Solved

Exclude EXE files in Lotus Notes

Posted on 2001-06-24
16
766 Views
Last Modified: 2013-12-18
Hi...
I need help.
My company email are flooded with viruses recently.
I am trying to exclude *.exe files from the email attachment.  Does anyone know how to get this work???
I am using the following:
Winnt 4.0 SP6
Lotus Notes R5.07
NAV for Lotus Notes.

Secondly, I have a ACL question. I have an existing 100+ Notes users, We are implementing the Webmail access for all the users. Thus, I have to replicate all their mailfile to the SMTP server. Unfortunately, most user do not have administrator ACL in their mailfile. I have problem replicating their mailfile because I do not have permission. Does anyone know how add Administrator ACL into their mailfile and how can I be default have administrator ACL when creating new user in future???

Rgds,
titans
0
Comment
Question by:desmondchoo
  • 6
  • 6
  • 2
  • +1
16 Comments
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6225096
There are few virus checking softwares for notes, it is a good practice to have one, check this out for more on s/w

http://www.lotus.com/products/domtools.nsf/webcat/SecurityAnti-Virus?OpenDocument

0
 
LVL 3

Expert Comment

by:Joep8020
ID: 6226889
You could also use lotusscript to remove attachments, but I think NAV should do pretty good.

Then the second part of your question.

To add an adminstrators group to the ACL, you simply mail everyone a memo containing button containing LotusScript.

This lotusscript adds the group Administrators to the ACL:

dim s as new notessession
dim db as notesdatabase
dim acl as notesacl
dim entry as notesaclentry

set db=s.CurrentDatabase
set acl=db.acl
set entry=acl.CreateACLEntry("Administrators", 6)
entry.IsGroup=true
call acl.Save


The second part of your question is actually very easy, simply change the Mail template your using, adding the name of you administrators group between square brackets (e.g. [Administrators]) with the proper access rights.

When a database is created from this template the brackets are removed.

Success.
0
 

Author Comment

by:desmondchoo
ID: 6227039
Hi Joep8020,
Thank you for your advise. I am very bad with Lotus script, anyway I will try.  Secondly, I have tried to add the [Admin Global] into the mail template, unfortunately, when I open the mail50.ntf, the ADD button was grey out, I cannot add the [Admin Global] into the ACL.  I tried to edit mail50.ntf locally and do a replication to all the servers. I was prompt with the following error "Server error: The specified name conflict with another database that you cannot delete SINMTA02/ABC". I am very confused about this Lotus Notes ACL.  
I also add this group into the administrator field and security (Access Server)of the server document in order for me to edit the server document, but it's still not working. Everytime I need to edit certain document, I have to change to Admin.id
It's very frustrating, can you please help... I really do know what went wrong....

Best regards,
Desmond Choo
0
 
LVL 3

Expert Comment

by:Joep8020
ID: 6227130
First problem is caused by the fact that you do not have enough access on the mail template on some or all of the servers. You could bypass this by accessing the databases locally (ie using the network filepath).

Second problem: Every document in the Address Book has a field called Administrators. This field is used to determine who can edit the document, so if you do not want to switch ids you'll have to add the group to all documents in the address book.
0
 
LVL 1

Expert Comment

by:oosterbaan
ID: 6227143
Hi Desmondchoo,

You have to check if the Admin Global groep is still in the ACL of the template. You have to have two entry's in the ACL containing the Admin Global groep, one entry with the brackets and one without the brackets. The one with the brackets will be the group that is transported to the new database while it is created and the other entry (whitout the brackets) are the rights to the template. I think that you forgot about the second entry. That is why the button is greyed-out.

And now about the virus...

Create a pre-delivering agent in the mail template (Before new mail arrives) and put this code in it.

Dim session As New NotesSession
Dim doc As NotesDocument
Dim rtitem As Variant
Dim p As Integer

Set doc = session.documentcontext
Set rtitem = doc.GetFirstItem("Body")
If (rtitem.Type = RICHTEXT) Then
Forall o In rtitem.EmbeddedObjects
If (o.Type = EMBED_ATTACHMENT) Then
p = Instr(1,o.Source,".exe",5)
If p > 0 Then
Call o.Remove
Call doc.Save(True, True)
End If
End If
End Forall
End If

This will remove the .exe attachments from any incoming mail.

