Software

Limit Outlook XP's Attachment Blocking for better e-mail flow

XP's Attachment Blocking is a boon to security conscious admins, yet it can hinder your users' ability to work with trusted sources. We'll provide a few workarounds (and a registry tweak) that should help users who work with attachments extensively.

Outlook XP comes with a new feature called Attachment Blocking, which� filters and blocks certain file types as attachments in e-mail messages. The Attachment Blocking feature also comes into play when sending certain file types as attachments in e-mail messages. This new feature is, of course, designed to protect your users from dangerous attachments that could contain viruses or other malicious content attached to e-mail messages. But the feature may also block some viable attachments, slowing or stalling the work process.

On principle, most of us would agree that this type of protection is good for shielding novices, who might not be running antivirus software on their computers, from malicious attachments. But many systems already include antivirus software that detects e-mail messages containing viruses. Unfortunately, Outlook XP doesn't offer an options dialog box that could be used to adjust the level of attachment blocking. But you have another option: Here's how to adjust the level of attachment blocking by adding a setting to the registry. I’ll show you how to make this modification and allow Outlook XP to process e-mail attachments.

Attachment blocking in action
It's important to know how Outlook XP’s Attachment Blocking feature is implemented to understand what you’re up against.

When users receive e-mail messages that contain an attachment Outlook XP considers extremely dangerous, they will see a warning in the header of their e-mail message, like the one shown in Figure A. As you can see, the attachment is completely blocked and there’s absolutely no way to access it.

Figure A
By default, Outlook XP prevents anyone from accessing e-mail message attachments that XP considers dangerous.


If your users receive an e-mail message that contains an attachment that Outlook XP considers only potentially dangerous, they will see the attachment in the message as they normally would. However, when they double-click on the attachment, users will see an Attachment Security Warning dialog box like the one shown in Figure B.

Figure B
If users double-click on an attachment that Outlook XP considers potentially dangerous, they can only save the file to disk.


As you can see, the users' only option is to save the file to disk. If they click the Save To Disk button, they'll see a standard Save As dialog box and can save the file on their hard disk. The goal here is to place the potentially dangerous file on the hard disk where it can be dealt with by an antivirus program, if need be.

Now, if users receive an e-mail message that contains an attachment that Outlook XP doesn’t consider extremely or potentially dangerous, but does consider suspicious, they'll also see the attachment in the message as they normally would. However, when they double-click on this type of attachment, they will see an Opening Mail Attachment warning dialog box like the one shown in Figure C.

Figure C
If Outlook XP considers the attachment suspicious, it advocates a cautious approach by providing the user with the option of either opening the file or saving it to disk.


The Opening Mail Attachment dialog box prompts users either to open the file or save it to the hard disk. If they leave the Save It To Disk option selected and click OK, they'll see a standard Save As dialog box and can save the file on their hard disk.

However, if they select the Open It radio button and click OK, they will see a File Download dialog box, shown in Figure D, which again warns them of potential danger and prompts them to proceed with caution. The Save button is grayed out and the Cancel button is selected by default, which means that the user has to purposefully click the Open button.

Figure D
Even though the user opted to go ahead and open the attachment, Outlook XP will again prompt the user to confirm the open operation.


Making a choice
If a user regularly receives e-mail messages containing attachments that Outlook XP considers suspicious but are trusted by the user, they can bypass the Opening Mail Attachment dialog box and proceed directly to the File Download or Save As dialog box. To do so, instruct them to select the option button they want to use in the Opening Mail Attachment dialog box—either Save or Open—and clear the Always Ask Before Opening This Type Of File check box.

Sending attachments
Now on the other end, when users send an e-mail message that contains an attachment that Outlook XP considers dangerous, they'll see a warning message like the one shown in Figure E, which prompts them to confirm the send operation. If they click Yes, the attachment will be included in the message.

Figure E
When users attempt to send an attachment that Outlook XP considers dangerous, they will be prompted to confirm the send operation.


However, if after they send the message they access the Sent Items folder to inspect it, they will see a warning in the header of their e-mail message that indicates the attachment was blocked, as shown in Figure F. While chances are that the attachment did go through, they really can’t tell for sure until they get a response from the recipient.

Figure F
Even though the user confirmed the send operation, Outlook XP still indicates that the attachment was blocked.


As you can imagine, while the Attachment Blocking feature has the best of intentions, all the extra steps it adds to the process of sending and receiving e-mail can be really frustrating.

Attachment categories
Outlook XP’s Attachment Blocking feature categorizes various attachments according to how much of a threat they pose when they arrive in an e-mail message. There are three categories: Level 1, Level 2, and Level 3.

Level 1: Extremely dangerous
Attachments that fall under Level 1 are considered extremely dangerous and are completely blocked. The example in Figure A shows an attachment that falls under Level 1. These file types include any file extension that may have script or executable code associated with it. Table A lists the file types that Outlook XP’s Attachment Blocking feature considers Level 1.
Table A
Extension File type
.ade Microsoft Access project extension
.adp Microsoft Access project
.asx Windows Media Audio/Video
.bas Microsoft Visual Basic class module
.bat Batch file
.chm Compiled HTML Help file
.cmd Microsoft Windows NT Command script
.com Microsoft MS-DOS program
.cpl Control Panel extension
.crt Security certificate
.exe Program
.hlp Help file
.hta HTML program
.inf Setup Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript file
.jse Jscript Encoded Script file
.lnk Shortcut
.mda Microsoft Access add-in program
.mdb Microsoft Access program
.mde Microsoft Access MDE database
.mdt Microsoft Access workgroup information
.mdw Microsoft Access workgroup information
.mdz Microsoft Access wizard program
.msc Microsoft Common Console document
.msi Microsoft Windows Installer package
.msp Microsoft Windows installer patch
.mst Microsoft Windows Installer transform; Microsoft Visual Test source file
.ops Office XP settings
.pcd Photo CD image; Microsoft Visual compiled script
.pif Shortcut to MS-DOS program
.prf Microsoft Outlook profile settings
.reg Registration entries
.scf Windows Explorer command
.scr Screen saver
.sct Windows Script Component
.shb Shell Scrap object
.shs Shell Scrap object
.url Internet shortcut
.vb VBScript file
.vbe VBScript Encoded script file
.vbs VBScript file
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file
Level 1 file types

Level 2: Potentially dangerous
Attachments that fall under Level 2 are not extremely dangerous, but are considered potentially dangerous. The example shown earlier in Figure B features an attachment that falls under Level 2. It’s important to point out that attachments that Outlook XP considers Level 2 aren’t by default associated with particular file types.

Level 3: Suspicious
Attachments that fall under Level 3 are considered suspicious, and since they’re arriving via e-mail, Outlook XP advocates a cautious approach. Figures C and D show an attachment falling under Level 3.

Working in a Microsoft Exchange environment
If you happen to be using Outlook XP in a Microsoft Exchange environment and want to ease up on Outlook XP’s Attachment Blocking features, you’ll need to modify the default attachment security settings on the Exchange server for each particular mailbox. To do so, you’ll need to download and install the Outlook E-mail Security Administrator Package. For more information on this topic and a link to the download, you should investigate the Knowledge Base article “OL2002: Administrator Information About E-Mail Security Features”.�

Delving into the registry
Microsoft's recommended workarounds for dealing with blocked attachments involve asking the sender to rename the file, compress it, or post it on an FTP site. If your users regularly receive attachments that Outlook XP’s Attachment Blocking feature prohibits, a better alternative is to modify the Attachment Blocking feature to allow those particular file types to pass through unimpeded by adding a setting to the registry.

Caution
Since editing the registry can be dangerous, you should make a full backup before you attempt this operation. If you’re using Windows XP, you can simply use System Restore to create a restore point.

Before you begin, you should close down Outlook XP. Then, select the Run command on the Start menu and launch the Registry Editor by typing regedit.exe in the Open text box. Once you have the Registry Editor up and running, locate and double-click on the key HKEY_CURRENT_USER. When this subtree is visible, open each of the following subtrees in succession:
  • Software
  • Microsoft
  • Office
  • 10.0
  • Outlook
  • Security

Once you open the Security key, pull down the Edit menu and select New | String Value. Then, assign the new value the name Level1Remove and press [ENTER] twice. When you see the Edit String Value dialog box, type the file extensions of the file types that you want the Attachment Blocking feature to ignore in the Value Data text box. As you do so, precede each extension with a period and separate each extension with a semicolon. Be sure not to insert a space between the semicolon and the period.

For example, if you want to prevent the Attachment Blocking feature from prohibiting attachments that have the following extensions:
  • URL
  • LNK
  • EXE
  • VBS

you will fill in the Value Data text box as shown in Figure G. To complete the operation, click OK and then close the Registry Editor.

Figure G
You’ll need to separate multiple extensions with a semicolon.


Testing the Attachment Blocking modification
As soon as you close the Registry Editor, you can launch Outlook XP and begin testing your modification to the Attachment Blocking feature. However, keep in mind that adding an extension to the Level1Remove setting simply elevates the file type to the Level 2 category—it doesn’t eliminate the Attachment Blocking feature altogether.

For example, if you added the URL extension to the Level1Remove setting, you can now see URL attachments in your e-mail messages. However, when you double-click on the attachment, you’ll see a warning dialog box like the one shown earlier in Figure B.

More security information
If you want to learn more about Office XP’s other security features, you should investigate these articles on the Office XP site:

You should also regularly visit the Microsoft Office Product Updates site to make sure that your copy of Office XP has all the most current updates.


About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

0 comments

Editor's Picks