(Note: Messages sent via mail servers managed by Information Technology Services are subject to a different attachment filtering policy. For more information, see Attachments on the Central Campus Mail Server.)
Because of the continual threat of trojans, viruses and worms spread by e-mail, the email server for Mathematical Sciences (the departments of Computer Science, Mathematics, and Statistics and Actuarial Science) has implemented the following policy on email attachments.
All messages relayed from sites on campus are not scanned for attachments, with the exception of messages that pass through the main campus email relays for off-campus email. All other messages (off-campus email, and messages that pass through the main relays) are scanned for attachments.
If a message contains an attached file that is likely to be malicious, the message is still delivered, but the attachment is stripped from the message. Filename extensions are used to determine which attachments to remove. The table below displays filename extensions that will cause an attachment to be stripped.
| .ade | .adp | .ani | .app | .bas | .bat | .chm | .cla |
| .class | .cmd | .com | .cpl | .crt | .csh | .eml | |
| .exe | .fxp | .hlp | .hta | .inf | .ins | .isp | .js |
| .jse | .ksh | .lnk | .mda | .mdb | .mde | .mdt | .mdw |
| .mdz | .msc | .msi | .msp | .mst | .ocx | .ops | .pcd |
| .pif | .prf | .prg | .reg | .scf | .scr | .sct | .shb |
| .shs | .url | .vb | .vbe | .vbs | .wsc | .wsf | .wsh |
| .xsl |
If an attachment is removed, text is inserted into the message to notify the recipient that the attachment was removed. The inserted text looks like this:
An attachment named filename was removed from this document as it constituted a security hazard. If you require this document, please contact the sender and arrange an alternate means of receiving it.
If an attached *.zip file contains a file that is likely to be malicious, the zip file is renamed, and a warning is inserted into the message. The warning looks like this:
An archive file attachment named "myfile.zip" was renamed to "myfile.zip.SCANFORVIRUSES". To recover the file, rename the file as "myfile.zip" Please scan the files inside the archive file for viruses before opening or executing them.
Any message with no attachments, or with an attachment that is considered to be relatively safe, will be delivered intact. Attachments that look like office productivity files (for example, spreadsheets and word processing documents), text files, and other files that are not executable programs will be delivered normally.
Be aware that an attached file that is delivered may still be unsafe. For example, office productivity files can contain macro viruses. All email messages sent to Mathematical Sciences are scanned for viruses, but no virus scanner is perfect. Before opening any attached file, be sure you can trust the person who sent it.
If you would like to send files and you don't care who can access them, you can put them in your personal web space and send the recipient a link to their location. By default, any files you put in your personal web area are accessible to everyone on the web. You can limit access to the folder that contains these files. For information on restricting access to web pages, see How to Restrict Access to Web Pages. You can also rename the file so that it does not have one of the prohibited three-letter filename extensions, and then send it through email. The recipient then must rename the file back after it is received. For example, if you want to send a file named myprogram.exe, you could rename it to myprogram.xxx and email it. The recipient would then have to name it back to myprogram.exe.
