|
 |
 |
| |
Advansys Formativ gives you the power to
make GroupWise work the way you want! To help you understand what is possible
with Formativ, read on for an insight into a particular solution and how it can
help you. We discuss how it works and offer some suggestions for extending its
functionality even further.
Featured Solution:
Virus
Alert
|
|
| |
How does this applet benefit me?
Apart from
malicious software writers, everyone loathes email viruses. It is well known
that virus attacks cost businesses and individuals vast amounts of money and
time. How common is the following scenario? A user unwittingly opens an
infected email attachment, carried by a message which comes from a known party
and, if there is no virus protection or the anti-virus software does not detect
the particular variant, disaster strikes! It stands to reason that we should
take all steps to avoid these destructive, unwanted intrusions.
There
are many ways to help protect your email system. Ideally you should install
good, GroupWise GWIA based anti-virus software. In addition, you may wish to
have some desktop anti-virus software which allows you to do manual virus
checks of attachments, such as a password protected ZIP file attachment
containing executable software.
A common technique for a virus writers
is to propagate the virus by sending to all addresses in an Outlook address
book. If your email address happens to be in that Outlook address book, more
often than not you will receive an infected email attachment. As the email is
from an email address that you may know or perhaps even trust, which is what
the virus writers hope, you may unconsciously open the attachment before
realizing the potential danger.
The Virus Alert applet provides
an additional level of awareness for email which has the capacity to carry
viruses. As the most common viruses and worms are sent via executable message
attachments, this applet checks all your incoming mail messages for a range of
executable attachments. While this applet is not a virus scanner, and
should not be used a substitute for one. By alerting the user to the potential
danger, this applet provides another level of protection against destructive
and wasteful virus attacks.
Download
The Virus
Alert applet can be downloaded from the Formativ Solutions Download page
 .
How does it work?
Virus
Alert scans all unread email when you first start your GroupWise client and
then subsequently only scans new email received into your MailBox. The applet
works behind the scenes and requires no user intervention.
The Virus
Alert works on the principle of checking the attachment extensions to
determine if it is an executable. It checks for the following file extensions:
- ".exe"
- ".com"
- ".bat"
- ".vbe"
- ".vbs"
- ".pif"
- ".mtx"
- ".scr"
- ".x-wav"
When an email is received while your client is
running, if an attachment file is found to include one of these extensions, the
applet deletes it (into the Trash folder) and sends a high priority
message to the user providing details on the email which was trashed and why
(see Figures 1 and 2 below). If the trashed email appears to be one that you
may wish to read, you can then recover the message from the Trash (undelete)
and use a virus scanner, such as Norton AntiVirus etc., to scan it for
viruses.
|
|
 |
| Figure 1 - An example alert message sent by Virus
Alert. |
 |
| Figure 2 - Example text from a Virus Alert warning
message. |
| Integrating with GroupWise |
| |
One of Formativ's key strengths is its ability to execute
applets, with point and click simplicity, from just about any toolbar, menu or
event in GroupWise - and absolutely no programming is required!
The
Virus Alert applet is integrated with the GroupWise client On
startup and On message arrival events, which is indicated below in
the Formativ integrations tab (see Figure 3). The On startup event runs
the applet once when you start GroupWise, while the On message arrival
event will run the applet when each new message is received into your
Mailbox. The check box at the bottom of the dialog indicates that the applet
will appear on the Formativ Run menu, which can be found under the main Applets
menu.
 |
| Figure
3 - Formativ Integrations |
Take a look at the Formativ User's Guide to
see just how easy it is to integrate applets with GroupWise.
|
|
Applet operation
When Virus Alert
first runs, it scans all messages in your Mailbox. It then creates an
empty text file called ADV_CheckOnce.ol, the existence of which is
subsequently checked to allow the scan mode to be changed to scan only new
(unread) messages upon GroupWise startup. Due to the On message
arrival integration, the applet also runs when a new message arrives in
your Mailbox.
When a suspect attachment is found within an email, a) the
email is deleted and placed in the Trash folder by GroupWise and, b) a
message specifying which email was deleted is automatically sent to the current
user.
Virus Alert does not have a user interface component, apart
from the progress dialog which displays when processing a number of messages
upon GroupWise startup.
Techniques
Load file
extension list
The first function that the applet performs is to
load all the common file extensions into a String List object. This is
performed by the CommonVirusFiles subroutine, containing a series of
StringList.Add(".extension") commands, which add each unique extension
to the list. You can extend the number of file attachments checked by simply
adding another StringList.Add(".extension")command, where
".extension" is the three character extension name (i.e. such as
".exe").
