Novell is now a part of Micro Focus

Applet Focus: Formativ Virus Alert

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 21 Mar 2002

Current version: GroupWise 6

Advansys Formativ gives you the power to make GroupWise work the way you want! To help you understand what is possible with Formativ, read on for an insight into a particular solution and how it can help you. We discuss how it works and offer some suggestions for extending its functionality even further. Bookmark this page now!

Virus Alert

How does this applet benefit me?

Apart from malicious software writers, everyone loathes e-mail viruses. It is well known that virus attacks cost businesses and individuals vast amounts of money and time. How common is the following scenario? A user unwittingly opens an infected e-mail attachment, carried by a message which comes from a known party and, if there is no virus protection or the anti-virus software does not detect the particular variant, disaster strikes! It stands to reason that we should take all steps to avoid these destructive, unwanted intrusions.

There are many ways to help protect your e-mail system. Ideally you should install good, GroupWise GWIA based anti-virus software. In addition, you may wish to have some desktop anti-virus software which allows you to do manual virus checks of attachments, such as a password protected ZIP file attachment containing executable software.

A common technique for a virus writers is to propagate the virus by sending to all addresses in an Outlook address book. If your e-mail address happens to be in that Outlook address book, more often than not you will receive an infected e-mail attachment. As the e-mail is from an e-mail address that you may know or perhaps even trust, which is what the virus writers hope, you may unconsciously open the attachment before realizing the potential danger.

The Virus Alert applet provides an additional level of awareness for e-mail which has the capacity to carry viruses. As the most common viruses and worms are sent via executable message attachments, this applet checks all your incoming mail messages for a range of executable attachments. While this applet is not a virus scanner, and should not be used a substitute for one. By alerting the user to the potential danger, this applet provides another level of protection against destructive and wasteful virus attacks.


The Virus Alert applet can be downloaded from here.

How does it work?

Virus Alert scans all unread e-mail when you first start your GroupWise client and then subsequently only scans new e-mail received into your MailBox. The applet works behind the scenes and requires no user intervention.

The Virus Alert works on the principle of checking the attachment extensions to determine if it is an executable. It checks for the following file extensions:

  • ".exe"
  • ".com"
  • ".bat"
  • ".vbe"
  • ".vbs"
  • ".pif"
  • ".mtx"
  • ".scr"
  • ".x-wav"

When an e-mail is received while your client is running, if an attachment file is found to include one of these extensions, the applet deletes it (into the Trash folder) and sends a high priority message to the user providing details on the e-mail which was trashed and why (see Figures 1 and 2 below). If the trashed e-mail appears to be one that you may wish to read, you can then recover the message from the Trash (undelete) and use a virus scanner, such as Norton AntiVirus etc., to scan it for viruses.

Figure 1 - An example alert message sent by Virus Alert.

Figure 2 - Example text from a Virus Alert warning message.

Integrating with GroupWise

One of Formativ's key strengths is its ability to execute applets, with point and click simplicity, from just about any toolbar, menu or event in GroupWise - and absolutely no programming is required!

The Virus Alert applet is integrated with the GroupWise client On startup and On message arrival events, which is indicated below in the Formativ integrations tab (see Figure 3). The On startup event runs the applet once when you start GroupWise, while the On message arrival event will run the applet when each new message is received into your Mailbox. The check box at the bottom of the dialog indicates that the applet will appear on the Formativ Run menu, which can be found under the main Applets menu.

Figure 3 - Formativ Integrations

Take a look at the Formativ User's Guide to see just how easy it is to integrate applets with GroupWise.

Under the Hood

Applet operation

When Virus Alert first runs, it scans all messages in your Mailbox. It then creates an empty text file called ADV_CheckOnce.ol, the existence of which is subsequently checked to allow the scan mode to be changed to scan only new (unread) messages upon GroupWise startup. Due to the On message arrival integration, the applet also runs when a new message arrives in your Mailbox.

When a suspect attachment is found within an e-mail, a) the e-mail is deleted and placed in the Trash folder by GroupWise and, b) a message specifying which e-mail was deleted is automatically sent to the current user.

Virus Alert does not have a user interface component, apart from the progress dialog which displays when processing a number of messages upon GroupWise startup.


