Microsoft 365 - Executable Attachment Renaming
Due to security reasons, anytime a message which contains an executable attachment is sent to a non-UW-Madison Office 365 account or received from a non-UW-Madison Office 365 account, the attachment will be renamed for your protection.
Why was I referred to this page?
If a message has an attached executable file or archive that contains an executable file, the UW-Madison Office 365 SMTP servers will rename the file to "ORIGINAL-FILENAME_renamed" to prevent the operating system from easily executing the file.
The UW-Madison Office 365 servers scan all attachments for viruses and other malware, but it is possible for a few viruses to slip through in the minutes before anti-virus definitions are published for an individual virus variant.
All executable files should be handled with great caution. Before renaming the file, please contact the sender to verify that they intended to send it to you and that it is safe to execute. Keep in mind that some viruses are constructed in a way to trick you into trusting that the file is safe to open.
How do I determine who to contact to verify the attachment is safe to open.
The "From" header contains the sender's name and email address as specified by the sender. You can also look in the body of the message for the sender's name and contact information (if they included it.) However, it is possible for this information to be forged by a virus author. Even if the From address and the body look legitimate, you should still contact the sender to verify its legitimacy prior to running the program.
If there is no contact information, then it probably wasn't sent from someone you should trust.
How do I rename the file?
In Windows and Macintosh OS X:
- Save the file to your hard drive.
- Highlight the file.
- Click once on the file's name to edit it.
- Remove _renamed from the end of the filename.
- Press Enter or Return to stop editing the file name.
My desktop anti-virus program doesn't detect a virus in the message, is it ok to open the attachment?
You should not execute any unverified file attachments even if your anti-virus program doesn't detect a threat. It is common for every anti-virus program to miss some new viruses.
How do I prevent Office 365 from renaming the files that I send?
We recommend that you use one of the following alternative methods for sending executable files.
- Rename the file with a non-executable file extension prior to sending it. The Office 365 servers will not rename a file that has already been renamed.
- Upload the file to a secure location (or another location such as a departmental file server or one-click hosting service) and send a link or a ticket.
- Put the file in a zip (or other archive format) and set an encryption password on the archive.
- Send the file directly to the recipient using an instant messaging client.
- Put the file on some sort of physical media (such as a CD ROM disc or a USB thumb drive) and hand-deliver to the recipient (assuming the sender and the recipient are within close proximity to each other.)
- Encrypt the message using S/MIME (assuming both the sender and the recipient use S/MIME certificates.)
This is causing my S/MIME digital signature to appear invalid
When Office 365 renames the file and adds the warning message, it will cause an attached S/MIME digital signature to appear as invalid.
See the alternative methods for sending executable attachments above.
What file types are renamed?
*.ade *.adp *.bas *.bat *.chm *.cla *.class *.cmd *.com *.cpl *.crt *.email *.exe *.hlp *.hta *.inf *.ins *.js *.jse *.lnk *.msc *.msi *.mst *.ocx *.pcd *.pif *.reg *.scr *.sct *.shb *.shs *.url *.vb *.vbs *.vbe *.wsf *.wsh *.wsc *.???.exe *.???.lnk *.???.pif *.wncry *.scf