Completely blocking email attachments is one way to protect yourself from these viruses, but that approach just isn't realistic for many companies. This article explains how attachment-blocking works in Exchange Server, Microsoft Outlook and Outlook Web Access and how to customize what file extensions you allow for each.
You may be surprised to learn that Microsoft Exchange does not natively support email attachment blocking. If you want to block inbound email attachments at the Exchange server, you have to rely on third-party software.
Make sure the third-party antivirus software you're running is Exchange-aware though. This type of program differs from a normal antivirus program, because it doesn't just scan files and folders -- it scans the Exchange information store. It examines every new message that goes into your organization. If a virus is detected, it neutralizes it before it reaches the recipient's mailbox.
There are a number of file extensions that Microsoft Outlook blocks by default. In fact, there are too many to list here, but they primarily consist of extensions used by executable files and system files. You can see the full list in Microsoft's article Attachment file types blocked by Outlook, if you're interested.
You can customize Outlook's email blocking rules by editing the system registry.
Important: If you make a mistake when editing the registry, you can seriously impair Windows and/or your applications. Make sure you always perform a full system backup before playing with the registry.
- Open the Registry Editor and navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security.
- Select New -> String Value from the Registry Editor's Edit menu.
- Create a new string value named Level1Add (this is case sensitive).
- Then assign the string a value corresponding to the file extension that you want to block. For example, if you wanted to block Word documents, you would assign the value .DOC. (You can enter multiple extensions by separating them with a semicolon.)
Outlook Web Access
Exchange 2003 is the first version of Exchange to support full-fledged email attachment blocking through Outlook Web Access. As with Outlook, OWA attachment blocking is controlled through the system registry. The difference is that OWA-based attachment blocking is controlled by the Exchange server's registry, while Outlook-based attachment blocking is controlled by the workstation's registry.
OWA attachment blocking can be configured through this registry key:
There are two keys that you need to pay attention to: Level1FileTypes and Level2FileTypes. Any file extension appearing in the Level1FileTypes list is blocked completely by OWA. File extensions appearing in Level2FileTypes can't be opened directly, but can be saved to a workstation and opened outside OWA. You can easily add file extensions to either list by simply adding the desired file extension to the appropriate list.
Although Outlook and OWA block most potentially harmful file types, their email attachment-blocking features are no substitute for good client and server virus protection. Viruses can sometimes come in attachment types we usually consider safe. For example, Outlook does not block Microsoft Word documents. But a Word doc can contain a macro virus. Remember the huge uproar over the Melissa virus in 1999?
When you receive a bogus file attachment, your antivirus software is your primary defense.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.
Do you have comments on this tip? Let us know.
Do you have a subject you'd like us to cover as part of our Exchange Admin 101 series? Share it with us.