Banned E-mail Attachments

IMPORTANT NOTICE
Effective February 26, 2009, we have added ".ZIP" files to the list of attachments banned by the e-mail system in response to the Trojan.Vundo virus. We will re-evaluate this block at a future date. For now, if you must send a ".ZIP" file, rename it to something else (like ".PIZ"), and then send it, along with a note to the recipient instructing him/her to rename the file back to ".ZIP" before using it.

What we're doing
Effective the evening of October 19, 2001, the University of Hartford's e-mail system (mail.hartford.edu) will be modified to help protect you from receiving computer viruses via e-mail. The system will be configured to prevent "binary attachments" to messages of the following types from being transmitted through the system (this list is subject to change):

asp bat com cpl css
dll exe hta js jse
pif rar scr sct vbe
vbs wsf wsh  

Most of the recent e-mail-born viruses are transmitted as attachments of these types, however, it is rare that people actually send each other files of these types. The viruses exploit weaknesses in the settings of users' e-mail programs to execute the attachments, often without the user's knowledge or intent, infecting the user's machine, and in turn, mailing themselves out to others without the user's knowledge.

Note, however, that viruses can propagate in files that are not being blocked, such as:

doc gif pdf xls  

Files of these types are frequently legitimately exchanged by people (not just viruses) via e-mail, so they are not being blocked. Also, unlike many of the other types of attachments that are being blocked, files of these types must usually be explicitly opened by the user -- they don't just automatically open and execute in most e-mail programs, so you have a chance to detach and scan them with your antivirus program before opening them.

Does this mean I can't send files of these types?
No - you can still mail files of the blocked types, if necessary. However, you must rename the file's type (the ".exe", ".vbs" part) to something else before sending it. For example, if you need to mail the file myhomework.exe to your professor, simply rename myhomework.exe to another name like myhomework.exx and then send it. Be sure to provide an explanation in your message to the professor explaining that s/he must detach and rename the file back to myhomework.exe before trying to run it. (The professor should also scan the file for viruses before using it!)

What will happen if I try to send a file of these types?
You will receive either an error message warning you that you cannot send such attachments with your messages, or you will receive a message back indicating this, depending on what e-mail program you use. The same will occur for people outside the University trying to send you messages containing such attachments. People will know when a message has not been processed for this reason - it won't just disappear!

Virus scanners are still important!
As mentioned above, the blocking of infrequently used binary attachments does not prevent you from receiving a virus via e-mail, it simply reduces the chances of that happening. You must still install and keep an up-to-date virus scanner on your computer. Our e-mail countermeasures do not relieve you of this responsibility! There are many ways to catch a virus aside from e-mail!

Why not just have the e-mail system scan for viruses?
We may have the e-mail server scan all messages passing through it for viruses at some point in the future. However, a virus scanner is only effective when the vendor that writes it has identified the virus, figured out how to detect it, and makes an update available to the public. This can take a day or two after a new virus is unleashed on the Internet. A number of the more recent viruses (SirCam, nimdA, etc.) did a great deal of damage before effective virus detection was available. However, they generally propagated through binary attachments of one or more of the types we are now blocking. So, even if the virus scanners are not able to detect a new virus, the e-mail system will effectively block them since it is already preventing the passing of the more dangerous types of files.

What have we been doing up to now?
To date, we have been programming the system to reject e-mail messages that appear to contain certain viruses by scanning them for specific traits of a number of the more recent viruses, namely, SirCam, nimdA, and Vote. However, this strategy has a number of weaknesses:

By switching to the attachment blocking method described in this article, we will stop more viruses, before they can get a start, while still allowing all legitimate messages through.

Best practices to avoid e-mail viruses
There are a few simple things you can do to avoid having your computer infected by an e-mail virus:

In summary: