ZipOut Attachment Security

ZipOut offers attachment security in addition to attachment compression for users or organizations that do not elect to install the Outlook E-mail Security Update. If you are using Outlook 2002 or later, the Outlook E-mail Security Update is an integrated component of the product and cannot be removed. However, ZipOut does operate in conjunction with the Outlook E-mail Security Update in all supported versions of Outlook. If you do not elect to install the Outlook E-mail Security Update for Outlook 2000, ZipOut offers additional some additional security features not provided by the security update. The following features are part of ZipOut Attachment Security and can be set on the ZipOut Property Page.

Block harmful attachments ZipOut will delete potentially harmful attachments from an Outlook item when it is saved or sent.
Warn when opening items that contain blocked attachments ZipOut will display a warning alert box if the Outlook item contains blocked attachments. Blocked attachments are known as Level 1 attachments, meaning attachments that are potential carriers for an e-mail worm or virus. These worms or viruses can range from troublesome to catastrophically destructive.
Check Zip for blocked files A warning message will be inserted into each compressed attachment that ZipOut creates, listing any blocked (Level 1) files that have been included in the attachment.
When potentially harmful attachments are removed from an item, ZipOut records the deletion in the ZipOut Log. ZipOut also creates a message in your Inbox that informs you about the deletion.

Outlook E-mail Security Update

The Outlook E-mail Security Update offers added protection against viruses that propagate themselves through e-mail clients such as Microsoft Outlook. Use the following list to determine if you have installed the Outlook E-mail Security Update:

Microsoft Office XP or later The Outlook E-mail Security Update is installed automatically with Outlook 2002 or later. You cannot install Outlook 2002 or later without installing the Outlook E-mail Security Update. However, you can use administrative options to determine which file types are treated as Level 1 or Level 2 attachments and whether Level 1 attachments can be seen in a message.
Microsoft Office 2000 SP-2 or later The Outlook E-mail Security update is installed by default. You cannot install Outlook 2000 SP-2 or later without installing the Outlook E-mail Security Update.
Microsoft Office 2000 SR-1a The Outlook E-mail Security Update may or may not be installed. You must install Office 2000 SR-1a (available from Office Update) before you install the Outlook E-mail Security Update. If you elect to uninstall the Outlook E-mail Security Update, you must uninstall and then reinstall Office 2000 SR-1a or earlier.
Microsoft Office 2000 (original) The Outlook E-mail Security Update is not installed.
For additional information on determining which version of Office you have installed, see OFF2000: Overview and History of Office 2000 Updates

Features of the Outlook E-mail Security Update

E-mail Attachment Security. Prevents a user from opening or sending Level 1 attachments. Level 1 attachments are potentially harmful attachments that have the potential to carry a virus payload. Requires that a user save Level 2 attachments to disk before they can be opened. Level 1 attachments are hidden in the Outlook item. They cannot be opened either through the user interface or programmatically. Hidden Level 1 attachments still consume space in a user's mailbox.

For Outlook 2000, Internet Only users cannot customize the list of blocked attachments. In Corporate/Workgroup mode where Exchange public folders are available, the list of blocked attachments can be customized. For additional details, see OL2000: Administrator Information About the Outlook E-mail Security Update.
For Outlook 2002 or later, users who are not connected to an Exchange server and whose default delivery location is a PST file can customize the list of Level 1 attachments. For additional details, see How security settings are controlled within the registry.

Outlook Object Model Guard. The object model guard is an integral part of the security update and prevents various programmatic actions that can be used by a virus writer to spread the virus. Unfortunately, the object model guard breaks many existing applications. See OL2000: Known Interoperability Issues with the Outlook E-mail Security Update for additional information. The Object Model Guard cannot be deployed separately from the E-mail Attachment Security component.

ZipOut Attachment Security

ZipOut achieves attachment security by removing attachments from Outlook items that a user attempts to send or to save, based on a user-configurable list of file types. If attachment security is turned on by checking the Block harmful attachments box, attachments are blocked both through the user interface and programmatically. If a virus attempts to propagate itself by sending a virus payload attachment to other users, the attachment will be deleted from the message as long as the file type of the attachment is listed in the Block Attachments dialog box.

For additional information about how ZipOut interoperates with the security update, see How ZipOut works with the E-mail Security Update.

Blocked Attachments

The following attachments will be deleted from an Outlook item that is saved or sent through Outlook independent of the state of the ZipOut On/Off command button.

Attachments whose file type is listed in the Block Attachments dialog box.
Embedded attachments such as Excel spreadsheets and Word documents. These attachments are inserted into a message by clicking in the body of a Microsoft Rich Text message and selecting the Object command on the Insert menu.
Attachments that are linked to a source file. A linked attachment displays a shortcut to the source file in the body of the message.