Greetings,

Bob
0
 

Author Comment

by:desmondchoo
ID: 6230076
Hi Bob,
Thanks for the advise.
I have 2 servers. One of the server has [Admin Global] in the ACL. THe other server do not have any Admin Global group in the template ACL. I login with admin id to add the Admin Global group into the template ACL. but the ADD button is grey out. Is there any other alternative to add the Admin Global into all the template ACL??? Withour ACL, I cannot create the Agent to delete the exe attachement.

Rgds,
Desmond
0
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 6231435
Virus Scanner is not a bad idea I suppose ???
0
 

Author Comment

by:desmondchoo
ID: 6647035
Hi Bob,
Thank you for your script, I have tried the lotus and it's working. ut I have a few question, hope you can help.

Firstly, you script only delete the attachment, but the mail will still go through without any attachment. Is there anyway to insert a statement to inform the user that their attachment was deleted by the system policy???

How do I restrict additional file extension into the agent??? e.g mpg, avi etc etc.

And everytime I were to make some changes, I will have to goto every client workstation to replace the client mail template manually, rite?? Can I do it from the domino administrator or to replace the client mail template via domino console??

Thanks In Advance.

Desmond Choo
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Expert Comment

by:oosterbaan
ID: 6647052
Hi desmondchoo,

I few quick answer to some of your questions.

- The script I have send is not made by myself. I know a little about LotusScript and I will take a look to adjust it so it works for other extensions also.

- You don't have to goto every workstation to replace the design of the maildatabase. You can do this by refreshing the maildatabase design on the server by using the console.
When you enter LOAD DESIGN on the console, the server will refresh all the design on the server, so put the adjustments you have made to the maildatabase in the template and do a LOAD DESIGN.... All database will be refreshed...

I'll try to get back as soon as possible...

Greetings,

Bob
0
 

Author Comment

by:desmondchoo
ID: 6647088
THanks Bob...
Awaiting for your good news.
0
 
LVL 1

Expert Comment

by:oosterbaan
ID: 6648928
Hi desmondchoo

Here is the code that will remove more types of attachments. Take a good look at the code, and you can adjust it yourself for even more attachments. This code will remove two types of attachments:

Sub Initialize

Dim session As New NotesSession
Dim doc As NotesDocument
Dim rtitem As Variant
Dim p As Integer
Dim q As Integer
     
Set doc = session.documentcontext
Set rtitem = doc.GetFirstItem("Body")

If (rtitem.Type = RICHTEXT) Then
Forall o In rtitem.EmbeddedObjects
If (o.Type = EMBED_ATTACHMENT) Then
p = Instr(1,o.Source,".vbs",5)
q = Instr(1,o.Source,".mp3",5)
If p Or q > 0 Then
Call o.Remove
Call doc.Save(True, True)
End If
End If
End Forall
End If
End Sub

For each attachment you want to remove you need to define a variable (in this case p and q). You define these variable in the first lines of the code (Dim p As Integer)
After that you can insert the line:

p = Instr(1,o.Source,".vbs",5)

and adjust the variable "q" and the file extension ".vbs" in whatever you want...

Goodluck

Bob
0
 
LVL 1

Accepted Solution

by:
oosterbaan earned 100 total points
ID: 6648968
This is the complete code, that will also put a line of text in the body and in the subject of the message...

Sub Initialize
     
Dim session As New NotesSession
Dim doc As NotesDocument
Dim rtitem As Variant
Dim p As Integer
Dim q As Integer
     
Set doc = session.documentcontext
Set rtitem = doc.GetFirstItem("Body")
If (rtitem.Type = RICHTEXT) Then
Forall o In rtitem.EmbeddedObjects
If (o.Type = EMBED_ATTACHMENT) Then
p = Instr(1,o.Source,".vbs",5)
q = Instr(1,o.Source,".mp3",5)
If p Or q > 0 Then
Call o.Remove
Set itm=doc.ReplaceItemValue("Subject","Attachment has been removed by agent...")
Set itm=doc.ReplaceItemValue("Body","Also in the body of the message...")
Call doc.Save(True, True)
End If
End If
End Forall
End If
End Sub

Adjust it to your needs...

Greetings,

Bob
0
 

Author Comment

by:desmondchoo
ID: 6649488
Hi Bob...
I get a lot of error when I load the design after making changes. And there is also another error when I do a test to sent attachment.


11/22/2001 04:00:33 PM  Router: The New Mail Agent in mail\dchoo failed: Error validating user's agent execution access
11/22/2001 04:00:33 PM  Router: Message 002C56DF delivered to Desmond Choo/TTSPL


11/22/2001 03:56:28 PM  Warning: Cannot locate design template 'StdR46Disc'
used by 'Doc Library - Notes & Web (R4.6)'
11/22/2001 03:56:29 PM  Router: Message 002B75B8 transferred to SINMTA02/TT
for ROSBI@perodua.com.my via Notes
11/22/2001 03:56:32 PM  Warning: Cannot locate design template 'StdR46Disc'
used by 'Doc Library - Notes & Web (R4.6)'
11/22/2001 03:56:36 PM  Warning: Cannot locate design template 'StdR46Disc'
used by 'Doc Library - Notes & Web (R4.6)'
11/22/2001 03:56:40 PM  Warning: Cannot locate design template 'StdR46Disc'
used by 'Doc Library - Notes & Web (R4.6)'
11/22/2001 03:56:44 PM  Warning: Cannot locate design template 'StdR46Disc'
used by 'Doc Library - Notes & Web (R4.6)'
11/22/2001 03:56:48 PM  Warning: Cannot locate design template 'StdR46Disc'
used by 'Doc Library - Notes & Web (R4.6)'
11/22/2001 03:56:53 PM  Warning: Cannot locate design template
'StdR45WebNavigator' used by 'Server Web Navigator'
11/22/2001 03:56:57 PM  Warning: Cannot locate design note 'GS's People' in
'Domino Directory' template
11/22/2001 03:57:01 PM  Warning: Cannot locate design template 'StdR50Mail'
used by 'Mail (R5.0)'
11/22/2001 03:57:05 PM  Warning: Cannot locate design template 'StdR50Mail'
used by 'Satoshi Sase'
11/22/2001 03:57:09 PM  Warning: Cannot locate design template 'StdR50Mail'
used by 'SINNOT02 Stats/TTSPL'
11/22/2001 03:57:13 PM  Warning: Cannot locate design template 'Release Not
Working' used by 'Release Notes:Domino/Notes 4.6.2'
11/22/2001 03:57:17 PM  Warning: Cannot locate design template 'StdR50Mail'
used by 'Boon Siang Sim'
11/22/2001 03:57:22 PM  Database Designer shutdown
>
>
>
Regards,
Desmond
0
 
LVL 1

Expert Comment

by:oosterbaan
ID: 6650554
Hi Desmond,

I can't explain the "validation" error in your mail agent right now, but the other errors are explainable. When you do a load design, all the databases on the servers will be checked against their template they are created with. The databases you see in the log, can't find there "parent" template anymore, so that's the reason why you get these messages....

Greetings,

Bob
0
 

Author Comment

by:desmondchoo
ID: 6651966
Hi bob,
I have test run the agent and I have the following report

'CN=Administrator/O=TTSPL' passed Personal Restrictions test on 'CN=Administrator/O=TTSPL'.
Agent will not run. LotusScript/Java Restrictions on 'CN=Administrator/O=TTSPL' do not contain 'CN=Administrator/O=TTSPL'.
Unable to reach home mail server for 'CN=Administrator/O=TTSPL' to determine agent execution rights.

There is another error message on another server
11/26/2001 01:02:57 PM  Addin: Agent 'Delete Attachments' error message: Type
mismatch
11/26/2001 01:02:57 PM  Addin: Agent 'Delete Attachments' error message: Type
mismatch


I cannot find any information from Lotus KB...
Do you know any solution for this error??

Best regards,
Desmond Choo
0
 
LVL 1

Expert Comment

by:oosterbaan
ID: 6654587
Hi desmondchoo,

You have to check the serverdocument. There's a section that will allow people or groups or servers to run restricted agents....It seems that you are not in there....

Open the adminclient:

Goto the serverdocuments -> security tab

In there is a section called Agent restrictions...

Goodluck

Greetings,

Bob

 
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now