Knowledgebase

Portal Home > Knowledgebase > Virus Checking and Spam Tagging

Virus Checking and Spam Tagging

We currently run MailScanner/Spam Assassin to scan all incoming email for viruses and spam.:

The MailScanner setup blocks the delivery of e-mail messages with viral payloads, attachments containing certain proscribed file types and attachments with certain proscribed filename extensions. Also, each e-mail message is processed by SpamAssassin and, depending on the total score assigned, is handled accordingly. The prefix {Spam?} is added to the contents of the Subject: header line of mail that has a probabilityof being spam, and mail that has a high certainty of being spam is deleted without being delivered.

The prefix {Disarmed} is added to the contents of the Subject header line of mail that in which MailScanner has disarmed' certain HTML tags. The tags that are impacted are tags and <img> tags that are thought to be WebBugs. WebBugs are very small images used to track whether a messages has been read and IFrames allow various Microsoft Outlook security vulnerabilities to remain unprotected (but are commonly used in Mailing Lists).</font></p><p><br /></p><hr width="90%" size="1" noshade="noshade" /><font face="Arial, Helvetica, sans-serif" size="2"><b><br /> Below is the list of the filename and filetype rules that are filtered out due to possible virus infection:<br /> <br /> Filename rules: <br /> </b> </font> <font face="Arial, Helvetica, sans-serif" size="2"> Files with very long filenames (over 150 characters) <br /> Filenames that contains lots of whitespace (over 10 characters in a row) <br /> Filenames trying to hide its real extension by adding a CLSID (e.g. {testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}) </font> <p> <font face="Arial, Helvetica, sans-serif" size="2"> <br /> pretty park.exe "Pretty Park" virus <br /> happy99.exe "Happy" virus <br /> webpage.rar I-Worm.Yanker virus attachment </font> <br /> </p> <table border="0" cellspacing="0" cellpadding="4" width="100%"> <tbody> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.ani </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible buffer overflow in Windows (Windows animated cursor file) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td width="31%" height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.bat, </font> </td> <td width="69%" height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible malicious batch file script </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.bmp </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible buffer overflow in Windows (Windows bitmap file) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.ceo </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> WinEvar virus attachment </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.chm </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible compiled Help file-based virus </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.cmd </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible malicious batch file script </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.cnf </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible SpeedDial attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.com </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Windows/DOS Executable </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.cpl </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible malicious control panel item </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.cur </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible buffer overflow in Windows (Windows cursor file) </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.exe </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Windows/DOS Executable </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.hlp </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible buffer overflow in Windows (Windows help file) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.hta </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft HTML archive attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.ico </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible buffer overflow in Windows (Windows icon file) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.ins </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Internet Comm. Settings attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.its </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous Internet Document Set (according to Microsoft Q883260) </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.job </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Task Scheduler attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.jse </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft JScript attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.lnk </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Eudora *.lnk security hole attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.mad, *.maf, *.mag, *.mam, *.maq, *.mar, *.mas, *.mat, *.mav, *.maw </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Access Shortcut attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.mau </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous attachment type (according to Microsoft Q883260) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.mda, *.mdz </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous attachment type (according to Microsoft Q883260) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.mhtml </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Eudora meta-refresh attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.pif </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible MS-Dos program shortcut attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.prf </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous Outlook Profile Settings (according to Microsoft Q883260) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.pst </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous Office Data File (according to Microsoft Q883260) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.reg </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Windows registry attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.scf </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Windows Explorer Command attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.sct </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Windows Script Component attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.shb </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible document shortcut attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.shs </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Shell Scrap Object attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.scr </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible virus hidden in a screensaver </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.tmp </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous Temporary File (according to Microsoft Q883260) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.vbe, *.vbs </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Visual Basic script attack </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.vsmacros </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous Visual Studio Macros (according to Microsoft Q883260) </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.vss, *.vst, *.vsw </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous attachment type (according to Microsoft Q883260) </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> </font> <br /></td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> <span> </span> </font> <br /></td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.ws </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Dangerous Windows Script (according to Microsoft Q883260) </font> </td> </tr> <tr height="17" bgcolor="#cccccc"> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.wsc, *.wsf, *.wsh </font> </td> <td height="17"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Windows Script Host attack </font> </td> </tr> <tr height="17"> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> *.xnk </font> </td> <td height="17" bgcolor="#ffffff"> <font face="Verdana, Arial, Helvetica, sans-serif" size="1"> Possible Microsoft Exchange Shortcut attack </font> </td> </tr> </tbody> </table> <p> <font face="Arial, Helvetica, sans-serif" size="2"> <br /> <b>File type rules: <br /> </b> </font> <font face="Arial, Helvetica, sans-serif" size="2"> self-extract -- No self-extracting archives <br /> ELF -- No executables <br /> executable -- No executables <br /> MPEG -- No MPEG movies <br /> AVI -- No AVI movies <br /> MNG -- No MNG/PNG movies <br /> QuickTime -- No QuickTime movies <br /> Registry -- No Windows Registry entries <br /> <br /> *<i>* Please keep your anti-virus software updated. The MailScanner should not be used as the sole means of blocking computer viruses on your computer. <br /> </i> </font> </p> </div> </div> </td> </tr> </tbody> </table> <p><br /></p>


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article

Quick Navigation

Client Login

Email

Password

Remember Me

Search