Exchange Messaging Outlook Volume 8, Number 20
Information on this page is several years old and may be out-of-date;
some links may not work.
Greetings! Welcome to Vol. 8, No. 20, 4 Feb 2004 of Exchange
Messaging Outlook, a biweekly newsletter about Microsoft Exchange
and Microsoft Outlook.
- New utilities
- Updated utilities
- Other resources
LESSONS TO LEARN FROM MYDOOM
With MyDoom (aka Novarg or MiMail.R) still going strong, this is a
good time to review good practices for using antivirus scanners and
Outlook's preview pane.
First, lets talk about server-side antivirus scanners. If you're an
e-mail administrator and aren't using an antivirus scanner on the
mail servers, shame on you. There are a number of excellent and
affordable antivirus scanners available, many also block file types
and offer some antispam capabilities.
If you're scanning e-mail for viruses but not limiting the file
types you allow into your network, it's time to review your policy
on attachments and at the very least block exe, pif, scr, and bat
extensions. While Outlook 2002/2003 block these by default, there
are a number of ways users can gain access to them. For a complete
list of suggested attachment types that should be removed at the
server level, visit the
Please disable virus alerts to external users. Too many of the newer
viruses are capable of grabbing addresses from any source to use in
the To and/or From fields. This means it's highly likely the address
listed in the From field is not really the person with an infected
computer, yet they have to deal with the warnings sent by your
scanner. Believing the warnings are true, the recipient wastes
valuable time scanning their systems to insure they aren't infected.
Others are unsure what is going on and open the message and
attachment. To make matters worse, MyDoom includes a list of
approximately 20 common names which it adds to domains it discovers,
often resulting in a flood of NDRs when the virus scanners send out
Robert Crayk, an administrator and fellow Outlook MVP, had this to
"I spent more time today assuring clients that they haven't got the
of these types of NDR. The worse one had this as part of their text:
"This notice is sent as a courtesy so that you have the option of
contacting your user
and helping them get rid of the virus. This message was sent by
If your mail server had better virus protection, it would have
caused less work for
our server and could have prevented one of your users from getting a
I told my client that if the NDR sender had a better administrator
90% of their
problems would disappear."
Be a better administrator - disable the external warnings.
CLIENT SIDE VIRUS SCANNING
Up-to-date antivirus definitions on each desktop will help prevent
most viruses, but it can lead to a false sense of security with new,
fast moving viruses. As many administrators discovered with MyDoom,
a new virus can infect a large number of desktops before they have
time to get the antivirus software updated. Removing attachments,
including the zip format, from incoming mail is the only way to
provide 100% protection.
While it's easy for administrators to run an antivirus scanner on
their Exchange server, smaller businesses and home users often rely
on the email scanning feature found in most desktop antivirus
scanners. While email scanning works, it comes with a cost - it
slows send and receives, uses more resources, and often causes
Outlook to crash. Older scanners use a popproxy to intercept
messages and scan them, resulting in send and receive problems.
With all these problems, how important is it to scan mail at the
desktop? Keeping in mind that Outlook blocks executable file types
and all attachments are saved to a SecureTemp folder before they are
opened, a little bit of common sense and your desktop antivirus
scanner set on autoprotect eliminates the need to scan mail as it
- Think before opening attachments you didn't request. Don't open
attachments you weren't expecting or are suspicious about,
especially if they don't include a message from the sender
explaining why the attachment was sent-don't rely only on the virus
scanner for protection, as it's only as good as its last update.
- Don't unblock all of the file types Outlook blocks, remove only
those types you use often and consider unblocking them only long
enough to save the attachment.
- Visit windowsupdate.microsoft.com and
These three simple steps can and will prevent many virus infections.
For added security, use a firewall that renames or removes
HOW SAFE IS THE PREVIEW PANE?
Every time a new virus or worm makes the news, Outlook users always
ask if it's safe to use the preview pane. An article about MyDoom,
published last week by InternetWeek.com, added to the confusion when
it stated "All that the worm needs to propagate is a user that has
an open Microsoft Windows preview pane in Outlook" and "If this
Outlook pane is open, the worm automatically scours the user's
contacts and files." Both statements are far from the truth.
Outlook's attachment blocking features, added to Outlook beginning
with an Outlook 2000 post-SP1 patch released in June 2000, means the
preview pane in the later versions is very safe. Coupled with
Internet Explorer's iFrame vulnerability patch released in 2001,
Outlook's preview is very secure.
Each version of Outlook is more secure than the previous version,
giving administrators little reason to disable the preview pane by
default in Outlook 2002 or 2003. As always, it's best to stop
infected messages at the server or gateway, which means few, if any,
viruses should reach user's mailboxes. A responsible administrator
will also remove executable file types from messages at the server
level. As we all know, when viruses don't make it to the mailbox,
the preview pane is 100% safe.
PREVIEW PANE SECURITY BY VERSION
Outlook 97 is very secure, since it cannot render HTML formatted
messages. Since users can open HTML attachments which may contain
exploits, you'll still need to use an antivirus scanner on the
server and/or client.
Outlook 98 is the least secure version. Use Chilton Preview instead
of Outlook's own preview pane for the highest level of security.
Chilton Preview doesn't render HTML and users can open the message
or switch on the default preview pane to read HTML formatted mail.
Preview pane security is much improved in Outlook 2000, especially
with the attachment security and iFrame patches installed. Outlook
2000 doesn't run active content in the native preview pane, meaning
it's at least as safe to read messages in preview as it is to open
them. Chilton Preview makes Outlook 2000 100% secure.
