CIS to Implement Virus Scanning on CIS Unix Mail Servers

by Martin England

Computing and Information Services (CIS) has provided its clients with virus scanning on the UNH Microsoft Exchange Server since its inception, supplying a simple measure of prevention, security and stability to all server clients. CIS has also implemented virus scanning on CIS mailing list servers in previous months. These same security measures will now be extended: In February, CIS will broaden virus scanning to the CIS Unix mail servers. The implementation will affect all CIS Unix clients, and will improve UNH Network and desktop computer health and security without compromising user privacy. Virus scanning removes infected and potentially dangerous e-mail attachments. The process is completely automated and transparent; no human intervention is necessary.

Virus scanning does not interfere or alter e-mail content in any way. Infected and disallowed e-mail attachments are removed, and messages are delivered with an inserted warning sent to sender and recipient alike, stating that an infected or disallowed attachment type was removed. E-mails absent of infected or disallowed attachments are delivered without interruption.

Potentially dangerous and disallowed attachments include any files with .exe, .pif or .scr extensions, all of which can contain harmful viruses, variants and worms. Users will still be able to send certain attachments, such as Microsoft Office documents and other files.

Virus scanning does not apply to outside e-mail accounts, such as Yahoo!, MSN, AOL or Hotmail. Viruses pose many dangerous threats. They can e-mail random hard drive files, destroying user-privacy; corrupt and destroy personal data; cause loss and corruption of network shared files; establish residency on personal machines, which are used to launch further attacks. Liability is also a concern: infecting other users’ machines can result in legal ramifications. Enabling virus scanning greatly reduces personal and professional liability to all CIS Unix users.

Viruses also create significant network traffic, which slows UNH network performance. CIS Unix scanning will remove many virus-infected and potentially dangerous files, cutting down on network traffic volume, and improving overall network performance.

In September 2002, nearly 4 million emails were sent using the CIS Unix servers, and over 4 million were received. This volume presents a serious potential threat to UNH Network security. The virus scanning implementation is a proactive approach to improving security.
The CIS Software Lab reports virus diagnosing and removal represents nearly 40% of all work completed. This number does not include systems cleaned on-site by CIS and ResNet consultants. Faculty, staff and students often lose infected machines for up to a week while viruses are removed. Virus scanning implementation promises to greatly reduce the number of virus infected machines throughout the university.

CIS Unix virus scanning does not replace desktop virus protection, but instead adds an additional protective layer to desktops already armed with virus protection, similar to equipping a home with additional door locks, alarm systems or a safe to guard valuables. CIS recommends adhering to the following best practices in order to safeguard machines from virus attacks:

1. Install and update virus protection on all Windows desktop and laptop machines. Visit www.virus.unh.edu to download and install the latest version of McAfee VirusScan. VirusScan is free for UNH faculty, staff and students.

2. Update Microsoft Security Patches on a regular basis. To check for the latest updates (Windows 98 or higher only), type windowsupdate.microsoft.com into the Address (IE) or Location (Netscape) browser bar and follow instructions.

3. MS IE 6.0 clients only: Download and install the latest Virus Scan Service Pack 1, available at www.virus.unh.edu. Check with local IT support groups if uncertainty exists on how to download and install this file.

4. Do not open any e-mail attachments from unknown sources. The majority of viruses spread through the use of attachments, and play upon people’s vulnerability of familiarity. If you are not certain whether an attached file is free of malicious content, do not open it, and contact the sender by phone to ask whether the sender is certain it is a clean file.

5. Clients using HTML formatted e-mail should turn off the Preview Pane, located under the MS Outlook View menu.

6. Backup important files to external sources, such as zip drives, CD-RW, CD-R, floppy diskettes, and other computers.

7. Use only CIS supported e-mail systems when on campus. For more information on viruses, virus software and protection, please visit www.virus.unh.edu

-Published in February 2003