Configuring Intelligent IM Filtering

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

The Intelligent IM Filter application helps protect your Office Communications Server 2007 deployment against the spread of the most common forms of viruses with minimal degradation to the user experience. Use Intelligent IM Filter to configure filters to block unsolicited or potentially harmful instant messages from unknown endpoints outside the corporate firewall. You configure filters by specifying the criteria to be used to determine what should be blocked, such as instant messages containing hyperlinks and files with specific extensions.

The Intelligent IM Filter provides the following:

  • Enhanced URL filtering

  • Enhanced file transfer filtering

Configuring Intelligent IM filtering includes the following:

  • Configuring URL Filtering

  • Configuring File Transfer Filtering

Before you deploy the Intelligent IM Message Filter application, you should understand how filtering options are applied as messages are routed from one Office Communications Server 2007 server to another. The way these filtering options are applied is consistent, regardless of whether the servers are located in a single organization or across organizational boundaries. This consistency applies to the way that the customized notice and warning texts are inserted into messages and sent across servers.

You can configure the modification notice or the warning on the URL Filter tab. A modification notice is sent when the Intelligent IM Filter modifies a hyperlink by inserting an underscore before the link and converting it to plain text. This action occurs if you select Allow instant messages that contain hyperlinks, but convert the links to plain text. Enter the notice that you want to insert at the beginning of each instant message containing hyperlinks.

A warning is inserted in an instant message that contains a hyperlink when you select Allow instant messages that contain active hyperlinks. Enter the warning you want to insert at the beginning of each instant message containing hyperlinks.

When an instant message travels from one server to another, the following general guidelines apply:

  • If a server blocks an IM (the Block instant messages check box on the URL Filter tab is selected), an error is returned to the client. Subsequent servers do not receive this IM.

  • If a server (S1) modifies a URL by converting it to plain text and adds a modification notice, any subsequent servers that receive the message do not edit the notice sent by S1. If a subsequent server with the same settings receives this message, the modification notice from S1 is retained, and no additional notices are added. A subsequent server with different URL filtering settings that receives this message, S2 for example, may still take an action based on another active hyperlink present in the instant message and block, modify, or add a warning to the IM. The modification notice or warning from S2 is placed just before the modification notice from S1.

  • If a server (S1) adds a warning to an IM that contains an active hyperlink, a subsequent server (S2) that receives this IM can still take a different action based on this active hyperlink present in the IM and block the IM or modify the URL by converting it to plain text. If S2 is configured only to add a warning for this URL, the earlier warning added by S1 would be removed, and the warning configured on S2 would be added to the beginning of the IM.

  • As a special case, if the sending server (S1) filters intranet URLs (the Allow local intranet URLs check box is cleared) but allows active links with only a warning, then S1 will insert a warning in any message with an intranet URL; however, if a subsequent server (S2) that receives this message permits intranet URLs, then S2 will remove the warning text from the message.

In the examples below, examples 1 and 2 illustrate how modification notices are affected as a message travels across two servers. Example 3 illustrates how modification notices and warnings are affected as a message travels across two servers.

Example 1: Message Travels across Two Servers with Identical Filtering Options

In this example, two servers, S1 and S2, are configured with the same URL filtering options, and both servers filter HTTP URLs. When a message is sent to the first server, S1, with a URL of http://example.com, Server S1 inserts an underscore at the beginning of the URL to convert the hyperlink to plain text. Server S1 also inserts a notice at the beginning of the instant message to notify the user that the hyperlink has been modified.

When the message travels from Server S1 to Server S2, the original notification inserted by Server S1 is retained.

