CITES Security | University of Illinois

Email attachment filters

Beginning Monday, April 8, 2013, CITES will no longer allow certain types of files to be sent or received by @illinois.edu email addresses.

Introduction

As part of its efforts to protect the University of Illinois from malware and other email threats, CITES blocks certain types of files from being sent or received as email attachments. On Monday, April 8, 2013 CITES will expand the types of files it filters from emails. 
 
CITES does not expect that this or any one single solution will solve all problems associated with email security. But filtering these file types, combined with other steps, should help reduce the spread of phishing emails and malware on campus.
 

How can I tell if an attachment has been filtered?

If you receive an email that has a filtered attachment, a text file attachment will be added to the message stating that an attachment was filtered.
 
If you send an email with an attachment that gets filtered, the recipient of the email will see additional text file attachment to your message stating that an attachment was filtered.
 

I need to send or receive a file that is being filtered. What can I do?

The best way to send files is not through email attachments, but through file sharing services such as U of I Box
 
For more information about how to send and receive files through U of I Box, visit http://go.illinois.edu/SendFiles
 

Which file types are being filtered?

Previously, CITES Spam Control focused on blocking attachments that it had scanned and determined were malware. Now, in addition to scanning for and deleting malware sent by email, particular file types sent as email attachments will be removed from the emails. These file types are frequently used to try and deliver malware to campus through email.
 
CITES does not expect these blocks to directly impact most email users as common formats of documents, spreadsheets, PDFs, and graphic files will not be filtered.
 
Please note that archive file types (.zip, .rar, .tar, etc) will only be automatically filtered if they ARE encrypted or password protected. This is because if the archive uses a password or encryptions, we cannot tell if the archive contains malware.
 
If the file is not encrypted, it will still be scanned for malware and blocked only if malware is detected.
 
Archive files that are NOT password protected, NOT encrypted, and do NOT contain malware, can be sent and received normally. These particular file types have an asterisk after them to denote this difference.
 
The types of files listed below cannot be sent or received by @illinois.edu email accounts.
 
.386
.3gr
.ace
.add
.ade
.adp
.adt
.app
.arj 
.asd 
.asp
.aspx
.bas
.bat
.bin
.btm
.bz2*
.cab*
.cbt
.ceo
.cer
.chm
.cla 
.cmd
.cnt
.com
.cpl
.crt
.csc 
.csh
.css
.dbx
.der
.dll
.drv
.email
.exe
.fon
.fxp
.gadget
.grp
.gzip*
.hlp
.hpj
.hta
.htr
.inf
.ins
.isp
.its
.jar
.je
.js
.jse
.ksh
.lha*
.lzh*
.lib
.lnk
.mad
.maf
.mag
.mam
.maq
.mar
.mas
.mat
.mau
.mav
.maw
.mcf
.mda
.mdb
.mde
.mdt
.mdw
.mdz
.mht
.msc
.msh
.msh1
.msh1xml
.msh2
.msh2xml
.mshxml
.msi
.mso
.msp
.mst
.obj
.ocx
.ops
.osd
.ov
.pcd
.pgm
.pif
.pl
.plg
.prc
.prf
.prg
.ps1
.ps1xml
.ps2
.ps2xml
.psc1
.psc2
.pst
.rar*
.reg
.scf
.scr
.sct
.shb
.shs
.smm
.swf
.sys
.tar*
.tmp
.url
.vb
.vbe
.vbp
.vbs
.vsmacros
.vsw
.vxd
.ws
.wsc
.wsf
.wsh
.xbap
.xnk
.zip* 
.zipx*
.zoo*
 
* Encrypted or password protected files of these types will be filtered. Attachments of these file types that are not encrypted or password protected will not be affected.