Threat Watch

News      Security Home      [?]

Quick Links ISS Sitemap ISS Home Digital Media Email IP Telephony Learning Zone Mobile Devices Network Printing Report Faults Remote Access Security Service Matrix Software Support Training Unix Video Conf Windows

Lancaster University the Web

Lancs Home >  ISS Home >  Security >  Threat Watch

List of Banned File Extensions

Computer viruses are often spread by as programs attached to email messages. Recipients are fooled into to running the attachments which infect their PC.

ISS Banned Extensions   Encrypted Zips

News & Announcements

22/12/05 - the 'RAR' archive file format was added to the ISS banned list due to a problem with Symantec AntiVirus. The RAR file format will be un-banned when the problem is resolved. While RAR is banned, users are advised to use the ZIP format.

---

ISS Precautions

ISS protects the University computer systems by preventing 'executable' attachments from passing through the central mail hub. Executable programs are detected by their three letter extension. Listed below are three letter extensions currently (29/10/01) banned. To send executable programs - put them in a Zip file before sending.

Mail Hub Attachment Filtering

1. the mail hub will examine incoming and outgoing mail messages to see if they contain attachments.
2. if any such attachment is found the email mesage is rejected.
3. the sender will receive an error message that will look something like this:
   
   This message has been rejected because it has potentially executable content (filename.xxx). This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it
   
   
4. the content of attachments is not examined at this point - only the filenames are tested.

List of Banned Three Letter Extensions

The 'Type of File' listed below is a best efforts list. Any given three letter extension may be used by more than one program.

xxx - Type of File
ade - Access Project Extension 
adp - Access Project file
bas - BASIC program
bat - DOS batch file script
chm - Compiled HTML file
cmd - 1st Reader External Command Menu
com - Command file (program)
cpl - Control Panel Module
crt - Certificate file
eml - Outlook Express message
emf - Enhanced Windows Metafile (Graphic format)
exe - Executable file (program)
hlp - Windows help file
hta - HTML file
inf - package information file
ins - Install script
isp - Sign-up file(X-Internet)
jse - Javascript?
lnk - Shortcut file (Windows)
mdb - Access database
mde - Access file
msc - Common console document (Windows 2000)
msi - Installer program
msp - Windows Installer patch file
mst - Windows Installer transform
pcd - P-Code compiled test scripts 
pif - Program information file (Win 3.1)
rar - archive format - banned temporarily 22/12/05.
reg - Registration file
scr - Screen saver
sct - FoxPro forms 
shs - Shell scrap file
url - Internet shortcut file (Universal Resource locator)
vbs - Visual Basic program
vbe - Visual Basic related
wsf
wsh
wsc

Notes

Attachment blocking on the 'mail hub' at this point is not 100 percent reliable. There are ways of encoding attachments that will evade the checks, and files with names containing non-English characters will also not be examined.

Please note that almost none of the file types that are blocked will actually cause users any problems. The list's main function is to intercept incoming attachments originated by viruses themselves, many of which execute automatically without user involvment.

Word, PowerPoint and Excel files, although being executable, are currently allowed.

As the need arises other three letter extensions will be added to the list.

Encrypted Zips

About Encrypted Zips

Encrypted Zips are files compressed by WinZip, EnZip or other Zip utility that have been password protected. The password is used as a key to encrypt the file. The same file encrypted with different keys will look different.

Virus Writers Use Encrypted Zips

Encrypted Zips are being used by viruses to disguise and therefore evade anti-virus programs. While encrypted zip files successfully evade anti-virus software they will be deleted as they pass through the University email hub. Below is an indication as to whether they are currently banned or not.

17/03/04 - Encrypted Zips are currently banned.

Un-encrypted Zips

Zip files that have not been encrypted (using a password) may still be used to send executable files as attachments. It should be noted that the recipient will need a copy of Windows XP, WinZip, EnZip or other Zip utility to uncompress (un-pack) the Zip file.

Self-Extracting Zips

Using WinZip, EnZip or other Zip utility it is possible to create a self-extracting zip file that is not encrypted and when run will uncompress the files without the use of Windows XP, WinZip, EnZip or other Zip Utility. Unfortunately, self-extracting Zip files have a file extension of .EXE which is currently banned. You can evade our ban of sending self-extracting Zips by renaming the self-extracting zip file e.g. rename 'example.exe' to 'example.exeremove'. However some other email hubs may look 'deeper' than ours and delete the executable attachment.

Zip Utilities

List below are links to further information about the Zip Utilities mentioned in this article:

• Microsoft Windows XP has Zip un-compression (un-packing) built-in.
• RAR is an 'open source' archive compression format. WinRAR is a popular shareware Windows RAR utility program.

Summary

Executable files (files with banned extensions) that you want to send as email attachments, should zipped not be encrypted (i.e. saved without a password) and they should not be made 'self-extracting'. Recipients of zipped executables should be encouraged to install a Zip utility.

 

Threats

 

Help & Tools

©Lancaster University:   ISS Governance     Computer User Agreement     Privacy & Cookies Notice    

Accessibility Help