After my little episode of having my home PC infected by my wife with the Bagle virus I thought I would look into some freeware/shareware utilities that remove untrustworthy attachments (i.e. .exe, .com, .pif, .bat, .vbs, etc.) from Outlook Express. (Note: I had the latest anti-virus definitions installed, but the virus writers are always a step ahead, so best to just block certain file types if at all possible)
I found one shareware called Outlook Express Quick Tools (OE Quick Tools for short) for $29.95 that lets you remove attachments, but it's unclear if you have to manually remove them or not. I think iit just removes attachments of all kinds just to reduce the size of your Outlook Express database. I don't think it proactively blocks unsafe attachments.
Fortunately, I found some info on Microsoft's website. They recommend enabling the attachment blocking feature in Outlook Express.
To enable Outlook Express 6 extension blocking, click on Tools, then select Options. In the options dialog box, select the Security tab, and click the checkbox for "Do not allow attachments to be saved or opened that could potentially be a virus". You can also check the box marked "Warn me when other applications try to send mail as me".
Of course, I then remembered that I actually DID enable attachment blocking, but then my wife complained she couldn't open important attachments, so I had to disable it. Thanks Microsoft for such a wonderful feature! Damned if you do and damned if you don't. Why don't they just let you pick which file types to allow and which ones to block? sheesh!
I know Outlook (not Outlook Express) lets you block certain attachments while letting others through. I guess I need to switch my wife over to using Outlook instead.
I also read on Microsoft KB83738, that you can edit the registry to allow/disallow certain extensions in Outlook. Unfortunately, these regedit changes only work on Outlook and not Outlook Express. oy!
Basically, you perform the following steps to block certain file extension:
1) Click Start, click Run, type regedit, and then click OK.
2) Locate and then click the following key in the registry: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
3) On the Edit menu, point to New, and then click String Value.
4) Type Level1Add, and then press ENTER.
5) On the Edit menu, click Modify.
6) Type <file_name_extensions>, and then click OK.
Where file_name_extensions is a list of the attachment file name extensions, and each attachment file name extension is separated by a semicolon.
On the flip side if you want to allow certain attachments, you should check out this Slipstick link which details some utilities to enable certain file types in Outlook.
Moral of the story: Outlook Express sucks. But I knew that already.
Time to go try Mozilla's Thunderbird 0.7 ...