Effective immediately, the executable filter available in the CNC Email Manager has been updated to include the .CMD file name extension in its list. This omission has been mentioned in the recent email virus alert (http://www.aota.net/forums/showthread.php?postid=105053#post105053) thread, and is no longer considered an omission. ;)

The complete list of extensions is as follows:
BAT: Batch file
CHM: Compiled HTML help file, can contain scripts
CMD: Windows NT Command script
COM: Command executable
EXE: executable
HLP: Windows help files, can contain auto-executing VBScript
HTA: HTML application, can contain VBScript, JavaScript, etc.
LNK: Windows shortcut, may contain program instructions.
PIF: Program Information File
REG: Regedit will inject its contents into the registry
SCR: Screen capture, interpreted as an executable binary
SHS: Shell automation code
VBE: VisualBasic Enterprise
VBS: VisualBasic Script
WSF: Windows Scripting File (same as VBS)
WSH: Unknown, but reported to be executable.

Thanks! Appreciate that... one less little grunion to fry!

I assume no changes to current email settings are needed.

Correct, no changes to current email settings are needed, assuming you currently have the built-in executable attachment enabled.

Thanks. It's really nice to see a company that works so hard to please it's customers!

FYI: the FSH file extension is a property settings file for Windows Script Host scrips. Per MS Knowledge Base Article 232211, it's similar to a PIF file and is consider to be exacutable.

Scott

Ops! I ment to say WSH files, not FSH.

Originally posted by Grayline:
FYI: the WSH file extension is a property settings file for Windows Script Host scrips. Per MS Knowledge Base Article 232211, it's similar to a PIF file and is consider to be exacutable. Thanks for the note. I've added it to my notes.

Any particular reason why the following executable files are also not included in this list?

.JS, .JSE (Javascript files)
.MSI (MS Installer files)
.DLL (Windows Dynamic Link Libraries)

I already add these to the 'Attachment Extensions' built-in filter (plus a few other less common files) on my sites, but they're common (and dangerous) enough to be included in the main filter (IMHO :) ) -- I cannot think of a single useful reason for any email to include those as attachments.

The list of extensions in the filter are not those which commonly contain executable code (of which there are many, many more). It is a list of extensions that, when Windows sees them, will let you double click on them and execute them directly. From our testing, .dll files are not directly executable. However, the other three may well contain executable scripts, and make sense to go into the list of extensions. I'll add those two and post a note here when I've installed the modified program.

Originally posted by Bruce:
The list of extensions in the filter are not those which commonly contain executable code (of which there are many, many more). It is a list of extensions that, when Windows sees them, will let you double click on them and execute them directly. From our testing, .dll files are not directly executable. Like so many things that happen at FQ, I knew their had to be a reason for decisions like this. Makes sense to me... :D
However, the other three may well contain executable scripts, and make sense to go into the list of extensions. I'll add those two and post a note here when I've installed the modified program. The MSI extension is the one that really concerns me since more and more applications are shipped using this format. To make things even more interesting, the file header for MSI files (the first few bytes, anyway) is the same as MS Office documents, so even trying to filter on MIME Base64 text is tricky, to say the least. Oh well, that's the price for 'standardizing' on a monopoly operating system.

As promised, the three referenced filename extensions (.js, .jse, and .msi) have been added to the executable filter, and the modified program has been installed on the POP toaster.