File Extentions to Block ?

File Extentions to Block ? (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security

Message

projectstave -> File Extentions to Block ? (20.Oct.2005 4:37:27 PM)
Hello everyone, I am new at the whole email game. I was wondering what file extensions you guys have blocked from sending and recieving ? So I am taking a pole.......... Let me know Thanks Luke

pjhutch -> RE: File Extentions to Block ? (20.Oct.2005 5:06:52 PM)
I have used the list that Microsoft have blocked for Outlook 2002 and later. Basically it blocks any executable file or data file that can be executed Common ones to block are: EXE, COM, SCR, PIF, VBS, VB, VBA, VBER, LNK, BAT, CMD, SCT, SHS etc.

mbunch -> RE: File Extentions to Block ? (21.Oct.2005 2:33:37 PM)
In my company, we block anything that can be executed on the desktop. This covers EXE, COM, BAT, CMD, VBS, PIF, WSF as well as media related files like WMV, MOV, MPG, MPEG, WAV, WMA, AVI, MP3, MP4. All of these files are quarantined for a specified period of time before being deleted. That way if something truly critical were sent, it could be recovered easily enough. -- Mike

projectstave -> RE: File Extentions to Block ? (21.Oct.2005 5:14:06 PM)
Thats a good policy................they both are, sounds like anything that can be executable. So here is a question, do you guys block zip files? or no.

mbunch -> RE: File Extentions to Block ? (21.Oct.2005 5:29:12 PM)
Yes and no. I block password protected ZIP files in the same fashion as the other files. I do let normal ZIP files go through, but I scan the contents of the ZIP files and will block them if they contain files that match the other criteria. -- Mike

pjhutch -> RE: File Extentions to Block ? (23.Oct.2005 6:26:48 PM)
No, we do not block ZIP files and any that are sent is scanned by the Groupshield Anti-virus software. With this new policy we haven`t had a major virus breakout for nearly 2 years. To prevent worms and other security loophole breaches all Servers and PCs are regularly patched using Microsoft SUS service.

projectstave -> RE: File Extentions to Block ? (24.Oct.2005 1:09:03 AM)
I am using GFI, so I will set up a policy to scan zip files. Thanks guys Luke

BeTaCam -> RE: File Extentions to Block ? (24.Oct.2005 11:38:42 AM)
[;)] Irrespective of what you use to scan the E-mail , these are the basic rules. - Executables ( all that can execute) - Zipped Files ( Either way, password protected files are not probed completely) - Via-Media ( all Music, Image files, movie files of any format, Html or Shtml web attachments) Remember : When you block the extension, you ensure that you are only "FILTERING" the known devils. The better way to fix this would be to ensure that you setup a good client side Anti-Virus software that will scan the mail, when it is being streamed from the Server to the Client. Hth BC

projectstave -> RE: File Extentions to Block ? (24.Oct.2005 12:57:02 PM)
Thanks Buddy. Good Calls

anderdw2 -> RE: File Extentions to Block ? (31.Oct.2005 1:20:07 PM)
Hi all. Great forum. I have a related question. Can you allow certain attachments within your domain? we currently have .aspx and the like blocked, but need to open them up for mail coming from within our network. How can this be done? Dave

pjhutch -> RE: File Extentions to Block ? (1.Nov.2005 4:09:56 AM)
I suggest you tell users to ZIP up such files to be distributed by Email, then you are not compromising email security. I just takes one bad mail to get through to infect a pc.

mark@mvps.org -> RE: File Extentions to Block ? (2.Nov.2005 3:58:45 AM)
The most obvious thing here is to send a shortcut to the file rather than send the actual file. I am never a fan of the Level1Remove feature on Outlook because there are too many rogue variables. Blocking at the gateway is far more sensible. If you did block at the gateway then any attachment could be sent internally. Just about the last thing I would do would be to have the users zip the file and then email it.

pjhutch -> RE: File Extentions to Block ? (2.Nov.2005 4:11:28 AM)
Why send shortcuts? If the file is located somewhere inaccessible to other users, a shortcut will just get a permission denied, it may be ok with web urls or paths to servers shares that the recipient has access to but useless otherwise.

BeTaCam -> RE: File Extentions to Block ? (2.Nov.2005 10:53:20 PM)
Hmmm Question : Is it mandatory to send the Aspx attachment ?. From a security perspective, i'm sure that you'd like to limit the information that can reside on a messaging server or the client side. Simple enough, if you give me an attachment and i can misuse it. We need to move away from the conventional thinking to something like, a. You can send the Hyper link to the user, and they can access the same. b. There are enough "open source" pdf file burners, so you can automate to generate *.pdf files. c. Change the file extension of the same across to say .asp1. Educate your users to point to the IE to open and render the attachment (Crude but effective ;)) /BC

Page: [1]