Frequently asked questions about extending file restrictions to ZIP files

What’s changing? For years, UC Davis anti-virus filters have blocked certain high-risk file types (.ani, .js. inf, etc.) when they’re sent as email attachments. Starting on Monday, April 28, the filters will also block the file types when they’re sent inside attached compressed files (specifically, ZIP, RAR and 7Zip).

What’s the benefit? The change will help protect faculty, students and staff from a significant source of attempts to infect campus accounts with viruses. A 24-hour test in December 2013 by Information and Educational Technology indicates that the tightened filtering will prevent another 2,000 to 3,000 high-risk email attachments from reaching campus email accounts each day.

What changes will I notice? Few people should notice any difference to their email. If someone sends you a prohibited file type inside a compressed file, you will not receive it.

Does this mean if I try to send or receive compressed files by email, they will be blocked? This filter affects only prohibited file types, whether sent inside compressed files or not. It does not affect commonly used file types, such as photos (.jpeg), documents (.docx), Excel spreadsheets (.xls), etc. Find the list of blocked file types at http://security.ucdavis.edu/attach_restrict.html

If someone sends me a compressed file containing blocked file types, will I know? You will not receive the message, so you will not know, unless the person sending you the file tells you some other way. (The sender will receive a “bounce” message.) When the sender is legitimate, there are better ways to share big files (see “I need to share big files” question, below).

If I send a compressed file with blocked file types, will I know? Yes. You will receive a standard rejection (“bounce”) message. You should then use a different method to share the information you want to share (see “I need to share big files,” below).

I need to share big files. If I shouldn’t email them, then how do I share them? Email is a poor way to share big files. Instead, use a secure content-sharing service. The campus offers Box for faculty, staff and students on the Davis campus (http://cloud.ucdavis.edu/cloud_storage.html), and FileLocker for employees of the UC Davis Health System (https://ucdhs.filelocker.com/login). (Ask your department if it requires you to use, or not to use, certain services.)

What file types are blocked? Find the list at http://security.ucdavis.edu/attach_restrict.html

Why does the campus block those file types? It’s standard practice. Hackers commonly use them to spread viruses. Viruses can corrupt essential data stored on your computer, thereby compromising the integrity of your computing system. Because most viruses originate or spread via email, the campus considers email filtering to be an important part of computer security.

Why is the campus making this change now? Malware sent inside compressed files was responsible for the fall 2013 outbreak of ransomware, which inspired IET to look into adding this new security measure. (Read more about ransomware in this UCLA faculty blog, http://uclafacultyassociation.blogspot.com/2013/10/email-virus-dont-pay-ransom-it- will.html.)

Does this process block prohibited file types sent from all email addresses, or just from @ucdavis.edu addresses? It blocks prohibited file types sent from all email addresses.

What does the “bounce” message say? It is a generic “550” reject message. It includes information such as “550 5.7.1 virus detected by ClamAV - ”. Each email client/server might display this message differently.

I understand the “bounce” notice process is different when a prohibited file type is sent as a simple email attachment, compared to when it’s sent inside a compressed file. That is correct. If you send an email with the banned attachments inside a compressed file, you will receive a standard “message rejected” notice. Your intended recipient will not receive anything. If you send prohibited email file types as attachments outside of compressed files, you as the sender do not receive a notice, but the recipient gets a message that says an attachment was removed. The software has different notification processes for the two circumstances. We hope that can be improved in the future.

Does this filter apply to all email sent with compressed files to people at UC Davis? The new filter rules apply to all campus accounts that use central email services. This includes the main campus email systems--DavisMail, Geckomail/Cyrus, Office 365, and uConnect--as well as any of the 81 smaller, departmental email services that are routed through the central email servers. So, that’s almost all of the campus.

Did the campus discuss this change? Yes. The Technology Infrastructure Forum (http://tif.ucdavis.edu/) and its security subcommittee, among others, have discussed the change, the impact on campus, timing, communications, and related matters. The TIF-Security subcommittee believes the new block is an industry standard and should be implemented following appropriate change management and campus notifications. All of that is underway.

Will IET measure the effect of this change? Yes. IET’s email and security teams will monitor logs to gauge the impact this change will have on end users.

If I have questions, whom can I contact? Contact your department’s technology support, or call the IT Express Service Desk at 530-754- HELP (4357). IT Express is open weekdays except holidays from 7 a.m. to 6 p.m.