We have 2 levels of attachement checking. The first is at server level using GFI Security Essentials. It has a default list of blocked extensions. The second level is at the workstation level with Outlook 2003 since it also has a list of extensions it blocks by default. (And yes, I know I can do a registry entry, etc. to modify Outlook to "unblock" one or more file extensions - that is not my question).
I took both lists (GFI and Outlook) and compared them to each other. Most of the extensions one one list are matched by the other and I'm making the assumption that if both agree, then there's a pretty good reason why those extensions are blocked. (May be an incorrect assumption but I have to start somewhere!). Anyway, I am left with a short list of extensions that are blocked by only GFI or only by Outlook.
Here's the lists:
Blocked by GFI only (default settings):
.wmd Windows Media Download Package
.wmv Windows Media Video
.wmz Compressed Windows Media Player Skin
.asf Advanced Systems Format (media format developed by Microsoft)
Blocked by Outlook only (default settings):
.mdz Microsoft Access wizard program
.mda Microsoft Access add-in program
.asx Windows Media Audio / Video shortcut
.prf Microsoft Outlook Profile Settings
.scf Windows Explorer Command
Finally, my questions: Can anyone tell me why each of these extensions would be blocked by default? How likely is it that a typical user would receive any of these for legitimate reasons (i.e. not a virus/trojan/malware of any kind)? I think the one that bothers my users most is the .wmv video files (and possibly .wmd - not sure if these are also video files?) At the moment, these types of files (GFI list) are simply deleted. I do have the option for quarantining the files and forwarding to the user after checking them...however, I have no idea what I would check for and how would I know if it's safe to forward to the user? Granted, most of these types of files are junk that probably shouldn't be coming to their business email but some of the users complaining are higher up management so I need to be able to respond appropriately.
I appreciate any help.