Viruses

The virus issue is not one that you can deal with once and then forget. Miscreants are constantly writing new viruses, though fortunately not all of them find their way on campus or into the college network. Don’t wait for the most recent virus alert to practice safe clicking and avoid being a carrier. The campus virus-checking software, Symantec Endpoint Protection, is installed on ECS-administered Windows computers to get new virus definition files regularly; these files contain information for the current set of known viruses. It is updated regularly because new viruses are written and distributed regularly. Having virus-scanning software helps only if you use it and keep the virus-definition file(s) current. You should be mindful of the possibility of receiving and distributing viruses every time you receive a file via email, ftp, or on a flash drive.

What We've Done

Viruses Coming In

ECS has configured ClamAV software on its incoming mail server to automatically reject mail that contains known viruses.

ECS has installed Symantec on Windows computers. (Linux-related viruses are so rare that we don’t even mention them.) The antivirus definition files on college-administered machines are updated automatically.

Symantec scans directories on demand. See "What You Should Do" below for details on setting up a drive scan.

Viruses Going Out

ECS scans out-going mail sent from an engineering mail account for viruses. If you attempt to send a message that includes a virus, the mail server will refuse to accept the mail and your mail client (Thunderbird, Webmail) will be unable to send the message. Thunderbird displays the refusal message from the server, so you will know the reason for the rejection.

What You Should Do

Because files that you store on your home directory, the H:\ drive, or on the local hard drive, C:\ and D:\, could be infected, you should scan files and drives regularly. Symantec is set to scan the local drives (C: and D:) weekly on administered Windows computers. Network drives can be scanned on demand, as described below.

You can set up scans of specific directories on demand. To create a scan of your D: drive, start SEP from the Start button (Start | Symantec Endpoint Protection | Symantec Endpoint Protection) or double click on the SEP icon symantec icon in the system tray (lower right of screen) to launch the program. Click Scan for Threats, then Create a New Scan. In the What To Scan window, select Custom Scan and click Next. In the Scan Options window choose All types or Selected extensions and select from the list in the window. Click Next. in the When To Scan window, choose On demand so that you can scan files when you want. In the Scan Name window, name the scan and describe it. Click Finish.

symantec drive scan

To run the scan, right click on the scan name, d-drivescan in the example above, and select Scan Now from the menu.

Email

Email attachments are the most common device for introducing and spreading viruses. ECS has implemented email anti-virus services for users of the engineering mail system.

Possible Virus

Many viruses are spread via attachments with extensions like .exe, .vbs, .bat, .com, .zip, .sys, .bin. If you double click on an infected attachment, the infecting program launches automatically and does its dirty work. The mail server renames any email attachment that has an extension that is potentially problematic to: docname.ext.virus-scan-me.virus-scan-me. If you do not display file extensions, you will see only the duplicate extension “.virus-scan-me”. Because of the extension, you cannot double click to automatically open such attachments. You must download the attachment, scan it, rename it if it is not infected, and then open it.

Definite Virus

Messages identified as being infected are put into a mailbox called “Virus_Quarantine” rather than being delivered to the Inbox. The attachment is suffixed with “I-AM-A-VIRUS.I-AM-A-VIRUS.” If you don’t display file extensions, you’ll see only the duplicate extension “I-AM-A-VIRUS”. The capital letters shout a warning. Messages stay in the Virus_Quarantine folder for 7 days, and are then deleted.

Treatment

To download an email attachment, right click on the attachment name. From Thunderbird, right click on the attachment and select Save As…. From Webmail click the disk icon disk icon beside the attachment name and size in the header; from the Downloading... dialogue box, select Save this file to disk. Once the attachment has been saved to a file, launch the virus scanner by highlighting the document or the folder it is in, right clicking, and selecting Scan for Viruses from the resulting menu.

After the scan completes and no viruses have been found, right click on the file and select Rename to change its name. You need delete only the part of the name that says ".virus-scan-me.virus-scan-me" or “I-AM-A-VIRUS.I-AM-A-VIRUS” to restore the document’s original attributes. When the original extension is restored, you can double click on the document name or icon to open it.

Please note that this service works only on email delivered to users of the engineering mail system. If you read your email from some other server (such as Hawkmail, Hotmail), you do not have this protection.

At Home

Download the Symantec AntiVirus product for use at home. Install AntiVirus and set up LiveUpdate, the program that regularly downloads the most recent virus definition file. Once this software is installed, use it. Always download and then scan email attachments before opening them. It is a good idea to scan your hard drive regularly as well to catch infected files you may have introduced from a flash drive or other source.

Help

For help downloading, scanning, or renaming email attachments, please contact the consultant at the Engineering Help Desk, 319-335-5055, 1253 SC.