TWiki> Main Web>Computing>Mail>Viruses (2019-09-25, WilliamSeligman) EditAttach

Nevis Anti-Virus Policy

This web page describes our security precautions against viruses infecting the Nevis systems. See our SpamAssassin page for anti-spam measures.

Computer viruses are an unfortunate reality of the Internet. At Nevis, we take a two-pronged approach to prevent our systems from being infected with viruses:

  1. Virus scans are performed on our mail server.
  2. Anti-virus programs installed on the individual systems.

The following sections describe each approach in detail.

Mail server scans

The Nevis mail server uses MIMEDefang as the tool to scan e-mail messages. The actual search for virus signatures is currently performed by ClamAV.

The effects of this software are the following:

  • All mail attachments with the following extensions will be removed from mail messages automatically: 

ade adp app asd asf asx bas bat chm cmd com cpl crt dll exe fxp hlp
hta hto inf ini ins isp jse lib lnk mde msc msi msp mst ocx pcd pif
prg reg scr sct shb shs sys url vb vbe vbs vxd wmd wms wmz wri wsc
wsf wsh

  • All other attachments are scanned for viruses; compressed files (*.zip, *.bz2, etc.) are de-compressed before scanning. If the attached file contains a virus signature, that file will be removed.

  • A note describing any changes made is appended to the mail message.

  • The attachments that are removed are stored separately for a time (15 days, as of 04-Feb-2004), in case an attachment is removed in error.

  • HTML content in messages is edited (if the message only contains HTML) or suppressed (if the message contains both a text and HTML version of the same message) to avoid problems with Javascript and other hacking tricks embedded in messages.

  • Image tags included in HTML mail are removed to prevent the use of web bugs. This means that if the e-mail was meant to include pictures within the message, the pictures won't appear. Note that embedded images, which are fetched from a web server via HTML tags, are different from attached images, which are actually part of the mail message. The former cannot be scanned for viruses or hacker tricks; the latter are.

  • If an e-mail message has a "From:" address with one of the following domains, it is tested for a "forged sender". If the sender does not exist, the message is not accepted by the Nevis mail server. 

gmail.com
hotmail.com
yahoo.com
yahoo.co.kr
msn.com
excite.com
juno.com
telus.net
iname.com
gmx.net
email.com
charter.net
bigfoot.com
earthlink.net
mailcity.com
mail.com
bellsouth.net
aol.com
yume.otegami.com
usa.net

For example, if a message is received from someone@bigfoot.com, MIMEDefang connects with bigfoot.com's SMTP server and verifies that a user named "someone@bigfoot.com" exists.

The list above is based on a sample of frequently-forged e-mail addresses. We don't perform this check on every single message received at Nevis, because it would slow down our mail server too much.

Protecting individual systems

All Windows desktop systems at Nevis are protected by Symantec AntiVirus, published by Symantec. If you are a Columbia student or employee, you are entitled to download a copy of this program under a University-wide site license. You will need to get an Columbia UNI account and password if you don't already have one.

By default, Symantec AntiVirus updates its database of known viruses once a week. Given the frequency of new viruses, it's best to perform this update at least once per day. Here's how to increase the update frequency, using the Windows version:

  • Start up the Symantec AntiVirus software
  • Click on File --> Schedule Updates
  • Click on Schedule
  • Click on Daily
  • Select a time of the day that your system is typically turned on and connected to the network
  • Click on OK -- twice
  • Finally - for good measure - execute the live-update function once again

It is also wise to make sure that a Windows machine has all the latest software patches from Microsoft. Update instructions are available from Columbia's Administrative Information Services.

Columbia also distributes copies of Symantec AntiVirus for Mac OS 8, 9, and X. The Nevis Linux cluster systems are protected by careful system configuration and regular security scans. However, for various technical and social reasons, Mac and Linux systems are less prone to viruses than Windows systems are.

In addition to the above precautions, Nevis systems are protected by a firewall.

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2019-09-25 - WilliamSeligman
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback