Posted on 10 June 2008 by James Blake

According to a recent article at Windows Secrets, a little known feature of Outlook Web Access can corrupt emails with HTML attachments, rendering them useless.  This is caused by a feature of Outlook Web Access in Exchange 2003 and Exchange 2007 called SafeHTML.

Microsoft publishes details of some of the issues in Microsoft Knowledge Base Article 899394, effectively stating that SafeHTML aims to remove malicious scripts but may also remove some 'non-malicious content' - a false positive.

Microsoft's only suggested workaround is to host any attachments that you don't want corrupted and then email a link to the hosted file to the intended recipient.  This is effectively getting the sender of the email to adapt their behaviour to compensate for an ill thought out security feature.

Recipients can be confused by such behaviour and wonder why the same email opens perfectly in their desktop email client, such as Outlook, but is unavailable to them when they are remote and choose to access their email via Outlook Web Access' Web interface.  The feature is not well advertised, meaning that IT department staff may spend hours getting to the problem of the issue.

Mimecast's approach to filtering is to do it 'in the cloud' and to build enough intelligence into the solution to prevent the simple stripping out of content. 

By filtering emails at the ingress point, rather than the client, email cleaned by Mimecast's hygiene services is consistent whether it is being read over the Web using Mimecast's continuity services or Outlook Web Access; on a local email client such as Outlook; or on a mobile client using Mimecast's mobile connectivity continuity services.

Mimecast utilises full layer seven vulnerability scanning for all incoming email.  Rather than simply strip out JavaScript from an email - which is often used to add specific functionality to rich emails - Mimecast utilises high performance intrusion prevention technology to be able to differentiate JavaScript that is doing something malicious from that which is innocuous. 

Category: Security

Technorati: