Microsoft KB Archive/273882

= INFO: OL98: Developer Information About the CDO E-mail Security Update =

Article ID: 273882

Article Last Modified on 3/4/2004

-

APPLIES TO


 * Microsoft Collaboration Data Objects 1.2
 * Microsoft Collaboration Data Objects 1.21
 * Microsoft Outlook 98 Standard Edition

-



This article was previously published under Q273882



SUMMARY
This article provides information for developers, solution providers, and independent software vendors (ISVs) about the Outlook 98 Collaboration Data Objects (CDO) E-mail Security Update that was released on September 20, 2000.

The CDO E-mail Security Update provides a higher level of security against viruses that spread through e-mail. If you have an application that uses the CDO 1.2 (or 1.21) library, Microsoft recommends that you become familiar with the changes that the security update makes to the library, so that you can determine how those changes may affect your solution.

NOTE: If you are using Outlook 2000, you should use the Outlook 2000 CDO E-mail Security Update. For more information, click the article number below to view the article in the Microsoft Knowledge Base:

268372 INFO: OL2000: Developer Information About the CDO E-mail Security Update



MORE INFORMATION
Before you install the CDO E-mail Security Update on an Outlook 98 computer, you must first install the Outlook 98 E-mail Security Update. For detailed information on installation of the Outlook 98 CDO E-mail Security Update, see the following article in the Microsoft Knowledge Base:

268462 OL98: Information About the CDO E-mail Security Update

By default, Outlook 98 installs the CDO 1.2 version of the CDO library. However, if you choose to install the CDO E-mail Security Update, the CDO 1.2 library is updated to the CDO 1.21 library (with Security Update applied).

The CDO E-mail Security Update Should Not Be Applied to Servers
The CDO E-mail Security Update is designed specifically for client safety. Microsoft recommends that you do not apply the update to Microsoft Exchange Server-side versions of the CDO library because this may severely impact both standard and custom server programs, including Outlook Web Access. The update should also not be applied to Internet Information Servers (IIS) that run Active Server Pages (ASP) applications that use the CDO 1.2 (or CDO 1.21) library.

How to Customize the Restrictions of the CDO E-mail Security Update
If you are using Microsoft Exchange Server, you can customize the behavior of the CDO E-mail Security Update in your organization. For additional information about customizing the settings, click the article number below to view the article in the Microsoft Knowledge Base:

263296 Administrator Information About the Outlook E-mail Security Update

Sending Mail
When a CDO 1.21 application calls the Send method of a Message object or a MeetingItem object, a dialog box informs the user that a program is trying to send mail on their behalf, and asks if the message should be sent. If the user clicks No, the Send method returns the following error message:

Collaboration Data Objects-[E_ACCESSDENIED(80070005)]

Accessing Certain MAPI Properties Associated with a Message Object That Exists Under a MAPI Folder
When a CDO 1.21 application uses a Fields collection object to access Messaging Application Program Interface (MAPI) properties that are associated with an existing Message item, a dialog box informs the user that a program is trying to access e-mail addresses that are stored in Outlook, and asks if they wish to allow this access. If the user clicks No, the Send method returns the following error message:

Collaboration Data Objects-[E_ACCESSDENIED(80070005)]

The following MAPI properties are affected:

PR_SENT_REPRESENTING_ENTRYID PR_SENT_REPRESENTING_SEARCH_KEY PR_SENT_REPRESENTING_NAME PR_SENT_REPRESENTING_ADDRTYPE PR_SENT_REPRESENTING_EMAIL_ADDRESS PR_SENDER_ENTRYID PR_SENDER_SEARCH_KEY PR_SENDER_NAME PR_SENDER_ADDRTYPE PR_SENDER_EMAIL_ADDRESS PR_DISPLAY_TO PR_DISPLAY_CC PR_DISPLAY_BCC PR_ORIGINAL_DISPLAY_TO PR_ORIGINAL_DISPLAY_CC PR_ORIGINAL_DISPLAY_BCC

Accessing the Items Under a Contacts Folder
When a CDO 1.21 application accesses the Messages collection object of a Contacts folder, the dialog box described just above (for MAPI properties) appears.

Manipulating Recipients or AddressEntries Collections
CDO 1.21 also displays the dialog box described just above under the following scenarios:  When the Recipients collection is invoked for actions that involve reading the recipients of an e-mail message.  When the AddressEntries collection is called to reach an AddressEntry within the collection. For example: objRecipientCollection.Item(index) objAddressEntriesCollection.Item(index)  When, to create an outbound message, the Resolve method is called on newly populated Recipients collection.

Handling Attachments
When you use the Attachments collection object of a Message object to retrieve each attachment in the collection, CDO 1.21 does not return &quot;unsafe&quot; (Level 1 Security) file attachments in the collection. For a list of Level 1 Security files, see the following article in the Microsoft Knowledge Base:

262617 OL98: Information About the Outlook E-mail Security Update

Although unsafe attachments are not physically deleted from disk, CDO 1.21 is unaware of their existence. For instance, the Count property of the Attachments object returns the number of attachments excluding all unsafe attachments.

Additional query words: ol98

Keywords: kbinfo kbmsg KB273882

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.