Example 2: Message Travels across Two Servers with Different Filtering Options for URL Modifications

In this example, two servers, S1 and S2, are configured with different URL filtering options. S1 filters all HTTP URLs but does not filter FTP URLs. S2 blocks both HTTP and FTP URLs. When a message containing an HTTP URL and an FTP URL is sent to Server S1, the server inserts an underscore at the beginning of the HTTP URL to convert the hyperlink to plain text. Server S1 also inserts a notice at the beginning of the instant message to notify the user that the hyperlink has been modified, but Server S1 makes no modifications to the FTP URL before sending the message to Server S2. When Server S2 receives the message, it inserts an underscore at the beginning of the FTP URL to convert the hyperlink to plain text. Server S2 also adds its own customized modification notice ahead of the notice that was added by Server S1.

Example 3: Message Travels Across Two Servers with Different Filtering Options: One Modifies URLs, and the Other Allows URLs with a Warning

In this example, Server S1 allows HTTP URLs but adds a warning to the message that informs the user of the potential risk of clicking a URL from an unknown person. Server S2 is configured to convert all HTTP URLs to plain text and to add a notice that informs the user that the message has been modified. When an instant message with an active HTTP URL travels from a client to Server S1, Server S1 sends the active hyperlink but adds a warning to the beginning of the instant message. When this message travels to Server S2, the server converts this active hyperlink to plain text, removes the warning, and adds its own notice to inform the user that the active hyperlink has been modified.

The Intelligent IM Filter application is available in the Office Communications Server 2007 administrative snap-in.

Note

If you are running Office Communications Server 2007 in a mixed environment, Live Communications Server 2005 with SP1 is the minimum version required to use the Intelligent IM Filter application. The Intelligent IM Filter is not supported on Live Communications Server 2005 without SP1.

Configuring URL Filtering

As described in the overview, the URL Filtering tab controls the way in which hyperlinks are handled during an IM conversation. Use the following information and the procedures in this section to configure URL filtering.

Note

The Intelligent IM Filter increases the amount of CPU resources required to process URLs in a message. This increase in CPU demand also affects the performance of Office Communications Server 2007 itself.

  • If you did not use the Enable URL filtering option, the Intelligent IM Filter does not perform any URL filtering: All hyperlinks contained in IM messages are passed through the server.

  • If you used the Enable URL filtering option, the Intelligent IM Filter performs filtering according to the options that you select:

    • Block all hyperlinks, both intranet and Internet, that contain any of the file extensions defined on the File Transfer Filter tab. If you chose this option (the default), the Intelligent IM Filter blocks any active intranet or Internet hyperlink that contains a file with an extension listed on the File Transfer Filter tab. When the instant message is blocked, an error message is returned to the sender. When selected, this option takes precedence over all other filtering options. For example, if you select both this check box and the Allow instant messages that contain hyperlinks check box, the server would continue to block any hyperlinks that contained the file extensions defined on the File Transfer Filter tab.

    • Allow local intranet URLs. If you use this option, only Internet URLs are blocked. URLs for locations within your intranet are passed through the server; however, individual Office Communications Server 2007 servers may define an intranet URL differently, depending on the browser settings on the server itself.

Important

Filtering of file extensions is limited to standard file names. Filtering may not work with file extensions embedded in other names.

  • Blocking action. The client experience for blocked hyperlinks is determined by which of the three following options you choose:

    • Block instant messages that contain hyperlinks. If you choose this option, delivery of instant messages containing active hyperlinks is blocked by Office Communications Server 2007, and an error message is sent back to the sender.

    • Allow instant messages that contain hyperlinks, but convert the links to plain text. If you choose this option, URLs in messages are sent through the server, but these links are prefixed by an underscore so that the links are no longer active and a user cannot click them. You need to specify the notice you want to insert at the beginning of each instant message containing hyperlinks. This notice can consist of no more than 300 characters.

    • Allow instant messages that contain active hyperlinks. Enter the warning that you want to insert at the beginning of each instant message containing hyperlinks. If this check box is selected, Office Communications Server 2007 permits active hyperlinks in instant messages; but sends a warning. You need to specify the warning to be inserted into messages containing active hyperlinks. For example, this warning might state the potential dangers of clicking an unknown link, or it might refer to your organizations relevant policies and requirements. The warning can be no more than 300 characters.

  • Enter the prefixes, separated by a space, that you want the URL filter to block. A default list of URL types appears in this box. You can configure this list by adding or removing entries. All entries except for href must end with a period or a colon or with an asterisk followed by a period. Valid entries in this box can contain any characters in the set of valid URL characters except the asterisk (*). The set of valid URL characters is: #*+/0123456789=@ABCDEFGHIJKLMNOPQRSTUVWXYZ^_` abcdefghijklmnopqrstuvwxyz|~

The following examples are valid entries:

  • www*.

  • ftp.

  • http:

If you are using the Windows Internet Explorer® browser, use the following procedure to configure your intranet settings.

To configure your intranet settings in Internet Explorer

  1. Use the run as option and log on with the RTCService account. (You must use this account because the Intelligent IM Filter runs under this account.)

  2. Open Internet Explorer.

  3. On the Tools menu, click Internet Options.

  4. On the Security tab, click Local intranet, and then click Sites.

  5. In the Local intranet dialog box, select or clear the check boxes, as appropriate.

To configure URL filtering

  1. Open Office Communications Server 2007.

  2. In the console tree, do one of the following:

    • To configure URL filtering for an Enterprise pool, expand Enterprise pools, right-click the pool name, point to Application Properties, and then click Intelligent IM Filter.

    • To configure URL filtering for a Standard Edition Server, expand Standard Edition servers, right-click the name of the pool, point to Application Properties, and then click Intelligent IM Filter.

    3cd2184a-af20-4b7f-ab8b-8eeec53ad591

  3. On the URL Filter tab, configure the appropriate settings.

Configuring File Transfer Filtering

Filter transfer filtering affects both instant messages and conferencing meetings. For meetings, these settings affect both the handout feature in the Office Live Meeting 2007 client and multimedia playback features.

Note

The Intelligent IM Filter increases the amount of CPU resources required to process URLs in a message. This increase in CPU demand also affects the performance of Office Communications Server 2007 itself.

Use the File Transfer Filter tab and the procedure in this section to configure filtering options for file transfers.

Note

Communicator also offers file transfer setting options. This server side option is offered in addition to these client-side controls.

Use the Enable file transfer filtering option to filter file transfers during instant message conversations and use the handout feature in the Office Live Meeting 2007 client and multimedia playback features for all file types. If you chose to use the Enable file transfer filtering option, you also need to choose one of the following options:

  • Block all file extensions. All instant messages that contain file transfer requests are dropped by the server, and an error message is returned to the sender of the request. The handout feature in the Office Live Meeting 2007 client is disabled.

  • Block only those extensions in the list below. You specify which file transfer requests are filtered by the server. You can customize the file extension entries. Entries in the list can contain all standard characters, but not the wildcard character (*). In the Office Live Meeting 2007 client, the handout feature is enabled but any file with this extension cannot be uploaded or downloaded. URL filtering uses this list to block active hyperlinks that contain any of these file extensions if you use the Block all intranet and Internet hyperlinks that contain any of the file extensions defined on the File Transfer Filter tab option. By default, URL Filtering is configured to block these file extensions in active hyperlinks.

Important

Filtering of file extensions is limited to standard file names. Filtering may not work with file extensions embedded in other names.

To configure a file transfer filter

  1. Open Office Communications Server 2007.

  2. In the console tree, do one of the following:

    • To configure client version filtering for an Enterprise pool, expand Enterprise pools, right-click the pool name, point to Application Properties, and then click Intelligent IM Filter.

    • To configure client version filtering for a Standard Edition Server, expand Standard Edition servers, right-click the name of the pool, point to Application Properties, and then click Intelligent IM Filter.

    144ea9fb-54b0-40e3-a3ae-d232391e22fb

  3. On the File Transfer Filter tab, configure the appropriate settings.