Virus Checking and Spam Tagging

We currently run MailScanner/Spam Assassin to scan all incoming email for viruses and spam.:

The MailScanner setup blocks the delivery of e-mail messages with viral payloads, attachments containing certain proscribed file types and attachments with certain proscribed filename extensions. Also, each e-mail message is processed by SpamAssassin and, depending on the total score assigned, is handled accordingly. The prefix {Spam?} is added to the contents of the Subject: header line of mail that has a probabilityof being spam, and mail that has a high certainty of being spam is deleted without being delivered.

The prefix {Disarmed} is added to the contents of the Subject header line of mail that in which MailScanner has disarmed' certain HTML tags. The tags that are impacted are tags and tags that are thought to be WebBugs. WebBugs are very small images used to track whether a messages has been read and IFrames allow various Microsoft Outlook security vulnerabilities to remain unprotected (but are commonly used in Mailing Lists).

 



Below is the list of the filename and filetype rules that are filtered out due to possible virus infection:

Filename rules:
Files with very long filenames (over 150 characters)
Filenames that contains lots of whitespace (over 10 characters in a row)
Filenames trying to hide its real extension by adding a CLSID (e.g. {testhta.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B})


pretty park.exe "Pretty Park" virus
happy99.exe "Happy" virus
webpage.rar I-Worm.Yanker virus attachment

*.ani Possible buffer overflow in Windows (Windows animated cursor file)
*.bat, Possible malicious batch file script
*.bmp Possible buffer overflow in Windows (Windows bitmap file)
*.ceo WinEvar virus attachment
*.chm Possible compiled Help file-based virus
*.cmd Possible malicious batch file script
*.cnf Possible SpeedDial attack
*.com Windows/DOS Executable
*.cpl Possible malicious control panel item
*.cur Possible buffer overflow in Windows (Windows cursor file)
*.exe Windows/DOS Executable
*.hlp Possible buffer overflow in Windows (Windows help file)
*.hta Possible Microsoft HTML archive attack
*.ico Possible buffer overflow in Windows (Windows icon file)
*.ins Possible Microsoft Internet Comm. Settings attack
*.its Dangerous Internet Document Set (according to Microsoft Q883260)
*.job Possible Microsoft Task Scheduler attack
*.jse Possible Microsoft JScript attack
*.lnk Possible Eudora *.lnk security hole attack
*.mad, *.maf, *.mag, *.mam, *.maq, *.mar, *.mas, *.mat, *.mav, *.maw Possible Microsoft Access Shortcut attack
*.mau Dangerous attachment type (according to Microsoft Q883260)
*.mda, *.mdz Dangerous attachment type (according to Microsoft Q883260)
*.mhtml Possible Eudora meta-refresh attack
*.pif Possible MS-Dos program shortcut attack
*.prf Dangerous Outlook Profile Settings (according to Microsoft Q883260)
*.pst Dangerous Office Data File (according to Microsoft Q883260)
*.reg Possible Windows registry attack
*.scf Possible Windows Explorer Command attack
*.sct Possible Microsoft Windows Script Component attack
*.shb Possible document shortcut attack
*.shs Possible Shell Scrap Object attack
*.scr Possible virus hidden in a screensaver
*.tmp Dangerous Temporary File (according to Microsoft Q883260)
*.vbe, *.vbs Possible Microsoft Visual Basic script attack
*.vsmacros Dangerous Visual Studio Macros (according to Microsoft Q883260)
*.vss, *.vst, *.vsw Dangerous attachment type (according to Microsoft Q883260)
   
*.ws Dangerous Windows Script (according to Microsoft Q883260)
*.wsc, *.wsf, *.wsh Possible Microsoft Windows Script Host attack
*.xnk Possible Microsoft Exchange Shortcut attack


File type rules:
self-extract -- No self-extracting archives
ELF -- No executables
executable -- No executables
MPEG -- No MPEG movies
AVI -- No AVI movies
MNG -- No MNG/PNG movies
QuickTime -- No QuickTime movies
Registry -- No Windows Registry entries

** Please keep your anti-virus software updated. The MailScanner should not be used as the sole means of blocking computer viruses on your computer.

  • 13 Users Found This Useful
Was this answer helpful?

Related Articles

How to set up a mailbox

There are 2 steps to creating a new email address... Step 1 is to create the email box on the...

Anti-Virus & Anti-SPAM

All our customers are protected by Mailscanner, SpamAssassin, and ClamAV spam detection...

Running out of space or being billed for extra space?

In most cases when you've received a server warning that you're running out of space or an...

Sender Verification

Most of our mail servers now attempt to confirm that the sender of a given piece of mail is...

Blocked Attachments

Our virus and spam scanners are configured to block certains types of dangerous or potentially...