This trick is mostly useful but can also be used for wrong purposes. Since it is so simple, it’s probably already known for some people. If someone sends you a file through OWA but the file is blocked by a policy, this is what you can do: 1-Install firefox 2-Access your email and attachment with the following rule: http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename> E.g.: http://webmail.example.com/Exchange/myusername/Inbox/virus.EML/virus.zip The best way is to try in following order: 1- http://<hostname>/<OWA directory>/<mail box username>/Inbox – you see all your emails 2- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML – you see only your email with the blocked files 3- http://<hostname>/<OWA directory>/<mail box username>/Inbox/<email subject>.EML/<attachment filename> – you download the file The actual address could be different for a couple of reasons. Try to check the attachment URL and use it like shown above. This can also be exploited through a malicious email with a link inside pointing to the malware directly. Server environment: Exchange/ OWA 2003 6.5.76* Client environment: firefox 3.0.15 Ricardo Martins CISA, ISO 27001/20000 LA Compliance & Consulting Manager Tel: +351 210 111 616 Fax: +351 210 111 618 www.cso.pt info@xxxxxx ______________________________ Chief Security Officers, SA. Edificio Infante D. Henrique Rua João Chagas, 53 - 1º Esq. 1495-764 Dafundo Portugal empresa do grupo Art of Knowledge Pense no Ambiente antes de imprimir / Consider the Environment before printing
