FAQs - email viruses

1. What does Monash University do to protect my email from viruses?
2. What should I do if I think an email contains a virus?
3. How can a virus get through the virus scanners?
4. Why are some attachments removed from email?
5. What attachments are currently being removed?
6. How do I send an email with a blocked attachment type?
7. How do I get an attachment that has been removed?
8. Where can I get more information on avoiding viruses?

1. What does Monash University do to protect my email from viruses?

Monash University takes two steps to prevent viruses from entering and propagating via email.

• All emails are scanned for known viruses. This includes emails coming into the University, internal emails and emails being sent outside the University.
• To prevent new viruses entering the University attachments of certain file types that are very commonly used by virus writers, but rarely used in legitimate communications are automatically removed.

2. What should I do if I think an email contains a virus?

1. Do not open any attachments.
2. Do not reply to the sender, as the "from" address may be forged.
3. Contact the Service Desk requesting assistance.

3. How can a virus get through the virus scanners?

When a new virus is released onto the internet, there is a small window of time where the virus scanner manufactures don't have a virus 'signature' which is used by the Monash virus scanners to detect and delete virus infected emails. In this time it is possible that a virus could get through if the file attachment name isn't on the restricted list.

It takes antivirus vendors time to create new "signature" for each new virus, typically this takes between 2-8 hours. During this time, the antivirus scanning software won't recognize the new virus.

This is why some attachments commonly used by viruses, but not commonly used by people are stripped. 

4. Why are some attachments removed from email?

Some attachment types are rarely used by humans to communicate, but are commonly used by viruses.

To improve our defences against new viruses, these types of attachments are always removed.

An example notification is listed below:

+ ---------------------------------------------------------------------  
| NOTICE: The following listed attachment(s) have been removed from 
| this email for security reasons. Please refer to the 
| following website for further information: 
| http://www.its.monash.edu.au/staff/email/virus/faq.html  
--------------------------------------------------------------------- 
|
| FILE(S) REMOVED: 
|
| "submited.pif" 
+ ---------------------------------------------------------------------  

5. What attachments are currently being removed?

Any attachments that have the extension of one of the following will be automatically removed:

For example, attachments with the following names will be stripped:

submitted.pif  
testing.scr  
what.is.it.pif.scr  
game.exe  
test_script.js  
win311.dll  
my_project.wsh  

6. How do I send an email with a blocked attachment type?

If you have a legitimate reason for sending an email with one of the restricted extensions mentioned above, the best method of getting the message through is to use Winzip to compress the attachment before sending it.

The email will still be checked for viruses, and if it contains a known virus, even though it is compressed, it will be blocked.

The Service Desk will be able to assist you if you are having difficulty sending an attachment.

7. How do I get an attachment that has been removed?

You will need to ask the sender to resend the attachment after it has been compressed, as explained above. ITS does not store stripped attachments.

8. Where can I get more information on avoiding viruses?

More information about viruses and virus protection can be found at the ITS Virus Information page.