Emails still stuck in Outbox Outlook 2007 SP2

[Duncan McC]

With all respect and thanks for your help so far ... but ... I disagree.
This is a major bug and if you search Google there are hundreds (if not
thousands) of postings from people talking about the exact same problem. In
most of these postings there is never any resolution. Having email stuck in
such a core email application that is supposed to reliably send email is a
critical bug.

However, as Diane has said, it is not an Outlook bug. It is because of
the antivirus application, and it's integration with (any) email client
(ie it happens on lots of email clients).

It is typical of folk that try and send *large* emails (generally
attachments) with integrated AV running.

If you turn off your AV integration, or remove and re-install the AV
product without AV email integration, it will likely work.

If you are sending a 20Mb file - well... you shouldn't be.

 

[scorpionleather]

It could be an interaction with an add-in/third party program that I have
not yet been able to identify, but I have disabled almost all the add-ins.
My AV is NOD32.

I say it's a Microsoft bug because Microsoft allows these third party
programs to parasite themselves on top of Outlook with -no warning-
whatsoever that Outlook is being modified.

If Microsoft makes it so easy for any program to hook itself onto the
outgoing mail process -with no warning-, then who knows.. how easily the
outgoing mail can be infected by spambots or whatever other malicious
program wants to take advantage of this.

It all comes down to a security thing. I have an unreliable mail program
because some as-of-yet-unidentified third party add-in is botching up the
software. Outlook did not protect its critical files/functions.

e.g. Microsoft does not allow modification to core Windows System32 files.
So then why allow these programs to change the basic mail send function.

 

[Diane Poremsky [MVP]]

It's most likely NOD32... extensibility is not a bug. The programs do not
install themselves and only properly written addins can access the object
model without alerts, so the chances of a spambot installing and secretly
sending messages from you is low.

--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[scorpionleather]

It's most likely NOD32... extensibility is not a bug. The programs do
not install themselves and only properly written addins can access the
object model without alerts, so the chances of a spambot installing and
secretly sending messages from you is low.

Then Microsoft should make the function extensible which is loading the
Windows boot processes. you see what I mean..

 

[Duncan McC]

Go into NOD32 and (in Advanced mode IIRC) turn off the email scanning
functionality). The NOD32 icon goes into "warning mode" (orange, IIRC)
- you'll just have to ignore that.

If you still have problems, try starting Outlook in safe-mode...
outlook.exe /safe

and see how that goes (it will disable all addins in one fell swoop).

 

[Diane Poremsky [MVP]]

Well, if you'd read the features before you installed it, you'd know it did
something so it can scan all mail using any client.

"Clean and Safe Email - Email scanning for Microsoft Outlook, Outlook
Express, Mozilla Thunderbird, Windows Live Mail, Windows Mail, and other
POP3/IMAP mail clients, ensuring your email is free of viruses and other
threats."

Outlook != Windows. They don't compare. Each have their own security
features - if you tell windows its ok to install software that is all that
matters. If its not properly written to hook into outlook, outlook won't let
it create new mail or access your address book.



--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[scorpionleather]

I disabled NOD32 email scanning. But that has no effect. There is an email
stuck in my Outbox right now.

 

[scorpionleather]

Let's say someone installs some freeware on their PC which looks innocent
enough. But it also places an add-in in Outlook that is "properly written
to hook into Outlook" and it modifies all outgoing emails to insert a spam
message.

What is to prevent that?

It's a security loophole because Windows never warns during installation
that an Office app is being modified.

I am surprised that I get these iTunes add-ins etc. inside Outlook. I don't
want that iTunes parasite inside my email client. The Apple installer never
asks me. Windows never pops up any warning that another application is
being "cross-infected."

The same way iTunes does this - malicious apps can also do the same.

 

[Diane Poremsky [MVP]]

If iTunes is a parasite, why do you use it?

Freeware (or shareware) that sends spam will be well know within a few days
to weeks after release - which you'd discover if you'd do due diligence
(google search for reviews is usually enough) before download.


--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[scorpionleather]

If iTunes is a parasite, why do you use it?

