[from: http://www.sbcs.com/SBCS/ChannelItems/index.cfm?action=ShowItem&Item_ID=1119&CFID=109222&CFTOKEN=60577108]

Fellow security gurus:

The following file extensions can contain executable code.

This means they can potentially carry a virus to infect your computer.

Best practice is to block any incoming attachment with one of these extensions if you're not already doing so!

We implemented this on our email system many months ago and all new viruses that have come out in email since have not even been an issue for us, they are simply blocked. Hope this helps you.....

* .ade: Microsoft Access project extension
* .adp: Microsoft Access project
* .bas: Microsoft Visual Basic class module
* .bat: Batch file
* .chm: Compiled HTML Help file
* .cmd: Microsoft Windows NT Command script
* .com: Microsoft MS-DOS program
* .cpl: Control Panel extension
* .crt: Security certificate
* .exe: Program
* .hlp: Help file
* .hta: HTML program
* .inf: Setup Information
* .ins: Internet Naming Service
* .isp: Internet Communication settings
* .js: JScript file
* .jse: Jscript Encoded Script file
* .lnk: Shortcut
* .mdb: Microsoft Access program
* .mde: Microsoft Access MDE database
* .msc: Microsoft Common Console document
* .msi: Microsoft Windows Installer package
* .msp: Microsoft Windows Installer patch
* .mst: Microsoft Visual Test source files
* .pcd: Photo CD image, Microsoft Visual compiled script
* .pif: Shortcut to MS-DOS program
* .reg: Registration entries
* .scr: Screen saver
* .sct: Windows Script Component
* .shs: Shell Scrap object
* .shb: Shell Scrap object
* .url: Internet shortcut
* .vb: VBScript file
* .vbe: VBScript Encoded script file
* .vbs: VBScript file
* .wsc: Windows Script Component
* .wsf: Windows Script file
* .wsh: Windows Script Host Settings file

Paul Sheahan

Manager of Information Security

Priceline.com

paul.sheahan@priceline.com