Exchange Messaging Outlook Volume 8, Number 20


Information on this page is several years old and may be out-of-date; some links may not work.

Greetings! Welcome to Vol. 8, No. 20, 4 Feb 2004 of Exchange Messaging Outlook, a biweekly newsletter about Microsoft Exchange and Microsoft Outlook.

Today's highlights:

Regular features:

  • New utilities
  • Updated utilities
  • Other resources

 

 

LESSONS TO LEARN FROM MYDOOM

With MyDoom (aka Novarg or MiMail.R) still going strong, this is a good time to review good practices for using antivirus scanners and Outlook's preview pane.

First, lets talk about server-side antivirus scanners. If you're an e-mail administrator and aren't using an antivirus scanner on the mail servers, shame on you. There are a number of excellent and affordable antivirus scanners available, many also block file types and offer some antispam capabilities.

If you're scanning e-mail for viruses but not limiting the file types you allow into your network, it's time to review your policy on attachments and at the very least block exe, pif, scr, and bat extensions. While Outlook 2002/2003 block these by default, there are a number of ways users can gain access to them. For a complete list of suggested attachment types that should be removed at the server level, visit the Exchange FAQ.

Please disable virus alerts to external users. Too many of the newer viruses are capable of grabbing addresses from any source to use in the To and/or From fields. This means it's highly likely the address listed in the From field is not really the person with an infected computer, yet they have to deal with the warnings sent by your scanner. Believing the warnings are true, the recipient wastes valuable time scanning their systems to insure they aren't infected. Others are unsure what is going on and open the message and attachment. To make matters worse, MyDoom includes a list of approximately 20 common names which it adds to domains it discovers, often resulting in a flood of NDRs when the virus scanners send out warnings.

Robert Crayk, an administrator and fellow Outlook MVP, had this to say:

"I spent more time today assuring clients that they haven't got the virus because of these types of NDR. The worse one had this as part of their text:

"This notice is sent as a courtesy so that you have the option of contacting your user and helping them get rid of the virus. This message was sent by Declude Virus.

If your mail server had better virus protection, it would have caused less work for our server and could have prevented one of your users from getting a virus."

I told my client that if the NDR sender had a better administrator 90% of their problems would disappear."

Be a better administrator - disable the external warnings.

CLIENT SIDE VIRUS SCANNING

Up-to-date antivirus definitions on each desktop will help prevent most viruses, but it can lead to a false sense of security with new, fast moving viruses. As many administrators discovered with MyDoom, a new virus can infect a large number of desktops before they have time to get the antivirus software updated. Removing attachments, including the zip format, from incoming mail is the only way to provide 100% protection.

While it's easy for administrators to run an antivirus scanner on their Exchange server, smaller businesses and home users often rely on the email scanning feature found in most desktop antivirus scanners. While email scanning works, it comes with a cost - it slows send and receives, uses more resources, and often causes Outlook to crash. Older scanners use a popproxy to intercept messages and scan them, resulting in send and receive problems.

With all these problems, how important is it to scan mail at the desktop? Keeping in mind that Outlook blocks executable file types and all attachments are saved to a SecureTemp folder before they are opened, a little bit of common sense and your desktop antivirus scanner set on autoprotect eliminates the need to scan mail as it arrives.

  1. Think before opening attachments you didn't request. Don't open attachments you weren't expecting or are suspicious about, especially if they don't include a message from the sender explaining why the attachment was sent-don't rely only on the virus scanner for protection, as it's only as good as its last update.
  2. Don't unblock all of the file types Outlook blocks, remove only those types you use often and consider unblocking them only long enough to save the attachment.
  3. Visit windowsupdate.microsoft.com and officeupdate.microsoft.com regularly.

These three simple steps can and will prevent many virus infections. For added security, use a firewall that renames or removes attachments.

HOW SAFE IS THE PREVIEW PANE?

Every time a new virus or worm makes the news, Outlook users always ask if it's safe to use the preview pane. An article about MyDoom, published last week by InternetWeek.com, added to the confusion when it stated "All that the worm needs to propagate is a user that has an open Microsoft Windows preview pane in Outlook" and "If this Outlook pane is open, the worm automatically scours the user's contacts and files." Both statements are far from the truth.

