[Mimedefang] Blocked Files
Kevin A. McGrail
kevin.mcgrail at mcgrail.com
Wed Mar 12 16:24:34 EDT 2014
Hi Everyone,
So I wanted to be able to answer what and why we blocked various
attachments.
Towards that end, for our installation, we wrote this page
https://raptor.pccc.com/raptor.cgim?template=blocked_files
To help out MD, we also wrote the following patch to help document in
the suggested minimum filter.
Regards,
KAM
-------------- next part --------------
--- suggested-minimum-filter-for-windows-clients Mon May 4 11:35:41 2009
+++ suggested-minimum-filter-for-windows-clients.my Thu Feb 27 14:33:17 2014
@@ -63,7 +63,76 @@
# $MaxMIMEParts = 50;
#***********************************************************************
-# Set various stupid things your mail client does below.
+# Set various stupid things your mail client does below. The list of
+# extensions blocked are as follows:
+# ----------------------------------------------------------------------
+# Ext | Description | Threat
+# ----------------------------------------------------------------------
+# ade | MS Access project description | Macros
+# adp | MS Access project description | Macros
+# app | Microsoft FoxPro app/OS X binary | Executable malware
+# asd | MS Word automatic backup | Macros
+# asf | Streaming video | Buffer overflow
+# asx | Streaming video | Buffer overflow
+# bas | BASIC source file | Executable malware
+# bat | Executable batch file | Malware, discarded completely
+# chm | Compiled HTML htlp file | Buffer overflow in IE
+# cmd | Executable batch file | Executable malware
+# com | Executable file | Malware, discarded completely
+# cpl | Control panel extension | Executable malware
+# crt | Security Certificate | Overwrite SSL certificates
+# dll | Dynamic Link Library | Executable malware
+# exe | Executable file | Malware, discarded completely
+# fxp | Microsoft ProFox Executable | Executable malware
+# hlp | Windows compiled help file | Macros
+# hta | HTML application | (Java)script malware
+# inf | Setup information | Script can change settings
+# ini | Contains program options | Change system settings
+# ins | Internet Naming Service file | DNS hijacking/MITM attacks
+# isp | Internet Settings file | DNS hijacking/MITM attacks
+# jse | Javascript executable | Executable malware
+# js | Javascript source | Executable malware
+# lib | Software library | Executable malware
+# lnk | Windows shortcut | Executable malware
+# mdb | Microsoft Access File | Macros
+# mde | Microsoft Access Database | Macros
+# mdc | Microsoft Common Console Document| DNS/file hijacking
+# msi | Widnows installer executable | Executable malware
+# msp | Microsoft Windows Installer patch| Executable malware
+# mst | Microsoft VisualStudio Test/SDK | Change computer configuration
+# ocx | OLE Control Extension | Executable malware
+# pcd | Kodak proprietary photo CD image | Executable malware
+# pif | MS-DOS shortcut file | Malware, discarded
+# prg | ProFox program source file | Executable malware
+# reg | Registry File | Change computer configuration
+# scr | Screen Saver Script | Malware, discarded
+# sct | Windows Script Component | Executable malware
+# sh | UNIX shell script | Executable malware (UNIX)
+# shb | Shell Scrap Object file | Executable malware
+# shs | Shell Scrap Object | Executable malware
+# sys | Windows System Device Driver | Kernel-level malware
+# url | Bookmarked URL | URL can be to a bad site
+# vb | VisualBASIC runtime file | Executable malware
+# vbe | VisualBASIC executable | Executable malware
+# vbs | VisualBASIC script | Executable malware
+# vcs | Calendar file | Buffer overflow in Outlook
+# vxd | Virtual Device Driver | Executable malware
+# wms | Windows Media Player Skin | Executable malware
+# wsc | Windows Script Component | Executable malware
+# wsf | Windows Script File | Executable malware
+# wsh | Windows Scripting Host Settings | Executable malware
+# ----------------------------------------------------------------------
+# In addition to the above files, ZIP files are scanned for the same
+# extensions listed above. Also, class ID file extensions are blocked
+# ({0000-...guid...} extensions).
+# The above list was compiled with source material from the following:
+# * Wikipedia:
+# http://en.wikipedia.org/wiki/User:Ruud_Koot/Dangerous_file_types
+# * Microsoft:
+# http://office.microsoft.com/en-us/outlook-help/blocked-attachments-in-outlook-HA001229952.aspx
+# * PCCC:
+# https://raptor.pccc.com/raptor.cgim?template=blocked_files
+# * The MIMEDefang Source Code & Mailing List: http://www.mimedefang.com/
#***********************************************************************
# Set the next one if your mail client cannot handle multiple "inline"
More information about the MIMEDefang
mailing list