Dealing with Attachments
One of the most common ways for viruses to spread is by means of e-mail attachments. However, all attachments are not equal in their ability to spread a virus. Certain file types are potentially very dangerous, such as executable programs, batch files, and installation files. Others, such as image and music files, are generally safe.
Automatically blocked attachments
Because of the potential danger posed by some file types, Outlook blocks certain kinds of attachments that are sent to you; you receive the message with a notification that an unsafe attachment has been blocked. This blocking is built into Outlook and cannot be turned off or changed. The blocked file types are listed in Table 28-1.
| Extension | File Type |
|---|---|
| ADE | Access Project Extension (Microsoft) |
| ADP | Access project (Microsoft) |
| APP | Executable application |
| ASP | Active Server Page |
| BAS | BASIC source code |
| BAT | Batch processing |
| CER | Internet Security Certificate file |
| CHM | Compiled HTML jelp |
| CMD | DOS CP/M command file, or a command file for Windows NT |
| COM | Command |
| CPL | Windows Control Panel Extension (Microsoft) |
| CRT | Certificate file |
| CSH | csh script |
| DER | DER-encoded X509 certificate file |
| EXE | Executable file |
| FXP | FoxPro compiled source (Microsoft) |
| HLP | Windows Help file |
| HTA | Hypertext application |
| INF | Information or Setup file |
| INS | IIS Internet Communications settings (Microsoft) |
| ISP | IIS Internet Service Provider settings (Microsoft) |
| ITS | Internet Document Set, Internet Translation |
| JS | JavaScript source code |
| JSE | JScript encoded script file |
| KSH | UNIX shell script |
| LNK | Windows Shortcut file |
| MAD | Access Module shortcut (Microsoft) |
| MAF | Access (Microsoft) |
| MAG | Access diagram shortcut (Microsoft) |
| MAM | Access macro shortcut (Microsoft) |
| MAQ | Access query shortcut (Microsoft) |
| MAR | Access report shortcut (Microsoft) |
| MAS | Access Stored Procedures (Microsoft) |
| MAT | Access table shortcut (Microsoft) |
| MAU | Media Attachment Unit |
| MAV | Access view shortcut (Microsoft) |
| MAW | Access Data Access Page (Microsoft) |
| MDA | Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft) |
| MDB | Access Application (Microsoft), MDB Access Database (Microsoft) |
| MDE | Access MDE database file (Microsoft) |
| MDT | Access Add-in Data (Microsoft) |
| MDW | Access Workgroup Information (Microsoft) |
| MDZ | Access Wizard Template (Microsoft) |
| MSC | Microsoft Management Console Snap-in control file (Microsoft) |
| MSH | Microsoft Shell |
| MSH1 | Microsoft Shell |
| MSH2 | Microsoft Shell |
| MSHXML | Microsoft Shell |
| MSH1XML | Microsoft Shell |
| MSH2XML | Microsoft Shell |
| MSI | Windows Installer File (Microsoft) |
| MSP | Windows Installer Update |
| MST | Windows SDK Setup Transform Script |
| OPS | Office Profile settings file |
| PCD | Visual Test (Microsoft) |
| PIF | Windows Program Information file (Microsoft) |
| PLG | Developer Studio Build Log |
| PRF | Windows System file |
| PRG | Program file |
| PST | Exchange Address Book file, Outlook Personal Folder File (Microsoft) |
| REG | Registration Information/Key for Registry Data File |
| SCF | Windows Explorer command |
| SCR | Windows screen saver |
| SCT | Windows Script component, FoxPro screen (Microsoft) |
| SHB | Windows Shortcut into a document |
| SHS | Shell Scrap Object file |
| TMP | Temporary file/folder |
| URL | Internet location |
| VB | VBScript file or any VisualBasic source |
| VBE | VBScript encoded script file |
| VBS | VBScript script file, Visual Basic for Applications script |
| VSMACROS | Visual Studio .NET binary-based macro project (Microsoft) |
| VSW | Visio workspace file (Microsoft) |
| WS | Windows script file |
| WSC | Windows script component |
| WSF | Windows script file |
| WSH | Windows Script Host settings file |
Outlook also catches these file types on the way out—that is, if you try to send them as an attachment. They aren’t necessarily blocked, but Outlook reminds you that the recipient may not be able to receive them—and definitely won’t if he or she uses Outlook—and asks you if you want to proceed.
Blocked File Types and ExchangeIf you use an Exchange account for e-mail, these same file types are blocked by default. However, the Exchange administrator can modify the list if needed. |
Sending ZIP Files as AttachmentsWhen you create a ZIP file, you have the option of protecting it with a password. Although doing so can provide security against unauthorized access to the ZIP file’s contents, it can prevent anti-virus software from checking the ZIP file’s contents for viruses. |
Other attachment types
Some other file types are not on the blocked list even though they have the potential to carry viruses. These file types are not blocked because they are very commonly sent as attachments. They include Microsoft Word documents (.doc), Excel workbooks (.xls), and PowerPoint files (.ppt). When you receive this kind of file as an attachment, it’s important for you to be aware of the potential for harm. Even if you have anti-virus software, you cannot be sure that it will catch every virus, particularly because new ones are created regularly.
The general rule is to not open any such file unless you trust the source. It is also wise to have macro security set to a safe level, as described elsewhere in this chapter.
Sending blocked file types
Many people have perfectly legitimate reasons for sending blocked file types as attachments. You have two ways to get around Outlook’s restrictions to do this:
Change the file’s extension. For example, if you want to forward a compiled HTML help file named MyHelp.CHM, change the file extension to something that Outlook won’t block, such as MyHelp.TXT. In your message, instruct the file recipient to change the file extension back before using the file.
Put the file in a ZIP or other kind of archive. This kind of file is permitted by Outlook. You need to instruct the recipient as to how the file can be extracted, of course.