This is *new* to me -- a File with the IMG Extension sent as an eMail Attachment. This seems rather clever use of this *feature*, as on Windows, when you click on the file it mounts the file as a virtual volume which then contains the malware. It is an interesting way to obfuscate the content and hide it from the malware scanners.
To combat this, I want to remind to folks to update their "Inbound Extension Blacklist" as well as their "Outbound Extension Blacklist" as they see fit to filter out BAD attachments. To make this change go to Super Admin Login --> Settings --> General -->Attachment Card. I believe this list is empty when you build a new SmartMail Server. You also have a similar function in the File Storage Card on the same web page. I keep all three block lists in sync manually.
"Inbound Extension Blacklist" works as one would think with a twist; during the SmarterMail SMTP communications process -- everything else about the eMail being equally OK; SmarterMail transmits to the Sending eMail Sever a "250 OK" and then initially accepts the eMail. A few moments later, as SmarterMail checks the content, SmarterMail determines an attachment is in the block list then sends a NDR (non-delivery report) with the following message:
"Delivery has failed to these recipients:
<recipient eMail Address>
Subject: RE: Test IMG
Remote Server returned: 'One or more disallowed attachment types were sent in the message (IMG)'"
Just sayin'... Every little bit helps... Maybe you can suggest some additional extensions that we should add to the list? Here is my current list of file attachments:
AIR
APP
BAT
CGI
CMD
COM
CPL
ESH
EXE
GADGET
HTA
IMG <<---- Just added this one!
JAR
JS
JSE
JSX
PL
PY
PYC
PYO
REG
RGS
SCR
SCRIPT
SCT
UDF
VB
VBE
VBS
VBSCRIPT
WS
WSF