EMAIL VIRUSWARNING

by Hanz Makmur

Nov 1, 2001 (Modified Nov 14, 2008)


Table of Contents:
  1. Why am I getting this "Undelivered Mail Returned to Sender" message?
  2. What should I do if you suspect my computer has been infected by a computer virus?
  3. Why haven't I seen these virus warnings before?
  4. What are Blocked Autoexecutable, Suspicious or Unsafe Attachments?
  5. I need to send files to someone and now I can't send the files. What do I do?
  6. Helpful Links

  1. Why am I getting this "Undelivered Mail Returned to Sender" message?
       username@cs.rutgers.edu: host mail.cs.rutgers.edu[128.6.4.3] said: 551 78005042
       We dont accept this type of mail. See
       http://www.cs.rutgers.edu/resources/email/viruswarning 
       (in reply to end of DATA command)

    You are receiving this message because our virus scanner found out that the email you sent contains dangerous viruses or suspicious or unsafe enclosures. See Blocked Autoexecutable, Suspicious or Unsafe Enclosures section below for more details.

  2. What should I do if you suspect my computer has been infected by a computer virus?

    If you are a Rutgers affiliated person, you are in luck. Rutgers have site-licensed Anti Virus software and is available to Rutgers students, faculty and staff. This virus software is available at: http://software.rutgers.edu under the name RADS (Rutgers Antivirus Delivery System) We strongly recommend you install the antivirus right a way.

  3. Why haven't I seen these virus warnings before ?

    We had been suppressing the warning messages previously but some people have been wondering what happened to their sent messages and prefer to be notified when they are sending messages that contains viruses or suspicious file. To avoid confusion, we are now rejecting email immediately if objectionable content is found and leave it to sending server to notify the sender.

  4. What are Blocked Autoexecutable, Suspicious or Unsafe Attachments?

    An e-mail virus can be delivered (especially to Windows machines) via a number of clickable attachments or by autoexecutable enclosures - which activate when the message is read or sometimes previewed. Our virus scanner checks all email sent to any mail addressed to cs.rutgers.edu (e.g. "joeuser@cs.rutgers.edu".) It rejects any mail that has UNSAFE file types included in it (see below). If you send or receive mail with unsafe enclosures, you will receive notification as described above.

    We block email with suspicious attachments to avoid accidental mistake. Many viruses are sent with these extensions hidden from user. For example, an email attachments may come under the following name: "readme.doc.exe". Because the default setting on a Windows Operating system is not to show known file types, the enclosure above may look like "readme.doc" to users. Opening this enclosure will execute file "readme.doc.exe" without a user's knowledge and infect a user's computer.

    To prevent the spread of viruses delivered via email, all email destined to anyone at cs.rutgers.edu are being scanned. If your email contains attachment(s) with any extension listed below, you email will be rejected by our mail server and will be returned with the error message above.

    The following UNSAFE file types are known to be used for spreading viruses or creating security holes and are currently being blocked if their sizes are less or equal to 1MB in size.

    .ADE Microsoft Access Project extension
    .ADP Microsoft Access Project
    .ADB Microsoft Access Database
    .ASP Active Scripting program
    .BAS Basic file
    .BAT Batch file
    .CHM Compiled HTML
    .CMD WindowsNT/2000 Command script
    .COM executable file
    .COMMAND executable file
    .CPL control panel file
    .CRT Security Certificate
    .EXE executable file
    .HLP Windows Help File
    .HTA HMTL Applications
    .INF Setup Information File
    .INS Internet Communication Settings
    .ISP Internet Communication Settings
    .JS Java Script file
    .JSE JScript Encoded Script File
    .LNK Shortcut

    .MDB Microsoft Access Program
    .MDE Microsoft Access MDE Database
    .MSC Windows Common Console Document
    .MSI Windows Installer Package
    .MSP Windows Installer Patch
    .MST Microsoft Visual Test Source files
    .PCD Photo CD Image, Microsoft Visual Compiled script
    .PIF Program Information File
    .REG Registry file
    .SCR Screen Saver
    .SCT Windows Script Component
    .SHS Shell Scrab Object
    .URL Universal Resource locator file
    .VB Visual Basic file
    .VBE Visual Basic Encoded Script file
    .VBS Visual Basic script
    .WSC Windows Script Component
    .WSF Windows Script File
    .WSH Windows Script Hosting Settings File


    Newly Added Unsafe Extension following Office 2000 Service Pack 3.

    .APP Visual FoxPro Application
    .FXP Visual FoxPro compiled program
    .PRG Visual FoxPro program
    .MDW Microsoft Access Workgroup Information
    .MDT Microsoft Access Workgroup Information

    .OPS Office XP Settings
    .KSH Unix Shell Extension
    .CSH Unix Shell Extension


    Note: This list will be modified as the need arises.

    The statistics of blocked dangerous enclosures is available online at: under Mail Stats section

  5. I need to send sensitive file and now I can't send encrypted zip files. What do I do?

    Because all encryptred zip/rar files are blocked, if you MUST send encrypted compressed attachments via email, we recommend using gzip to create .gz or .gzip format. Other recommended program is Stuffit . StuffIt will create .sit file. These extensions (.gz, .gzip) are considered safe currently and are not blocked by most virus filters including ours. Please note that these compressed file are not immune from viruses. A good rule of thumb is to always verify with the sender when you get an email attachment. See How do I protect myself against email viruses (such as worms)? for more details.

    WARNING Never open an attachment with an instruction that ask you to rename a file extension without first verifying with the sender. Example of such message: "Hi, I've sent you an attachment, please rename the file to filename.exe."
    This kind of message is crafted to go around the suspicious attachment filter and should be treated with cautions.

    Best Practices:

    The best way to exchange files is probably by NOT sending the files in email. Other than the attachment could be blocked, many people may not be able to receive the files you were sending due to disk space restrictions. Many mail servers have limited disk quotas and your email may be rejected if the recipient is running out of space.

    1. A good alternative to sending files in email is storing files in your personal website. This is the prefered method of file exchange assuming the sender has a website where such files can be stored. In this method, you would send the web site address (URL) and let the recipient of the email retrieve the file him or herself. To add to its benefit, you can also password protect access to your files and share only to those who knows the password.

    2. Other alternative to transfer files is to use an anonymous FTP service on Computer Science machines. This method allows your colleage to drop or get files in your predefined folder. For more instruction how to set up this folder see http://www.cs.rutgers.edu/~watrous/anonymous-ftp.html


  6. Helpful Links: