Filtering Tricky Attachments

Besides filtering attachments by their extensions, Xeams goes a few steps further by looking deeper into them.

This page discusses what Xeams does in the background.

Tricks Used by Spammers

Spammers are always looking for new techniques to circumvent filters. For example:
  • Hiding their payload inside a zipped file
  • Renaming file extensions to avoid getting caught. For example, an *.rtf file renamed as *.doc
  • Changing icons of .EXE files to match with PDF files and inserting spaces in the file name. For example: Notice.pdf                .exe
  • Embedding harmful attachments inside a PDF file
Xeams will effectively block any attachments that try to use tricks mentioned above.

Inspecting Attachments

Many attachments have innocent names and it is often difficult to judge if it is good or not. Unfortunately, the traditional way of determining a file is open them, which is often too late.

A better approach is to convert well-known file extensions into plain text before opening them. Safe Attachments Viewer in Xeams does exactly that.