Skip to content

Sophos blocked email attachments

When you select Use Sophos list in the Attachment file types, by default we block certain attachments.

We block attachments with particular file extensions. We also examine attachments and block them based on their true file type (TFT), no matter what file extension they have.

Blocked by extension

Attachments with the following file extensions are blocked:

  • apk
  • bat
  • chm
  • cmd
  • com
  • cpl
  • crt
  • exe
  • hlp
  • hta
  • inf
  • ins
  • isp
  • js
  • jse
  • lnk
  • mdb
  • pcd
  • pif
  • reg
  • scr
  • sct
  • shs
  • vbe
  • vbs
  • wsf

Block by true file type (TFT)

We also examine attachments to find out what type of file they really are, and block certain types. This protects against attachments that are given false extensions to try and fool malware protection.

We don't list the extensions for these file types as we don't use the extension names to decide whether or not to block the attachment.

We block the following attachment types:

  • ELF: executable files for many non-Windows systems
  • Mach-O: object files used in macOS and iOS
  • MS-DOS
  • Microsoft Office files containing macros
  • Obfuscated Script: scripts in various languages that hide their real purpose
  • WebAssembly: binary code that web browsers can execute