Na spodnjem seznamu so končnice prilog, ki jih MailScanner blokira (okužene priloge bodo odstranjene iz e-poštnih sporočil in premaknjene v območje karantene za 30 dni).
# Te končnice so znane, in skoraj v vseh primerih nevarne
.reg Possible Windows registry attack
.chm Possible compiled Help file-based virus
.cnf Possible SpeedDial attack
.hta Possible Microsoft HTML archive attack
.ins Possible Microsoft Internet Comm. Settings attack
.jse_ Possible Microsoft JScript attack
.lnk Possible Eudora *.lnk security hole attack
.ma_ Possible Microsoft Access Shortcut attack
.pif Possible MS-Dos program shortcut attack
.scf Possible Windows Explorer Command attack
.sct Possible Microsoft Windows Script Component attack
.shb Possible document shortcut attack
.shs Possible Shell Scrap Object attack
.vbe or .vbs Possible Microsoft Visual Basic script attack
.wsc .wsf .wsh Possible Microsoft Windows Script Host attack
.xnk Possible Microsoft Exchange Shortcut attack
.eml EMP files can trigger active scripting that can be used to launch virus activity
# Spodnje končnice se pogosto uporabljajo za pošiljanje virusov
.com Windows/DOS Executable
.exe Windows/DOS Executable
.iso Disc Image
.rar Roshal Archive Compressed file
.jar Java-specific manifest file
.img Disk image file
# Te končnice so zelo nevarne in jih v večini uporabljajo za skrivanje virusov
.scr Possible virus hidden in a screensaver
.bat Possible malicious batch file script
.cmd Possible malicious batch file script
.cpl Possible malicious control panel item
.mhtml Possible Eudora meta-refresh attack
# Imena datotek ki se končajo z CLSID’s
{[a-hA-H0-9-]{25,}\} Filename trying to hide its real extension
Primeri:
A977FF0C-8757-4E76-8533-482F91946233
000209FF-0000-0000-C000-000000000046
# Imena priponk ki imajo nenavadno veliko presedkov
# Imena ki imajo podvojene končnice. V veliki večini se med temi datotekami skrivajo virusi in realne končnice.
Primeri:
.txt.pif
.doc.pif
.doc.com
.txt.exe
.nekaj.xsl