UCSC Currents online

Front Page
Accolades
Classified Ads
Making the News
Publications

July 8, 2002

CATS helping thwart computer viruses

By Janine Roeth, director, Distributed Computing Group

A new email scanning and filtering service set up for UCSC computer users is finding about 2,000 infected messages a day, according to Communications and Technology Services (CATS).

That number is roughly 2.5 percent of total traffic, according to initial statistics from CATS.

"This is a great idea whose time had come." said Pete Norton, who provides computing support in the Career Center. Before the service began, Norton was seeing several virus-infected email messages a day.
 
Email is a common way for computer viruses to spread. Newer viruses are now appearing under the guise of email with realistic subject matter or from known senders. A recent culprit was an email with an attachment that was supposedly an immunity tool against the Klez virus, but actually was the Klez virus.

Due to the sophistication of new viruses and continued evidence of ongoing infections, CATS installed software from Sophos, an anti-viral software company, on the central email servers. This software, put into production at the end of June, automatically scans email for viruses. If there is even one infected attachment, the mail server will:

• Delete the attachment.

• Put a brief warning into the body of the message.

• Put a detailed warning after the body of the message (identifying the virus type, etc.)

• Insert "{VIRUS?} " at the start of the subject of the message.

• Further, if the message has an attachment named in a format that may be suspicious as an emerging virus, the attachment is deleted. This includes filenames that have two extensions, such as .gif.exe

• Finally, if the infected message belongs to a particular family of viruses (Klez-H, Klez-E, or Sircam-A), which are known to use forged senders and often contain information the original sender might consider private, the scanner will completely delete the infected message. This is the only group of email messages that the scanner deletes because of the forged sender and automatically generated message content or attachment.

Users who benefit from this service include all those with "@cats.ucsc.edu" addresses, even if they have set up forwarding of this email address to another email account. This service will scan all messages through the central servers whether they originate on campus or off campus. Users who send email out through CATS central SMTP server (smtp.ucsc.edu) will also have this outbound email scanned. Users of departmental mail servers, such as biology.ucsc.edu or soe.ucsc.edu, will not have their mail scanned and filtered by this service unless they use smtp.ucsc.edu for incoming or outgoing email.

If you are unsure about how you fit into this picture, please consult with your departmental computing coordinator.

Email is not the only way viruses can spread. Sharing files via a fileserver and downloads from the Internet--including web pages--can also be sources of malicious code in viruses. Furthermore, while CATS keeps the email scanning and filtering service updated, there are always newly discovered viruses to which we are all vulnerable until the "signatures" can be included in the scanning software.

The UCSC Security Team at CATS reminds users that it remains important to keep desktop antiviral software installed and up-to-date. Users should also follow best practices, including the following, which are among suggestions offered by McAfee, a company specializing in antiviral and security products.

• Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.

• Do not open any files attached to an email unless you know what it is, even if it appears to come from someone you know.

• Do not open any files attached to an email if the subject line is questionable or unexpected.

• Delete chain emails and junk email. Do not forward or reply to any to them.

• These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.

• Do not download any files from strangers.

• Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file at all or download the file to a floppy and test it with your own anti-virus software.

• Update your anti-virus software regularly. Over 500 viruses are discovered each month, so you'll want to be protected.

• Back up your files on a regular basis. If a virus destroys your files, at least you can replace them with your back-up copy. You should store your backup copy in a separate location from your work files, one that is preferably not on your computer.

• When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments.

Several websites provide additional information:

• The CATS email virus scanner and filter are based on MailScanner and Sophos SAVI

McAfee's Virus Information Library

Symantec's Anti-Virus Research Center

• A security portal with lots of information about system vulnerabilities is http://www.securityfocus.com/

• Carnegie Mellon's Computer Emergency Response Team Coordination Center

• The U.S. Department of Energy Computer Incident Advisory Center

• UCSC Information Security website

If members of the campus community have questions about the new email virus scanning and filtering service, they should contact the CATS Information Resource Center (CATS IRC) at infocat@cats.ucsc.edu or 459-HELP. If members of the campus community are suspicious of possible viruses or other security matters, CATS encourages them to send information to abuse@cats.ucsc.edu or security@cats.ucsc.edu.
 

Return to Front Page
  Maintained by pioweb@cats
UC Santa Cruz Home Page Contact Currents Currents Archives Search Currents Currents Home Maintained By Email Contact