Yale University

Email services

Yale ITS Home Email Services

Gateways for:

Help Desk
203.432.9000
203.785.3200

ITS Office
Yale University
175 Whitney Avenue
P.O. Box 208276
New Haven, CT
06520-8276
USA

Yale logo.

Medical campus attachment renaming

All incoming email attachments sent to any of the ITSemail servers (biomed.med.yale.edu, omega.med.yale.edu, email.med.yale.edu) are being filtered. Attachments have the potential to damage client computers and to spread malicious code throughout the Yale network as well as to others on the Internet.

  1. Attachments that are known to contain malicious code will be stripped from the email message. A warning message will be inserted into the original message, to state that the attachment was removed.
  2. Attachments with extensions that have an increased likelyhood of containing malicious code (i.e., *.exe) will be renamed, but not removed. A warning message will be inserted into the original message, to state that this has been done and how to restore the file if you belive it is not malicious.
  3. A variety of other attachments with low potential for containing malicious code will simply have a warning message inserted into the original email text, but the attachment will not be renamed or stripped.

These proactive measures are being taken to protect individual computers from potentially malicious attacks via email and to protect the integrity of the Yale network.

Stripped attachment

This is an email with an attachment whose name is identical to the name of a known virus (i.e., dwarf4you.exe, juliet.chm) or is a file type (i.e., *.vbs, *.scr) that is at high risk of being harmful to your computer. It will be removed from your email message. The email message includes an automated message that reads:

Message inserted automatically by ITS Information Security:

The first part of the text is specific to file that was removed. For example, if the attachment was a *.vbs file the message would state:
Visual basic files are the basis of the I love you and KAK etc viruses which are extremely damaging. All .vbs files are removed from email messages.

The second part of the text is included in all email where an attachment has been stripped:
This email had an attachment whose name is identical to the name of a known virus or other program harmful to your computer. For safety, this attachment has been removed.

The final part of the text is included in all email messages that have attachments that were stripped, renamed, or which had a warning inserted:
If you need help, please contact the ITS Help Desk at 785-3200.
If you have comments or questions about this procedure, send email to information.security@yale.edu. Please note that the CONTENTS of the attachment have NOT been examined in any way, the action taken was entirely based on the name of the attachment.

Renamed attachment

The .exe attachment will be renamed and given an .xex extension (i.e., tugboat.exe becomes tugboat.xex). The email message with the renamed attachment also includes an automated message that reads:

Message inserted automatically by ITS Information Security:

The first part of the text is specific to file that was renamed:
This email has an attachment which is executable and could contain a virus or other program harmful to your computer. The attachment has been renamed with a .xex extension. If you are certain that you want to execute the attachment, save it and then rename it with a .exe extension before running it. If you need help recovering the file, contact the ITS Help Desk at 785-3200.

The final part of the text is included in all email messages that have attachments that were stripped, renamed, or which had a warning inserted:
If you have comments or questions about this procedure, send email to information.security@yale.edu. Please note that the CONTENTS of the attachment have NOT been examined in any way, the action taken was entirely based on the name of the attachment.

The default on many PCs is to have the Hide file extensions feature enabled. This will hide the .exe or. xex from file names. To change the view options to see file extensions,

  • Choose Options from the View pull-down menu in Windows Explorer
  • Select the View tab
  • Un-check the box for Hide file extensions for known file types

Warning message

The attachment is not changed in any way, but you are warned to be certain that the file you are recieving is not harmful. You should contact the sender to confirm it is non-malicious before you open the attachment.

The first part of the text is specific to the file. For example, a JavaScript attachment would state:
A warning has been inserted into this email by ITS Information Security because the email has an attachment named warn.

The second part of the text is included in all email attachment warnings: This attachment either has the same name as a known virus which has not been seen for some time, or is of a type which could be harmful to your computer if the sender so intended. We would urge you to be certain that you know who this email comes from and to save it to disk and check it with an anti-virus program before using the attachment.

The final part of the text is included in all email messages that have attachments that were stripped, renamed, or which had a warning inserted:
If you need help, please contact the ITS Help Desk at 785 3200. If you have comments or questions about this procedure, send email to information.security@yale.edu. Please note that the CONTENTS of the attachment have NOT been examined in any way, the action taken was entirely based on the name of the attachment.

If you have any questions or concerns, please contact the ITS Help Desk at 785-3200 or ITS Information Security at information.security@yale.edu.

Related links

Jump to top.

Last modified: Thursday, 13-Sep-2007 15:54:39 EDT. (jj)