Products History Gallery Manuals Download Links Arcade Forum Up&Runng Windows PC News
    Microsoft Windows Vista, 2003 and XP processes and tips.  Includes Group Policy, Active Directory, Windows SharePoint Services, Outlook Shared Calendars, RAID5, McAfee and much more.  
 
 

How to Block Virus' Using Outlook Express
Update Jan 22 2003: Get Virus and Spam Free Email direct from commodore.ca for just CDN$10 / year.

Today the vast majority of virus' are spread through email attachments in Microsoft products.  Until now you either had to have the full version of Outlook with a security patch applied or you had to have Outlook 2002.  The problem is that most home users use the free version of Outlook that comes bundled with Internet Explorer called Outlook Express.  Outlook Express versions 6 and above allow you get the same virus blocking protection available in the full version of Outlook. 

To block virus you need to be using Internet Explorer 6 (which bundles Outlook Express 6) or newer.  Both Internet Explorer 6 and Outlook Express 6 are free from Microsoft and can be downloaded from http://windowsupdate.microsoft.com or by clicking here .  You can verify the version of Internet Explorer, or Outlook Express that you have by clicking HELP, and then clicking ABOUT in either product.  If the version number is 6 or greater then proceed to the information below.

NOTE: Internet Explorer 6 (and hence Outlook Express 6) require Windows 98 or newer (i.e. 98, 98SE, NT, ME, 2000, XP or .NET).  If you have Windows 95 you can not install IE6 which means the procedures explained in this document will not work for you.

Almost all of the information below was taken from Microsoft Knowledgebase article Q291387 and from Outlook 2002 help files.

To Prevent Applications From Sending E-mail Without Your Approval

By default, Outlook Express 6 prevents e-mail messages from being sent programmatically from Outlook Express without your knowledge by displaying a dialog that enables you to send or not send the message:

  1. Start Outlook Express, and then on the Tools menu, click Options .
     

  2. Click the Security tab, and then click to remove the check mark from the Warn me when other applications try to send mail as me checkbox.
     

  3. Click OK to close the Options dialog box.
     

Using the Internet Explorer Unsafe File List to Filter E-mail Attachments

To use the Internet Explorer unsafe file list to filter e-mail attachments:

  1. Start Outlook Express, and then on the Tools menu, click Options .
     

  2. Click the Security tab, and then click to select the Do not allow attachments to be saved or opened that could potentially be a virus check box under Virus Protection .

This option does not enabled by default. If you enable this option, Outlook Express uses the Internet Explorer 6 unsafe file list and the Confirm open after download setting in Folder Options to determine whether a file is safe. Any e-mail attachment with a file type reported as "unsafe" is blocked from being downloaded.

NOTE : The Internet Explorer 6 unsafe file list includes any file types that may have script or code associated with them. To add additional file types to be blocked or remove file types that should not be blocked:

  1. Click Start , point to Settings (or click Control Panel ), and then click Control Panel (or switch to Classic View or View All Control Panel Options ).
     

  2. Double-click Folder Options .
     

  3. On the File Types tab, click to select the file type that you want to block or allow, and then click Advanced . If the file type you want to add is not listed, perform the following steps:
     

    1. Click New .

    2. In the Create New Extension dialog box, type the file extension you want to add to the unsafe file list.  (see File Extension table below)

    3. Click OK , and then click Advanced .
       

  4. Click to place a check mark (block) or remove the check mark (allow) from the Confirm open after download checkbox.

NOTE : You cannot remove the check from Confirm open after download to allow some file types. For example, .exe files are in the default unsafe file list in Internet Explorer and cannot be allowed.

At very least you should add the 15 bold items below, to your list created in step 3 b above, as these are the most common virus related file extensions.    If you have the time you should add all of the file types given in this list.

File Extension

File type

.ade

Microsoft Access project extension

.adp

Microsoft Access project

.bas

Microsoft Visual Basic class module

.bat

Batch file

.chm

Compiled HTML Help file

.cmd

Microsoft Windows NT Command Script

.com

Microsoft MS-DOS program

.cpl

Control Panel extension

.crt

Security certificate

.exe

Program

.hlp

Help file

.hta

HTML program 

.inf

Setup  Information

.ins

Internet Naming Service

.isp

Internet Communication settings

.js

JScript file

.jse

Jscript Encoded Script file

.lnk

Shortcut

.mda

Microsoft Access add-in program

.mdb

Microsoft Access program

.mde

Microsoft Access MDE database

.mdz

Microsoft Access wizard program

.msc

Microsoft Common Console Document

.msi

Microsoft Windows Installer package

.msp

Windows Installer patch

.mst

Visual Test source files

.pcd

Photo CD image or Microsoft Visual Test compiled script

.pif

Shortcut to MS-DOS program

.reg

Registration entries

.scr

Screen saver

.sct

Windows Script Component

.shs

Shell Scrap Object

.url

Internet shortcut

.vb

VBScript file

.vbe

VBScript Encoded Script file

.vbs

VBScript file

.wsc

Windows Script Component

.wsf

Windows Script file

.wsh

Windows Script Host Settings file

source: Outlook 2002 Help Files

How to Determine When Outlook Express Has Blocked an Attachment

When Outlook Express blocks an attachment, the following alert is displayed in the message alert bar at the top of the e-mail message:

Outlook Express removed access to the following unsafe attachments in your email: file_ name1 , file_ name2 , and so on.


Using Internet Explorer Security Zone to Disable Active Content in Hypertext Markup Language (HTML) E-mail

Security zones enable you to choose whether active content, such as ActiveX Controls and scripts, can be run from inside HTML e-mail messages in Outlook Express. By default, Outlook Express 6 uses the Restricted Zone instead of the Internet Zone. Microsoft Outlook Express 5.0 and Microsoft Outlook Express 5.5 used the Internet zone, which enable most active content to run. To customize your Internet Explorer security zone settings for Outlook Express:

CAUTION : Changing security zone settings can expose your computer to potentially damaging code. Use caution when you change these settings.

  1. Start Outlook Express, and then on the Tools menu, click Options .
     

  2. Click the Security tab, and then click either Restricted Sites Zone or Internet Zone (less secure, but more functional) in the Virus Protection section under Select the Internet Explorer security zone to use .
     

  3. Click OK to close the Options dialog box, and then quit Outlook Express.
     

  4. Start Internet Explorer, click Internet Options on the Tools menu, and then click Security .
     

  5. Click Custom Level for the security zone that you selected in Outlook Express. The security settings that you choose apply to Outlook Express as well as Internet Explorer.

(C) 2002 trhough 2008 Up & Running Technologies Incorporated
If you want to use any images or text from this site you must get written approval first.  Click HERE to send an email request explaining your intended usage.