Email Virus Frequently Asked Questions
Monash University takes two steps to prevent viruses from entering
and propagating via email.
- All emails are scanned for known viruses. This includes emails
coming into the University, internal emails and emails being sent
outside the University.
- To prevent new viruses entering the University attachments of certain
file types that are very commonly used by virus writers, but rarely
used in legitimate communications are automatically removed.
- Do not open any attachments.
- Do not reply to the sender, as the "from" address may
be forged.
- Contact your local
IT support asking them for assistance.
When a new virus is released onto the Internet, there is a small window
of time where the virus scanner manufactures don't have a virus 'signature'
which is used by the Monash virus scanners to detect and delete virus
infected emails. In this time it is possible that a virus could get
through if the file attachment name isn't on the restricted list.
It takes Anti-virus vendors time to create new "signature"
for each new virus, typically this takes between 2-8 hours. During this
time, the antivirus scanning software won't recognize the new virus.
This is why ITS strips some attachments commonly used by viruses, but not commonly used by people.
Some attachment types are rarely used by humans to communicate, but
are commonly used by viruses.
To improve our defences against new viruses, these types of
attachments are always removed.
An example notification is listed below:
+---------------------------------------------------------------------
| NOTICE: The following listed attachment(s) have been removed from
| this email for security reasons. Please refer to the
| following website for further information:
| http://www.its.monash.edu.au/staff/email/virus/faq.html
----------------------------------------------------------------------
|
| FILE(S) REMOVED:
|
| "submited.pif"
|
+---------------------------------------------------------------------
Any attachments that have the extension of one of the following will
be automatically removed:
*.ade
*.adp
*.asd
*.bas
*.bat
*.chm
*.class
*.cmd
*.com
*.cpl
*.crt
*.dll
*.exe
*.hlp
*.hta
*.inf
*.ins
*.isp
*.js
*.jse
*.lnk
*.mde
*.msc
*.msi
*.msp
*.mst
*.ocx
*.pif
*.reg
*.scr
*.sct
*.shb
*.shs
*.url
*.vb
*.vbe
*.vbs
*.vxd
*.wsc
*.wsf
*.wsh
For example, attachments with the following names will be stripped:
submitted.pif
testing.scr
what.is.it.pif.scr
game.exe
test_script.js
win311.dll
my_project.wsh
If you have a legitimate reason for sending an email with one of the
restricted extensions mentioned above, the best method of getting the
message through is to use Winzip to compress the attachment before sending
it.
The email will still be checked for viruses, and if it contains a known
virus, even though it is compressed, it will be blocked.
Your local IT
support will be able to assist you if you are having difficulty
sending an attachment.
You will need to ask the sender to resend the attachment after it
has been compressed, as explained above. ITS does not store stripped
attachments.
More information about viruses and virus protection can be found at
the ITS Virus
Information page.
|
