Q111536: PC Gen: Microsoft Mail and Virus Security

Article: Q111536
Product(s): Microsoft Mail For PC Networks
Version(s): WINDOWS:3.0,3.0a,3.0b,3.2
Operating System(s): 
Keyword(s): 
Last Modified: 29-OCT-1999

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Mail for PC Networks, versions 3.0, 3.0a, 3.0b, 3.2 
-------------------------------------------------------------------------------

The importance of data security and protecting against virus infection is
of paramount importance to any user or network administrator. Viruses are a
real threat to the integrity of data. However, with some forethought and
care, users can easily protect their computers and data from infection.

What Is a Virus?
----------------

A virus may fall into any one of several different classes: Trojan Horse,
worm, boot-sector infector, or others. Some viruses infect existing
programs to alter their behavior, others actively destroy data, while some
perform actions to storage devices that render their stored data
inaccessible. All have one distinct common trait: a virus is a section of
code that, like any other program, cannot perform its function until
executed. This trait is important to keep in mind when preparing to install
virus safeguards.

Can a Virus Be Transmitted Through a Mail Message?
--------------------------------------------------

First, an overview of the Microsoft Mail messaging system is in order. When
a user creates a Mail message, the Mail system creates a passive (non-
executing) data file. This file is also encrypted to ensure the security of
the Mail system, thus guarding against "hacking" to get at a message[ASCII 146]s
contents. The message is secure from the time it is transmitted until the
receiver deletes it. An attachment to this message, which can be any
legitimate MS-DOS file, is handled in much the same manner. In summary, a
Mail message[ASCII 146]s contents and its attachments are secure from the system
within an "envelope" created by the Mail system. While in this state, the
data is inaccessible by the system and other users.

Because of this secure envelope, an embedded snippet of virus code cannot
be unleashed during transit of the message. In addition, since the message
is a non-executing file, even if the code for a virus were inserted, it
would just be data and thus non-functional. When a user receives a message
and reads it using the Macintosh, MS-DOS, or Windows client, the executing
file performing the operation works independently of the message it is
reading, which is read in as pure data. If virus code is present within the
message, it is still benign because it is not being executed, only read.
Because of this, the Mail messaging system itself is safe from being an
active vehicle of virus infection.

What About Attachments?
-----------------------

Attachments to mail messages, on the other hand, can be in a wide variety
of formats, from Excel spreadsheets to graphics files to executable
programs. Any file that can be referenced as a valid MS-DOS file can be an
attachment.

This does raise the possibility of virus infection being sent through the
Mail system and is where the user[ASCII 146]s own virus protection plans become
important.

Microsoft Mail[ASCII 146]s manner of dealing with an attachment is similar to that of
a message: a header is created, identifying the file as an attachment with
data necessary for it to be identified by the message within the database
structure. The attachment itself is encrypted, just like the message, to
ensure the security of the messaging system.

The receiver of the message with the attachment will be notified in
different ways that the attachment exists, depending upon the client being
run. On all three platforms, however, the notification itself only points
to the attachment, so an embedded virus is still non-executing. On both the
MS-DOS and Macintosh Mail clients, an attachment must be saved as a file to
disk before its contents can be viewed or acted upon. On these two
platforms, once the attachment is saved, whatever virus protection scheme
is already in place by the user is appropriate.

The Windows client, on the other hand, allows a user to launch the
attachment directly from within the Mail client. If it is an Excel
spreadsheet, Excel is started and the spreadsheet opened; any other non-
executable attachment that has an association within Windows will start the
associated application and open the attachment as a file within the
application. These types of files, even if they have a virus embedded, are
still just data being read by a program. In the case of applications where
macro programming is available (Excel and Word, for example), it is
possible for a document to contain a macro that is in itself malicious.

If, however, an infected executable file (files that end with .EXE or .COM)
is launched from the client, the virus is activated and the machine will be
infected. On the other hand, if an executable file sent as an attachment is
saved to disk first as a file, whatever virus protection scheme is already
in place by the user is appropriate.

SUMMARY
=======

The Microsoft Mail messaging system is used to transfer messages and data
between users on a network. Due to the nature of the security enhancements in
place within the package, data in transit is secure from the system and from
other users, preventing tampering. Once the recipient of the message receives
the data, whatever virus security procedures are already in place by the user
are appropriate for detection. In the context of virus disbursal, a message with
an attachment can be viewed as no different than receiving a disk of data from
another user.

Additional query words: 3.00 3.00a 3.00b 3.20

======================================================================
Keywords          :  
Technology        : kbMailSearch kbZNotKeyword3 kbMailPCN320 kbMailPCN300 kbMailPCN300a kbMailPCN300b
Version           : WINDOWS:3.0,3.0a,3.0b,3.2

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.