For a long time, our mail system has blocked many malicious filename extensions.
Recently, we’ve seen an increase in “.js” files that spread various forms of malware. These change their “patterns” often enough that they’re sometimes not detected by virus scanners.
Legitimate “.js” files are common in e-mail, so it’s impossible to block them outright. (They’re often sent as part of a package of website files — for example, a zipped copy of the WordPress files contains them.)
However, legitimate “.js” files almost always occur as part of an archive containing other files. They almost never occur alone, as they do in the malware versions.
Because of that, our e-mail system now blocks “.zip” files that contain only a single “.js” file, on the assumption that they’re almost certainly malicious.
We don’t expect this to cause any problems, but as always, don’t hesitate to contact us if you have any questions or trouble.
Recently, we’ve had quite a few customers write in to complain that their copy of Outlook 2016 is behaving incorrectly: it is either deleting messages from the server when it is not supposed to do so, or it is downloading duplicate copies of mail from the server. This happens for POP accounts, not for IMAP accounts (which is what we normally recommend customers to use).
These problems happen because of a bug in Outlook 2016. Microsoft has a Web page that explains the problem as well as the solution (upgrade Outlook).
The PHP developers recently released versions 7.0.4, 5.6.19 and 5.5.33 that fix several bugs. We’ve upgraded the PHP 7.0, 5.6 and 5.5 series on our servers as a result.
These changes should not be noticeable, but in the unlikely event you experience any trouble, don’t hesitate to contact us.
We’ve updated the SSL/TLS security settings on our mail servers to match current “best practices” for security.
Our customers shouldn’t notice any changes. We’re just mentioning this so that people know to contact us in the unlikely event they do have any trouble.
That said, if you do have any trouble, it’s probably because you’re using outdated, insecure mail software that you should update. If you can’t update it, but the changes prevent you from sending mail with the “SSL” option turned on in your program, you may need to turn off the “SSL” option for outgoing mail until you can update.
Read the rest of this entry »