A Personal Blog
High Risk Extensions
Just an FYI. Microsoft has updated their list of High Risk Extensions. What does this mean? It means we’re ensuring we’re blocking these extensions in email and on our firewall to varying extents. Some are blocked outright (zip, exe and a bunch of others) and others go through context sensitive scans. My recommendation? Do a risk analysis on these. Not a “how much of a risk is it if we leave this open” type analysis. Do a “will this really affect our users” type of analysis.
Here’s the list:
.ade .adp .app .asp .bas .bat .cer .chm
.cmd .com .cpl .crt .csh .exe .fxp .hlp .hta .inf .ins .isp
.its .js .jse .ksh .lnk .mad .maf .mag .mam ..maq .mar
.mas .mat .mau .mav .maw .mda .mdb .mde .mdt
.mdw .mdz .msc .msi .msp .mst .ops .pcd .pif .prf .prg
.pst .reg .scf .scr .sct .shb .shs .tmp .url .vb .vbe .vbs
.vsmacros .vss .vst .vsw .ws .wsc .wsf .wsh
The only filetype we had a problem blocking was .zip’s (not actually in this list). It is causing an inconvenience for users, but it’s dropped our daily virus infection levels by more than 50%. We’re very happy with the decision.
About the author
| Print article | This entry was posted by Jeremy Wright on September 17, 2004 at 7:26 am, and is filed under IT Thoughts, Work. Follow any responses to this post through RSS 2.0. Both comments and pings are currently closed. |
Comments are closed.
about 7 years ago
Did you wind up unblocking .zip or are you just having your users deal with it? So much is zipped up already to avoid being blocked (any sort of MS Office document comes to mind) that I don’t think my company could ever do such a thing.
about 7 years ago
We still block zips. We don’t context scan them though, so users are free to rename them.
It’s definitely an inconvenience, but we haven’t had any actual complaints since the system notifies users of the issue, of the workaround and who to call if they have problems.
The issue was with viruses sending millions of zips. That traffic has stopped now, and there is no load being placed on the mail servers (specifically storage) as a result.
about 7 years ago
We block zips at work too. It’s a major PITA to be honest, but it does cut down on the risk/traffic factor significantly. And you can always rename them to .foo ;-)
about 7 years ago
not sure how blocking zips reduces your bandwidth – surely you have to retrieve/accept the email before you know theres a zip in it? By which point the bandwidth has been used up. A virus scanner would pick up and delete the virus so your bandwidth to the user isn’t going to be affected (much) apart from the email which says “click here to view my naughty web pages” with an attachment that says “this file was deleted as it contained a virus”. Surely this slight overhead is worth not having the hassles of users being unable to send anything to you because you’ve blocked zip and all office docs!
Having said that, I zipped up a 53mb file to 700k and sent it. The receiver rejected it because the *unzipped* file was too big!
about 7 years ago
It doesnt’ reduce the bandwidth, it reduces the load on the mailservers. Zips get blocked at the SMTP level by our anti-spam server. It also means none of it gets stored on the disk arrays of the mail servers either, which is actually 1GB in monthly savings in terms of disk space.