The SANS ISC shares awareness that one cannot rely solely on blocking incoming email attachments by file type.  As shared below in recent spam trapping analysis some extremely rare file types are being sent in hopes of bypassing blocking controls.  While blocking is still a very effective control up-to-date AV and Windows updates complement protection in case something like this sneaks through the system

Yesterday, I found an interesting file in my spam trap. It was called ‘16509878451.XLAM’.   To be honest, I was not aware of this extension and I found this on the web: “A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’s used to add new functions to Excel. Similar to other spreadsheet file formats, XLAM files contain cells that are divided into rows and columns that can contain text, formulas, charts, images and… macros!”

Examples of very rare but legitimate FILE EXTENSIONS include some of these examples:

ACE, R01, ARJ, XLAM, and CAB