KB02052102 Designing an anti-virus strategy for your organisation
Mailtraq’s anti-virus features go a long way to keeping your network safe from viruses, but on their own they cannot guarantee you will be virus-free. You are only as safe as your weakest link, and there are a number of potentially weak spots in every system that you need to consider addressing.
First of all, not all viruses arrive by email, so your client machines need to be protected – not just the server. Any machine with a floppy drive, CD-Rom drive, or even just a USB port is a potential entry point for an infected file.
In fact, even if the server is protected by anti-virus software, it’s quite possible to receive a virus through it. Sounds implausible? Consider a user collecting email from a Hotmail™ account. The connection is to an https address – encrypted end-to-end – so the server can simply route the packets back and forth without being able to examine them.
Even on machines with anti-virus software, you are only as up to date as your virus signatures. Some anti-virus software claim to use heuristics to spot files which seem like viruses, even if they haven’t seen them before, and whilst this is undoubtedly clever, it is not infallible, and the detection rate decreases over time as virus design evolves. A solution to this aspect of the problem is to route your mail through an online service to give you a ‘clean’ email feed. Such services typically scan mail against a number of anti-virus engines, with signatures updated every few minutes. Of course this won’t protect you from an infected floppy disk, but may form part of an integrated approach.
The most important aspect in any anti-virus strategy is user education. Users must be taught the importance of running the anti-virus software, of keeping it up to date, and being extremely suspicious of anything unusual. Many viruses disguise themselves as coming from known correspondents, and use clever psychological tricks to fool users into opening and running attachments.
Some viruses exploit vulnerabilities in common email clients – in some cases executing the virus without the user even opening the message. The best solution here is to avoid using the email clients which are most widely used, as they are the ones the virus writers will be targeting.