delivering responsive, innovative IT across the University of Oxford

Search Google Appliance

Home >> News >> Further restrictions on executable email attachments

Further restrictions on executable email attachments

News publication date: 
Friday, 24 November 2017
InfoSec logo

On Tuesday 28 November, IT Services will introduce further restrictions on executable email attachments as part of measures to reduce the risks of email-borne malware. 

These will be in addition to the restrictions introduced in September, and follow further analysis and evaluation within the University's Information Security Team. 

The restrictions will cover the file extensions listed below, and will apply to attachments to all messages passing through Oxmail, whether entering, leaving or internal to the University. 

If any attachment has a name ending in one of these extensions, the message will be rejected, with a brief summary of the reason for rejection and a link to the IT Services Help website for further information.

The vast majority of messages with such attachments are malicious in nature, but a handful of people may require assistance in finding alternative methods for sharing their files, for example using a passworded .zip file, or the OxFile service. We also note that .lnk shortcut files may occasionally be emailed in error, rather than the target of the shortcut.

The new restrictions will apply to the following file extensions:

  • .bat - DOS batch file
  • .cmd - Windows NT batch file
  • .cpl - Windows Control Panel addon
  • .lnk - Windows Command shortcut
  • .msc - Microsoft Management Console snap-in
  • .msh1 - Monad (old PowerShell)
  • .msh1xml - Monad (old PowerShell)
  • .msh2 - Monad (old PowerShell)
  • .msh2xml - Monad (old PowerShell)
  • .msh - Monad (old PowerShell)
  • .mshxml - Monad (old PowerShell)
  • .pif - DOS Shortcut
  • .ps1 - PowerShell
  • .ps1xml - PowerShell
  • .ps2 - PowerShell
  • .ps2xml - PowerShell
  • .psc1 - PowerShell
  • .psc2 - PowerShell
  • .reg - RegEdit file
  • .scf - Windows Explorer command file
  • .swf - Shockwave Flash 
  • .vb - Visual Basic script
  • .vba - Visual Basic module
  • .vbe - Visual Basic script (encrypted)
  • .vbs - Visual Basic script
  • .ws - Windows Script file
  • .wsc - Windows Script Component
  • .wsf - Windows Script file
  • .wsh - Windows Scripting Host

For reference the following file extensions are already blocked:

  • .com - DOS Executable
  • .exe - Windows Executable
  • .gadget - Windows Vista Gadget
  • .jar - Java Archive
  • .js - JavaScript
  • .jse - JavaScript encrypted
  • .msi - MS Installer
  • .msp - MS Installer Patch
  • .scr - Screensaver

These blocks cover filetypes we consider to pose significant risk but which are least likely to cause problems for legitimate email traffic. Many other filetypes can of course contain malware, and some may come in the form of archives such as .zip files.

University's Information Security Team will continue to investigate further email security measures with a view to implementation over the coming months.