InfobITS Logo ITS - Spring 2005
In This Issue QuickbITS Archives IT Directory Publishing Info
Enhanced Security for Email Attachments
to previous article to next article
by Michael Hodges & Naomi Okinaga

ITS has enhanced email security from non-UH sources to UH by blocking specific attachments. (See below) These attachments can easily execute malicious code and are used to spread viruses via email. If you need to send files with any of these extensions, you should send them via zip archives or rename the file extension. Inform the receiver of the change you have made and have them rename the file back to its original extension. Please note: this is only for email coming in from non-UH sources. Mail within the domain has no restriction and all attachments are accepted.

Normally ITS does not block .zip attachments, however we block them temporarily during periods when viruses using .zip archives are experiencing high rates of mutation, as in a recent virus outbreaks that featured “bagle” and “mydoom” variants. Note that ITS cannot scan encrypted .zip archives. Our recommendation for you is to not accept encrypted zips , even from a trusted source, unless you have verified the source of the file and are absolutely certain of the sender's intent to send an encrypted archive.

Please note that the UH email service utilizes an industry-leading virus scanner from Sophos. However, when a new virus goes into circulation and before the fix is installed, (i.e, antivirus companies e.g. Sophos, McAfee, or Symantec have not released a fix for that specific virus), you must be especially cautious not to open any attachments, even if they appear to be from people you know. During periods of high viral mutation rates, viruses spread rapidly especially when the sender's addresses have been spoofed and the message appears to be from legitimate friends or colleagues. When new viruses are circulating you may go to the ITS Current Status and Alerts page ( ) for up-to-date information on recommended fixes.

As of July 16, 2004, all mail being sent from outside to addresses will be dropping attachment files with the following extensions:

.ceo WinEvar virus attachment
.reg Possible Windows registry attack
.chm Possible compiled Help file-based virus
.cnf Possible SpeedDial attack
.hta Possible Microsoft HTML archive attack
.ins Possible Microsoft Internet Comm. Settings attack
.jse Possible Microsoft JScript attack
.lnk Possible Eudora *.lnk security hole attack
.ma[dfgmqrstvw] Possible Microsoft Access Shortcut attack
.pif Possible MS-Dos program shortcut attack
.scf Possible Windows Explorer Command attack
.sct Possible Microsoft Windows Script Component attack
.shb Possible document shortcut attack
.shs Possible Shell Scrap Object attack
.vb[es] Possible Microsoft Visual Basic script attack
.ws[cfh] Possible Microsoft Windows Script Host attack
.xnk Possible Microsoft Exchange Shortcut attack
.com Windows/DOS Executable
.exe Windows/DOS Executable
.scr Possible virus hidden in a screensaver
.bat Possible malicious batch file script
.cmd Possible malicious batch file script
.cpl Possible malicious control panel item
.mhtml Possible Eudora meta-refresh attack
.vbs Possible malicious Microsft Visual Basic attack
.js Possible malicious Java Script attack

If you have any problems or questions, please contact the ITS Help Desk at (808) 956-8883, or toll free from neighbor islands at (800) 558-2669. You may also send email inquiries to

to previous article to next article

Information Technology Services
Maintained by:
ITS Guide to Services
© 2005 University of Hawai'i
Last Updated: March 2005