Skip over global navigation links

AntiVirus

The purpose of this page is to inform the NIH community of all attachment filters that are currently in place by the NIH Central Email Service.

File filters are simply a means of filtering or “blocking” attachments and/or messages that are likely to be generated by or infected with a computer virus.

Please note that “blocking” generally means the elimination of the entire attachment/message without notification. While this action may seem extreme and rather user un-friendly, we are driven by the necessity to keep large numbers of additional nuisance, junk, or SPAM e-mails out of the e-mail system. The majority of attachment/messages we block on any given day are generated by viruses or worms, and the recipient address is almost always spoofed. We would be doing a greater disservice to the user community by delivering unsolicited, unwanted, and confusing messages and/or notifications to our users.

As mandated by DHHS security requirements, messages containing the following file extension types are currently being blocked on all CES Email Servers:

*.bat, *.bin, *.cmd, *.com, *.cpl, *.exe, *.hta, *.pif, *.rar, *.scr, *.sct, *.shb, *.shs, *.uue, *.vb, *.vbe, *.vbs, *.wsc, *.wsf, *.wsh

The following additional file extension types have been added to address specific windows vulnerabilities:

*.ani, *.cur, *.ico, *.wmf

ZIP Attachment Blocking

Effective 04/30/2004, the *.zip filters which had been in place on all CES SMTP servers, have been removed. The filters had been added in response to several of the recent Bagle worm variants which are now using password-protected or encrypted ZIP files to get through the AV scanners. Recent enhancements to the AV scanning engines and to the Sybari Antigen code which is used on CES, have made this possible.

However, it is still extremely important that you always use good judgment when dealing with messages or attachments that are not expected or are not from a known source. If you are unsure about a certain message/attachment, ask the NIH Help Desk, an Administrator, or simply delete the message.

Up to Top

This page last reviewed: September 12, 2008