Safe and Unsafe File Extensions
The following list of file name extensions lists types of files identified by Microsoft as containing potentially dangerous applications.
Dangerous File Extensions
|.ade||Microsoft Access project extension|
|.adp||Microsoft Access project|
|.asx||Windows Media Audio / Video|
|.bas||Microsoft Visual Basic class module|
|.chm||Compiled HTML Help file|
|.cmd||Microsoft Windows NT Command script|
|.com||Microsoft MS-DOS program|
|.cpl||Control Panel extension|
|.ins||Internet Naming Service|
|.isp||Internet Communication settings|
|.jse||Jscript Encoded Script file|
|.mda||Microsoft Access add-in program|
|.mdb||Microsoft Access program|
|.mde||Microsoft Access MDE database|
|.mdt||Microsoft Access workgroup information|
|.mdw||Microsoft Access workgroup information|
|.mdz||Microsoft Access wizard program|
|.msc||Microsoft Common Console document|
|.msi||Microsoft Windows Installer package|
|.msp||Microsoft Windows Installer patch|
|.mst||Microsoft Windows Installer transform|
|Microsoft Visual Test source file|
|.ops||Office XP settings|
|.pcd||Photo CD image; Microsoft Visual compiled script|
|.pif||Shortcut to MS-DOS program|
|.prf||Microsoft Outlook profile settings|
|.scf||Windows Explorer command|
|.sct||Windows Script Component|
|.shb||Shell Scrap object|
|.shs||Shell Scrap object|
|.vbe||VBScript Encoded script file|
|.wsc||Windows Script Component|
|.wsf||Windows Script file|
|.wsh||Windows Script Host Settings file|
The following list describes how Outlook functions when you receive or send an "unsafe" file attachment:
Any file received in an email as an attachment with any of the extensions listed above should NEVER be opened even if you know the person that sent the file.
Safe File Extensions
|.gif||Graphics Interchange Format (CompuServe)|
|.jpg or .jpeg||Joint Photographic Expert Group|
|.tif or .tiff||Tagged Image File Format (Adobe)|
|.mpg or .mpeg||Motion Picture Expert Group|
|.mp3||MPEG compressed Audio|
If an attachment does not have one of these safe extensions its best not to open the attachment. Be especially suspicious of any file that has a doubled extension (for example,image.gif.exe). Normally files have only one three or four letter extension so a file with more than one extension is probably an attempt to trick you into opening the attachment.
Take great care when opening any email attachment.
- Think about who sent it and why.
- Is it relevant or not?
- Always run an up-to-date virus scanner loaded up with the latest virus signatures
NOTE: Microsoft Outlook 2002 / XP blocks all attachments with the dangerous file extensions listed above right out of the box.
Attachment Options is an Outlook 2002, Outlook 2000 SP3 and Outlook 2003 COM add-in that provides a user interface for changing which file types are restricted as Level 1 attachments. Level 1 attachments are hidden by Outlook, and cannot be seen, saved or opened from Outlook items. Moving an attachment extension to Level 2 enables the user to see the attachment and to save it to the file system. The attachment saved to the file system can later be opened by the user.