File types and extensions in email attachments that are common threat vectors

book

Article ID: 150398

calendar_today

Updated On:

Products

Mail Security for Domino Mail Security for Microsoft Exchange Email Security.cloud Messaging Gateway

Issue/Introduction

 

Resolution

File attachments in email are common threat vectors for malware. Executable files are not the only file type that can include threats. For example, Microsoft Office documents (e.g. doc, docx, xlx, xlsx, ppt, pptx, etc) can contain macros or scripts that include threats.

Blocking specific file extensions or types can limit exposure to risk.

CAUTION:
  • Blocking files extensions does not remove all risk of malicious files being received.
  • Blocking file extensions can also block valid files.

Most Symantec Mail Security products have the ability to block attachments by file extension. Some products can also block the true file type, even if the file has been renamed (e.g. foo.exe to foo.txt).

Check your Symantec product documentation to see which file blocking or content filtering options are available.

Note: In cases where users still need to share blocked file types, set up alternative methods to transfer or share these files.

Table: File extensions and types

File Extension

File Type

.adp

Access Project (Microsoft)

.app

Executable Application

.asp

Active Server Page

.bas

BASIC Source Code

.bat

Batch Processing

.cer

Internet Security Certificate File

.chm

Compiled HTML Help

.cmd

DOS CP/M Command File, Command File for Windows NT

.cnt

Help file index

.com

Command

.cpl

Windows Control Panel Extension (Microsoft)

.crt

Certificate File

.csh

csh Script

.der

DER Encoded X509 Certificate File

.exe

Executable File

.fxp

FoxPro Compiled Source (Microsoft)

.gadget

Windows Vista gadget

.hlp

Windows Help File

.hpj

Project file used to create Windows Help File

.hta

Hypertext Application

.inf

Information or Setup File

.ins

IIS Internet Communications Settings (Microsoft)

.isp

IIS Internet Service Provider Settings (Microsoft)

.its

Internet Document Set, Internet Translation

.js

JavaScript Source Code

.jse

JScript Encoded Script File

.ksh

UNIX Shell Script

.lnk

Windows Shortcut File

.mad

Access Module Shortcut (Microsoft)

.maf

Access (Microsoft)

.mag

Access Diagram Shortcut (Microsoft)

.mam

Access Macro Shortcut (Microsoft)

.maq

Access Query Shortcut (Microsoft)

.mar

Access Report Shortcut (Microsoft)

.mas

Access Stored Procedures (Microsoft)

.mat

Access Table Shortcut (Microsoft)

.mau

Media Attachment Unit

.mav

Access View Shortcut (Microsoft)

.maw

Access Data Access Page (Microsoft)

.mda

Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)

.mdb

Access Application (Microsoft), MDB Access Database (Microsoft)

.mde

Access MDE Database File (Microsoft)

.mdt

Access Add-in Data (Microsoft)

.mdw

Access Workgroup Information (Microsoft)

.mdz

Access Wizard Template (Microsoft)

.msc

Microsoft Management Console Snap-in Control File (Microsoft)

.msh

Microsoft Shell

.msh1

Microsoft Shell

.msh2

Microsoft Shell

.mshxml

Microsoft Shell

.msh1xml

Microsoft Shell

.msh2xml

Microsoft Shell

.msi

Windows Installer File (Microsoft)

.msp

Windows Installer Update

.mst

Windows SDK Setup Transform Script

.ops

Office Profile Settings File

.osd

Application virtualized with Microsoft SoftGrid Sequencer

.pcd

Visual Test (Microsoft)

.pif

Windows Program Information File (Microsoft)

.plg

Developer Studio Build Log

.prf

Windows System File

.prg

Program File

.pst

MS Exchange Address Book File, Outlook Personal Folder File (Microsoft)

.reg

Registration Information/Key for W95/98, Registry Data File

.scf

Windows Explorer Command

.scr

Windows Screen Saver

.sct

Windows Script Component, Foxpro Screen (Microsoft)

.shb

Windows Shortcut into a Document

.shs

Shell Scrap Object File

.ps1

Windows PowerShell

.ps1xml

Windows PowerShell

.ps2

Windows PowerShell

.ps2xml

Windows PowerShell

.psc1

Windows PowerShell

.psc2

Windows PowerShell

.tmp

Temporary File/Folder

.url

Internet Location

.vb

VBScript File or Any VisualBasic Source

.vbe

VBScript Encoded Script File

.vbp

Visual Basic project file

.vbs

VBScript Script File, Visual Basic for Applications Script

.vsmacros

Visual Studio .NET Binary-based Macro Project (Microsoft)

.vsw

Visio Workspace File (Microsoft)

.ws

Windows Script File

.wsc

Windows Script Component

.wsf

Windows Script File

.wsh

Windows Script Host Settings File

.xnk

Exchange Public Folder Shortcut

.ade

ADC Audio File

.cla   

Java class File

.class

Java class File

.grp

Microsoft Widows Program Group

.jar

Compressed archive file package for Java classes and data

.mcf

MMS Composer File

.ocx

ActiveX Control file

.pl

Perl script language source code

.xbap

Silverlight Application Package

Note: This list is by no means exhaustive. It is up to your discretion as an administrator which items to block.