Our email scanning is run by an external company. It has been working up to a point, but due to the large amount of spam getting through they are upgrading this service. As part of this upgrade, I have been given a list of attachment file types and asked which I want them to block and which to allow.
Half of these I am pretty sure about, but I need some guidance on what some of the others are and whether they are a genuine security threat.
Here's what I have left...
Binary - encrypted
Binary - not protected
LZH compressed archive (if we allow .zip, any reason not to allow these?)
Possible install shield
PEM - Privacy enhanced mail (we are allowing PGP, so why not these?)
ARJ (see LZH comment)
Apple double resource fork
Embedded OLE Object
Embedded OLE Package
MS Project - MPP
Win32 Unknown Executable
Then, is there any reason to allow any of these scripts in a business email message...