I'm being asked to review our policy on what attachments we block at our perimeter with our IronPort appliances. We currently block the following attachments (bas|bat|cmd|com|cpl|exe|hta|inf|ins|isp|js|jse|lnk|msc|msi|msp|mst|pif|reg|scr|sct|shb|shs|url|vb|vbe|vbs|wsc|wsh|wma|wmf|test) by filename contains.
Are there any standards or 'best practices' guidelines for what I should block?
Are the anti-virus filters good enough today to not have to block by attachment extension name anymore? Just asking.