InfobITS - The Technology Newsletter of the UH Community

Enhanced Security for Email Attachments

by Michael Hodges & Naomi Okinaga

ITS has enhanced email security from non-UH sources to UH by blocking specific attachments. (See below) These attachments can easily execute malicious code and are used to spread viruses via email. If you need to send files with any of these extensions, you should send them via zip archives or rename the file extension. Inform the receiver of the change you have made and have them rename the file back to its original extension. Please note: this is only for email coming in from non-UH sources. Mail within the hawaii.edu domain has no restriction and all attachments are accepted.

Normally ITS does not block .zip attachments, however we block them temporarily during periods when viruses using .zip archives are experiencing high rates of mutation, as in a recent virus outbreaks that featured “bagle” and “mydoom” variants. Note that ITS cannot scan encrypted .zip archives. Our recommendation for you is to not accept encrypted zips , even from a trusted source, unless you have verified the source of the file and are absolutely certain of the sender's intent to send an encrypted archive.

Please note that the UH email service utilizes an industry-leading virus scanner from Sophos. However, when a new virus goes into circulation and before the fix is installed, (i.e, antivirus companies e.g. Sophos, McAfee, or Symantec have not released a fix for that specific virus), you must be especially cautious not to open any attachments, even if they appear to be from people you know. During periods of high viral mutation rates, viruses spread rapidly especially when the sender's addresses have been spoofed and the message appears to be from legitimate friends or colleagues. When new viruses are circulating you may go to the ITS Current Status and Alerts page ( http://www.hawaii.edu/technews ) for up-to-date information on recommended fixes.

As of July 16, 2004, all mail being sent from outside hawaii.edu to USER@hawaii.edu addresses will be dropping attachment files with the following extensions:

.ceo	WinEvar virus attachment
.reg	Possible Windows registry attack
.chm	Possible compiled Help file-based virus
.cnf	Possible SpeedDial attack
.hta	Possible Microsoft HTML archive attack
.ins	Possible Microsoft Internet Comm. Settings attack
.jse	Possible Microsoft JScript attack
.lnk	Possible Eudora *.lnk security hole attack
.ma[dfgmqrstvw]	Possible Microsoft Access Shortcut attack
.pif	Possible MS-Dos program shortcut attack
.scf	Possible Windows Explorer Command attack
.sct	Possible Microsoft Windows Script Component attack
.shb	Possible document shortcut attack
.shs	Possible Shell Scrap Object attack
.vb[es]	Possible Microsoft Visual Basic script attack
.ws[cfh]	Possible Microsoft Windows Script Host attack
.xnk	Possible Microsoft Exchange Shortcut attack
.com	Windows/DOS Executable
.exe	Windows/DOS Executable
.scr	Possible virus hidden in a screensaver
.bat	Possible malicious batch file script
.cmd	Possible malicious batch file script
.cpl	Possible malicious control panel item
.mhtml	Possible Eudora meta-refresh attack
.vbs	Possible malicious Microsft Visual Basic attack
.js	Possible malicious Java Script attack

If you have any problems or questions, please contact the ITS Help Desk at (808) 956-8883, or toll free from neighbor islands at (800) 558-2669. You may also send email inquiries to help@hawaii.edu.

Information Technology Services
Maintained by: editor@hawaii.edu

ITS Guide to Services