Dealing with Viruses Dealing with Viruses 
The virus issue is not one that you can deal with once and then forget. Miscreants are constantly writing new viruses, though fortunately not all of them find their way on campus or into the college network. Don’t wait for the most recent virus alert to practice safe clicking and avoid being a carrier. The campus virus-checking software, Symantec Endpoint Protection, is installed on college-administered Windows computers to get new virus definition files regularly; these files contain information for the current set of known viruses. It is updated regularly because new viruses are written and distributed regularly. Having virus-scanning software helps only if you use it and keep the virus-definition file(s) current. You should be mindful of the possibility of receiving and distributing viruses every time you receive a file via email, ftp, or on a flash drive.
The University has a site license for Symantec’s Endpoint Protection software. CSS has installed Symantec on Windows XP computers. (Linux-related viruses are so rare that we don’t even mention them.) The antivirus definition files on college-administered machines are updated automatically.
Symantec scans directories on demand. Find the Symantec software from Start | All Programs | Symantec Endpoint Protection | Symantec Endpoint Protection
In August 2004, CSS began scanning out-going mail for viruses. If you attempt
to send a message that includes a virus, the mail server will refuse to accept
the mail and your mail client (Thunderbird, Webmail) will be unable
to send the message. Thunderbird displays the refusal message
from the server, so you will know the reason for the rejection. 
Because files that you store on your home directory, the H:\ drive, or on the local hard drive, C:\ and D:\, could be infected, you should scan files and drives regularly. Symantec is set to scan the local drives (C: and D:) at 10pm on Friday on administered Windows computers. Network drives can be scanned on demand. You can scan drives, folders, or files by right clicking the drive/folder /file and selecting Scan for Viruses.... Symantec scans and reports the results.
Email attachments are the most common device for introducing and spreading viruses. CSS has implemented email anti-virus services for users of the Engineering mail system.
Many viruses are spread via attachments with extensions like .exe, .vbs, .bat, .com, .zip, .sys, .bin. If you double click on an infected attachment, the infecting program launches automatically and does its dirty work. The mail server renames any email attachment that has an extension that is potentially problematic to: docname.ext.virus-scan-me.virus-scan-me. If you do not display file extensions, you will see only the duplicate extension “.virus-scan-me”. Because of the extension, you cannot double click to automatically open such attachments. You must download the attachment, scan it, rename it if it is not infected, and then open it.
Because of the May 2002 Klez virus, CSS instituted a second virus-handling service. Messages identified as being infected are put into a mailbox called “Virus_Quarantine” rather than being delivered to the Inbox. The attachment is suffixed with “I-AM-A-VIRUS.I-AM-A-VIRUS.” If you don’t display file extensions, you’ll see only the duplicate extension “I-AM-A-VIRUS”. The capital letters shout a warning. Messages stay in the Virus_Quarantine folder for 7 days, and are then deleted.
To download an email attachment, right click on the attachment name. From Thunderbird,
right click on the attachment and select Save As….
From Webmail click the disk icon beside the attachment name
and size in the header 
;
from the Downloading... dialogue box, select Save this file to disk.
Once the attachment has been saved to a file, launch the virus scanner by highlighting
the document or the folder it is in, right clicking, and selecting Scan
for Viruses from the resulting menu.
After the scan completes and no viruses have been found, right click on the file and select Rename to change its name. You need delete only the part of the name that says ".virus-scan-me.virus-scan-me" or “I-AM-A-VIRUS.I-AM-A-VIRUS” to restore the document’s original attributes. When the original extension is restored, you can double click on the document name or icon to open it.
Please note that this service works only on email delivered to users of the Engineering mail system. If you read your email from some other server (such as Hotmail), you do not have this protection.
Download the Symantec AntiVirus product for use at home by going to the ITS software page. Install AntiVirus and set up LiveUpdate, the program that regularly downloads the most recent virus definition file. Once this software is installed, use it. Always download and then scan email attachments before opening them. It is a good idea to scan your hard drive regularly as well to catch infected files you may have introduced from a flash drive or other source.
Look at the CERT page on Home Network Security. "This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always on," or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem)." There are sections that explain what security is, describe the current technology, define terms, what is at risk, and actions home users can take to protect their computer systems.
For help downloading, scanning, or renaming email attachments, please contact the CSS consultants, 335-5055, 1253 SC.
The ITS Help Desk Antivirus Security Center has information about recent viruses found on campus, documentation on obtaining and installing Symantec Antivirus Corporate edition software, and links to antivirus resources.
CSS | College of Engineering | © The University of Iowa 2008.
All rights reserved. |