INFO: OL98: Developer Information About the CDO E-mail Security Update (273882)


The information in this article applies to:

  • Collaboration Data Objects (CDO) 1.2
  • Collaboration Data Objects (CDO) 1.21
  • Microsoft Outlook 98
This article was previously published under Q273882

SUMMARY

This article provides information for developers, solution providers, and independent software vendors (ISVs) about the Outlook 98 Collaboration Data Objects (CDO) E-mail Security Update that was released on September 20, 2000.

The CDO E-mail Security Update provides a higher level of security against viruses that spread through e-mail. If you have an application that uses the CDO 1.2 (or 1.21) library, Microsoft recommends that you become familiar with the changes that the security update makes to the library, so that you can determine how those changes may affect your solution.

NOTE: If you are using Outlook 2000, you should use the Outlook 2000 CDO E-mail Security Update. For more information, click the article number below to view the article in the Microsoft Knowledge Base:

268372 INFO: OL2000: Developer Information About the CDO E-mail Security Update

MORE INFORMATION

Before you install the CDO E-mail Security Update on an Outlook 98 computer, you must first install the Outlook 98 E-mail Security Update. For detailed information on installation of the Outlook 98 CDO E-mail Security Update, see the following article in the Microsoft Knowledge Base:

268462 OL98: Information About the CDO E-mail Security Update

By default, Outlook 98 installs the CDO 1.2 version of the CDO library. However, if you choose to install the CDO E-mail Security Update, the CDO 1.2 library is updated to the CDO 1.21 library (with Security Update applied).

The CDO E-mail Security Update Should Not Be Applied to Servers

The CDO E-mail Security Update is designed specifically for client safety. Microsoft recommends that you do not apply the update to Microsoft Exchange Server-side versions of the CDO library because this may severely impact both standard and custom server programs, including Outlook Web Access. The update should also not be applied to Internet Information Servers (IIS) that run Active Server Pages (ASP) applications that use the CDO 1.2 (or CDO 1.21) library.

How to Customize the Restrictions of the CDO E-mail Security Update

If you are using Microsoft Exchange Server, you can customize the behavior of the CDO E-mail Security Update in your organization. For additional information about customizing the settings, click the article number below to view the article in the Microsoft Knowledge Base:

263296 Administrator Information About the Outlook E-mail Security Update

Changes to the CDO 1.21 Object Model

Sending Mail

When a CDO 1.21 application calls the Send method of a Message object or a MeetingItem object, a dialog box informs the user that a program is trying to send mail on their behalf, and asks if the message should be sent. If the user clicks No, the Send method returns the following error message:
Collaboration Data Objects-[E_ACCESSDENIED(80070005)]

Accessing Certain MAPI Properties Associated with a Message Object That Exists Under a MAPI Folder

When a CDO 1.21 application uses a Fields collection object to access Messaging Application Program Interface (MAPI) properties that are associated with an existing Message item, a dialog box informs the user that a program is trying to access e-mail addresses that are stored in Outlook, and asks if they wish to allow this access. If the user clicks No, the Send method returns the following error message:
Collaboration Data Objects-[E_ACCESSDENIED(80070005)]
The following MAPI properties are affected: 

PR_SENT_REPRESENTING_ENTRYID
PR_SENT_REPRESENTING_SEARCH_KEY
PR_SENT_REPRESENTING_NAME
PR_SENT_REPRESENTING_ADDRTYPE
PR_SENT_REPRESENTING_EMAIL_ADDRESS
  
PR_SENDER_ENTRYID
PR_SENDER_SEARCH_KEY
PR_SENDER_NAME
PR_SENDER_ADDRTYPE
PR_SENDER_EMAIL_ADDRESS
  
PR_DISPLAY_TO
PR_DISPLAY_CC
PR_DISPLAY_BCC
  
PR_ORIGINAL_DISPLAY_TO
PR_ORIGINAL_DISPLAY_CC
PR_ORIGINAL_DISPLAY_BCC

Accessing the Items Under a Contacts Folder

When a CDO 1.21 application accesses the Messages collection object of a Contacts folder, the dialog box described just above (for MAPI properties) appears.

Manipulating Recipients or AddressEntries Collections

CDO 1.21 also displays the dialog box described just above under the following scenarios:
  • When the Recipients collection is invoked for actions that involve reading the recipients of an e-mail message.
  • When the AddressEntries collection is called to reach an AddressEntry within the collection. For example:
    objRecipientCollection.Item(index)
objAddressEntriesCollection.Item(index)
  • When, to create an outbound message, the Resolve method is called on newly populated Recipients collection.

Handling Attachments

When you use the Attachments collection object of a Message object to retrieve each attachment in the collection, CDO 1.21 does not return "unsafe" (Level 1 Security) file attachments in the collection. For a list of Level 1 Security files, see the following article in the Microsoft Knowledge Base:

262617 OL98: Information About the Outlook E-mail Security Update

Although unsafe attachments are not physically deleted from disk, CDO 1.21 is unaware of their existence. For instance, the Count property of the Attachments object returns the number of attachments excluding all unsafe attachments.
Modification Type:MinorLast Reviewed:3/4/2004
Keywords:kbinfo kbMsg KB273882
©2004 Microsoft Corporation. All rights reserved.