Wheaton College email attachment practice
Introduction
Computer viruses are often spread by self-executing programs sent to users via e-mail. These self-executing programs are transferred as attachments to e-mail messages, which are opened automatically by e-mail clients such as Microsoft Outlook, and once infected a user's computer spreads the virus onward to other machines across the internet.
To help prevent the spread of viruses and protect campus productivity and resources, LIS has elected to prevent *executable* attachments from passing through the Wheaton mail servers. Executable programs are identified by their three letter filename extension. All attachment extensions will be assessed and *executable* extensions will be rejected, regardless of the Operating System of the originating computer. Listed below are three letter extensions that will not be accepted by the Wheaton mail servers.
Attachment Filtering Process
Wheaton's perimeter virus protection server currently examines the incoming and outgoing mail messages to see if they contain viruses. If they do, the viruses are disabled and the messages are passed along. On occasion, viruses are propagated on the Internet before virus filters are written to scan for them.
As of the implementation date, this server will also examine email for different types of attachments. Should an attachment be found in a message, the virus server will check whether the attachment's filename extension is in the list of "dangerous types"
Should any such attachment be found the e-mail message is rejected and returned to sender. The sender will receive an error message along with the original message indicating why it was rejected
At no time is any attachment content scanned or attachments kept after being identified as possibly dangerous
List of dangerous three-letter extensions that we block: .bat, .com, .exe, .js, .pif, .rar, .scr, and .vbs. They will be blocked - even if they are found within a .zip file. The list of "dangerous three letter extensions" will be updated as the need arises.
Attachment blocking is not a 100 percent reliable method of protection against viruses and security vulnerabilities. There are ways of encoding attachments that will manage to evade these tests, such as encoding the filename with non-English characters.
The file types which are no longer being accepted should not cause users problems. Should users need to have files of these types delivered by mail, they are encouraged to package the file using a compression tool such as zip before sending, or they are encouraged to seek alternative file transfer methods such as FTP.
Files generated by Microsoft Office products ie: Word, Power Point or Excel documents are not affected by this change.