[unisog] What Email Attachments Do You Block?

Paul Schmehl pauls at utdallas.edu
Tue Jul 24 01:10:59 GMT 2001

At UTD, we block a number of extensions, including ASF, BAT, CHM, COM, EXE,
WSH.  (We have since added {**  for the CLSID hack and LNK for SirCam.)

I have a series of web pages describing exactly what we do and how we do it.
You can find them at:
http://www.utdallas.edu/ir/tcs/techsupp/blocks.html and its links.  (For
those of you attending SIGUCCS this fall, I'll be doing a presentation on
this on Friday afternoon, and I'll be available for questions afterwards.
I'll also be hosting a BOF for anti-virus.)

We started blocking extensions in December of last year.  To date we have
bounced 3935 known viruses, which accounts for 52.31% of the total emails
bounced.  36.97% have been "joke" files, leaving only 10.72% of the emails
bounced that were "legitimate".

Our users love the service, and since its implementation, we have only
received about six complaints, all of which were resolved.

Along with bouncing the email, we also mail every on-campus sender (only)
and every off-campus sender and on-campus recipient, notifying them of the
bounce and identifying the virus (if there was one.)  In the on-campus
sender email, we include instructions on how to avoid the blocks (by
renaming the extension of the attachment to txt.)

Professors simply explain to their students how to avoid the blocks or
provide other means for them to submit their assignments.

At present, we don't use virus scanning on our (Solaris) smarthost, but we
do on our Exchange servers.  We are testing virus scanning on the smart host
now, but I doubt seriously we would ever remove the blocks.  By far the most
prevalent viral extension is .exe (60.56% of the total viruses bounced), and
that's the most likely one people would request to allow through.  AV
software just isn't up to the task of stopping new malware.  Extension
blocking doesn't care.

Paul Schmehl pauls at utdallas.edu
Supervisor, Support Services
University of Texas at Dallas
AVIEN Founding Member

----- Original Message -----
From: "Gary Flynn" <flynngn at jmu.edu>
To: <unisog at sans.org>
Sent: Monday, July 23, 2001 10:10 AM
Subject: [unisog] What Email Attachments Do You Block?

> What types of email attachments, if any, do you block completely?
> What effects has it had on general communications and student
> submissions of projects specifically?
> Do you do any virus scanning on your mail server/gateway?

More information about the unisog mailing list