At IU, what types of attachments are blocked from my email account?
Note: The UITS services in this document may not be available to users on the Fort Wayne campus. Many computing services at IPFW are administered locally, by IPFW Information Technology Services (ITS). For more information, see the ITS web site.
To protect the computers at Indiana University, UITS has enabled filters for attachments that have been known to carry viruses.
To attach any of these file types to an email message, rename the file, using either a different extension or no extension. Notify your recipients of the original file type so that they can rename the file's extension before opening it. To change the extension:
- If you cannot see the file extension, alter your settings to make
it visible:
-
Windows Vista: In the Classic View Control Panel, double-click
Folder Options. Click theViewtab, and uncheck the box next toHide extensions for known file types. ClickOK. -
Windows XP: From
My Computer, clickTools, and thenFolder Options. Click theViewtab, and uncheck the box next toHide extensions for known file types. ClickOK.
-
Windows Vista: In the Classic View Control Panel, double-click
- Either click the file once to select it, and then press the
F2key, or right-click the file and selectRename. You can then change the extension.
Alternatively, IU faculty, staff, and graduate students can use the Slashtmp service to share files via a web interface. This tool is particularly useful for large file attachments.
The UITS attachment filters block the following file types:
| .ade .adp .app .asp .bas .bat .chm .cmd .com .cpl .crt .csh | .exe .fxp .hlp .hta .htr .inf .ins .isp .jar .js .jse .ksh | .lnk .mda .mdb .mde .mdt .mdw .mdz .msc .msi .msp .mst .ops | .pcd .pif .prf .prg .reg .scf .scr .sct .shb .shs .url .vb | .vbe .vbs .wsc .wsf .wsh |
Note: Additionally, encrypted or password-protected attachments, or those containing protected content, will also be blocked for Cyrus mail as well as all mail coming into or going outside IU. It is impossible to scan protected content for viruses, so it is treated as a virus.
The blocking behavior is different depending on where the message with the attachment originates.
IU Exchange accounts
The IU Exchange email system uses software called Microsoft Forefront to filter mail for possible viruses. Microsoft Forefront strips blocked files from messages leaving the IU Exchange system and delivers the messages to recipients, without the attachments. If someone from outside the IU Exchange environment sends a message containing one of the blocked attachment types to your Exchange account, you will not receive the attachment or the message. The filtering software at the external mail relays blocks the entire message, and will generate a nondeliverable response (NDR) message to the sender. However, it's up to the sender's email system to accept NDRs. Because of the amount of NDR traffic that spam and viruses cause, many systems do not accept NDRs.
If you send a message from an Exchange account with an
.shb, .shs, or .vbs attachment,
you'll get an automated message from Microsoft Forefront with a subject line
similar to "Forefront found FILE FILTER= *.ext file", where "ext" is the
attached file's extension.
If you send a .com, .exe, .pif,
or .scr attachment from an Exchange account, Microsoft
Forefront will replace the attachment with the text message "Microsoft
Forefront Security for Exchange Server removed filename.ext since it
was found to match the FILE FILTER= *.ext file filter." (where
"filename" is the name of the attachment, and ".ext" is the specific
extension of the attached file). Exchange will then deliver the
original message without the attachment.
Hotmail accounts
If a Hotmail user attempts to send a message with a blocked file type, the message will not be delivered and the sender will receive the following error message:
"This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
username@indiana.edu"
This is how Hotmail is configured to report the error back to the sender. If the Hotmail user turns on advanced headers, the proper 550 error will be visible:
"Final-Recipient: rfc822;username@indiana.edu
Action: failed
Status: 5.0.0
Diagnostic-Code: smtp;550 5.0.0 Attachment type not allowed."
In Hotmail, you can view this error by turning on advanced headers,
and then clicking either View Email Message Source or the
MIME part, Content-Type: message/delivery-status.
All other accounts
If a message with a blocked file type originates from outside IU, the filtering software at the external relays will reject the entire message. The sender's system should generate a nondelivery report (NDR) similar to the following:
550 5.5.0 Suspect attachment rejected. See http://kb.iu.edu/data/ajch.html for more information.
Additionally, the external relays will reject any message if either of the following conditions are met:
- The message has an attachment with a blocked file extension, as
listed above.
- The message contains a
.zipfile attachment that contains one or more of the blocked file extensions.
Also see:
- What do various computer file extensions stand for?
- In the IU STCs, how do I remove a virus from a computer?
- What should I do if I receive a computer virus alert message via email?
- How can I tell if a computer virus alert is a hoax?
Last modified on August 06, 2008.
