Unacceptable File Attachments

With the latest viruses exploiting Microsoft security holes, we have installed file type and name filtering and blocking.

We now block any email containing attachments with the following attributes:

.reg - Possible Windows registry attack
.chm - Possible compiled Help file-based virus
.cnf - Possible SpeedDial attack
.eml - Possible Microsoft script attack
.hta - Possible Microsoft HTML archive attack
.ins - Possible Microsoft Internet Comm. Settings attack
.jse? - Possible Microsoft JScript attack
.lnk - Possible Eudora *.lnk security hole attack
.ma - Possible Microsoft Access Shortcut attack
.pif - Possible MS-Dos program shortcut attack
.scf - Possible Windows Explorer Command attack
.sct - Possible Microsoft Windows Script Component attack
.shb - Possible document shortcut attack
.shs - Possible Shell Scrap Object attack
.vb[es] - Possible Microsoft Visual Basic script attack
.ws[cfh] - Possible Microsoft Windows Script Host attack
.xnk - Possible Microsoft Exchange Shortcut attack
.com - Possible Windows/DOS Executable
.exe - Possible Windows/DOS Executable
.scr - Possible virus hidden in a screensaver
.bat - Possible malicious batch file script
.cmd - Possible malicious batch file script
.cpl - Possible malicious control panel item
.mhtml - Possible Eudora meta-refresh attack

Filenames ending with CLSID's
.{[a-hA-H0-9-]{25,}} Filename trying to hide its real type. More info may be found here:


Filenames with lots of contiguous white space in them. A long gap in a name is often used to hide part of it

All other double file extensions which is often an attempt to hide real filename extension. If you need to send these file types, please send them in a .zip file or other similar format.
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Trouble Sending or Receiving Attachments

Mail Box May Be Full The Recipient's inbox may already be over quota and any incoming email...

What is the attachment size limit?

The size limit for email attachments is 20MB. For anything larger, please either use a protocol...