Blocking and Renaming File Attachments

IT Connect > Email > Blocking Some Attachments

On This Page
High-Risk Attachments
What Email Does This Apply to?
Why Block These Attachments?
More Information

High-Risk Attachments

Since certain types of email attachments pose a significant risk to UW users, those email messages, along with their attachments, are automatically removed from the UW email system without any warning to either the sender or intended receiver, whether or not an antivirus scan shows them to be infected.

Three other types of files, also considered risky, are not discarded because they are often used for legitimate purposes. Instead they are renamed and delivered to the recipient with a warning text added to the message.

Action	File Types	Reason
Blocked — All attachments of these types are discarded	.cmd, .com, .cpl, .hta, .pif, .scr, .bat, .vbs	These file types are seldom used for legitimate communication, but are favored by virus writers. Some of these types can execute automatically because of common configurations of computers.
Renamed — All attachments of these types on inbound email messages (messages arriving at the UW central email services) have "-uwUNSAFE" added to their file name. For example, ??foo.zip is changed to ??foo.zip-uwUNSAFE	.exe, .rar, .zip	These file types are used by virus writers to circumvent antivirus programs, but they are also often used for legitimate purposes. To give the recipient the choice of receiving the file without the risk that it will automatically be opened or executed, on inbound email messages the attachment file name are modified. The file itself has not been changed. If the sender of the message is known to you, and you were expecting the message, you need simply save the attachment using the original name or save it as is and rename it back to its original name on your computer. If the sender is not known to you, it is possible that the attachment contains a virus and you may simply delete the message. If this message claims to be official and instructs you to open the attachment to get important information, it is likely to be a fake — Do Not Open It. Virus writers are increasingly using sophisticated social engineering techniques to mislead people. .Zip, .rar, and .exe attachments on outbound email messages (messages sent from UW email accounts) are not blocked or renamed. However, if the message or the attachment contains a virus, both are discarded.

Action

File Types

Reason

Blocked — All attachments of these types are discarded

.cmd, .com, .cpl, .hta, .pif, .scr, .bat, .vbs

These file types are seldom used for legitimate communication, but are favored by virus writers. Some of these types can execute automatically because of common configurations of computers.

Renamed — All attachments of these types on inbound email messages (messages arriving at the UW central email services) have "-uwUNSAFE" added to their file name. For example,
??foo.zip
is changed to
??foo.zip-uwUNSAFE

.exe, .rar, .zip

These file types are used by virus writers to circumvent antivirus programs, but they are also often used for legitimate purposes. To give the recipient the choice of receiving the file without the risk that it will automatically be opened or executed, on inbound email messages the attachment file name are modified. The file itself has not been changed.

If the sender of the message is known to you, and you were expecting the message, you need simply save the attachment using the original name or save it as is and rename it back to its original name on your computer.
If the sender is not known to you, it is possible that the attachment contains a virus and you may simply delete the message.
If this message claims to be official and instructs you to open the attachment to get important information, it is likely to be a fake — Do Not Open It. Virus writers are increasingly using sophisticated social engineering techniques to mislead people.

.Zip, .rar, and .exe attachments on outbound email messages (messages sent from UW email accounts) are not blocked or renamed. However, if the message or the attachment contains a virus, both are discarded.

What Email Does This Apply to?

All email processed by the central UW central email infrastructure, including email destined for off-campus users, is included in this management practice. UW Technology will monitor changes in threats from attached files and add or drop types of files from the blocking/renaming list as needed.

Why Block These Attachments?

Email attachments are the most common method for computer viruses to spread.

Virus infections can cause serious problems both for the computer user and the UW email system:

Data is damaged or destroyed.
Computers are disabled.
Sensitive information is exposed to unauthorized people.
Computers are used for illegal purposes, such as sending spam or attacking other computers.
Once they infect a computer, viruses often send out a tremendous volume of email messages, overwhelming the computers that perform message transport and delivery and bringing email service for everyone to a halt.
Expensive staff time is spent cleaning and rebuilding infected computers instead of other support work they be could doing.

The UW must act to protect its email communications channels. Because email attachments are the most common method for computer viruses to spread, they offer a target to address the problem of virus infections.

More Information

Other Ways to Share Files

Alternative methods for sharing files include the following:

Place the file on a Web site and then send the URL to the person you want to share the file with.
Use one of the Catalyst Web tools such as eSubmit or SimpleSite.

About Viruses and Attachments

Protecting your computer from viruses

Other Organizations Are Blocking Email Attachments

Blocking Unsafe E-mail Attachments - University of Denver
Attachments that are blocked from e-mail accounts - Indiana University
Blocked Email Attachment Blocking - Harvard-MIT Data Center

About IT Connect | News Feed

| News Archive | Contact IT Connect