Why are attachments being blocked by the VPOP3 Attachment Filter?

A problem that sometimes happens is that legitimate attachments are blocked by the VPOP3 Attachment Filter, and the administrator is unsure why they were blocked.

A common reason is that the attachment has a "double extension", for instance, these filenames would be blocked by the default Attachment Filter Rules.

  • Proposal.v12.pdf
  • Invoice (12.03.09).pdf

VPOP3 is not blocking them because they're PDFs. It's blocking them because they have double 'filename extensions'

A common virus trick is to send a dodgy file as something like 'document.doc.exe'. Windows/email clients will often strip off the last extension, so it will display that as 'document.doc'. The receiver thinks that is a document with a '.doc' file extension, so will open it - leading to much fun and hilarity.

So, the default attachment rules will block anything with a filename like blahblahblah"."<3 characters>"."<3 characters>

In the above examples the first extensions are 'v12' and '09)' respectively.

The attachment could just block .exe files, but, unfortunately, that would be insufficient because those aren't the only dangerous files. There are also .bat, .cmd, .vbs, .cpl, .chm, .asp, .hta, .inf, .reg, .lnk, .msh, .ops, .prf, .pst, .scr etc etc etc etc. There are hundreds of dangerous file extensions, and more keep being added (not because it's cool to add dangerous extensions, but there are more file types which do useful things which can also be used nefariously).

So, you can remove the '*.???.???' rule from the attachment filter rules which will stop this happening, but just be aware of the consequences.