Nevis Anti-Virus Policy
This web page describes our security precautions against viruses infecting the Nevis systems. See our
SpamAssassin page for anti-spam measures.
Computer viruses
are an unfortunate reality of the Internet. At Nevis, we take a
two-pronged approach to prevent our systems from being infected
with viruses:
- Virus scans are performed on our mail server.
- Anti-virus programs installed on the individual systems.
The following sections describe each approach in detail.
Mail server scans
The Nevis mail server uses
MIMEDefang
as the tool to scan e-mail messages. The actual search for virus
signatures is currently performed by
ClamAV
.
The effects of this software are the following:
- All mail attachments with the following extensions will be removed from mail messages automatically:
ade adp app asd asf asx bas bat chm cmd com cpl crt dll exe fxp hlp
hta hto inf ini ins isp jse lib lnk mde msc msi msp mst ocx pcd pif
prg reg scr sct shb shs sys url vb vbe vbs vxd wmd wms wmz wri wsc
wsf wsh
- All other attachments are scanned for viruses; compressed files (*.zip, *.bz2, etc.) are de-compressed before scanning. If the attached file contains a virus signature, that file will be removed.
- A note describing any changes made is appended to the mail message.
- The attachments that are removed are stored separately for a time (15 days, as of 04-Feb-2004), in case an attachment is removed in error.
- HTML content in messages is edited (if the message only contains HTML) or suppressed (if the message contains both a text and HTML version of the same message) to avoid problems with Javascript and other hacking tricks embedded in messages.
- Image tags included in HTML mail are removed to prevent the use of web bugs
. This means that if the e-mail was meant to include pictures within the message, the pictures won't appear. Note that embedded images, which are fetched from a web server via HTML tags, are different from attached images, which are actually part of the mail message. The former cannot be scanned for viruses or hacker tricks; the latter are.
- If an e-mail message has a "From:" address with one of the following domains, it is tested for a "forged sender". If the sender does not exist, the message is not accepted by the Nevis mail server.
gmail.com
hotmail.com
yahoo.com
yahoo.co.kr
msn.com
excite.com
juno.com
telus.net
iname.com
gmx.net
email.com
charter.net
bigfoot.com
earthlink.net
mailcity.com
mail.com
bellsouth.net
aol.com
yume.otegami.com
usa.net
For example, if a message is received from
someone@bigfoot.com
, MIMEDefang connects with bigfoot.com's SMTP server and verifies that a user named "someone@bigfoot.com" exists.
The list above is based on a
sample
of frequently-forged e-mail addresses. We don't perform this check on every single message received at Nevis, because it would slow down our mail server too much.
Protecting individual systems
All Windows desktop systems at Nevis are protected by
Symantec AntiVirus
, published by
Symantec. If you are a Columbia student or employee, you are entitled
to download a copy of this
program
under a
University-wide site license. You will need to get an
Columbia UNI account
and password if you don't already have one.
By default, Symantec AntiVirus updates its database of known viruses
once a week. Given the frequency of new viruses, it's best to perform
this update at least once per day. Here's how to increase the update
frequency, using the Windows version:
- Start up the Symantec AntiVirus software
- Click on File --> Schedule Updates
- Click on Schedule
- Click on Daily
- Select a time of the day that your system is typically turned on and connected to the network
- Click on OK -- twice
- Finally - for good measure - execute the live-update function once again
It is also wise to make sure that a Windows machine has all the latest
software patches from Microsoft.
Update instructions
are available from Columbia's
Administrative Information Services
.
Columbia also distributes copies of
Symantec AntiVirus
for Mac OS
8, 9, and X. The Nevis
Linux cluster systems are protected by careful system configuration
and regular security scans. However, for various
technical and social reasons, Mac and Linux systems are less prone to
viruses than Windows systems are.
In addition to the above precautions, Nevis systems are protected by a
firewall.