Question
There are vulnerabilities in certain clients to do with attachment names – specifically
Outlook XP – which means that attachments come through with a unique string as the
attachment type and not the true attachment extension. This means that attachment
blocking will not catch this, and allows
vbs, exe files etc to pass the attachment filter. Running VPP will not protect against
this entirely, as files can be malicious without actually being a virus.
An example of one such attachment follows:
Content-Disposition: attachment;
filename="viewthis.jpg.{73a4c9c1-d68d-11d0-98bf-00a0c90dc8d9}"
Outlook XP will treat this as a vbs file. It can be blocked if I place the file extention {73a4c9c1-d68d-11d0-98bf-00a0c90dc8d9} in the attachment block section however I’d like to block all filenames of this type.
How can I block these files extention types?
Answer
The Attachments tab under GMS Anti-Spam>Content>Attachments provides a way to ban certain attachment types from entering your system altogether dependant on the file extension of the attachment.
We have enabled the use of wildcards in attachment blocking. This enhancement to the attachment blocking functionality allows you to block several file types with a single entry. For example:
If you wish to block all attachment types that begin with { and end with } as in the question details, you would use a wildcard (*) to indicate that no matter what the content, you wanted to block everything within the { and }. This would be indicated in GMS Anti-Spam under Content>Attachments and would be indicated by adding the file extension:
{*}
Please note that only the attachment extension itself should be included, not the ".".
See Also:
Keywords:JUCE attachment extensions rejectattachext Spam checker GMS Anti-spam anti spam antispam