Load file extension list

The first function that the applet performs is to load all the common file extensions into a String List object. This is performed by the CommonVirusFiles subroutine, containing a series of StringList.Add(".extension") commands, which add each unique extension to the list. You can extend the number of file attachments checked by simply adding another StringList.Add(".extension")command, where ".extension" is the three character extension name (i.e. such as ".exe").

First run check

To allow Virus Alert to scan your whole Mailbox when it is first run, but only once, a simple file checking mechanism is used. If the file ADV_CheckOnce.ol already exists in the default Formativ Data folder, the applet knows that it should run the CheckNewMessages function, which only checks new (unread) Mailbox messages. If the file does not exist, the applet assumes that it is running for the first time and checks all (read and unread)Mailbox messages and then creates the ADV_CheckOnce.ol file.

Finding the messages to process with a GroupWise Filter

The GroupWise Find facility, which is a powerful feature of the GroupWise APIs, is the method used to determine which messages will be checked by Virus Alert. When the applet is first run, the filter find parameters (sFilter) are set to sFilter = ("(MAIL)AND(BOX_TYPE = INCOMING)"), which is passed to the GroupWise.Account.MailBox.FindMessages(sFilter) find function. All existing incoming messages in the Mailbox will be returned by this filter, whether already read or unread. When the find function completes, messages which match the find parameters are available in the MailBoxObj object, which is processed by subsequent functions, such as CheckAllInboxMessages.

When the applet is run for the second time, the find parameters used in the CheckNewMessages function are sFilter = ("(MAIL)AND(BOX_TYPE = INCOMING)AND(NOT READ)"). This means that only incoming, unread Mailbox messages will be placed in the results set.

Checking the message attachments

The CheckAttachments function cycles through each message returned by the GroupWise find function. For each message it calls VirusCheck, which scans the message attachment filenames for the file extensions stored in the StringList object. If VirusCheck finds one of these extensions anywhere within the message's attachment name(s), by using the InStr function, it returns TRUE to the CheckAttachments function.

Sending the Alert E-mail

When TRUE is returned to the CheckAttachments function, the SendAlertMail function is activated, which subsequently creates and sends the alert message to the user and deletes (into the GroupWise Trash folder) the Mailbox message which has the potential to carry a virus.

Taking it Further

While this is a relatively simple applet, you could extend or modify it in a number of ways, some of which are outlined below.

Instead of deleting the suspect message, you could create a new GroupWise folder and move the message from the Mailbox to the new folder.

You may also be able to integrate with virus scanner software which does not already integrate natively with GroupWise. When the applet finds a suspect message, instead of just deleting or moving the message, you could save the attachments into a special folder on your workstation and, at the end of the applet scanning process, automatically initiate the virus software to scan all contents of the folder.

In addition to the e-mail, you could also add different alerts, such as playing a sound or Wave file when a suspect attachment is found.


The Virus Alert applet can be downloaded from here.


The applet should be copied to the Formativ local applets folder, the default being c:\program files\advansys\formativ\local\ (select Yes to replace the existing applet of the same name... see the note below) and then restart the GroupWise client.


For personal use, the installation procedure described above is sufficient. To share the same applet easily, you may also install Formativ Admin or Formativ Client so that the Local applets folder points to a shared network folder. This is useful for users, perhaps within a particular department, who wish to run the same applets. For fast, flexible and secure distribution at a corporate level, it is recommended that network and GroupWise administrators implement Formativ's eDirectory capabilities.

Note on disabling/enabling applet integrations

The Virus Alert applet is shipped with Formativ Admin, although its integrations are disabled. When an applet's integrations are disabled, it will not appear on the Formativ Run, Favorites, or any other GroupWise menu, nor on any toolbar. The applet cannot be triggered by any integrated GroupWise client event, such as On Message Arrival, On Open or On Send. However, the applet can be executed manually within FormativCentral (F5 or Run button).

The download version of the Virus Alert applet (from the download link above) has its integrations already enabled. The applet can be installed as described above without any further actions required (apart from restarting the GroupWise client).

To enable an applet which installs with Formativ, start FormativCentral, highlight the applet name on the left hand side of the screen under My Applets, then deselect the option Disable these integrations in GroupWise.

Additional Information

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Micro Focus