OL97: Why Outlook Displays a Security Warning Opening an Item

This article describes why Microsoft Outlook 97 provides the following security warning when you open an item.

Outlook always prompts you before opening an item that contains VBScript, if the item is from an unknown source. Outlook bases the decision to display or not display a warning on the item's form design.

• If the form that the item is based on is registered in one of Exchange's forms registries (organizational forms, folder, or personal forms), Outlook considers the form safe, and no warning appears. The author of the form had the appropriate privileges to publish the form, so the form is considered trusted.
  
  Note: If you use a custom Appointment form, it is impossible to suppress the warning. Recipients of a Meeting Request are prompted twice when they open a Meeting Request in their Inbox. In general, Appointment forms are relatively complex because Outlook "oversees" the entire meeting request process. An Appointment form spawns a Meeting Request form, sets the message class of the form to IPM.Schedule.Meeting.Request, and attaches the VBScript code to this "internal" form. Since this internal form is not really published, it is not considered secure and will generate the warning. Outlook's IPM.Schedule forms cannot be customized or published and therefore there is no way to avoid the warning from being displayed.
• If the form definition is carried with the item (the author modified the form and sent it, without publishing it in one of the form registries), Outlook considers the form unsafe, and the user receives a warning when opening the item.

This methodology ensures that unsafe VBScript cannot run on a your computer, without your knowledge and explicit approval.

• If a form is correctly published and some changes have been made before the form is sent. This usually happens when the form is called programmatically in another custom form. And some custom properties are added before the called form is sent.

For more information on Outlook and VBScript security, please see the following article in the Microsoft Knowledge Base: For more information about creating solutions with Microsoft Outlook 97, please see the following articles in the Microsoft Knowledge Base: