============================================================================== ASF Notes: 1. items with "@" are Trademarks of their respective trademark holders. 2. File is exactly as received on 10 July 2002 except for minor reformatting to replace [TM] ASCII-174 with "@" ============================================================================== BEST PRACTICES on File blocking at Mail gateway The following list represents a list of recommended file attachments to block at the Internet mail gateway. The list is maintained by Lee Fisher from the McAfee Best Practices Team and is updated regularly inline with the latest threats. The list was last updated : July 2002 The list does not include the common MS office attachment types, although they do represent a considerable risk through the Macro functionality provided within this document format. These formats are considered business critical for most organisations, and therefore do not appear on the list below. To inquire about an updated list, or for any other comments, please direct your feedback to : Lee_Fisher@nai.com Thanks, Lee Fisher McAfee Best Practices Extens. Description Risk Assessment Additional Notes On Attachment ADE Microsoft Access Medium Project Extension ADP Microsoft Access Medium Project ASP MS Active Server High Known Destructive Code. Page BAS Visual Basic@ Medium Module BAT MSDOS@ Batch File Medium DOS based scripting some business validity, not a very strong delivery method for destructive code. CHM Compiled HTML Help High Common method of delivery of File destructive code. Very Dangerous CMD Windows NT@ Medium Known Destructive code Command Script COM MSDOS@ Application Medium Known Destructive code CPL Control Panel High Known Destructive code Extension CRT Security Medium Certificate EXE Application High Common method of delivery of destructive code. Very Dangerous HLP Windows@ Help File Medium Known Destructive Code HTA HTML Application High Known Destructive Code HTM HTM Page High Known Destructive Code INF Setup Information High Used in installation of File applications. Known Destructive Code INS Internet Medium Communication Settings ISP Internet Medium Communication Settings JS* JScript@ File High Sometimes blocked, as there are a number of 'childs' to this type. JSE JScript Encoded High Known Destructive code Script File LNK Shortcut High Known Destructive code MACRO Office Apps: High Embedded Macros Known Virus Excel, Word activity associated with macros. Very common method of delivery MDB Microsoft Access Medium Database with scripting Application capabilities. No Known Destructive code MDE Microsoft Access Medium Database with scripting MDE Database capabilities. No Known Destructive code MSC Microsoft Common High Console Document MSI Windows@ Installer High Package MSP Windows@ Installer High Patch MST Visual Test Source Medium File PCD Photo CD Image High PDF Adobe File Medium Known Virus. Must have full install of adobe to become an impact REG Registration High Changes registry entries when Entries clicked. Not a very good way to deliver destructive code SCR Screen Saver High Common method of delivery of destructive code. Very Dangerous SCT Windows@ Script High Component SH* High Sometimes blocked, as there are a number of 'childs' to this type. SHB Document Shortcut High File SHS Shell Scrap Object High Common method of delivery of destructive code. Very Dangerous URL Internet Locator High VB* Typical VBScript High Sometimes blocked, as there are File Type a number of 'childs' to this type. VBE VBScript Encoded High Common method of delivery of Script File destructive code. Very Dangerous VBS VBScript Script High Common method of delivery of File destructive code. Very Dangerous VSD Microsoft Visio High Visio File, no known virus File Type VSS Visio File Type High Visio File, no known virus VST Visio File Type High Visio File, no known virus VSW Visio File Type High Visio File, no known virus WS* Typically a High Windows@ Script Component WSC Windows@ Script High Component WSF Windows@ Script High File WSH Windows@ Script High Host Settings File