Safe and unsafe file extensions

The following list of file name extensions lists types of files identified by
[tag]Microsoft[/tag] as containing potentially dangerous applications.

[tag]Dangerous File Extensions[/tag]

Extension File type
.ade Microsoft Access project extension
.adp Microsoft Access project
.asx Windows Media Audio / Video
.bas Microsoft Visual Basic class module
.bat Batch file
.chm Compiled HTML Help file
.cmd Microsoft Windows NT Command script
.com Microsoft MS-DOS program
.cpl Control Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.lnk Shortcut
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdt Microsoft Access workgroup information
.mdw Microsoft Access workgroup information
.mdz Microsoft Access wizard program
.msc Microsoft Common Console document
.msi Microsoft Windows Installer package
.msp Microsoft Windows Installer patch
.mst Microsoft Windows Installer transform
Microsoft Visual Test source file
.ops Office XP settings
.pcd Photo CD image; Microsoft Visual compiled script
.pif Shortcut to MS-DOS program
.prf Microsoft Outlook profile settings
.reg Registration entries
.scf Windows Explorer command
.scr Screen saver
.sct Windows Script Component
.shb Shell Scrap object
.shs Shell Scrap object
.url Internet shortcut
.vb VBScript file
.vbe VBScript Encoded script file
.vbs VBScript file
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file

The following list describes how Outlook functions when you receive or send
an "unsafe" file attachment:

Any file received in an email as an attachment with any of the extensions
listed above should NEVER be opened even if you know the person
that sent the file.

Safe File Extensions

Extension File type
.gif Graphics Interchange Format (CompuServe) 
.jpg or .jpeg Joint Photographic Expert Group 
.tif or .tiff Tagged Image File Format (Adobe)
.mpg or .mpeg Motion Picture Expert Group
.mp3 MPEG compressed Audio 
.wav Microsoft Audio

Files blocked by Zone Alarm:

Extension File type
*.ADE Microsoft Access Project Extension 
*.ADP Microsoft Access Project 
*.ASX Windows Media Audio/Video 
*.BAS Visual Basic® Class Module 
*.BAT Batch File 
*.CHM Compiled HTML Help File 
*.CMD Windows NT® Command Script 
*.COM MS-DOS® Application 
*.CRT Security Certificate 
*.DBX Microsoft Visual Foxpro Table 
*.EXE Application 
*.HLP Windows® Help File 
*.HTA HTML Applications 
*.INF Setup Information File 
*.INS Internet Communication Settings 
*.ISP Internet Communication Settings 
*.JS JScript® File 
*.JSE JScript Encoded Script File 
*.LNK Shortcut 
*.MDA Microsoft Access Add-in
*.MDB Microsoft Access Application 
*.MDE Microsoft Access MDE Database 
*.MDZ Microsoft Access Wizard Template 
*.MHT Web Archive File 
*.MSC Microsoft Common Console Document 
*.MSI Windows Installer Package 
*.MSP Windows Installer Patch 
*.MST Visual Test Source File 
*.NCH Outlook Express Folder File 
*.PCD Photo CD Image 
*.PIF Shortcut to MS-DOS Program 
*.PRF Microsoft Outlook Profile Settings 
*.REG Registration Entries 
*.SCF Windows Explorer Command 
*.SCR Screen Saver 
*.SCT Windows Script Component 
*.SHB Shell Scrap Object 
*.SHS Shell Scrap Object 
*.URL Internet Shortcut (Uniform Resource Locator) 
*.VB VBScript File 
*.VBE VBScript Encoded Script File 
*.VBS VBScript Script File 
*.WMS Windows Media Skin 
*.WSC Windows Script Component 
*.WSF Windows Script File 
*.WSH Windows Scripting Host Settings File 
*.ZIP ZIP Archive File

If an [tag]attachment[/tag] does not have one of these safe extensions its best not to open the attachment. Be especially suspicious of any file that has a doubled extension (for example,image.gif.exe). Normally files have only one three or four letter extension so a file with more than one extension is probably an attempt to trick you into opening the attachment.

Take great care when opening any email attachment.  

  • Think about who sent it and why.  
  • Is it relevant or not?  
  • Always run an up-to-date virus scanner loaded up with the latest virus
    signatures