Blocking and renaming of some file attachments

Since certain types of email attachments pose a significant risk to UW users, those email messages, along with their attachments, are automatically removed from the UW email system without any warning to either the sender or intended receiver, whether or not an anti-virus scan shows them to be infected.

Three other types of files, also considered risky, are not discarded because they are often used for legitimate purposes. Instead they are renamed and delivered to the recipient with a warning text added to the message.

Action	File Types	Reason
Blocked — All attachments of these types are discarded	.cmd, .com, .cpl, .hta, .pif, .scr, .bat, .vbs	These file types are seldom used for legitimate communication, but are favored by virus writers. Some of these types can execute automatically because of common configurations of computers.
Renamed — All attachments of these types on inbound email messages (messages arriving at the UW central email services) have "-uwUNSAFE" added to their file name. For example, foo.zip is changed to foo.zip-uwUNSAFE	.exe, .rar, .zip	These file types are used by virus writers to circumvent anti-virus programs, but they are also often used for legitimate purposes. To give the recipient the choice of receiving the file without the risk that it will automatically be opened or executed, on inbound email messages the attachment file name are modified. The file itself has not been changed. If the sender of the message is known to you, and you were expecting the message, you need simply save the attachment using the original name or save it as is and rename it back to its original name on your computer. If the sender is not known to you, it is possible that the attachment contains a virus and you may simply delete the message. If this message claims to be official and instructs you to open the attachment to get important information, it is likely to be a fake — Do Not Open It. Virus writers are increasingly using sophisticated social engineering techniques to mislead people. .Zip, .rar, and .exe attachments on outbound email messages (messages sent from UW email accounts) are not blocked or renamed. However, if the message or the attachment contains a virus, both are discarded.

Action

File Types

Reason

Blocked — All attachments of these types are discarded

.cmd, .com, .cpl, .hta, .pif, .scr, .bat, .vbs

These file types are seldom used for legitimate communication, but are favored by virus writers. Some of these types can execute automatically because of common configurations of computers.

Renamed — All attachments of these types on inbound email messages (messages arriving at the UW central email services) have "-uwUNSAFE" added to their file name. For example,
foo.zip
is changed to
foo.zip-uwUNSAFE

.exe, .rar, .zip

These file types are used by virus writers to circumvent anti-virus programs, but they are also often used for legitimate purposes. To give the recipient the choice of receiving the file without the risk that it will automatically be opened or executed, on inbound email messages the attachment file name are modified. The file itself has not been changed.

If the sender of the message is known to you, and you were expecting the message, you need simply save the attachment using the original name or save it as is and rename it back to its original name on your computer.
If the sender is not known to you, it is possible that the attachment contains a virus and you may simply delete the message.
If this message claims to be official and instructs you to open the attachment to get important information, it is likely to be a fake — Do Not Open It. Virus writers are increasingly using sophisticated social engineering techniques to mislead people.

.Zip, .rar, and .exe attachments on outbound email messages (messages sent from UW email accounts) are not blocked or renamed. However, if the message or the attachment contains a virus, both are discarded.

What Email Does This Apply To?

All email processed by the central UW Email infrastructure, including email destined for off-campus users, is included in this management practice. UW Technology will monitor changes in threats from attached files and add or drop types of files from the blocking/renaming list as needed.

Why Block These Attachments?

Email attachments are the most common method for computer viruses to spread.

Virus infections can cause serious problems both for the computer user and the UW email system:

Data is damaged or destroyed
Computers are disabled
Sensitive information is exposed to unauthorized people
Computers are used for illegal purposes, such as sending spam or attacking other computers
Once they infect a computer, viruses often send out a tremendous volume of email messages, overwhelming the computers that perform message transport and delivery and bringing email service for everyone to a halt
Expensive staff time is spent cleaning and rebuilding infected computers instead of other support work they be could doing

The UW must act to protect its email communications channels. Because email attachments are the most common method for computer viruses to spread, they offer a target to address the problem of virus infections.

More Information

Notification of Changes

Notices of changes in email attachment blocking will be posted on this page and will be sent to the cac-alert mailing list. You can subscribe to the cac-alert list by going to the cac-alert email list page

Other Ways to Share Files

Alternative methods for sharing files include the following:

Place the file on a Web site and then send the URL to the person you want to share the file with
Use one of the Catalyst Web tools such as eSubmit or SimpleSite.

Blocking and renaming of some file attachments

What Email Does This Apply To?

Why Block These Attachments?

More Information

Notification of Changes

Other Ways to Share Files

About Viruses and Attachments

Other Organizations Are Blocking Email Attachments

In The News