Blocking Attachments

Topic

New Reply

Our office has a small peer to peer network of 15 users. I am setting up email for each user using various versions of Outlook Express. Is there a way to block attachments with specific extensions? We can’t eliminate attachments completely because we share information with clients, but I would like to at least block .vbs and .exe files. I have already checked with our web host, they provide the POP3 accounts, and they can’t filter at their end. Is this possible with OE?

Reply | Quote

Replies

i don’t think so – look in rules.

Reply | Quote

If you are concerned with the possibity of a script attachment or an executable that could be a virus, you may want to consider changing the default click behavior on .vbs and .exe files from OPEN to EDIT. This can be done in Explorer/View/FolderOptions/FileTypes. By going in here the behavior of the mouse click can be changed by choosing EDIT and what will happen is that the e-mail attachment will merely open in NOTEPAD and if it was destructive it would never unleash its load on your system. This is a way of side-stepping a virus.

Hope this helps.

Reply | Quote

There are two quite separate problems with e-mail infections.

Reply | Quote

you can’t convert html to plain text – you get the format it’s sent in. there are a few tricks you can do with outlook using an addin or vba to remove tags, but it won’t work for express.

you can’t only download plain text messages on the server, if the message is on the server, it’s going to be downloaded. you can’t have rules rejecting messages based on format. you can ask people to send only plain text… but you can’t force them, short of just deleting their mail unread.

you can use plain text as your default format and set express (but not outlook) to always use plain text for replies.

finally, html does have a place in business mail. Think of it like a properly formatted memo, with business-like use of underline, italics and bolding or bullets to make the points of the memo standout.

what doesn’t belong in mail is cutesy stationary and wild font colors… even business logos are not needed. Just simple HTML formatting, white background and black text to get the point across.

Reply | Quote

Sorry, I should have made clear that I was talking only about OE, as this is what the poster was using.
I also did not make it clear about HTML mail. You are perfectly correct, of course. You can’t stop yourself receiving it, but you don’t have to open it. It can be converted it to plain text and forwarded to yourself.
Before I got VCatch, a right click on the message, followed by Forward and typing in your own address in the To: box did it. Mind you, after noting your comments, I’m not sure that somewhere along the line even with these precautions, the message didn’t ‘Open’ and thus run any embedded code.
Having said that, does it mean that the ‘refusal’ to receive HTML mail by board users, gets their mail filtered by the board’s software?
Rgds

Reply | Quote

i think forwarding would set off a virus (like KAK).. maybe not as long as it doesn’t display in preview…

a lot of mailing lists, like the former egroups (now yahoo – yuck ) let you choose the format of the messages. they convert the messages as needed, to and from html based on your settings.

i choose plain text, i get plain text even if you send in html. if you want html and i send in plain text, it gets changed to html..

Reply | Quote

By sheer coincidence, I just received a message in my Hotmail Inbox which had an attachment. Since it came from someone I know, I read it. As I did so, the attachment was scanned automatically by the in-house scanner (McAfee) and found to be clean before I opened it. Not bad for a free service.
I also re-discovered a legit use for the ‘forwarded HTML mail as plain text’. When reading off-line, it stops the attempt to dial up if the original message wanted to log on.

Reply | Quote

I owe you guys an apology. This is what comes of trying to remember two OSs ago. What I completely forgot, was in Win98, before I got VCatch, I did not open OE directly. I was in the habit of previewing the mail on my POP3 servers. This let me examine the full details of my messages without downloading. In this way I could delete any mail with attachments or not in plain text. This had nothing to do with OE, but allowed the mail to be filtered before OE got at it. The previewer was called Hermes and was around in 1998.
A similar, but better program is Popcorn, details of which I’ve posted in Software Finds.
Doh!

Reply | Quote

Thanks for all the replys.
MJ, I tried rules first but all there is is a rule that would apply to all attachments, I would like to be selective in how the rule is applied.
PrestonK, yes my concern is virus and script attachments, I should have made that clear in my first post. If I changed the click behavior to EDIT, how would I execute a file if it was found to be safe?
MerC, I’m not very concerned about HTML mail, maybe I’m being naive. Yes I understand that an attachment won’t execute until double clicked, but other users (isn’t it always someone else) may get careless and double click without thinking. How is VCatch different than other anti virus software? We have NAV2000 running on all systems with signatures updated every 2-4 weeks. Perhaps I’m being overly cautious? Is there any advantage to using Outlook instead of OE? It seems many virus attacks are directed to Outlook. I don’t remember seeing a virus that targeted OE. Perhaps this is an incorrect perception?

Reply | Quote

After my last b***s-up, I’m reluctant to give advice, but fwiw :

Reply | Quote

You knew I’d catch you on this

It all depends on the version of Outlook. OL2000 is much more secure than OE or OL98. Viruses will not run on their own in preview(kak types embedded in HTML) and Outlook2000’s default security settings block most attachments from opening directly from outlook without saving to the hard drive first. Granted, this only stops people who are too lazy to save to the file system and open and it can be turned off, but we all know most viruses are a user problem to begin with and are very easily stopped. only a few take advantage of the software and can infect without user intervention, such as KAK and the malformed header types.

The problem is that if users are dumb enough to run certain viruses (like iloveyou & AnnaK) the Outlook Object Model can be used to replicate the virus to everyone in your address book.

One of the most annoying viruses is snow white (hybris). like happy99, it affects all mailers, not just outlook or OE. It doesn’t run itself yet it’s rampant. It’s a winsock virus and collects email addresses from data passing thru the winsock.

The above comments are speaking of Outlook2000 without the email security patch. That patch will stop every attachment virus and totally lock outlook down. It’s built into Outlook2000 SP2 and available separately for both outlook2000 and 98. (word to the wise: user education is better)

Reply | Quote

I was hoping to avoid the problems of constantly identifying and applying patches to Outlook. That’s why I was leaning towards OE. Perhaps a different vendors email reader, while maybe no more secure, would at least be less targeted. You have given me quite a bit to think about, thanks for your input.
Jeff

Reply | Quote

I don’t use OE, but I did use its convenient HTML authoring tools to create some scare messages to my colleagues.

By default, OE will execute inline VBScript and JavaScript. By changing your security settings to “Restricted” zone, and shutting off all active functionality for that zone (e.g., through the Tools|Internt Options…|Security|Restricted|Customize… button in IE), you can avoid the KAKworm-type stuff. (Example: http://www.wopr.com/w3tfiles/8-13142-TestMsg.htm.txt)

As for VBScript attachments, except for administrative updates, none that you will receive will you want to run. I have attached a sample script to change the default settings in the registry. You’ll probably want to take a careful look at it before running it, of course. I sent it out around here just after Anna hit, with this teasing subject and message:

Subject: FW: Survivor scoop!

Body: Host Jeff Probst admits this leak is true…

One user told me I was evil and conniving. You be the judge.

Reply | Quote