Outlook's attachment blocking features, added to Outlook beginning with an Outlook 2000 post-SP1 patch released in June 2000, means the preview pane in the later versions is very safe. Coupled with Internet Explorer's iFrame vulnerability patch released in 2001, Outlook's preview is very secure.

Each version of Outlook is more secure than the previous version, giving administrators little reason to disable the preview pane by default in Outlook 2002 or 2003. As always, it's best to stop infected messages at the server or gateway, which means few, if any, viruses should reach user's mailboxes. A responsible administrator will also remove executable file types from messages at the server level. As we all know, when viruses don't make it to the mailbox, the preview pane is 100% safe.

PREVIEW PANE SECURITY BY VERSION

Outlook 97 is very secure, since it cannot render HTML formatted messages. Since users can open HTML attachments which may contain exploits, you'll still need to use an antivirus scanner on the server and/or client.

Outlook 98 is the least secure version. Use Chilton Preview instead of Outlook's own preview pane for the highest level of security. Chilton Preview doesn't render HTML and users can open the message or switch on the default preview pane to read HTML formatted mail.

Preview pane security is much improved in Outlook 2000, especially with the attachment security and iFrame patches installed. Outlook 2000 doesn't run active content in the native preview pane, meaning it's at least as safe to read messages in preview as it is to open them. Chilton Preview makes Outlook 2000 100% secure.

Outlook 2002 has the attachment security features built in, making it very secure, unless administrators allow some file types. However, iFrames may be a problem unless the iFrame security patch is installed. While the native preview pane is very safe to use, Chilton preview can be used with Outlook 2002. Outlook 2002 SP1 allows you to disable HTML rendering on all messages by creating the ReadAsPlain registry key. (See https://www.outlook-tips.net/howto/plain_text.htm)

Outlook 2003's preview pane is very secure and there is no reason to disable the preview pane for antivirus reasons. Chilton Preview won't work with Outlook 2003, but it's not really needed since Outlook 2003 blocks downloaded content by default and users can disable HTML rendering from the Tools, Options, Preferences tab, E-mail Options dialog. [[Update: Chilton Preview was updated in May 2004 to support Outlook 2003]]

Chilton preview is available at http://www.geocities.com/SiliconValley/Peaks/8392/. Since it prevents HTML from rendering, it also prevents web bugs from identifying users. Note that it allows easy access to blocked attachments.

Back to Top

    

New Utilities

ATTACHMENTS PROCESSOR FOR MS OUTLOOK
http://www.mapilab.com/outlook/attachments_processor/
Automatically removes attachments from incoming messages and saves them to your hard disk. A link to the file or a text file with attachment description and the link to it can be added to the message.

OUTLOOK SHUTDOWN ADDIN
http://www.daveswebsite.com/software/olshutdown/default.shtml
If you have problems with Outlook remaining in memory when you exit it, Outlook Shutdown Addin is for you. This is a COM add-in which enables Outlook to shutdown completely when a user exits from the application, eliminating the need to open Task Manager to end OUTLOOK.EXE.

TABLET ENHANCEMENTS FOR OUTLOOK
http://www.einsteinware.com/Product.aspx?product_id=TEO10
Adds true ink support to Microsoft Outlook XP and 2003 by adding three menu items to the New menu in Outlook. These new toolbar buttons allow you to quickly enter data using the pen without being delayed by incorrect recognition results or the very counter-productive on screen keyboard. When you are finished, you can analyze the recognition results and save the data as an Outlook contact, appointment, or task.

UNIVERSAL MAIL DRIVE
http://www.wylintimes.com/universal_mail_drive.php
The Universal Mail Drive saves documents as email, enabling access to your documents from the Internet. It adds "Save As Email" to the File Menu in Word, Excel & Powerpoint, so you can easily save documents to your mailbox. Works OWA or VPN connection.

Updated utilities

CALSHARE
http://www.pagethink.com/calshare.asp
Updated, now shares Contacts and Calendar. Online repository and software for copying Outlook appointments and contacts that you want to share to the online site. Users with appropriate permission can import appointments and contacts shared by other CalShare users. Free.

4TEAM ONLINE
http://online.4team.biz
Subscription-based web service for team collaboration. Can be used just on the Web or use the Outlook Import-Export feature to synch your personal Outlook data with your Online project 4Team for Outlook. Service update includes automatic calculation of completion dates and a right click dynamic menu for all items.

OUTLOOK YEAR VIEW CONTROL
http://www.planetsoftware.com.au/products/yearview.aspx
Updated - now includes ASP .NET application for publishing to Internet or Intranet. ActiveX control that provides a full year view of Outlook appointments, with different colors for categories. Setup program builds a web page to display the planner view of any calendar folder in Outlook as a folder home page.

Other resources

CUSTOMIZING MICROSOFT OUTLOOK WEB ACCESS
http://www.microsoft.com/downloads/details.aspx?familyid=6532e454-073e-4974-a800-1490a7cb358f&displaylang=en
This online book provides an overview of Exchange 2000, the Outlook Web Access architecture, and the individual components that make up Outlook Web Access. It includes information for developers who want to customize and extend Outlook Web Access for their own solutions.

EXCHANGE SERVER 2003 GLOSSARY
http://www.microsoft.com/downloads/details.aspx?familyid=f7e63d70-ad5c-4ca7-ba21-7752bb0bcc43&displaylang=en
The Exchange Server 2003 Glossary contains important terms and definitions for the Exchange Server 2003 product, including definitions of key components and processes within Exchange overall and definitions of other processes and components from products that Exchange works with, such as Active Directory.
This is a working document that Microsoft plans to keep updated.

EXCHANGE SERVER 2003 RPC OVER HTTP DEPLOYMENT SCENARIOS
http://www.microsoft.com/downloads/details.aspx?familyid=ef58395d-3710-49cf-9698-938e2bef39e8&displaylang=en
This guide examines four scenarios for deploying the Windows RPC over HTTP feature. The scenarios include using RPC over HTTP with front-end and back-end servers when ISA is on the perimeter network, with the RPC proxy server on the perimeter network, using a single Exchange Server that doubles as a global catalog server, and secure sockets layer offloading.

HOW TO CONFIGURE RPC OVER HTTP IN EXCHANGE SERVER 2003
http://support.microsoft.com/kb/833401
Newly published step-by-step article describes how to configure remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP) in Microsoft Exchange Server 2003.

MAILBOX MANAGEMENT IN EXCHANGE SERVER 2003
http://www.microsoft.com/exchange/techinfo/administration/mailbox.asp
Links to information on the Microsoft Product Support Services (PSS) and TechNet websites about managing, configuring, and troubleshooting mailbox stores and public folder stores.

MICROSOFT ONLINE SEMINARS: MICROSOFT EXCHANGE
http://www.microsoft.com/downloads/details.aspx?familyid=3a22712f-d506-4a8c-a464-b8507f66be79&displaylang=en
Learn how to maximize your business potential with Microsoft Exchange Seminars. These are designed to meet the needs of developers, IT professionals, and business decision makers. Sessions include Outlook Web Access, Exchange 2000 Conferencing Server, upgrading from cc:Mail and GroupWise, building group calendaring applications, and deploying Exchange.

WIN32.NOVARG.A@MM WORM PROTECTION SCRIPT
http://www.vamsoft.com/orf/tools.asp#novarg
Vamsoft released a SMTP transport event sink script developed specifically to filter W32.Novarg.A@mm worm emails (a.k.a. W32/Mydoom@MM, WORM_MIMAIL.R). They also have a SMTP event sink available to drop messages infected with the Swen worm/IFRAME vulnerability, as well as other useful scripts, all free of charge.

More Information

Click here to subscribe to the Exchange Messaging Outlook newsletter. 
Exchange Messaging Outlook Newsletter back issues
ISSN 1523-7990 Copyright 1996-2015, Slipstick Systems and CDOLive LLC. All rights reserved.

Updated Sunday January 04 2015

Copyright Slipstick Systems. All rights reserved.
Send comments using our Feedback page

Back to Top