I am ok with iTunes as a standalone application, but why should iTunes, or
any app, be allowed to modify a Microsoft app -without any notice- that it
is doing such modification to the Microsoft app.

 

[Diane Poremsky [MVP]]

It's not modifying anything - it's a com addin and provides a conduit
between outlook and your itoy because apple wants you to sync calendar and
contacts to their device.

--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[scorpionleather]

It's not modifying anything - it's a com addin and provides a conduit
between outlook and your itoy because apple wants you to sync calendar and
contacts to their device.

Then I don't know why people keep blaming the add-ins for stuck messages in
the outbox. In fact I disabled almost all the add-ins (except for 3 from
Microsoft) and disabled AV email scanning, and I still get stuck messages in
the outbox. So I'm starting to come to the conclusion that all of this talk
about add-ins are misguided. In fact it appears that the stuck messages are
a result of some kind of fundamental Microsoft bug with the message send
with IMAP.

 

[Brian Tillman [MVP - Outlook]]

Let's say someone installs some freeware on their PC which looks innocent
enough. But it also places an add-in in Outlook that is "properly written
to hook into Outlook" and it modifies all outgoing emails to insert a spam
message.

What is to prevent that?

It's a security loophole because Windows never warns during installation
that an Office app is being modified.

The security loophole is in the head of the person who installs untrusted
software, not in Outlook.

 

[Brian Tillman [MVP - Outlook]]

I am ok with iTunes as a standalone application, but why should iTunes, or
any app, be allowed to modify a Microsoft app -without any notice- that it
is doing such modification to the Microsoft app.

It doesn't do it without notice. When I installed it, it was obvious there
was an Outlook add-in becuase the installation displayed what it was going to
install and I was easily able to disable the Outlook add-in prioror to
allowing the installation to complete.

 

[scorpionleather]

Doesn't sound correct Brian. Where is the Outlook add-in displayed during
the iTunes update? When I disable the iTunes add-in from the Outlook Trust
Center, it's gone for a while -until- I allow the Apple updater to update
the iTunes version. During this update process, it silently re-installs the
unwanted add-ins.

I'm not the only one that noticed this. See:

http://bbtechsolutions.com/blog/?p=13

Comment by Brian A:

"BTW, whenever the user upgrades iTunes to a new version, the iTunes Outlook
plugin re-installs itself (and therefore is enabled again). Groan.

Had to disable it again. Anybody heard if there's a way to keep that thing
disabled??"

 

[scorpionleather]

I disagree.. each application should have a "security boundary" during
installation so that if one application tries to modify or "extend" another
application (i.e. change its runtime behavior) then Vista or Win7 should pop
up a UAC to notify the user that this boundary is being crossed. This
security enhancement should not affect Windows performance because this
would just be a check that occurs during install time with the Windows
Installer, not during runtime.

 

[Brian Tillman [MVP - Outlook]]

Doesn't sound correct Brian.

I can only tell you what I saw. When I installed iTunes for the first time, I
had the chance to deselect the Outlook add-in.

Where is the Outlook add-in displayed during the iTunes update?

I've never done an update. No need.

 

[Diane Poremsky [MVP]]

UAC is highly annoying.... so what happens to those who have it disabled?


--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[Diane Poremsky [MVP]]

I have lots of vms... will test one with itunes.

I left outlook 2003 running - it warned me that I should close outlook
before installing or I will need to restart it but nothing about an addin or
the options to decline it. Its possible an older version lets you choose...
but 8.x does not. (It also installed quicktime - another strike against
apple.) Apple sucks.




--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

Let's Really Fix Outlook 2010
http://forums.slipstick.com/forumdisplay.php?f=34

 

[scorpionleather]

Here's my idea. I think in general the following would save a lot of
headache for Microsoft. Whenever the Windows Installer is installing
something, it would detect when the application is modifying/extending some
part of the OS or another application. At that point a -Microsoft- dialog
(which the app's own installer cannot override) would pop up saying "here's
a list of external things being modified... you can uncheck any of these:
Outlook, Explorer Shell, and so on.." So it wouldn't really be the UAC per
se, but it would be some other dialogue that detects cross-contamination and
gives the user the option to block the application from making mods to other
apps.