Re: Email Attachment Blocking

[Jesse Thompson <jesse.thompson () DOIT WISC EDU>]

We scan for dangerous attachment types, and rename the file to
ORIGINAL.EXTENSION_renamed.  If the zip has an executable file inside of
it, we rename the zip file.  This prevents the file from being easily
executed or opened.  We also add a message to the body of the message
indicating that we renamed it, and that they should verify the
legitimacy of the file before they rename and execute it.

More information about this here:
http://kb.wisc.edu/wiscmail/page.php?id=6056

We've had great success with this implementation.  It effectively blocks
all undetected attachment-borne viruses.  We received virtually no
pushback from campus on this policy.  Normally, with a decentralized
campus IT environment such as ours, people complain about everything we
implement.

Jesse
UW Madison

Steve Brukbacher wrote:
> Hi,
> I'm taking an informal survey to see if others are currently blocking
> any email attachments at the mail server (or component of your mail
> server infrastructure).  If so, which ones?
>
> If yes, does the email simply get dropped or does the sender and/or
> recipient receive some sort of notification?
>
> Any comments on how you worked with your user community on this would be
> helpful as well.

--
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature