Configuring Intelligent IM Filtering
Topic Last Modified: 2009-05-22
The Intelligent IM Filter tool helps protect your Office Communications Server 2007 R2 deployment against the spread of the most common forms of viruses with minimal degradation to the user experience. Use Intelligent IM Filter to configure filters to block unsolicited or potentially harmful instant messages from unknown endpoints outside the corporate firewall. You configure filters by specifying the criteria to be used to determine what should be blocked, such as instant messages containing hyperlinks and files with specific extensions.
Intelligent IM Filter provides the following:
- Enhanced URL filtering.
- Enhanced file transfer filtering.
Configuring Intelligent IM Filter includes the following:
- Configuring URL filtering.
- Configuring file transfer filtering.
How Filtering Options Are Applied to Instant Messages
Before you deploy the Intelligent IM Message Filter tool, you need to understand how filtering options are applied as messages are routed from one Office Communications Server 2007 R2 server to another. The way these filtering options are applied is consistent, regardless of whether the servers are located in a single organization or across organizational boundaries. This consistency applies to the way that the customized notice and warning texts are inserted into messages and sent across servers.
You can configure a modification notice or warning on the URL Filter tab. A modification notice is included with an instant message when Intelligent IM Filter modifies a hyperlink by inserting an underscore before the link and converting it to plain text. This action occurs if you choose the following option: Allow instant messages that contain hyperlinks, but convert the links to plain text. Enter the notice you want to insert at the beginning of each instant message containing hyperlinks.
A warning is inserted in an instant message that contains a hyperlink when you choose the following option: Allow instant messages that contain active hyperlinks. Enter the warning you want to insert at the beginning of each instant message containing hyperlinks.
When an instant message travels from one server to another, the following general guidelines apply:
- If a server blocks an instant message (because you selected the Block instant messages check box on the URL Filter tab), an error is returned to the client. Subsequent servers do not receive this instant message.
- If a server (S1) modifies a URL by converting it to plain text and adds a modification notice, any subsequent servers that receive the message do not edit the notice sent by S1. If a subsequent server with the same settings receives this message, the modification notice from S1 is retained, and no additional notices are added. A subsequent server (S2) with different URL filtering settings that receives this message may still take an action based on another active hyperlink present in the instant message and block, modify, or add a warning to the instant message. The modification notice or warning from S2 is placed immediately before the modification notice from S1.
- If a server (S1) adds a warning to an instant message that contains an active hyperlink, a subsequent server (S2) that receives this instant message can still take a different action based on this active hyperlink present in the instant message and block the instant message or modify the URL by converting it to plain text. If S2 is configured only to add a warning for this URL, the earlier warning added by S1 would be removed, and the warning configured on S2 would be added to the beginning of the instant message.
- As a special case, if the sending server (S1) filters intranet URLs (because you cleared the Allow local intranet URLs check box) and allows active links with only a warning, S1 inserts a warning in any message with an intranet URL. However, if a subsequent server (S2) that receives this message permits intranet URLs, S2 removes the warning text from the message.
In the examples below, examples 1 and 2 illustrate how modification notices are affected as a message travels between two servers. Example 3 illustrates how modification notices and warnings are affected as a message travels between two servers.
Example 1: Message Travels Between Two Servers with Identical Filtering Options
In this example, two servers (S1 and S2), are configured with the same URL filtering options, and both servers filter HTTP URLs. When a message is sent to the first server (S1) with a URL of http://example.com, server S1 inserts an underscore at the beginning of the URL to convert the hyperlink to plain text. Server S1 also inserts a notice at the beginning of the instant message to notify the user that the hyperlink has been modified.
When the message travels from server S1 to server S2, the original notification inserted by server S1 is retained.
Example 2: Message Travels Between Two Servers with Different Filtering Options for URL Modifications
In this example, two servers (S1 and S2), are configured with different URL filtering options. S1 filters all HTTP URLs but does not filter FTP URLs. S2 blocks both HTTP and FTP URLs. When a message containing an HTTP URL and an FTP URL is sent to server S1, the server inserts an underscore at the beginning of the HTTP URL to convert the hyperlink to plain text. Server S1 also inserts a notice at the beginning of the instant message to notify the user that the hyperlink has been modified, but server S1 makes no modifications to the FTP URL before sending the message to server S2. When server S2 receives the message, it inserts an underscore at the beginning of the FTP URL to convert the hyperlink to plain text. Server S2 also adds its own customized modification notice ahead of the notice that was added by server S1.
Example 3: Message Travels Between Two Servers with Different Filtering Options: One Modifies URLs, and the Other Allows URLs with a Warning
In this example, server S1 allows HTTP URLs but adds a warning to the message that informs the user of the potential risk of clicking a URL from an unknown person. Server S2 is configured to convert all HTTP URLs to plain text and to add a notice that informs the user that the message has been modified. When an instant message with an active HTTP URL travels from a client to server S1, server S1 sends the active hyperlink but adds a warning to the beginning of the instant message. When this message travels to server S2, server S2 converts this active hyperlink to plain text, removes the warning, and adds its own notice to inform the user that the active hyperlink has been modified.
The Intelligent IM Filter application is available in the Office Communications Server 2007 R2 snap-in.
If you are running Office Communications Server 2007 R2 in a mixed environment, Live Communications Server 2005 with SP1 is the minimum version required to use the Intelligent IM Filter application. The Intelligent IM Filter is not supported on Live Communications Server 2005 without SP1.