Article ID: 313404
Article Last Modified on 12/3/2007
APPLIES TO
- Microsoft Exchange Server 2003 Enterprise Edition
- Microsoft Exchange Server 2003 Standard Edition
- Microsoft Exchange 2000 Server Standard Edition
- Microsoft Windows Small Business Server 2003 Premium Edition
- Microsoft Windows Small Business Server 2003 Standard Edition
This article was previously published under Q313404
SUMMARY
This step-by-step article describes how to extend the Simple Mail Transport Protocol (SMTP) Service by means of a transport event sink. The Microsoft Visual Basic, Scripting Edition (VBScript), code checks incoming SMTP messages for a subject line that contains the word "virus" and for attachments that have a .vbs extension. In both cases, delivery of suspicious messages is blocked.
back to the top
Register a transport event sink for the SMTP Service
- Start Windows Explorer.
- Create a new folder called EventSink under the root directory C (C:\EventSink).
- Copy the file Smtpreg.vbs from the Exchange Software Developers Kit into the newly created folder.
- In Windows Explorer, open the C:\EventSink folder, right-click the left pane, point to New, and then click Text Document.
- Name the new file Smtpmsgcheck.vbs. If a Rename dialog box appears, click Yes.
Right-click the new file, and then click Edit. In the text editor (Notepad.exe), enter the following VBScript code:
<SCRIPT LANGUAGE="VBScript"> Sub IEventIsCacheable_IsCacheable() 'To implement the interface, and return S_OK implicitly End Sub Sub ISMTPOnArrival_OnArrival(ByVal Msg, EventStatus) Dim envFlds Dim colAttachs Dim iFound Set envFlds = Msg.EnvelopeFields If Msg.Subject = "" Or Len(Msg.Subject) < 5 Then iFound = 0 Else iFound = Instr(1, Msg.Subject, "VIRUS", 1) ' First position of the word VIRUS End If 'Check whether the message contains a VBS attachment Set colAttachs = Msg.Attachments For Each oAttach in colAttachs If InStrRev(oAttach.FileName, ".vbs",-1, 1) = (Len(oAttach.FileName)-3) Then iFound = 1 End If Next If iFound > 0 Then 'Do not deliver, place message in the Badmail directory. envFlds ("http://schemas.microsoft.com/cdo/smtpenvelope/messagestatus") = 3 envFlds.Update 'Commit the changes of the message status 'Skip remain event sinks EventStatus = 1 End If End Sub </SCRIPT>
- Save the changes, and then close Notepad.
Create another text file, name the file Instsink.bat, right-click the file, and then click Edit. In Notepad, enter the following lines:
@Echo Off REM*********** The following 2 lines install the Event Sink to log SMTP Messages *********** Cscript smtpreg.vbs /add 1 onarrival SMTPMessageCheck CDO.SS_SMTPOnArrivalSink "mail from=*" Cscript smtpreg.vbs /setprop 1 onarrival SMTPMessageCheck Sink ScriptName "C:\EventSink\SMTPMsgCheck.vbs" REM ***** Remove the 'REM' tag from the following line ***** REM ***** If you want to deinstall the Event Sink again ***** REM cscript smtpreg.vbs /remove 1 onarrival SMTPMessageCheck
- Save the changes, and then close Notepad.
- Click Start, click Run, type cmd, and then click OK to start the Windows 2000 command prompt. Type cd \EventSink to change to the C:\EventSink folder.
- Type instsink.bat, and then press ENTER to execute the batch file and register the EventSink sample to log messages. Verify that the event sink is registered properly, and then type exit and press ENTER to quit the command prompt.
- Click Start, click Programs, click Microsoft Exchange, and then click System Manager.
- Click Servers, expand your server, click SMTP, and then restart the Default SMTP Virtual Server.
- Test the transport event sink by using Telnet.
Keywords: kbhowtomaster KB313404