Safe and Unsafe File Extensions

The following list of file name extensions lists types of files identified by Microsoft as containing potentially dangerous applications.

Dangerous File Extensions

ExtensionFile type
.ade Microsoft Access project extension
.adpMicrosoft Access project
.asxWindows Media Audio / Video
.basMicrosoft Visual Basic class module
.batBatch file
.chmCompiled HTML Help file
.cmd Microsoft Windows NT Command script
.comMicrosoft MS-DOS program
.cplControl Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.ispInternet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdt Microsoft Access workgroup information
.mdw Microsoft Access workgroup information
.mdz Microsoft Access wizard program
.msc Microsoft Common Console document
.msiMicrosoft Windows Installer package
.msp Microsoft Windows Installer patch
.mstMicrosoft Windows Installer transform
Microsoft Visual Test source file
.ops Office XP settings
.pcd Photo CD image; Microsoft Visual compiled script
.pif Shortcut to MS-DOS program
.prfMicrosoft Outlook profile settings
.regRegistration entries
.scf Windows Explorer command
.scrScreen saver
.sct Windows Script Component
.shb Shell Scrap object
.shsShell Scrap object
.url Internet shortcut
.vbVBScript file
.vbe VBScript Encoded script file
.vbsVBScript file
.wscWindows Script Component
.wsfWindows Script file
.wsh Windows Script Host Settings file

The following list describes how Outlook functions when you receive or send an "unsafe" file attachment:

Any file received in an email as an attachment with any of the extensions listed above should NEVER be opened even if you know the person that sent the file.

Safe File Extensions

Extension File type
.gif Graphics Interchange Format (CompuServe) 
.jpg or .jpeg Joint Photographic Expert Group 
.tif or .tiffTagged Image File Format (Adobe)
.mpg or .mpegMotion Picture Expert Group
.mp3MPEG compressed Audio 
.wav Microsoft Audio

If an attachment does not have one of these safe extensions its best not to open the attachment. Be especially suspicious of any file that has a doubled extension (for example,image.gif.exe). Normally files have only one three or four letter extension so a file with more than one extension is probably an attempt to trick you into opening the attachment.

Take great care when opening any email attachment.  

  • Think about who sent it and why.  
  • Is it relevant or not?  
  • Always run an up-to-date virus scanner loaded up with the latest virus signatures

NOTE:  Microsoft Outlook 2002 / XP blocks all attachments with the dangerous file extensions listed above right out of the box.

Attachment Options

Attachment Options is an Outlook 2002, Outlook 2000 SP3 and Outlook 2003 COM add-in that provides a user interface for changing which file types are restricted as Level 1 attachments. Level 1 attachments are hidden by Outlook, and cannot be seen, saved or opened from Outlook items. Moving an attachment extension to Level 2 enables the user to see the attachment and to save it to the file system. The attachment saved to the file system can later be opened by the user.

Adrian Kingsley-Hughes
Last updated: May 4th 2004
Print This Page   |   Email me when this page changes    |  Search This Site System Scanner does the work for you!

Contact Us