[Mimedefang] Blocked Files

Kevin A. McGrail kevin.mcgrail at mcgrail.com
Wed Mar 12 16:24:34 EDT 2014 

Hi Everyone,

So I wanted to be able to answer what and why we blocked various 
attachments.

Towards that end, for our installation, we wrote this page 
https://raptor.pccc.com/raptor.cgim?template=blocked_files

To help out MD, we also wrote the following patch to help document in 
the suggested minimum filter.

Regards,
KAM
-------------- next part --------------
--- suggested-minimum-filter-for-windows-clients	Mon May  4 11:35:41 2009
+++ suggested-minimum-filter-for-windows-clients.my	Thu Feb 27 14:33:17 2014
@@ -63,7 +63,76 @@
 # $MaxMIMEParts = 50;
 
 #***********************************************************************
-# Set various stupid things your mail client does below.
+# Set various stupid things your mail client does below.  The list of
+# extensions blocked are as follows:
+# ----------------------------------------------------------------------
+# Ext | Description                      | Threat
+# ----------------------------------------------------------------------
+# ade | MS Access project description    | Macros
+# adp | MS Access project description    | Macros
+# app | Microsoft FoxPro app/OS X binary | Executable malware
+# asd | MS Word automatic backup         | Macros
+# asf | Streaming video                  | Buffer overflow
+# asx | Streaming video                  | Buffer overflow
+# bas | BASIC source file                | Executable malware
+# bat | Executable batch file            | Malware, discarded completely
+# chm | Compiled HTML htlp file          | Buffer overflow in IE
+# cmd | Executable batch file            | Executable malware
+# com | Executable file                  | Malware, discarded completely
+# cpl | Control panel extension          | Executable malware
+# crt | Security Certificate             | Overwrite SSL certificates
+# dll | Dynamic Link Library             | Executable malware
+# exe | Executable file                  | Malware, discarded completely
+# fxp | Microsoft ProFox Executable      | Executable malware
+# hlp | Windows compiled help file       | Macros
+# hta | HTML application                 | (Java)script malware
+# inf | Setup information                | Script can change settings
+# ini | Contains program options         | Change system settings
+# ins | Internet Naming Service file     | DNS hijacking/MITM attacks
+# isp | Internet Settings file           | DNS hijacking/MITM attacks  
+# jse | Javascript executable            | Executable malware
+# js  | Javascript source                | Executable malware
+# lib | Software library                 | Executable malware
+# lnk | Windows shortcut                 | Executable malware
+# mdb | Microsoft Access File            | Macros
+# mde | Microsoft Access Database        | Macros
+# mdc | Microsoft Common Console Document| DNS/file hijacking
+# msi | Widnows installer executable     | Executable malware
+# msp | Microsoft Windows Installer patch| Executable malware
+# mst | Microsoft VisualStudio  Test/SDK | Change computer configuration
+# ocx | OLE Control Extension            | Executable malware
+# pcd | Kodak proprietary photo CD image | Executable malware
+# pif | MS-DOS shortcut file             | Malware, discarded
+# prg | ProFox program source file       | Executable malware
+# reg | Registry File                    | Change computer configuration
+# scr | Screen Saver Script              | Malware, discarded
+# sct | Windows Script Component         | Executable malware
+# sh  | UNIX shell script                | Executable malware (UNIX)
+# shb | Shell Scrap Object file          | Executable malware
+# shs | Shell Scrap Object               | Executable malware
+# sys | Windows System Device Driver     | Kernel-level malware
+# url | Bookmarked URL                   | URL can be to a bad site
+# vb  | VisualBASIC runtime file         | Executable malware
+# vbe | VisualBASIC executable           | Executable malware
+# vbs | VisualBASIC script               | Executable malware
+# vcs | Calendar file                    | Buffer overflow in Outlook
+# vxd | Virtual Device Driver            | Executable malware
+# wms | Windows Media Player Skin        | Executable malware
+# wsc | Windows Script Component         | Executable malware
+# wsf | Windows Script File              | Executable malware
+# wsh | Windows Scripting Host Settings  | Executable malware
+# ----------------------------------------------------------------------
+# In addition to the above files, ZIP files are scanned for the same 
+# extensions listed above.  Also, class ID file extensions are blocked 
+# ({0000-...guid...} extensions).  
+# The above list was compiled with source material from the following:
+# * Wikipedia: 
+#    http://en.wikipedia.org/wiki/User:Ruud_Koot/Dangerous_file_types
+# * Microsoft:
+#    http://office.microsoft.com/en-us/outlook-help/blocked-attachments-in-outlook-HA001229952.aspx
+# * PCCC:
+#    https://raptor.pccc.com/raptor.cgim?template=blocked_files 
+# * The MIMEDefang Source Code & Mailing List: http://www.mimedefang.com/
 #***********************************************************************
 
 # Set the next one if your mail client cannot handle multiple "inline"

More information about the MIMEDefang mailing list