No more HTML in Outlook?

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 11/29/01

Message-ID:  <>
Date:         Thu, 29 Nov 2001 13:27:00 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
Subject:      No more HTML in Outlook?

I've written a small COM Add-in that prevents HTML from being potentially
malicious in Outlook. I'm intending on making this available to the public
for free.

On Outlook 2000 - Converts inbound HTML messages into RTF, all HTML tags
removed. HTML is lost, message format is now RTF.

On Outlook 2002 - Converts inbound HTML messages into Plain Text, text only.
HTML is lost, message format is now Plain Text.

The Add-in also turns off the Preview Pane if its on, or if its turned on
(regardless of how its turned on).

I can probably make this work for Outlook 98 also.

I need some testers who are willing to try this on their systems, preferably
in environments which might get scripted HTML messages put through.

I'd really appreciate hearing from anyone capable of figuring out how to do
an Exchange Server-based form, with automatic actions, that can be pushed
out to all connected clients automatically (the preferred deployment

Send me an email before 2:30pm Thursday, November 29, 2001 to get a copy of
the beta. Include details on the system you're going to test it on, software
versions, mail server type, etc... (for my records during testing, not to be
shared with anyone else). I'm hoping to get a hundred or so folks in the
next hour (out of 35,000, I hope its not too hard).

If you have any thoughts about what else it might do to protect against
inbound malicious email, drop me a note.

Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Delivery co-sponsored by Trend Micro, Inc.
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy: