Nevis Anti-Virus Policy

This web page describes our security precautions against viruses infecting the Nevis systems. See our SpamAssassin page for anti-spam measures.

Computer viruses are an unfortunate reality of the Internet. At Nevis, we have an anti-virus scanner on our mail server.

Mail server scans

The Nevis mail server uses MIMEDefang as the tool to scan e-mail messages. The actual search for virus signatures is currently performed by ClamAV.

The effects of this software are the following:

• All mail attachments with the following extensions will be removed from mail messages automatically:

ade adp app asd asf asx bas bat chm cmd com cpl crt dll exe fxp hlp
hta hto inf ini ins isp jse lib lnk mde msc msi msp mst ocx pcd pif
prg reg scr sct shb shs sys url vb vbe vbs vxd wmd wms wmz wri wsc
wsf wsh 

• All other attachments are scanned for viruses; compressed files (*.zip, *.bz2, etc.) are de-compressed before scanning. If the attached file contains a virus signature, that file will be removed.

• A note describing any changes made is appended to the mail message.

• The attachments that are removed are stored separately for a time (15 days, as of 04-Feb-2004), in case an attachment is removed in error.

• HTML content in messages is edited (if the message only contains HTML) or suppressed (if the message contains both a text and HTML version of the same message) to avoid problems with Javascript and other hacking tricks embedded in messages.

• Image tags included in HTML mail are removed to prevent the use of web bugs. This means that if the e-mail was meant to include pictures within the message, the pictures won't appear. Note that embedded images, which are fetched from a web server via HTML tags, are different from attached images, which are actually part of the mail message. The former cannot be scanned for viruses or hacker tricks; the latter are.

• If an e-mail message has a "From:" address with one of the following domains, it is tested for a "forged sender". If the sender does not exist, the message is not accepted by the Nevis mail server.

gmail.com
hotmail.com
yahoo.com
yahoo.co.kr
msn.com
excite.com
juno.com
telus.net
iname.com
gmx.net
email.com
charter.net
bigfoot.com
earthlink.net
mailcity.com
mail.com
bellsouth.net
aol.com
yume.otegami.com
usa.net

For example, if a message is received from someone@bigfoot.com, MIMEDefang connects with bigfoot.com's SMTP server and verifies that a user named "someone@bigfoot.com" exists.

The list above is based on a sample of frequently-forged e-mail addresses. We don't perform this check on every single message received at Nevis, because it would slow down our mail server too much.

In addition to the above precaution, Nevis systems are protected by a firewall.