The URLScan is intended as a security tool to protect the IIS core of Exchange. It allows only certain commands to access IIS components.
In blocking IIS attacks it is more efficient than Firewalls because it is more specific. However, unfortunately, it can also cause problems. Microsoft now releases an updated and comperhensive article which explains the Exchange 2003 URLScan templates. The KB article can also serve third party developers and security specialists in designing other security mechanisms to protect Exchange servers.
Read all about it here:
http://support.microsoft.com/kb/823175/en-us
URLScan V2.5 can be downloaded here: