A colleague just forwarded the following to me from the NTBugTraq Mailing list. A very good reason to run a spam service like Simple Filter that doesn't require any software install and certainly isn't affected by this nonsense:
| Date: |
Thu, 11 Mar 2004 19:28:55 -0500 |
| Reply-To: |
Windows NTBugtraq Mailing List <NTBUGTRAQ:nospam.LISTSERV.NTBUGTRAQ.COM> |
| Sender: |
Windows NTBugtraq Mailing List <NTBUGTRAQ:nospam.LISTSERV.NTBUGTRAQ.COM> |
| From: |
Mark Medici <mark:nospam.DBMA.COM> |
| Subject: |
Re: Office XP SP3 breaks 3rd-party junk email filter |
I have now received over two dozen reports that Office XP SP3 breaks at least two well-known junk email filtering products.
Everyone whom reported the problem has installed the full SP3, as opposed to the individual Outlook XP/2002 update. That is NOT to say the individual update is safe, just that nobody has reported just installing the individual update.
Sunbelt Software's "iHateSpam" is affected. The vendor is aware of the problem and is working on a solution.
Cloudmark "Spamnet" is also affected. The vendor is aware of the problem and is working on a solution.
Two suggested work-arounds are:
1. If using Windows XP, perform a System Restore to a restore point prior to installing Office XP SP3. Of
course, you will loose the security benefits of the service pack.
2. You can try "Express ClickYes" from: http://www.express-soft.com/mailmate/clickyes.html, which is supposed to automatically dismiss the Security Warning dialog, but I have no reports of anyone experimenting with this software, and cannot vouch for its integrity or effectiveness.
I have two reports that the open-source SpamBayes is not adversely affected by the installation of Office XP SP3.
Server-based email filters are not affected. What appears to be happening is that certain junk email filters access the Outlook contacts folder (address list) to see if the incoming email's sender is known, as a supplement to the software's whitelist. Apparently part of the update is protection of the contacts folder to prevent email worms from harvesting addresses for use when they try to send out copies of themselves. It Seems that SpamBayes does not use the existing contacts, or at least does not do so on a message-by-message basis.
I just setup a test system. Hopefully, I'll be able to narrow-down the circumstances tomorrow.
=Online
=Offline