I tried to send an e-mail to someone with an attachment that I *know* is not infected with a virus, yet the mail system quarantined it! What gives?
Unfortunately, there are circumstances where the mail server will quarantine innocent messages. Any message that is named in such a way as to contain multiple extensions will be flagged as suspect and quarantined automatically. This is due to the prevalence of malware using this technique to trick people into opening infected files. For example, we often see infected files named in the following fashion (this is only a tiny fraction of actual file names we see, but serves to illustrate the point): document_full.pif attach.rar.exe email-info.htm.scr email-text.pif IMPORTANT.txt .exe body.htm .scr data.htm .exe To prevent these sorts of attachments from sneaking in to our network before anti-virus vendors detect the latest and greatest malware, we simply quarantine them. This has the unfortunate side effect of also quarantining attachments that are legitimate but named in a similar fashion, like so: blahblah.rtf.wps blahblah.23mar04.txt very-important-dissertation.doc.pdf my life work.cr
