Additional filename attachments, including “.exe”, now blocked in e-mail

Posted March 5th, 2015 in Tech Corner. Tags: , .

For a long time, our mail system has blocked obviously malicious filenames like “443645787823424455.scr”, “Invoice.pdf.exe”, and so on, even if they aren’t actually flagged by the antivirus software we use (which can happen if they’re new viruses that don’t yet have matching patterns).

Recently, we’ve seen a dramatic increase in simpler names where the virus author doesn’t even try to hide the fact that it’s a program: things as simple as “Invoice.exe” in a zip file. We’ve received a couple of reports that people unzipped these, ran them, and clicked past the Windows warning saying that programs from the Internet can harm your computer — perhaps assuming that if it wasn’t flagged by either our virus scanner or the virus scanner on their own computer, it must be okay.

We want to make sure our customers never fall victim to anything like this, so we’ve expanded our blocked filename patterns to include simple “.exe” files (and other additions). This may very occasionally reject legitimate messages with an error asking the sender to rename the file and resend it, but it will solve far more problems than it causes.

We’re using the same list of filename extensions that Gmail uses — if we block it, Gmail would block it, too. You can find more information on our support page about virus scanning.

If you’re wondering what kind of things this might block, here’s a list of filenames so far today that weren’t detected as viruses by antivirus scanning software, but which were blocked due to the filename extension:

443645787823424455.scr
BROCHURE BOX.exe
Copy11.exe
documents-34344.exe
DOCUMENTS.exe
form376.exe
IM0743436407_pdf.exe
inquiry003359101.exe
invoice7985974765.exe
JPEG.exe
NewOrder.exe
Order 1.exe
Order #sc009809.exe
payment copy\303\242\302\200\302\256fdp.exe
PO.pdf .exe
Product Inquiry#10993497759798755433334.exe
Purchase Order.exe
ReportonTitle{_partorderb}.1Final.exe
REVISED PROFORMA INVOICE.exe
SBQForm$number4$.exe
TT.SLIP.exe

Hopefully that makes it obvious why we’re doing this!

  1. Recent Posts

    1. PHP versions 8.2.17 and 8.3.4
    2. President’s Day 2024 holiday hours
    3. PHP versions 8.1.27 and 8.2.15
    4. Martin Luther King, Jr. Day 2024 holiday hours
    5. New Year’s 2024 Holiday Hours
    6. Christmas 2023 Holiday Hours
    7. Brief scheduled maintenance December 16-17, 2023
    8. Thanksgiving 2023 Holiday Hours
    9. PHP versions 8.1.25 and 8.2.12
    10. PHP versions 8.1.24 and 8.2.11

  2. Categories

  3. Tags

    all servers email holiday hours linux mailman maintenance mod_security mysql network php phpmyadmin security server updates spam ssl status updates webmail wordpress zapp

  4. Feeds