(from the Zone Labs Technical Support Knowledgebase)

ZoneAlarm's MailSafe feature detects e-mail attachments and alerts the user to their presence. When a potentially dangerous attachment is detected (POP3 and IMAP protocols), ZoneAlarm quarantines it by changing the extension so that it cannot be executed accidentally. For example, a file called SERVER.EXE will be renamed SERVER.ZL9 if you have chosen to quarantine files with the .EXE extension. (The file itself is NOT moved).

- To Enable MailSafe : Go to Email Protection -> Main and click ON.
- To Disable MailSafe : Go to Email Protection -> Main and click OFF.
- To select the types of attachments you would like ZoneAlarm to quarantine, Go to Email Protection -> Attachments. You can add a new attachment type here. You can also change the current setting for a type already listed by clicking in the Quarantine column, and select either Quarantine or Allow.

To open a quarantined attachment:
Quarantined attachments are not moved anywhere - they are still attached to the original email, with the new extension. When you double-click on the attachment, ZoneAlarm will verify whether or not you would like to open the attachment. You can choose to open the attachment, delete it, or to check further on the validity of the email and the attachment. Since most recent viruses and worms have spread via email attachments, it is very important to protect against them.

To record MailSafe alerts in the log file, go to Alerts -> Advanced, and check the appropriate box. The log file will give both the old and new extensions.

Sometimes there can be conflicts with multiple programs trying to check the same file. If you find there is a conflict between MailSafe and your antivirus' email scanning, we suggest that you disable your antivirus' email scanner, BUT, make sure that the antivirus is set to scan ALL files "on access". This gives you the best protection from both worlds, as MailSafe will quarantine dangerous attachments even if it is a new virus that your antivirus is not able to detect yet, and it is still scanned by the antivirus should you choose to open the attachment anyway.

MailSafe Default Extensions (may vary slightly by version):

By MailSafe extension:

zl0 = ADE
zl1 = ADP
zl2 = BAS
zl3 = BAT
zl4 = CHM
zl5 = CMD
zl6 = COM
zl7 = CPL
zl8 = CRT
zl9 = EXE
zla = HLP
zlb = HTA
zlc = INF
zld = INS
zle = ISP
zlf = JSE
zlg = LNK
zlh = MDB
zli = MDE
zlj = MSC
zlk = MSI
zll = MSP
zlm = MST
zln = PCD
zlo = PIF
zlp = REG
zlq = SCR
zlr = SCT
zls = SHS
zlt = URL
zlu = VBE
zlv = VBS
zlw = WSC
zlx = WSF
zly = WSH
zlz = ASX
z0 = JS
z1 = VB
zm0 = DBX
zm1 = MDA
zm2 = MDZ
zm3 = NCH
zm4 = PRF
zm5 = SCF
zm6 = SHB
zm7 = WMS
zm8 = MHT
zm9 = ZIP
zma = RAR?
zmb = DLL
zmc = EML
zmd = OCX
zme = SYS

By Original extension:

ADE = zl0
ADP = zl1
ASX = zlz
BAS = zl2
BAT = zl3
CHM = zl4
CMD = zl5
COM = zl6
CPL = zl7
CRT = zl8
DBX = zm0
DLL = zmb
EML = zmc
EXE = zl9
HLP = zla
HTA = zlb
INF = zlc
INS = zld
ISP = zle
JS = z0
JSE = zlf
LNK = zlg
MDA = zm1
MDB = zlh
MDE = zli
MDZ = zm2
MHT = zm8
MSC = zlj
MSI = zlk
MSP = zll
MST = zlm
NCH = zm3
OCX = zmd
PCD = zln
PIF = zlo
PRF = zm4
RAR = zma
REG = zlp
SCF = zm5
SCR = zlq
SCT = zlr
SHB = zm6
SHS = zls
SYS = zme
URL = zlt
VB = z1
VBE = zlu
VBS = zlv
WMS = zm7
WSC = zlw
WSF = zlx
WSH = zly
ZIP = zm9

Message Edited by Forum-Moderator on 05-10-2006 11:01 AM