This is an old revision of the document!
The Attachment Processing page allows you to configure VPOP3 to perform two distinct functions on messages that contain attachments:
The Filtering tab is divided into four main sections:
Attachment filtering is applied when a new message is received by VPOP3. The Attachment filenames to filter box allows you to use basic pattern matching, so that VPOP3 will only filter certain attachments; for instance, if the file has a filename extension, which would enable a malicious file to accidentally be run by the recipient.
The syntax for pattern matching is to type specific characters, where they will appear, and substitute a single, but unknown character with ?, and substitute an unknown number of characters with *.
e.g. ?x*.txt will match filenames such as example.txt and Oxford.txt, but because the ? character will only represent a substitution of one character, it will not match Texas.txt
Pattern | Explanation |
---|---|
*.vbs | Files with a .vbs extension will typically run as Visual Basic Scripts. |
*.{????????-????-????-????-????????????} | Filenames ending in a GUID (Globally Unique Identifier) - These files could instruct Windows to open the file in a particular program, or as an executable, irrespective of the actual filename extension. Note: GUIDs only contain hexadecimal characters (numbers 0-9 and letters A-F), but this pattern would also match for non-hexadecimal characters. |
*.hta | Files with a .hta extension will typically run as HTML applications; potentially allowing the use of JScript and VBScript. |
*.???.??? | Files with a 'double' filename extension are commonly used to distract the recipient. For example, by naming a file photo.jpg.exe, the sender could exploit users who do not have the technical knowledge to realise that the file is an application and not a picture. |
* *.* | Files with at least 10 consecutive spaces in the filename. There are few legitimate reasons for using 10 consecutive spaces, so it is likely to be an exploit attempt. Using a lot of spaces may obscure the filename extension in some mail clients, or may make the attachment look like two distinct files. |
*. | Windows will disregard the dot at the end of a filename, so there is very little reason for a filename legitimately ending with a dot. An attacker may try using a dot at the end of the filename, in order to circumvent other filtering rules. |
*.pif | Files with a .pif extension will typically be Program Information Files for DOS. They can be used to transmit viruses. |
There are two checkboxes in this section:
There are various attachment processing options for incoming messages: