Email File Attachments You Should Not Open

The best advice concerning email attachments I could ever give is to simply never open them. But that’s unreasonable considering so many people trade files in email these days, be it documents, video clips or the like.

There are certain file types I absolutely will not open, or will use an alternative method to open them with.

And here they are:

.EXE

Fortunately, most email servers outright ban the use of sending .EXE files and I think that’s a good judgment. This is an executable file in Windows. You have no idea what it will do. And it may not be something your anti-virus/spyware/malware scanner can detect. You never know.

On the extreme rare occasion I get one of these, I will only open it in a virtual machine environment. And if it blows that up, no big deal because I can just kill the session and create another.

.ZIP

When one cannot send an .EXE, they archive it with ZIP and send it that way. Well, it’s just as bad.

.PDF, .DOC, .XLS

DOCs and XLSes can contain anything from simple macro viruses (relatively harmless but just annoys the crap out of you) to full-blown malicious code.

I do not open these locally. Instead I bring them into Google Docs.

Funny, true and somewhat sad story:

Years ago at a help desk job, the manager walks in and tells us all that there’s a particular applicant (we needed a position filled) who absolutely won’t be getting the job. Why? Because he sent his resume as a Word DOC, and it had a macro virus in it.

See the irony here. The guy was applying for a tech-help position yet sent his resume with a virus in it. Just plain sad.

.WMV, .ASF, .ASX, .MOV

WMV is Windows MediaVideo. ASF is Advanced Systems Format. ASX as Advanced Stream Redirector (yet has an X and I don’t know why, nor do I care). MOV is the Apple Quicktime Movie format.

All of these are video formats. And all routinely contain malware in them. I won’t open any sent to me.

Workaround: If it’s something I have to view, I’ll upload it to YouTube as a private video and watch it that way. Yes, that’s a real long runaround just to watch a vid, but it guarantees no malware code will be launched on my local system.

Is there a safe video format? Yes. MPEG or just MPG. But nobody uses that anymore unfortunately. Not when trading files in email anyway.

File formats I have no problem opening

Any image (BMP, GIF, JPG/JPEG, TIF/TIFF)

To the best of my knowledge there is no malicious code that can be executed from a static image format. With project files (such as Adobe Photoshop projects) I’m not sure.

HTML formatted email

I used to be very anti-HTML when it comes to email but not so much these days. Both local email clients and web-based ones have become "smart" enough not to load images or any other "bad" stuff automatically like they used to.

Audio files (MP3, WAV)

I have never received a virus or been infected with malware from a static audio file.

Unknowns?

If I receive an email with an attachment that has a format I’ve never seen before, I’ll Google it first to see what it is and decide whether to open it or not.

Example: I received a file from a friend once that was a 3G2, and had no clue what that was. I Google’d it and found it was a video file. In particular, 3GP format. When someone sends a video to you from their cell phone, chances are it will be this file type. You can use Quicktime to view it or just upload to YouTube privately to check it out.

Being it was sent to my email from a cell phone, I knew there was no virus or malware within it and it was safe to open.

I recommend this to anyone who receives files where you just don’t know what it is. Google it first and make your call from there.

Are there attachments you absolutely won’t open?

Let us know in the comments.