A change to e-mail attachment processing

Banned E-mail Attachments

IMPORTANT NOTICE

What we're doing
Effective the evening of October 19, 2001, the University of Hartford's e-mail system (mail.hartford.edu) will be modified to help protect you from receiving computer viruses via e-mail. The system will be configured to prevent "binary attachments" to messages of the following types from being transmitted through the system (this list is subject to change):

asp	bat	com	cpl	css
dll	exe	hta	js	jse
pif	rar	scr	sct	vbe
vbs	wsf	wsh

Most of the recent e-mail-born viruses are transmitted as attachments of these types, however, it is rare that people actually send each other files of these types. The viruses exploit weaknesses in the settings of users' e-mail programs to execute the attachments, often without the user's knowledge or intent, infecting the user's machine, and in turn, mailing themselves out to others without the user's knowledge.

Note, however, that viruses can propagate in files that are not being blocked, such as:

doc

gif

pdf

xls

Files of these types are frequently legitimately exchanged by people (not just viruses) via e-mail, so they are not being blocked. Also, unlike many of the other types of attachments that are being blocked, files of these types must usually be explicitly opened by the user -- they don't just automatically open and execute in most e-mail programs, so you have a chance to detach and scan them with your antivirus program before opening them.

Does this mean I can't send files of these types?
No - you can still mail files of the blocked types, if necessary. However, you must rename the file's type (the ".exe", ".vbs" part) to something else before sending it. For example, if you need to mail the file myhomework.exe to your professor, simply rename myhomework.exe to another name like myhomework.exx and then send it. Be sure to provide an explanation in your message to the professor explaining that s/he must detach and rename the file back to myhomework.exe before trying to run it. (The professor should also scan the file for viruses before using it!)

What will happen if I try to send a file of these types?
You will receive either an error message warning you that you cannot send such attachments with your messages, or you will receive a message back indicating this, depending on what e-mail program you use. The same will occur for people outside the University trying to send you messages containing such attachments. People will know when a message has not been processed for this reason - it won't just disappear!

Virus scanners are still important!
As mentioned above, the blocking of infrequently used binary attachments does not prevent you from receiving a virus via e-mail, it simply reduces the chances of that happening. You must still install and keep an up-to-date virus scanner on your computer. Our e-mail countermeasures do not relieve you of this responsibility! There are many ways to catch a virus aside from e-mail!

Why not just have the e-mail system scan for viruses?
We may have the e-mail server scan all messages passing through it for viruses at some point in the future. However, a virus scanner is only effective when the vendor that writes it has identified the virus, figured out how to detect it, and makes an update available to the public. This can take a day or two after a new virus is unleashed on the Internet. A number of the more recent viruses (SirCam, nimdA, etc.) did a great deal of damage before effective virus detection was available. However, they generally propagated through binary attachments of one or more of the types we are now blocking. So, even if the virus scanners are not able to detect a new virus, the e-mail system will effectively block them since it is already preventing the passing of the more dangerous types of files.

What have we been doing up to now?
To date, we have been programming the system to reject e-mail messages that appear to contain certain viruses by scanning them for specific traits of a number of the more recent viruses, namely, SirCam, nimdA, and Vote. However, this strategy has a number of weaknesses:

As is the case with using a virus scanner, damage can be occurring while we are figuring out the latest virus and writing a filter to block it
Some viruses don't have a consistent "fingerprint" that we can search for
We may block legitimate messages warning about the virus in addition to messages actually containing the virus

By switching to the attachment blocking method described in this article, we will stop more viruses, before they can get a start, while still allowing all legitimate messages through.

Best practices to avoid e-mail viruses
There are a few simple things you can do to avoid having your computer infected by an e-mail virus:

Install and regularly update an antivirus program on your computer
Never open an e-mail attachment, even if it appears to be from someone you know, unless you are expecting it, or the message contains a personalized explanation of what the attachment is, in the message from the sender
If you are unsure about an e-mail attachment - write the person back to verify that they really sent you the message, and if not, delete it

In summary:

The e-mail system will block most attachments that are used by viruses to propagate through the Internet and infect your computer
You can get around this restriction by simply renaming the file before sending it
You must still install and use an up-to-date virus scanner on your computer