Using URLScan with Exchange 2003

I had a mail over the weekend from John who was having problems opening his mail using OWA.  He sent me the subject title of the mail, and I did a search about non standard characters.  There are some issues if you use the URLscan utility in Exchange 2003, and there is a really useful kb article explaining how to deal with these in OWA.

Basically, if there is a mail with any of the characters listed below in the subject line, then URLScan won’t allow the message to be opened.

 

[DenyUrlSequences]
..  ; Do not permit directory traversals.
./  ; Do not permit trailing dot on a directory name.
\   ; Do not permit backslashes in URL.
%   ; Do not permit escaping after normalization.
&   ; Do not permit multiple Common Gateway Interface processes to run on a single request.

 

You can download URLScan here…