Yale University

Email services

Yale ITS Home Email Services

Gateways for:

Help Desk
203.432.9000
203.785.3200

ITS Office
Yale University
175 Whitney Avenue
P.O. Box 208276
New Haven, CT
06520-8276
USA

Yale logo.

Central campus attachment renaming

If you receive a renamed attachment and have been directed to this Web page you should assume the attachment contains malicious computer code. BEFORE USING ANY RENAMED ATTACHMENT - CHECK THE FILE FOR VIRUSES WITH UP-TO-DATE VIRUS CHECKING SOFTWARE! Details are below.

Attachment renaming occurs on attachment types that can easily carry malicious code and that are almost never used for real information exchange at Yale.

Common attachment types such as those used by MS Word, Excel or Adobe, are NOT renamed by this process.

Note that messages and attachments are not examined or "scanned" for content at all with this process. This process detects that an attachment is present by reviewing message header information. If present, the process reviews and potentially changes the attachment's file name.

Also note that for messages originating in the Medical Center, the Medical Center's attachment processing is slightly different than what is described here. Please see the comparison of Medical Center and Central ITS attachment processing page for a detailed comparison.

Attachment renaming FAQs

Why is this attachment renaming needed?

Email messages which contain certain types of attachments are used to distribute malicious computer code such as worms, viruses and trojan horses. Often these messages appear to come from someone you know or are worded in such a way to trick you into opening the attachment which then runs the malicious code on your computer. To guard against accidentally running malicious software in this way, ITS renames certain attachment types on the Central Yale email systems.


How will I know I have received a renamed attachment?

The email message that contains the renamed attachment(s) will have a short text message inserted at the very beginning.


How are the attachments renamed?

As email messages are sent through the system, the headers indicate whether or not an attachment is present. If there is an attachment to a message and it's one of the attachment types associated with malicious computer code, the attachment is renamed by changing the file extension to ".xex". For example, an attachment named "myprog.exe" is renamed to "myprog.xex" and an attachment named "myscript.com" is renamed to "myscript.xex".


Where did this list come from and how can it change?

ITS determined which file types to rename based on a list of file types published by Microsoft. These file types are considered "unsafe" by Microsoft.


If I use these file types, how can I avoid attachment renaming?

The following alternatives, both email and non-email based, can be used to transfer files. Keep in mind, that you must take responsibility for the safe and virus-free transfer of files if you use one of these alternative methods. Check your files with up-to-date anti-virus software before transferring them!

Using email:

  • save your file using a safe file extension then send it normally, giving recipients instructions on how to open the file
  • use encryption software such as pgp - added benefit of transferring files securely

Using standard file sharing services - not email based:

  • use the web sever to share files - any file you post there can be retrieved by others
  • use the Yale File transfer facility
  • use Microsoft networking file shares - share folders on your local drive with others on Yale's network - added benefit that folder "appears" local to all users.

What happens if these renamed attachments are opened accidentally?

Since these renamed files are not valid file extensions, if you try to open this attachment, your computer will ask you what software to associate with this extension. For example, files with extensions of ".doc" are opened automatically with MS Word, while ".xls" files are open with MS Excel. With this attachment renaming process, we are changing the file extension of the suspicious attachments to ".xex".

These attachment types can not be accidentally opened in Pine or ITS Web Email.

How do I open a renamed attachment?


It's as simple as Save, Check and Rename:

  1. Save the attachment to your local computer (this is no different from saving any attachment )
  2. Check for viruses by running up-to-date anti virus software on the file (Semantic Anti Virus software is available to all Yale users)
  3. Rename the attachment back to its original name (the email message you received which contained the renamed attachment also contains the attachment's original extension)

If you do not need the attachment simply delete it.


What about Word and Excel documents?

Attachments for many applications such as Word or Excel are not renamed. While it is possible to spread malicious software in these documents with "macro" viruses, it is currently much less common to see these types of viruses. To provide additional protection in these applications, however, users should disable automatic Macro execution.


Does this protect me from computer Viruses?

NO! This is not a virus scanning or removing service for your email.

Related links

Jump to top.

Last modified: Thursday, 13-Sep-2007 15:54:39 EDT. (jj)