Skip to main content

Handling Unsafe Email Attachments

I was directed to this page by a note in an email sent to me, what is this all about?

  • If you receive a renamed attachment and have been directed to this web page you should assume the attachment contains malicious computer code. BEFORE USING ANY RENAMED ATTACHMENT - CHECK THE FILE FOR VIRUSES WITH UP-TO-DATE VIRUS CHECKING SOFTWARE! Details are below.

Why are some attachments sent to me being renamed or removed?

  • To prevent infection by viruses which send themselves as certain file types attached to email messages, all messages sent to central York email accounts will be scanned for unsafe file types. Depending on the risk, these unsafe files are either renamed to prevent accidental infection, or removed entirely. In almost all cases, these are viruses, not legitimate files.
  • Note that these unsafe attachments are only renamed or removed on incoming messages to @yorku.ca accounts.

What kind of attachments/files are affected?

  • Attachment renaming or removal only occurs on attachment types that can easily carry malicious code (viruses) AND that are almost never used for real information exchange at York.
  • Common attachment types such as those used by MS Word, Excel or Adobe, are NOT affected by this process.
    • Messages containing attachment types almost exclusively associated with viruses will be delivered, but the suspect attachment will be removed and a notice inserted into the message informing the recipient of the removed attachment. The list of file types includes: .pif .com .bat .cmd .scr .exe and .zip files which contain these.
    • Other file types considered "unsafe", but are infrequently used will be renamed by adding "_UNSAFE" to the end of the file name. The list of file types includes: .reg .inf .hlp and others which are rarely, if ever, used for legitimate communication. Also, .zip files containing these unsafe types will also be renamed. A note will be inserted into the message informing about the file renaming.

If I have a legitimate need to receive such files, what can I do?

  • For files listed in #1 above, these types are mainly programs, and are rarely transmitted via email, however you can still receive these if the sender renames the attachment file name extension to something else (such as adding _UNSAFE to the end of the filename)before sending them.
  • For files listed in #2 above, If the "unsafe" attachment is known to be legitimate, the recipient may save it, and then rename it back to the original type by removing "_UNSAFE"  from the end of the file name, and use it as usual at that point. For example "driver.inf" will be renamed to "driver.inf_UNSAFE" and will need to be renamed back to the original "driver.inf" before use.

Before opening any such attachment, please be sure you are sure it is legitimate and that you have updated antivirus software running.  You can get antivirus software free.

Updated on April 17th, 2012.