Restrictions on Delivering E-mail with Unsafe Attachments
Unsafe attachments of e-mails may threaten the security or integrity of the recipient's computer when they are opened. For example, opening an e-mail attachment with extension such as ".exe", ".vbs" or ".scr" causes it to be executed as a program. Executing a malicious program may unleash harmful payloads (e.g. a computer virus) and damage your computer. Moreover, the virus writers may use tricks such as double file extensions (e.g. "readme.doc.exe") to disguise the malicious e-mail attachments.
In order to strengthen the protection against virus attack (especially for the brand-new viruses that may not be detected by the anti-virus software), we have enhanced and adopted the standard recommended by Microsoft on restricting the delivery of e-mail with "unsafe attachments". The central e-mail servers (staff, student and alumni) will reject and bounce back to the sender any e-mail having an attachment with any of the following "unsafe file extensions":
.ade .adp .bas .bat .chm .cmd .com .cpl .crt .exe .hlp .hta .inf .ins .isp .js .jse .lnk .mdb .mde .msc .msi .msp .mst .pcd .pif .reg .scr .sct .shs .shb .url .vb .vbe .vbs .wsc .wsf .wsh |
Microsoft Access project extension Microsoft Access project Microsoft Visual Basic class module Batch file Compiled HTML Help file Microsoft Windows NT Command script Microsoft MS-DOS program Control Panel extension Security certificate Program Help file HTML program Setup Information Internet Naming Service Internet Communication settings JScript file Jscript Encoded Script file Shortcut Microsoft Access program Microsoft Access MDE database Microsoft Common Console document Microsoft Windows Installer package Microsoft Windows Installer patch Microsoft Visual Test source files Microsoft Visual compiled script Shortcut to MS-DOS program Registration entries Screen saver Windows Script Component Shell Scrap object Shell Scrap object Internet shortcut VBScript file VBScript Encoded script file VBScript file Windows Script Component Windows Script file Windows Script Host Settings file |
If you need to send an e-mail with an "unsafe attachment" (e.g. X.exe), you should use either one of the following methods and notify your receiver:
-
Post the file on the Web. You can post the file on a Website and tell recipients where they can download it. (This method is especially appropriate for distributing a file to many recipients.)
-
Compress the file. For example, using WinZip to compress X.exe into X.zip. (This method also decreases the file size).
-
Rename the file. For example, rename X.exe into X.exe_tmp. You can include instructions in the message body so that the recipient can restore the original name of the file.
If you need to receive an e-mail with an "unsafe attachment", you should also request the sender to use the above convention or method.
Note: The current list of unsafe file extensions is adopted from Microsoft. Users can refer to the following articles from the Microsoft Knowledge Base: 262617, 290497, 291369. This list may be updated from time to time.