Outlook2000 SR-1 email Attachment Security Customizer

M. Gallant / Security Development 05/25/2000

[Note: Administrator privileges are required to run this applet on NT and Win2000]

The applet SecureAttach enables end users with Outlook2000 SR-1 already installed to configure extra security for file attachments. The end user will be given a warning dialog, and will be required to save the attachment to their local machine before the attachment can be used. Outlook2000 SR-1 by default includes this extra security feature, but only for 19 file types. The applet here includes the 37 file types (many more script types) which are being considered for the more aggresive Outlook 98/2000 E-mail Security Update which will completely prevent Outlook clients from accessing these attachments. The applet is contained in a digitally signed cabinet (.cab) file.

The following file types are given extra file-attachment security:

     ade  adp  bas  bat  chm  cmd  com  cpl  crt  exe  hlp  hta  inf
     ins  isp  js   jse  lnk  mdb  mde  msc  msi  msp  mst  pcd  pif 
     reg  scr  sct  shs  url  vb   vbe  vbs  wsc  wsf  wsh
Note: It is very important to ensure that the Outlook2000 Attachment Security setting accessed by the Outlook2000 menu Tools/Options/Security/Attachment Security ... is set to the High: (recommended for all users) selection (the default). Otherwise, the attachment security feature for Outlook2000 SR-1 will not function, and all attachments will execute directly when clicked (no saving required, no warning given)!