we love the web
Home Domain Names Web Hosting Plans Email Hosting Plans Support Contact Us

Portal Home > Knowledge Base > Email Help > Virus Checking and Spam Tagging


Virus Checking and Spam Tagging




We currently run MailScanner/Spam Assassin to scan all incoming email for viruses and spam.:

The MailScanner setup blocks the delivery of e-mail messages with viral payloads, attachments containing certain proscribed file types and attachments with certain proscribed filename extensions. Also, each e-mail message is processed by SpamAssassin and, depending on the total score assigned, is handled accordingly. The prefix {Spam?} is added to the contents of the Subject: header line of mail that has a probabilityof being spam, and mail that has a high certainty of being spam is deleted without being delivered.

The prefix {Disarmed} is added to the contents of the Subject header line of mail that in which MailScanner has disarmed' certain HTML tags. The tags that are impacted are tags and tags that are thought to be WebBugs. WebBugs are very small images used to track whether a messages has been read and IFrames allow various Microsoft Outlook security vulnerabilities to remain unprotected (but are commonly used in Mailing Lists).

 



Below is the list of the filename and filetype rules that are filtered out due to possible virus infection:

Filename rules:
Files with very long filenames (over 150 characters)
Filenames that contains lots of whitespace (over 10 characters in a row)
Filenames trying to hide its real extension by adding a CLSID (e.g. {testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B})


pretty park.exe "Pretty Park" virus
happy99.exe "Happy" virus
webpage.rar I-Worm.Yanker virus attachment

*.ani Possible buffer overflow in Windows (Windows animated cursor file)
*.bat, Possible malicious batch file script
*.bmp Possible buffer overflow in Windows (Windows bitmap file)
*.ceo WinEvar virus attachment
*.chm Possible compiled Help file-based virus
*.cmd Possible malicious batch file script
*.cnf Possible SpeedDial attack
*.com Windows/DOS Executable
*.cpl Possible malicious control panel item
*.cur Possible buffer overflow in Windows (Windows cursor file)
*.exe Windows/DOS Executable
*.hlp Possible buffer overflow in Windows (Windows help file)
*.hta Possible Microsoft HTML archive attack
*.ico Possible buffer overflow in Windows (Windows icon file)
*.ins Possible Microsoft Internet Comm. Settings attack
*.its Dangerous Internet Document Set (according to Microsoft Q883260)
*.job Possible Microsoft Task Scheduler attack
*.jse Possible Microsoft JScript attack
*.lnk Possible Eudora *.lnk security hole attack
*.mad, *.maf, *.mag, *.mam, *.maq, *.mar, *.mas, *.mat, *.mav, *.maw Possible Microsoft Access Shortcut attack
*.mau Dangerous attachment type (according to Microsoft Q883260)
*.mda, *.mdz Dangerous attachment type (according to Microsoft Q883260)
*.mhtml Possible Eudora meta-refresh attack
*.pif Possible MS-Dos program shortcut attack
*.prf Dangerous Outlook Profile Settings (according to Microsoft Q883260)
*.pst Dangerous Office Data File (according to Microsoft Q883260)
*.reg Possible Windows registry attack
*.scf Possible Windows Explorer Command attack
*.sct Possible Microsoft Windows Script Component attack
*.shb Possible document shortcut attack
*.shs Possible Shell Scrap Object attack
*.scr Possible virus hidden in a screensaver
*.tmp Dangerous Temporary File (according to Microsoft Q883260)
*.vbe, *.vbs Possible Microsoft Visual Basic script attack
*.vsmacros Dangerous Visual Studio Macros (according to Microsoft Q883260)
*.vss, *.vst, *.vsw Dangerous attachment type (according to Microsoft Q883260)
   
*.ws Dangerous Windows Script (according to Microsoft Q883260)
*.wsc, *.wsf, *.wsh Possible Microsoft Windows Script Host attack
*.xnk Possible Microsoft Exchange Shortcut attack


File type rules:
self-extract -- No self-extracting archives
ELF -- No executables
executable -- No executables
MPEG -- No MPEG movies
AVI -- No AVI movies
MNG -- No MNG/PNG movies
QuickTime -- No QuickTime movies
Registry -- No Windows Registry entries

** Please keep your anti-virus software updated. The MailScanner should not be used as the sole means of blocking computer viruses on your computer.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Blocked Attachments (Views: 2561)
Running out of space? (Views: 3295)