Outlook 2002 has the attachment security features built in, making
it very secure, unless administrators allow some file types.
However, iFrames may be a problem unless the iFrame security patch
is installed. While the native preview pane is very safe to use,
Chilton preview can be used with Outlook 2002. Outlook 2002 SP1
allows you to disable HTML rendering on all messages by creating the
ReadAsPlain registry key. (See
Outlook 2003's preview pane is very secure and there is no reason to
disable the preview pane for antivirus reasons. Chilton Preview
won't work with Outlook 2003, but it's not really needed since
Outlook 2003 blocks downloaded content by default and users can
disable HTML rendering from the Tools, Options, Preferences tab,
E-mail Options dialog. [[Update: Chilton Preview was updated in May
2004 to support Outlook 2003]]
Chilton preview is available at
Since it prevents HTML from rendering, it also prevents web bugs
from identifying users. Note that it allows easy access to blocked
ATTACHMENTS PROCESSOR FOR MS OUTLOOK
Automatically removes attachments from incoming messages and saves
them to your hard disk. A link to the file or a text file with
attachment description and the link to it can be added to the
OUTLOOK SHUTDOWN ADDIN
If you have problems with Outlook remaining in memory when you exit
it, Outlook Shutdown Addin is for you. This is a COM add-in which
enables Outlook to shutdown completely when a user exits from the
application, eliminating the need to open Task Manager to end
TABLET ENHANCEMENTS FOR OUTLOOK
Adds true ink support to Microsoft Outlook XP and 2003 by adding
three menu items to the New menu in Outlook. These new toolbar
buttons allow you to quickly enter data using the pen without being
delayed by incorrect recognition results or the very
counter-productive on screen keyboard. When you are finished, you
can analyze the recognition results and save the data as an Outlook
contact, appointment, or task.
UNIVERSAL MAIL DRIVE
The Universal Mail Drive saves documents as email, enabling access
to your documents from the Internet. It adds "Save As Email" to the
File Menu in Word, Excel & Powerpoint, so you can easily save
documents to your mailbox. Works OWA or VPN connection.
Updated, now shares Contacts and Calendar. Online repository and
software for copying Outlook appointments and contacts that you want
to share to the online site. Users with appropriate permission can
import appointments and contacts shared by other CalShare users.
Subscription-based web service for team collaboration. Can be used
just on the Web or use the Outlook Import-Export feature to synch
your personal Outlook data with your Online project 4Team for
Outlook. Service update includes automatic calculation of completion
dates and a right click dynamic menu for all items.
OUTLOOK YEAR VIEW CONTROL
Updated - now includes ASP .NET application for publishing to
Internet or Intranet. ActiveX control that provides a full year view
of Outlook appointments, with different colors for categories. Setup
program builds a web page to display the planner view of any
calendar folder in Outlook as a folder home page.
CUSTOMIZING MICROSOFT OUTLOOK WEB ACCESS
This online book provides an overview of Exchange 2000, the Outlook
Web Access architecture, and the individual components that make up
Outlook Web Access. It includes information for developers who want
to customize and extend Outlook Web Access for their own solutions.
EXCHANGE SERVER 2003 GLOSSARY
The Exchange Server 2003 Glossary contains important terms and
definitions for the Exchange Server 2003 product, including
definitions of key components and processes within Exchange overall
and definitions of other processes and components from products that
Exchange works with, such as Active Directory.
This is a working document that Microsoft plans to keep updated.
EXCHANGE SERVER 2003 RPC OVER HTTP DEPLOYMENT SCENARIOS
This guide examines four scenarios for deploying the Windows RPC
over HTTP feature. The scenarios include using RPC over HTTP with
front-end and back-end servers when ISA is on the perimeter network,
with the RPC proxy server on the perimeter network, using a single
Exchange Server that doubles as a global catalog server, and secure
sockets layer offloading.
HOW TO CONFIGURE RPC OVER HTTP IN EXCHANGE SERVER 2003
Newly published step-by-step article describes how to configure
remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP)
in Microsoft Exchange Server 2003.
MAILBOX MANAGEMENT IN EXCHANGE SERVER 2003
Links to information on the Microsoft Product Support Services (PSS)
and TechNet websites about managing, configuring, and
troubleshooting mailbox stores and public folder stores.
MICROSOFT ONLINE SEMINARS: MICROSOFT EXCHANGE
Learn how to maximize your business potential with Microsoft
Exchange Seminars. These are designed to meet the needs of
developers, IT professionals, and business decision makers. Sessions
include Outlook Web Access, Exchange 2000 Conferencing Server,
upgrading from cc:Mail and GroupWise, building group calendaring
applications, and deploying Exchange.
WIN32.NOVARG.A@MM WORM PROTECTION SCRIPT
Vamsoft released a SMTP transport event sink script developed
specifically to filter W32.Novarg.A@mm worm emails (a.k.a. W32/Mydoom@MM,
WORM_MIMAIL.R). They also have a SMTP event sink available to drop
messages infected with the Swen worm/IFRAME vulnerability, as well
as other useful scripts, all free of charge.
to subscribe to the Exchange Messaging Outlook newsletter.
Exchange Messaging Outlook Newsletter
ISSN 1523-7990 Copyright 1996-2015, Slipstick Systems and CDOLive LLC. All rights reserved.
Sunday January 04 2015
Copyright Slipstick Systems. All rights reserved.
Send comments using our Feedback page