First run check
To allow Virus Alert to
scan your whole Mailbox when it is first run, but only once, a simple file
checking mechanism is used. If the file ADV_CheckOnce.ol already exists
in the default Formativ Data folder, the applet knows that it should run the
CheckNewMessages function, which only checks new (unread) Mailbox
messages. If the file does not exist, the applet assumes that it is running for
the first time and checks all (read and unread)Mailbox messages and then
creates the ADV_CheckOnce.ol file.
Finding the messages to
process with a GroupWise Filter
The GroupWise Find facility, which
is a powerful feature of the GroupWise APIs, is the method used to determine
which messages will be checked by Virus Alert. When the applet is first
run, the filter find parameters (sFilter) are set to sFilter =
("(MAIL)AND(BOX_TYPE = INCOMING)"), which is passed to the
GroupWise.Account.MailBox.FindMessages(sFilter) find function. All
existing incoming messages in the Mailbox will be returned by this filter,
whether already read or unread. When the find function completes, messages
which match the find parameters are available in the MailBoxObj object,
which is processed by subsequent functions, such as
CheckAllInboxMessages.
When the applet is run for the
second time, the find parameters used in the CheckNewMessages
function are sFilter = ("(MAIL)AND(BOX_TYPE = INCOMING)AND(NOT READ)").
This means that only incoming, unread Mailbox messages will be placed in
the results set.
Checking the message attachments
The
CheckAttachments function cycles through each message returned by the
GroupWise find function. For each message it calls VirusCheck, which
scans the message attachment filenames for the file extensions stored in the
StringList object. If VirusCheck finds one of these extensions anywhere
within the message's attachment name(s), by using the InStr function, it
returns TRUE to the CheckAttachments function.
Sending
the Alert Email
When TRUE is returned to the
CheckAttachments function, the SendAlertMail function is
activated, which subsequently creates and sends the alert message to the user
and deletes (into the GroupWise Trash folder) the Mailbox message which has the
potential to carry a virus. |
|
While this is a relatively simple applet, you could
extend or modify it in a number of ways, some of which are outlined
below.
Instead of deleting the suspect message, you could create a new
GroupWise folder and move the message from the Mailbox to the new
folder.
You may also be able to integrate with virus scanner software
which does not already integrate natively with GroupWise. When the applet finds
a suspect message, instead of just deleting or moving the message, you could
save the attachments into a special folder on your workstation and, at the end
of the applet scanning process, automatically initiate the virus software to
scan all contents of the folder.
In addition to the email, you could
also add different alerts, such as playing a sound or Wave file when a suspect
attachment is found. |
|
Download
The Virus Alert applet can
be downloaded from the Formativ Solutions Download page
.
Installation
The applet should be
copied to the Formativ local applets folder, the default being c:\program
files\advansys\formativ\local\ (select Yes to replace the existing applet of
the same name... see the note below) and then
restart the GroupWise client.
Distribution
For personal
use, the installation procedure described above is sufficient. To share the
same applet easily, you may also install Formativ Admin or Formativ Client so
that the Local applets folder points to a shared network folder. This is useful
for users, perhaps within a particular department, who wish to run the same
applets. For fast, flexible and secure distribution at a corporate level, it is
recommended that network and GroupWise administrators implement Formativ's
eDirectory capabilities.
Note on
disabling/enabling applet integrations
The Virus Alert applet
is shipped with Formativ Admin, although its integrations are disabled. When an
applet's integrations are disabled, it will not appear on the Formativ Run,
Favorites, or any other GroupWise menu, nor on any toolbar. The applet cannot
be triggered by any integrated GroupWise client event, such as On Message
Arrival, On Open or On Send. However, the applet can be executed manually
within FormativCentral (F5 or Run button).
The download version of the
Virus Alert applet (from the download link above) has its integrations
already enabled. The applet can be installed as described above without any
further actions required (apart from restarting the GroupWise
client).
To enable an applet which installs with Formativ, start
FormativCentral, highlight the applet name on the left hand side of the screen
under My Applets, then deselect the option Disable these integrations
in GroupWise. |
|
If you have any questions on this applet or you have a
need for a different applet, feel free to post a question or comment in the
Advansys Formativ Support Forums by clicking on the following
link:
Developing
Solutions with Formativ
|
|
|
|
