Table of Contents
Advertisement
File Extension
.msp
.mst
.pcd
.pif
.reg
.scr
.sct
.shb
.shs
.url
.vb
.vbe
.vbs
Note: Not all attachments considered to be dangerous are blocked by this patch. For example,
the Microsoft Access file types .mda and .mdz are not blocked, nor are zipped versions of any
of the above files.
It is good practice to quarantine all suspect content, where it can be examined individually
before deciding whether it can be safely passed on or not.
While this security patch can be useful in preventing the use of unauthorized attachments,
it is important to remember that for it to work across the user community, it depends on
everyone using a client with the patch. Therefore, to be fully protected you would need to
ensure not only that MAPI clients each contained the patch, but also prevent access via
POP3, IMAP4, or HTTP.
For more information about the Outlook Security Patch, see the knowledge base article
Q262631.
Many organizations prohibit the receipt of scripts written in Microsoft Visual Basic®
Scripting Edition (VBScripts) through e-mail. If you choose to do this, it will not prohibit
those who want to receive and run VBScripts from doing so, for they can simply ask the
sender to use a different file extension and then change it back to .vbs on arrival. It will,
however, prevent the running of VBScripts that have not been pre-arranged. If you wish to
go further in preventing the effects of VBScripts, you will need to prevent them from
running at the client at all.
Again, the best way of dealing with the threat of attachments is to educate the user
community.
File Type
Microsoft Windows Installer patch
Microsoft Visual Test source files
Photo CD image, Microsoft Visual compiled script
Shortcut to MS-DOS programs
Registration entries
Screen saver
Windows script component
Shell Scrap object
Shell Scrap object
Internet shortcut
VBscript file
VBscript encoded script file
VBscript file
79
Chapter 5: Protection
Advertisement
Table of Contents
