E-mail: boosting virus defences

How to bolster your security defences to prevent e-mailed viruses from breaking through

How to bolster your security defences to prevent e-mailed viruses from breaking through

I am IT director at a recruitment consultancy that receives e-mailed CVs in their droves from job seekers, and find myself forever batting away viruses. Anti-virus software only partially solves my problem, as it only recognises and stops known viruses. How can I reinforce my defences?

Always take precautions

Chris Hilder


There are now some 51,000 viruses, ranging from the mild and harmless to the very vicious. Most attacks arrive by e-mail, although the risk of viruses being spread via CDs and floppy discs should not be forgotten.

The major problem with anti-virus precautions and risk management is they can take up large amounts of time from key staff within the IT department. The work is often reactive, making it difficult to plan for every individual attack.

To make the best use of your time and still limit the problem of viruses you need to prepare and invest properly. For example:

  • Invest in anti-virus protection on a system which is between the firewall and the internal mail server to ensure the virus does not hit your internal mail server

  • Ensure the anti-virus files are always up-to-date by scheduling daily checks and downloads from the Internet

  • Have tried and tested procedures to follow in the event of new viruses

  • Ensure all your staff back-up their systems regularly and that everyone knows what to do in the case of a new virus arriving on their machines

  • If you can afford the time you could "buffer" the mail for several days before sending it on to your staff. This would allow anti-virus solution providers to sort out the problem before your staff receive the e-mail.

    Bring in quarantine measures

    Roger Marshall


    After Melissa and the Love Bug we are all feeling vulnerable again. Protection against what might be termed conventional or pre-Melissa viruses, which do not spread like wildfire by hijacking address books, is now pretty routine and reliable. The anti-virus companies have become extremely quick and efficient at picking up new viruses, upgrading their software and making the patches available to users over the Internet. So although it may be a nuisance, if you check for upgrades regularly - by which I mean daily at least - your risks are going to be small.

    Now, though, we must take further precautions. I am no expert, but disabling the execution of Visual Basic scripts in your standard desktop set-up would have stopped the Love Bug. As the secret of success for these viruses is that they spread around the world in a few hours, before the news of their arrival is widely known, then perhaps all attachments containing executable code should be quarantined for 12 hours, for example, before being passed on to their recipient.

    This may be seen as unacceptable to your users, so would have to be introduced after a process of consultation. It is hard to believe they cannot live with such a restriction, though a means of bypassing it in special circumstances will be needed. In practice, most attachments are Word documents and can usually be sent in Rich Text (.rtf) rather than .doc format. The jobseekers with whom you are having trouble can be told the content of their CVs is far more important than the artistic impression!

    The four lines of defence

    Paul White


    By the time new viruses reach the general population, most good quality anti-virus software companies will have devised a counter measure, so the first line of defence is to be equipped with a "proper" anti-virus software package and a subscription to its associated update service.

    The second line of defence is to use it! And to accept the downloads offered by the update service. E-mails themselves don't contain viruses because they don't contain executable code, though they may carry them by means of an attachment or a macro embedded in a word-processed document.

    The third line of defence is not to download any executable attachments from your e-mail server, but if you do, then dispose of them at once without opening or running them.

    The fourth line of defence is to set up your applications to warn you of any documents which have embedded macros in them. If you then receive a CV in, for example, Word which has a macro in it - it should not, of course, for a simple item like a CV - you will be warned in advance and you can also dispose of this document without opening it.

    Don't forget to empty the trash can after deleting the offending items otherwise they may still be retrieved and opened.

    Try to minimise exposure

    Dan Remenyi

    First of all there is no such a thing as a single, universal prophylactic against computer viruses. It is in the nature of today's computing that you will be faced with a variety of viruses when you open your system up to receiving CVs from around the world.

    There are really only two things you can do. The first is to ensure you have the latest, up-to-date virus software available and secondly that you download the CVs onto one specific dedicated system, where they are checked for these incoming viruses, before they are passed on to other workstations in your organisation. Both these steps should minimise the exposure you have to this type of problem.

  • Read more on Antivirus, firewall and IDS products