[ Team LiB ] Outlook andAttachmentSecurity Some of most common attachments you receive, such as JPG and GIF images, are entirely safe. Others, such as Word or Excel documents, are usually safe but could carry macro viruses. Other attachments, including those with .exe, .js, and .pif extensions, might be safe, but they're just as often viruses. Because it's impossible to know for sure, it's important that you not only install a virus scanner, but also use its autoprotect feature and keep the virus signatures current. You should never open files you aren't expecting, even if your antivirus scanner gives them a clean bill of health—the virus might be too new to be in your virus definitions. Just in case you're lax when it comes to keeping your antivirus scanner up-to-date, Outlook offers some built-in protection against email viruses, including blocking all file types that have the potential to carry viruses and are executable. Although you can unblock any or all the file types, you should unblock only the file types that you really do need or use other methods to retrieve the attachments. Many corporate firewalls block the same extensions that Outlook blocks, and you might have to change the extension or zip the file before sending attachments to some contacts. If you'd like all of your attachments zipped before sending, look for ZipOut, the WinZip Outlook add-in or other utilities at http://www.slipstick.com . When you send blocked file types as attachments, you should get in the habit of changing file extensions to a safe, nonexecutable type or zipping the file. Outlook 2003 won't warn you when you attach a blocked file type, but it will warn you before you send it, as shown in Figure 6.5 . Choose No, zip or add an underscore to the filename, and then reattach. This ensures that the person you send it to can access it also. Figure 6.5. When you send attachments that could carry viruses, Outlook alerts you before sending. If you edited your Registry to allow some file types, you won't see the warning when you send these file types. Blocked Attachment File Types When you receive a file with any of the extensions listed in Table 6.1 , Outlook hides the attachment from you to prevent you from opening it and infecting your computer system. In reality, you can still retrieve the attachment in several ways, including editing the Registry to allow access to a specific file type, accessing your mailbox using a different mail program, or asking the person to zip the file and resend it. Table 6.1. File Attachment Types Blocked by Outlook 2003 Attachment Extension Program Associated with the Extension .app Visual FoxPro Application .ade Microsoft Access project .adp Microsoft Access project .bas Microsoft VB/VBA code module .bat Batch file .chm Compiled HTML help file .cmd Microsoft Windows NT command script .com Microsoft MS-DOS program .cpl Control Panel extension .crt Security certificate .csh C Shell program .exe Executable program .fxp Visual FoxPro compiled program .hlp Help file .hta HTML program .inf Setup information .ins Internet naming service .isp Internet communication settings .js JScript file .jse JScript-encoded script file .ksh Korn Shell program .lnk Shortcut .mda Microsoft Access add-in program .mdb Microsoft Access program .mde Microsoft Access MDE database .mdz Microsoft Access wizard program .msc Microsoft Common Console document .msi Windows Installer package .msp Windows Installer patch .mst Visual Test source files .pcd Photo CD image or Visual Test compiled script .pif Program information file .prf Microsoft Outlook Profile Settings .prg Visual FoxPro Program .pst Outlook Personal Folders file .reg Windows Registry entries .scf Windows Explorer command .scr Screen saver .sct Windows script component .shb Shortcut into a document .shs Shell scrap object .url Internet shortcut .vb VBScript file .vbe VBScript-encoded script file .vbs VBScript file .wsc Windows script component .wsf Windows script file .wsh Windows script host settings file .xsl XML file that can contain script When you receive a message that contains a blocked attachment, Outlook places the text shown in Figure 6.6 in the message header. The attachment icon is visible and all messages with blocked attachments are included in the Large Messages Search Folder. Figure 6.6. Outlook's InfoBar alerts you to the fact that a blocked attachment is in the message and includes the filename. Accessing Blocked Attachments Many people find it easiest to edit the Registry and always allow some file types, especially when they use the Attachment Options add-in from http://www.slovaktech.com . Editing the Registry to allow all files isn't the brightest idea in the world and could result in a virus infection. For this reason, unblock only the extensions for the attachment types you need to access regularly, not all the file types. If you don't normally get any blocked attachment types, remove or rename the level1remove key when you save the attachment you need. Outlook is programmed to block certain file types that Microsoft calls Level1 attachments. These attachment types are considered dangerous. Less dangerous attachments are Level2 attachments and have to be saved to the hard drive before opening. You can move Level1 attachments to Level2 by editing the Registry. You cannot remove attachment types from Level2. If you'd like to edit the Registry to add the Level1Remove key yourself: 1. Open the Registry Editor and navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security. 2. Right-click on the right pane and choose New, String Value. 3. Enter Level1Remove for the name of the new value. 4. Double-click on Level1Remove value name and enter the extension of the file types that you don't want blocked, in .mdb format. If you're unblocking multiple file types, separate the extensions with semicolons and don't use spaces, as in .pst;.prf. Exit the Registry Editor and restart Outlook. You can now save the files you unblocked to your hard drive and open them (see Figure 6.7 ). Figure 6.7. Add the Level1Remove key so that you can access blocked attachments. If you want to force yourself always to save certain file types to the hard drive before opening, add their extensions to the Level1Remove value and force them to be considered Level2 attachments. You should encourage people to zip files before sending them. Not only does this enable you to leave the extensions blocked, but it also reduces the size of the message. [ Team LiB ] . [ Team LiB ] Outlook and Attachment Security Some of most common attachments you receive, such as JPG and GIF images, are entirely safe blocked attachment, Outlook places the text shown in Figure 6.6 in the message header. The attachment icon is visible and all messages with blocked attachments