We received an .mdb-file as an e-mail attachment. Wondering why this is possible i checked Microsoft Q883260, which says (or said, i kind of can't find the document right now):
Dangerous:
.mda
.mdb
...
.mdz
The MailScanner Default Rule says "deny .md[az]". I am wondering if this should be "deny .md[a-z]" as a best practice. We've also seen lots of trojans send as .iso or .img-files, which are also not blocked by default.
This is what we added to the "Q883260 list"
deny \.ade$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.adp$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.app$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.asp$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.bas$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.csh$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.fxp$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.inf$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.isp$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.ksh$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mat$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mdb$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mde$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mdt$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mdw$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.msc$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.msi$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.msp$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.mst$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.ops$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.pcd$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.prg$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.accdb$ Dangerous attachment type (according to Microsoft) Dangerous attachment according to Microsoft Q883260
deny \.iso$ used for malware 2019 used for Malware 2019
deny \.img trojans trojans
We received an .mdb-file as an e-mail attachment. Wondering why this is possible i checked Microsoft Q883260, which says (or said, i kind of can't find the document right now):
Dangerous:
.mda .mdb ... .mdz
The MailScanner Default Rule says "deny .md[az]". I am wondering if this should be "deny .md[a-z]" as a best practice. We've also seen lots of trojans send as .iso or .img-files, which are also not blocked by default.
This is what we added to the "Q883260 list"