message that an item has been placed in quarantine.
The second layer of filtering takes place on the Microsoft Exchange Server. The anti-virus tools running on the server will also examine messages in the server mailstore to look for viruses and malware.
The third layer of defense is on the personal computer itself and requires that file be scanned by the local installed anti-virus program before they are executed.
While certain file types might be blocked as sources of viruses and malicious code, it is also acknowledged that some of these applications and file extentions have historically added value and utility in attaching content to mail messages. In some cases you may want to find a better mechanism for transferring a file (ftp, disk, thumbdrive) as an alternate to email.
Recognizing that there are several layers to the file blocking process might help in identifying why a spcific attachment is not getting through.